Thursday, 2014-07-10

« Wednesday, 2014-07-09 Index Friday, 2014-07-11 »
*** arosen has left #openstack-keystone00:07
marekdjamielennox: o/00:10
jamielennoxmarekd: hey - 2 minutes00:13
jamielennoxmarekd: hey00:20
marekdjamielennox: hey, shot you an email earlier, as it was easy to gather everything togerther. Looks like the SAML ECP wrapper class is not that easy to implement.00:21
*** henrynash has joined #openstack-keystone00:22
marekdjamielennox: what you do is two step process - load the plugin class, harvest the options, expose to the oslo.config and only then create the plugin instance, right?00:22
jamielennoxyea, i had popped it up but had a few internal things to deal with first00:22
marekdjamielennox: no problem.00:22
jamielennoxmarekd: do you have a running keystone SAML instance with some test creds that i can test things against?00:23
jamielennoxthere's a bit of a setup hurdle for this stuff00:23
marekdjamielennox: there is, i agree. I think i could make you one machine (i don't have anything configured which would be available to anyone).00:23
marekdjamielennox: but, it's here more about plugin loading...00:24
*** henrynash has quit IRC00:24
jamielennoxyea, that's ok, was just thinking if i had a go at modifying it00:24
marekdunless you are happy with the plugins as-is (which i am sure you are not, as I clearily was not implementing them the 'old way')00:24
marekdjamielennox: is there any way for OptParser to simply get everything that was not already parsed and pass it as a one string to a plugin?00:26
marekdthen wrapping plugin would simply resolve what underlying plugins are gonna be used load them , get the options, and do the parsing of that remaining part?00:27
jamielennoxmarekd: maybe, the problem is most everything that is not consumed by optparser should be going to the cli app00:27
marekdjamielennox: shit..00:27
jamielennoxwhat do you need to pass that is freeform?00:27
marekdjamielennox: what do you mean freeform?00:28
jamielennoxwell is it just that it is hard to specify ahead of time what the options are, or do you need to actually be able to parse the whole CLI string00:28
jamielennoxdamn this plugin is complex00:29
marekdjamielennox: whose? yours or mine?00:29
jamielennoxsaml200:29
jamielennoxunscoped00:29
marekdwelcome to my world.00:29
openstackgerritA change was merged to openstack/python-keystoneclient: Add tests without optional create endpoint params  https://review.openstack.org/10322900:31
marekdjamielennox: and that's not all.00:32
jamielennoxmarekd: line 378 do you mean POST to keystone? or you make two requests to the external idp?00:32
marekdjamielennox: imagine, you will need different plugins for getting unscoped token depending whether it's shibboleth idp or MS00:32
jamielennoxheh, well, it's very flexible00:33
marekdjamielennox: line 378: POST to Keystone (Service Provider)00:34
jamielennoxok, that's what i thought the workflow was just trying not to mix up my identity providers and service providers00:34
marekdbut it says SP00:34
*** packet has quit IRC00:36
jamielennoxyep, ok00:37
jamielennoxso we're saying that _send_idp_saml2_authn_request might be different per auth method00:38
marekdjamielennox: nope. I am going to finally get something working with ADFS (as a standalone python code), but as far as i know the workflow is different...e.g. you initially ask IdP for assertion and only then pass it to SP (no initial call to the SP)00:40
marekdso i'd say we need another whole plugin for getting unscoped token.00:40
jamielennoxmarekd: i don't see anything specific to saml2 in the scoping unscoped token review, this is something that we probably need to tackle as a general keystoneclient problem00:40
jamielennoxmarekd: but ADFS would then be a completely different federation plugin though right? not a variation on SAML2?00:41
jamielennox(no idea what ADFS is)00:41
jamielennoxugh, just seeing the acronym i never want to touch that00:41
marekd(Microsoft implementation of SAML IdPs)00:42
*** jaosorior has quit IRC00:42
jamielennoxso is it SAML?00:42
jamielennoxbecause my thought at the moment is that we define a SamlBasePlugin or something which does the common keystone parts and then you can abstract with ECP and basic auth and kerberos etc00:43
jamielennoxpretty sure i mixed terms there ECP is not another mechanism00:43
marekdADFS is saml but implementation may differ....00:44
marekdjamielennox: ok, we define SamlBasePlugin00:44
marekdjamielennox: which needs to load underlying plugins.00:44
marekdjamielennox: right?00:44
jamielennoxhmmm, ok00:45
marekdjamielennox: one of them would be: am i going to use Shibbolet implementation or ADFS?00:45
jamielennoxwell it depends how close ADFS is to SAML i guess00:45
jamielennoxor to Shibbolet00:45
marekdjamielennox: the second: user must specify how i am going to authN with the IdP. is is user/pass, maybe some certificate (so i need a path)00:45
jamielennoxmarekd: you know you're going to end up with a plugin plugin system right ?00:46
jamielennoxfor now we ignore the unscoped -> scoped issue00:47
marekdjamielennox: i think that the good idea, we can hardcode few things for now and say that keystoneclient is limited to this idp auth plugin at the moment00:47
marekdbut i thought we could make it pluggable from the beginning.00:47
marekdwe can simply split auth plugins saying: ADFS and SAML2 are 'top level' plugins.00:47
marekdand we can hardcode basicauth http authN wit IdP, because AFAIK this is the most popular.00:48
marekdbut is it a desired solution?00:48
marekdwell...00:48
jamielennoxso there are two types of plugins i can see00:48
jamielennoxthe ADFS/SAML and then how you actually auth to them00:49
marekdADFS/SAML as a top level plugins (along with Password, Token etc)?00:49
marekdbecause we may want to squeeze those two into some kind of wrapper and try to reuse as much as possible (scoping will always be the same)00:50
marekd(what is different is a way the unscoped token is obtained - different messages, even different workflow)00:50
jamielennoxi think maybe you want to look at a base class for there common features00:51
jamielennoxrather than make them the same plugin00:51
*** thedodd has joined #openstack-keystone00:51
jamielennoxprobably a lot of those features are common to federation in general but worry about that later00:51
marekdi was thinking make a wrapper that aggregates saml/adfs plugin.00:52
jamielennoxis there a way to tell the difference automatically?00:52
marekdi'd always be a blind guessing i think...00:52
jamielennoxso the principal i've been working on was to build out really base level plugins and then look at providing wrappers later00:53
jamielennoxfor example there is the v2password and the v3password00:53
marekdyeah, read the code.00:53
jamielennoxand then do https://review.openstack.org/#/c/81147/ or something to abstract it00:53
jamielennox(that's a lot out of date)00:53
jamielennoxSo if you want to write a Shibbolet plugin and an ADFS plugin so that people who really know what they want can use it that's good00:54
jamielennoxand then just have a wrapper plugin around them which selects whichever is appropriate00:54
jamielennoxyou don't have to expose them at the command line if you don't want00:54
*** thedodd has quit IRC00:56
jamielennoxbut if there's no way for you to query the server and know the difference between SAML and ADFS then you really have no choice but to have the user tell you which to use00:56
marekdrather option 2.00:56
marekdwe can blindly try both.00:57
marekdwhich is not very optimal.00:57
*** sacharya has joined #openstack-keystone00:57
marekdjamielennox: initially i was also thinking about class for IdP-authN00:57
marekdi want user to tell me how he wants to authenticate.00:57
marekdand depending on the plugin he may wants to specify different params.00:58
marekd*but*00:58
marekdi will know what options once I a)load top level plugin b) figure out what idpauthplugin user wants c) get the class.get_options()00:58
*** sacharya has quit IRC00:58
*** sacharya has joined #openstack-keystone00:59
marekdjamielennox: but i am more and more leaning towards hardcoding one IdP-authN method for now (HTTP Basic Auth).00:59
jamielennoxa safe bet is just to define one class a SamlBasicAuth or something which can return you the string you need and make your SAML plugin take that for auth01:00
jamielennoxyou don't need to define more than one for now and you don't need to worry about fancy ways of loading it01:00
jamielennoxbut at least the interface is good for adding more later01:01
marekdinterface is kinda already there. ok, i am gonna rebuild the patches so they fit the new way plugins are handled.01:02
jamielennoxmarekd: one of the other things i feel is great about plugins is that if it really all goes wrong then you can take what you learnt and write a new plugin without being left with a bunch of crap in the main part of your code01:02
marekdjamielennox: sure.01:02
jamielennoxso maybe just do it simply and write a better one later when we have more Idps to accomodate01:03
*** mberlin1 has joined #openstack-keystone01:06
*** mberlin has quit IRC01:07
marekdjamielennox: maybe you are right.01:16
jamielennoxmarekd: simple and scrap it? i was hoping there would be some way of planning this out01:19
marekdjamielennox: what do you mean?01:20
jamielennoxoh - just wondering what i was right on01:20
marekdjamielennox: you probably were, as we can wait next 4 releases trying to figure something perfect and neat.01:22
marekdinstead of have something done and plan something perfect and neat....01:22
jamielennoxyea01:22
jamielennoxi'd still start really specific01:22
jamielennoxmake one for Shibbolet and then when you make one for ADFS figure out what is common then01:23
jamielennoxand then write the wrapper as a higher level rather than starting there01:23
marekdthat may work.01:23
marekdso let's focus on shibboleth only now.01:23
jamielennoxis mod_mellon the same?01:24
marekdit doesn't matter.01:24
marekdit's all about the IdP, not SP - mod_shib, mod_mellon is SP.01:24
jamielennoxok, i was just wondering about naming it shibboleth - i thought that might imply something on keystone as wel01:25
*** amcrn has quit IRC01:25
marekdmod_mellons does what mod_shib does.01:25
marekdmod_mellon*01:25
marekdanyway.01:25
marekdthe saml plugin is split into two atm.01:25
marekdone class gets unscoped token, the latter one scopes it basing on the unscpoed token.01:26
marekddo you think this will live without some kind of a wrapper?01:26
marekdah, maybe it will....01:27
marekdScopeTokenPlugin as a top level class which simply contains the UnscopedTokenPlugin object inside...01:27
jamielennoxso we need a general mechanism to scope an unscoped token - regardless of SAML01:29
jamielennoxI don't really know how to handle that, but it's pressing01:29
jamielennoxany ideas?01:29
jamielennoxi mean you can do it now using the auth.v3.Token plugin01:30
marekdjamielennox: not really as I need to call /v3/OS-FEDERATION/{projects,domains} if the user doesn't specify the project or domain prior to authN01:31
marekdthat's why i wrote my plugin for that.01:31
jamielennoxwhat does that give you? the list of available projects/domains for that token?01:32
marekdyes.01:32
marekdbased on *groups*01:32
marekdbecause the user doesn't exist in the Keystone's backend.01:32
jamielennoxok, so you can still do v3.auth.Token(auth_url='http://keystone:5000/v3', token=unscoped.get_token(), project_id=project_id)01:32
*** marcoemorais has quit IRC01:33
jamielennoxand just fetch the project_id or domain_id from that URL rather than for the standard one01:33
marekdbut i'd need to do this before I call auth.Token(...)01:33
jamielennoxyes01:34
marekdjamielennox: ok.01:34
jamielennoxv3.auth.Token() is purely get a token based off an existing token, it doesn't know what domain_ids are available or what project_ids are available to the user01:34
marekdjamielennox: exactly.01:34
marekdjamielennox: it assumes the token is somewhere in the environment or somewhere else, right?01:35
jamielennoxit's provided via __init__01:35
marekdjamielennox: is auth.Token a AuthMethod or AuthConstructor?01:35
jamielennoxThere's both i think01:36
jamielennoxTokenMethod and Token01:36
*** praneshp has quit IRC01:36
marekdbecause i am thinking how to squeeze it into one user's call.01:36
marekdsupposely user specifies --os-auth-plugin=saml2 --project-id='bla'01:37
marekdand i want him to get the scoped token as an effect01:37
jamielennoxi don't think that you want the method, you aren't going to want to combine it with another auth mechanism01:37
jamielennoxyep - you will need a wrapper plugin that does the fetch unsocped then if project_id: scope with v3.Token01:38
marekdjamielennox: ok, i wanted to make sure i am not missing something obviously clear and we are on the same page.01:39
marekdok, i will try that then.01:39
marekdjamielennox: thanks01:39
jamielennoxmarekd: looking forward to see how it turns out01:40
jamielennoxyou're pushing this further than i was ever thinking about01:40
marekdjamielennox: there is simply a need for that and that's all. I hadn't predict that either.01:40
*** praneshp has joined #openstack-keystone01:41
*** praneshp has quit IRC01:42
*** praneshp has joined #openstack-keystone01:44
*** richm has left #openstack-keystone01:49
*** praneshp has quit IRC01:51
*** browne has quit IRC01:55
*** praneshp has joined #openstack-keystone02:06
*** zhiyan_ is now known as zhiyan02:07
*** shufflebot has quit IRC02:12
*** shufflebot has joined #openstack-keystone02:13
*** praneshp has quit IRC02:22
*** richm has joined #openstack-keystone02:33
*** richm has left #openstack-keystone02:34
*** vhoward has joined #openstack-keystone02:47
*** diegows has quit IRC02:53
*** hrybacki has joined #openstack-keystone02:57
openstackgerritling-yun proposed a change to openstack/keystone-specs: Add log translation hints for keystone  https://review.openstack.org/10595403:01
*** henrynash has joined #openstack-keystone03:04
*** henrynash has quit IRC03:09
openstackgerritling-yun proposed a change to openstack/keystone-specs: Add log translation hints for keystone  https://review.openstack.org/10595403:21
*** dims_ has quit IRC03:22
*** dims_ has joined #openstack-keystone03:23
*** vhoward has left #openstack-keystone03:24
*** hrybacki has quit IRC03:24
openstackgerritling-yun proposed a change to openstack/keystone-specs: Add log translation hints for keystone  https://review.openstack.org/10595403:25
*** browne has joined #openstack-keystone03:39
openstackgerritMarek Denis proposed a change to openstack/keystone: Add _BaseFederationExtension class  https://review.openstack.org/10457703:47
openstackgerritMarek Denis proposed a change to openstack/keystone: Implement Service Providers API for OS-FEDERATION  https://review.openstack.org/10462303:47
openstackgerritMarek Denis proposed a change to openstack/keystone: Implement Service Providers API for OS-FEDERATION  https://review.openstack.org/10462303:53
*** browne has quit IRC03:54
*** dims_ has quit IRC03:57
*** chandankumar has joined #openstack-keystone04:34
*** chandankumar has quit IRC04:44
*** dims_ has joined #openstack-keystone04:53
*** ajayaa has joined #openstack-keystone04:56
*** dims_ has quit IRC05:02
*** sacharya has quit IRC05:05
*** ukalifon1 has joined #openstack-keystone05:24
*** chandankumar has joined #openstack-keystone05:24
*** dstanek_zzz is now known as dstanek05:31
*** k4n0 has joined #openstack-keystone05:35
*** praneshp has joined #openstack-keystone05:36
*** bobt has joined #openstack-keystone05:52
*** marcoemorais has joined #openstack-keystone05:52
*** marcoemorais1 has joined #openstack-keystone05:53
*** marcoemorais has quit IRC05:56
*** marcoemorais1 has quit IRC05:57
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/10338006:00
*** tomoiaga has joined #openstack-keystone06:16
*** harlowja is now known as harlowja_away06:47
*** tomoiaga has quit IRC06:51
*** tomoiaga has joined #openstack-keystone06:58
*** dstanek is now known as dstanek_zzz07:02
*** daneyon has joined #openstack-keystone07:02
*** daneyon has quit IRC07:13
*** stevemar has joined #openstack-keystone07:13
*** BAKfr has joined #openstack-keystone07:20
*** praneshp_ has joined #openstack-keystone07:31
*** tkelsey has joined #openstack-keystone07:32
*** bobt has quit IRC07:33
*** praneshp has quit IRC07:34
*** praneshp_ is now known as praneshp07:34
*** xianghui has joined #openstack-keystone07:45
*** praneshp has quit IRC07:47
*** bvandenh has quit IRC07:51
tomoiagaI wonder if there is a way without changing the code, to generate a token (as admin) for another user. Right now I am scoping a token to a tenant to have it contained, not sure if that's the best approach07:52
*** dstanek_zzz is now known as dstanek07:53
*** dstanek is now known as dstanek_zzz08:03
*** stevemar has quit IRC08:11
*** ajayaa has quit IRC08:21
*** ajayaa has joined #openstack-keystone08:34
*** bvandenh has joined #openstack-keystone09:01
*** zhiyan is now known as zhiyan_09:04
d0ugalShould keystone endpoints include the version or not? i.e. /v1/?09:04
*** zigo has quit IRC09:05
d0ugalTrying to decide the best practice here - should the client figure out the version or should it be provided by the endpoint?09:05
*** zigo has joined #openstack-keystone09:07
*** junhongl has joined #openstack-keystone09:13
tomoiagad0ugal: You can check the keystoneclient discovery class to see how it operates as an example. You can specify the version to some clients (not sure if all clients support that) but the version needs to be the same as the endpoint. If you set version 3 for keystone and the url is for version 2, chances are things will fail to work properly09:19
tomoiagad0ugal: as an example, I am using the full url (including /v3) for the endpoint and also specify the version for the client. I could use the discovery class to see what versions I have available and decide what to do next (keystoneclient should already use the discovery class, nova doesn't have one as far as I know, it just tries versions based on url and falls back to v1 if it doesn't work)09:21
tomoiagaby nova I mean novaclient09:21
d0ugaltomoiaga: I see09:22
d0ugalSo it seems to vary somewhat09:22
d0ugalI'll take a look at a few clients, starting with keystone :)09:22
d0ugalThanks!09:22
tomoiagad0ugal: usually if the examples provided in the docs include the version, you should include it too. I can work without versions in urls and just set the version in the client but doing this will require some code checking to make sure everything is ok.09:23
d0ugaltomoiaga: Makes sense.09:24
d0ugaltomoiaga: The issue I ran into is that Barbican doesn't include the version in the devstack setup, but the barbican client expects it to be included09:24
d0ugalSo I was wondering if this should be fixed in the devstack integration or the barbican client :)09:24
tomoiagad0ugal: if it's expected then most likely it should be fixed :)09:25
*** zhiyan_ is now known as zhiyan09:27
*** kwss has joined #openstack-keystone09:47
*** afazekas has joined #openstack-keystone09:51
*** dstanek_zzz is now known as dstanek09:52
ajayaadolphm, jaimelennox, dstanek, When I am running "tox -v -edebug keystoneclient.tests.test_auth_token_middleware" it shows output "Ran 0 tests in 0.001s"09:55
ajayaaStrangely this happens when I insert a debug point in code.09:56
ajayaaWhen I remove that it outputs "Ran 191 tests in 1.534s"09:57
*** dstanek is now known as dstanek_zzz10:02
*** xianghui has quit IRC10:07
*** henrynash has joined #openstack-keystone10:08
*** junhongl has quit IRC10:24
*** ajayaa has quit IRC10:36
*** andreaf has joined #openstack-keystone10:42
openstackgerritAjaya Agrawal proposed a change to openstack/keystonemiddleware: Correct return code  https://review.openstack.org/10601010:43
*** ajayaa has joined #openstack-keystone10:53
*** x1b2j has joined #openstack-keystone10:53
*** dstanek_zzz is now known as dstanek11:00
*** henrynash has quit IRC11:01
openstackgerritKristy Siu proposed a change to openstack/keystone-specs: Adding support for Virtual Organisation Management  https://review.openstack.org/10576911:15
*** k4n0 has quit IRC11:26
ajayaajamielennox, ping!11:41
* jamielennox was trying to sneak through11:41
jamielennoxajayaa: what's up11:42
ajayaajamielennox, as part of https://blueprints.launchpad.net/python-keystoneclient/+spec/keystoneclient-auth-token I believe we need to make middleware use keystone client only.11:43
ajayaaIs there some functionality which needs to be moved to keystone client?11:43
jamielennoxthere are pieces that are slowly moving but there is more11:44
jamielennoxumm'11:44
jamielennoxrevocation is already being moved11:44
jamielennoxi think fetching certificates and parsing the CMS tokens needs to be part of client11:45
ajayaaokay. I was looking if I could help somewhere. :)11:45
jamielennoxajayaa: always apreciated - you know we are moving all this to keystonemiddleware now so propose any changes over there11:46
jamielennoxthere's at least one review about using the session and the auth plugins that is fairly vital to the using client process11:46
ajayaaI am aware of that. I submitted one patch to keystonemiddleware.11:47
*** openstackgerrit has quit IRC11:47
jamielennoxok, jut checking as that's fairly new11:48
jamielennoxalright, i'm out - night11:50
*** jamielennox is now known as jamielennox|away11:50
samuelmzdolphm, ping11:54
samuelmzdolphm, I'm working on the hierarchical projects implementation. Once we have a new attribute on projects called parent_project_id, I'm having trouble when mapping this new attribute to ldap11:57
*** afazekas has quit IRC12:04
*** dstanek is now known as dstanek_zzz12:10
*** daneyon has joined #openstack-keystone12:17
*** daneyon has quit IRC12:18
*** daneyon has joined #openstack-keystone12:19
*** afazekas has joined #openstack-keystone12:19
*** dims has joined #openstack-keystone12:25
*** _elmiko is now known as elmiko12:26
*** tkelsey has quit IRC12:31
*** xianghui has joined #openstack-keystone12:32
*** dhellmann is now known as dhellmann_12:38
*** afazekas has quit IRC12:44
*** daneyon has quit IRC12:48
*** miqui_ is now known as miqui12:56
*** afazekas has joined #openstack-keystone12:57
*** dstanek_zzz is now known as dstanek13:04
*** radez_g0n3 is now known as radez13:06
*** afazekas has quit IRC13:08
*** ajayaa has quit IRC13:10
*** hrybacki has joined #openstack-keystone13:23
*** kwss has quit IRC13:24
*** hrybacki_ has joined #openstack-keystone13:24
*** __afazekas is now known as afazekas13:27
*** hrybacki has quit IRC13:28
*** hrybacki_ has quit IRC13:44
*** dstanek is now known as dstanek_zzz13:52
*** zhiyan is now known as zhiyan_13:56
*** vhoward has joined #openstack-keystone13:56
*** joesavak has joined #openstack-keystone14:00
*** lbragstad_ has joined #openstack-keystone14:03
*** lbragstad_ is now known as lbragstad14:03
*** dstanek_zzz is now known as dstanek14:08
*** topol has joined #openstack-keystone14:09
*** jaosorior has joined #openstack-keystone14:09
*** topol has quit IRC14:10
*** stevemar has joined #openstack-keystone14:15
*** hrybacki has joined #openstack-keystone14:15
*** topol has joined #openstack-keystone14:25
*** kwss has joined #openstack-keystone14:25
*** sacharya has joined #openstack-keystone14:26
*** bknudson has joined #openstack-keystone14:29
*** sacharya has quit IRC14:32
*** dstanek is now known as dstanek_zzz14:34
*** morganfainberg_Z is now known as morganfainberg14:36
morganfainbergsamuelmz, we're at the Keystone hackathon today. we'll be a bit hit and miss here today14:37
dolphmsamuelmz: eek. that's a good question! bknudson^?14:43
*** ukalifon1 has quit IRC14:43
dolphmsamuelmz: bknudson: or maybe the answer is that we just don't want to support ldap assignment + hierarchical multitenancy :)14:44
bknudsonwe hardly support ldap assignment as is14:44
morganfainbergbknudson, ++14:44
morganfainbergsamuelmz, Ldap assignment is _very_ limited compared to the sql assignment backend14:45
bknudsonIf the question is do we really need to support ldap for hierarchical multitenancy, I would say let's not do it.14:45
dolphm++14:46
*** thedodd has joined #openstack-keystone14:57
*** Farhan has joined #openstack-keystone15:02
*** dstanek_zzz is now known as dstanek15:08
*** dstanek is now known as dstanek_zzz15:09
*** david-lyle has joined #openstack-keystone15:11
*** sacharya has joined #openstack-keystone15:13
dolphmis the gate 100% failing?15:16
*** richm has joined #openstack-keystone15:17
*** morganfainberg is now known as morganfainberg_Z15:19
*** morganfainberg_Z is now known as morganfainberg15:20
morganfainbergdolphm, it looks like it15:23
*** lbragstad has quit IRC15:30
*** radez is now known as radez_g0n315:31
*** chandankumar has quit IRC15:31
*** openstackgerrit has joined #openstack-keystone15:32
*** radez_g0n3 is now known as radez15:34
stevemardolphm, morganfainberg seems lie it15:41
*** thedodd has quit IRC15:54
*** thedodd has joined #openstack-keystone15:56
*** bknudson1 has joined #openstack-keystone15:59
*** bknudson has quit IRC16:00
*** kwss has quit IRC16:00
*** dstanek_zzz is now known as dstanek16:04
*** david-lyle has quit IRC16:06
*** bknudson1 has quit IRC16:06
*** tomoiaga has quit IRC16:06
*** david-lyle has joined #openstack-keystone16:07
*** Farhan has quit IRC16:09
samuelmzdolphm, morganfainberg, bknudson, I was adding a parent_project_id mapping as we have for project's description ... but the problem is that, with the current implementation, if we create a project with parent_project_id being None, it wont be stored in ldap, neither retrieved from it..16:12
samuelmzyou're saying ldap support is quite complex and we should not (or dont need to implement) hierarchical projects support on it, right?16:13
*** lbragstad_ has joined #openstack-keystone16:16
*** lbragstad_ is now known as lbragstad16:16
*** bknudson has joined #openstack-keystone16:21
openstackgerritMarek Denis proposed a change to openstack/keystone: WebSSO patch  https://review.openstack.org/10609616:22
*** bobt has joined #openstack-keystone16:22
openstackgerritMarek Denis proposed a change to openstack/keystone: Keystone part of a PoC for Horizon/Keystone WebSSO  https://review.openstack.org/10609616:23
stevemarmarekd, websso patches eh?16:23
marekdstevemar: you wanted me to publish those hacks so ppl can take a look....:(16:24
marekdstevemar: this patch's gonna die either way16:25
stevemarmarekd, me?16:25
stevemarmarekd, dying patches are cool16:25
marekdstevemar: everybody....16:25
marekdyesterday16:25
*** marcoemorais has joined #openstack-keystone16:26
*** bobt has quit IRC16:30
*** radez is now known as radez_g0n316:30
*** radez_g0n3 is now known as radez16:31
*** xianghui has quit IRC16:39
*** BAKfr has quit IRC16:40
*** thedodd has quit IRC16:44
*** tkelsey has joined #openstack-keystone16:44
stevemarmarekd, http://status.openstack.org/elastic-recheck/16:45
marekdstevemar: THANK YOU SIR!16:45
*** chandankumar has joined #openstack-keystone16:45
*** fpatwa has joined #openstack-keystone16:47
*** andreaf has quit IRC16:52
*** thedodd has joined #openstack-keystone16:58
*** lbragstad has quit IRC17:09
*** daneyon has joined #openstack-keystone17:10
*** sacharya has quit IRC17:11
*** topol has quit IRC17:13
*** harlowja_away is now known as harlowja17:13
*** bknudson has quit IRC17:17
*** dstanek is now known as dstanek_zzz17:19
*** richm has quit IRC17:21
*** praneshp has joined #openstack-keystone17:26
*** daneyon has quit IRC17:27
*** dhellmann_ is now known as dhellmann17:27
*** daneyon has joined #openstack-keystone17:27
*** harlowja has quit IRC17:30
*** harlowja has joined #openstack-keystone17:30
*** gyee has joined #openstack-keystone17:34
*** richm has joined #openstack-keystone17:36
*** dstanek_zzz is now known as dstanek17:40
*** richm has quit IRC17:40
*** joesavak has quit IRC17:41
*** sacharya has joined #openstack-keystone17:44
*** amerine has joined #openstack-keystone17:48
*** joesavak has joined #openstack-keystone17:53
*** hrybacki has quit IRC17:53
*** richm has joined #openstack-keystone17:55
*** dstanek is now known as dstanek_zzz17:55
*** hrybacki has joined #openstack-keystone17:56
*** dstanek_zzz is now known as dstanek17:57
*** shufflebot has quit IRC18:01
*** shufflebot has joined #openstack-keystone18:01
marekddolphm: https://review.openstack.org/106096 websso in Keystone18:11
morganfainbergmarekd, nice18:13
marekdmorganfainberg: uploading django part. please keep in mind this is more for you to take a look.18:13
morganfainbergmarekd, absolutely18:13
morganfainbergmarekd, it's good to see the code!18:13
marekdmorganfainberg: so no -2 :D (/cc ayoung). I will abandon it eventualy, just didn't want to show it on github directly.18:14
*** andreaf has joined #openstack-keystone18:17
marekdmorganfainberg: dolphm dstanek: websso in django: https://review.openstack.org/#/c/106131/18:18
*** tkelsey has quit IRC18:19
marekddstanek: another one, with already one +2 earned: https://review.openstack.org/#/c/83829/18:24
*** vhoward has left #openstack-keystone18:25
*** andreaf has quit IRC18:31
*** marcoemorais has quit IRC18:32
*** marcoemorais has joined #openstack-keystone18:33
*** bknudson has joined #openstack-keystone18:33
*** marcoemorais has quit IRC18:33
*** marcoemorais has joined #openstack-keystone18:33
*** marcoemorais has quit IRC18:34
*** marcoemorais has joined #openstack-keystone18:34
*** bknudson has quit IRC18:37
*** lbragstad_ has joined #openstack-keystone18:37
*** gabriel-bezerra has quit IRC18:41
*** topol has joined #openstack-keystone18:49
*** marcoemorais has quit IRC18:51
marekdjoesavak: are you happy with multiple public keys tied to an IdP?18:53
*** gabriel-bezerra has joined #openstack-keystone18:53
joesavakmarekd2 - sure - but just 2 should be enough from an implementor standpoint to enable them to rotate keys18:54
*** bknudson has joined #openstack-keystone18:56
stevemarjoesavak, marekd you are 1 person apart18:56
stevemarsome jerk is in between18:56
joesavakstevemar - move!18:56
joesavak;)18:56
stevemarmarekd, how is https://review.openstack.org/#/c/83829/ not in yet :(18:57
marekddstanek: (kitten eyes) https://review.openstack.org/#/c/83829/ ? :-)18:58
stevemarmarekd, ref: http://imgur.com/LOeGj?tags18:58
marekdstevemar: ++18:58
*** marcoemorais has joined #openstack-keystone18:59
*** arosen has joined #openstack-keystone19:04
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Avoid loading a ref to delete the ref  https://review.openstack.org/10614019:13
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Avoid loading a ref from SQL to delete the ref  https://review.openstack.org/10614019:15
*** lbragstad_ is now known as lbragstad19:16
*** lbragstad has quit IRC19:18
*** lbragstad has joined #openstack-keystone19:18
*** chandankumar has quit IRC19:25
*** thedodd has quit IRC19:29
*** thedodd has joined #openstack-keystone19:32
*** zhiyan_ is now known as zhiyan19:52
*** daneyon has quit IRC19:55
*** marcoemorais has quit IRC20:03
*** bknudson has quit IRC20:04
*** bknudson has joined #openstack-keystone20:06
*** marcoemorais has joined #openstack-keystone20:09
*** sacharya has quit IRC20:15
*** diegows has joined #openstack-keystone20:16
*** bknudson has quit IRC20:17
openstackgerritA change was merged to openstack/keystone: Correct the region table to be InnoDB and UTF8  https://review.openstack.org/10296420:19
openstackgerritA change was merged to openstack/keystone: Make OS-FEDERATION core.Driver methods abstract  https://review.openstack.org/10485120:19
*** bobt has joined #openstack-keystone20:22
*** bknudson has joined #openstack-keystone20:26
openstackgerritA change was merged to openstack/keystone: HEAD responses should return same status as GET  https://review.openstack.org/10402620:27
*** bknudson has quit IRC20:30
*** fpatwa has quit IRC20:45
*** bknudson has joined #openstack-keystone20:47
*** dims has quit IRC20:49
*** dims has joined #openstack-keystone20:50
*** sacharya has joined #openstack-keystone20:54
*** andreaf has joined #openstack-keystone20:54
*** harlowja is now known as harlowja_away21:01
*** harlowja_away is now known as harlowja21:08
openstackgerrithenry-nash proposed a change to openstack/keystone: multi-backend support for identity  https://review.openstack.org/7421421:08
*** Chicago has joined #openstack-keystone21:11
*** radez is now known as radez_g0n321:13
*** zhiyan is now known as zhiyan_21:26
*** fpatwa has joined #openstack-keystone21:27
*** marcoemorais has quit IRC21:32
*** marcoemorais has joined #openstack-keystone21:32
*** marcoemorais has quit IRC21:33
*** marcoemorais has joined #openstack-keystone21:33
*** marcoemorais has quit IRC21:34
*** marcoemorais has joined #openstack-keystone21:34
openstackgerritHarry Rybacki proposed a change to openstack/keystone: Update setup docs with Fedora 20 dependencies  https://review.openstack.org/10617621:36
*** jamielennox|away is now known as jamielennox21:36
hrybackijamielennox: https://review.openstack.org/#/c/105031/ :)21:37
*** dims_ has joined #openstack-keystone21:41
*** dims has quit IRC21:43
morganfainbergsooooo https://review.openstack.org/#/c/100747/21:46
morganfainberggating!21:46
hrybackimorganfainberg++21:46
*** marcoemorais has quit IRC21:47
hrybackimorganfainberg: so this means that middleware will actually be part of the CI tests?21:47
morganfainbergno this means apache deployed keystone is the default21:47
hrybackioh whoops, wrong devstack patch21:47
morganfainbergfor devstack and gate21:47
morganfainberg:)21:47
*** david-lyle has quit IRC21:49
*** marcoemorais has joined #openstack-keystone21:54
*** marcoemorais has quit IRC21:55
*** marcoemorais1 has joined #openstack-keystone21:55
boris-42morganfainberg nice21:57
*** marcoemorais1 has quit IRC22:04
*** marcoemorais has joined #openstack-keystone22:04
*** ayoung has joined #openstack-keystone22:04
*** fpatwa has quit IRC22:04
*** ayoung has quit IRC22:04
*** marcoemorais has quit IRC22:12
*** lbragstad has quit IRC22:12
*** lbragstad has joined #openstack-keystone22:13
*** med_ has joined #openstack-keystone22:14
*** marcoemorais has joined #openstack-keystone22:15
*** kwss has joined #openstack-keystone22:16
*** marcoemorais has quit IRC22:17
*** marcoemorais has joined #openstack-keystone22:18
marekdjoesavak: added you as a reviewer for "Implement Service Providers API for OS-FEDERATION" code. (needs to be extended with attributes we really need)22:22
joesavakokie dokie22:22
*** bknudson has quit IRC22:23
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Add CRUD operations for Federated Protocols.  https://review.openstack.org/8382922:23
stevemardstanek, updated https://review.openstack.org/#/c/83829/22:23
*** oomichi has joined #openstack-keystone22:24
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Add keystonemiddleware to requirements  https://review.openstack.org/10618822:25
*** david-lyle has joined #openstack-keystone22:26
*** marcoemorais has quit IRC22:29
*** andreaf has quit IRC22:32
*** richm has quit IRC22:32
*** rwsu has quit IRC22:32
*** redrobot has quit IRC22:32
*** dstanek has quit IRC22:32
*** therve has quit IRC22:32
*** kwss has quit IRC22:32
*** gabriel-bezerra has quit IRC22:32
*** zigo has quit IRC22:32
*** thedodd has quit IRC22:32
*** gyee has quit IRC22:32
*** mberlin1 has quit IRC22:32
*** bobt has quit IRC22:32
*** uvirtbot has quit IRC22:32
*** dims_ has quit IRC22:32
*** hrybacki has quit IRC22:32
*** afaranha has quit IRC22:33
*** huats has quit IRC22:33
*** Chicago has quit IRC22:33
*** diegows has quit IRC22:33
*** arosen has quit IRC22:33
*** tellesnobrega has quit IRC22:33
*** chmouel has quit IRC22:33
*** ByteSore has quit IRC22:33
*** csd has quit IRC22:33
*** anteaya has quit IRC22:33
*** topol has quit IRC22:33
*** miqui has quit IRC22:33
*** dvorak has quit IRC22:33
*** jamielennox has quit IRC22:33
*** jraim has quit IRC22:33
*** jimbaker has quit IRC22:33
*** mitz_ has quit IRC22:33
*** designated has quit IRC22:33
*** zhiyan_ has quit IRC22:33
*** ciypro|afk has quit IRC22:33
*** sacharya has quit IRC22:33
*** harlowja has quit IRC22:33
*** openstackgerrit has quit IRC22:33
*** mat-lowery has quit IRC22:33
*** samuelmz has quit IRC22:33
*** elmiko has quit IRC22:33
*** mfisch has quit IRC22:33
*** baffle_ has quit IRC22:33
*** ekarlso has quit IRC22:33
*** gmurphy has quit IRC22:33
*** morganfainberg has quit IRC22:33
*** boris-42 has quit IRC22:33
*** david-lyle has quit IRC22:33
*** oomichi has quit IRC22:33
*** lbragstad has quit IRC22:33
*** x1b2j has quit IRC22:33
*** rodrigods has quit IRC22:33
*** dtroyer has quit IRC22:33
*** serverascode has quit IRC22:33
*** Daviey has quit IRC22:33
*** vishy has quit IRC22:33
*** d34dh0r53 has quit IRC22:33
*** esmute has quit IRC22:33
*** tziOm has quit IRC22:33
*** d0ugal has quit IRC22:33
*** jkappert has quit IRC22:33
*** dhellmann has quit IRC22:33
*** med_ has quit IRC22:33
*** praneshp has quit IRC22:33
*** shufflebot has quit IRC22:33
*** amerine has quit IRC22:33
*** fifieldt has quit IRC22:33
*** raildo has quit IRC22:33
*** joesavak has quit IRC22:33
*** stevemar has quit IRC22:33
*** bvandenh has quit IRC22:33
*** arunkant has quit IRC22:33
*** Ephur has quit IRC22:33
*** mgagne has quit IRC22:33
*** tristanC has quit IRC22:33
*** jdennis has quit IRC22:33
*** afazekas has quit IRC22:33
*** radez_g0n3 has quit IRC22:33
*** comstud has quit IRC22:33
*** jaosorior has quit IRC22:33
*** mhu has quit IRC22:33
*** dolphm has quit IRC22:33
*** toddnni has quit IRC22:33
*** ChanServ has quit IRC22:33
*** akscram has quit IRC22:33
*** gpocentek has quit IRC22:33
*** Meeh has quit IRC22:33
*** richm has joined #openstack-keystone22:36
*** andreaf has joined #openstack-keystone22:36
*** rwsu has joined #openstack-keystone22:36
*** therve has joined #openstack-keystone22:36
*** redrobot has joined #openstack-keystone22:36
*** doddstack has joined #openstack-keystone22:36
*** david-lyle has joined #openstack-keystone22:36
*** oomichi has joined #openstack-keystone22:36
*** kwss has joined #openstack-keystone22:36
*** med_ has joined #openstack-keystone22:36
*** lbragstad has joined #openstack-keystone22:36
*** dims_ has joined #openstack-keystone22:36
*** Chicago has joined #openstack-keystone22:36
*** sacharya has joined #openstack-keystone22:36
*** bobt has joined #openstack-keystone22:36
*** diegows has joined #openstack-keystone22:36
*** arosen has joined #openstack-keystone22:36
*** gabriel-bezerra has joined #openstack-keystone22:36
*** topol has joined #openstack-keystone22:36
*** hrybacki has joined #openstack-keystone22:36
*** joesavak has joined #openstack-keystone22:36
*** amerine has joined #openstack-keystone22:36
*** gyee has joined #openstack-keystone22:36
*** harlowja has joined #openstack-keystone22:36
*** praneshp has joined #openstack-keystone22:36
*** openstackgerrit has joined #openstack-keystone22:36
*** stevemar has joined #openstack-keystone22:36
*** jaosorior has joined #openstack-keystone22:36
*** x1b2j has joined #openstack-keystone22:36
*** zigo has joined #openstack-keystone22:36
*** bvandenh has joined #openstack-keystone22:36
*** shufflebot has joined #openstack-keystone22:36
*** mberlin1 has joined #openstack-keystone22:36
*** boris-42 has joined #openstack-keystone22:36
*** miqui has joined #openstack-keystone22:36
*** elmiko has joined #openstack-keystone22:36
*** samuelmz has joined #openstack-keystone22:36
*** raildo has joined #openstack-keystone22:36
*** rodrigods has joined #openstack-keystone22:36
*** csd has joined #openstack-keystone22:36
*** mat-lowery has joined #openstack-keystone22:36
*** dvorak has joined #openstack-keystone22:36
*** uvirtbot has joined #openstack-keystone22:36
*** anteaya has joined #openstack-keystone22:36
*** fifieldt has joined #openstack-keystone22:36
*** jamielennox has joined #openstack-keystone22:36
*** afaranha has joined #openstack-keystone22:36
*** tellesnobrega has joined #openstack-keystone22:36
*** arunkant has joined #openstack-keystone22:36
*** dtroyer has joined #openstack-keystone22:36
*** Ephur has joined #openstack-keystone22:36
*** mfisch has joined #openstack-keystone22:36
*** serverascode has joined #openstack-keystone22:36
*** mgagne has joined #openstack-keystone22:36
*** tristanC has joined #openstack-keystone22:36
*** jraim has joined #openstack-keystone22:36
*** baffle_ has joined #openstack-keystone22:36
*** huats has joined #openstack-keystone22:36
*** jdennis has joined #openstack-keystone22:36
*** jimbaker has joined #openstack-keystone22:36
*** mitz_ has joined #openstack-keystone22:36
*** ekarlso has joined #openstack-keystone22:36
*** designated has joined #openstack-keystone22:36
*** gmurphy has joined #openstack-keystone22:36
*** d34dh0r53 has joined #openstack-keystone22:36
*** afazekas has joined #openstack-keystone22:36
*** zhiyan_ has joined #openstack-keystone22:36
*** ciypro|afk has joined #openstack-keystone22:36
*** ByteSore has joined #openstack-keystone22:36
*** chmouel has joined #openstack-keystone22:36
*** Daviey has joined #openstack-keystone22:36
*** radez_g0n3 has joined #openstack-keystone22:36
*** vishy has joined #openstack-keystone22:36
*** mhu has joined #openstack-keystone22:36
*** dolphm has joined #openstack-keystone22:36
*** comstud has joined #openstack-keystone22:36
*** toddnni has joined #openstack-keystone22:36
*** tziOm has joined #openstack-keystone22:36
*** morganfainberg has joined #openstack-keystone22:36
*** esmute has joined #openstack-keystone22:36
*** d0ugal has joined #openstack-keystone22:36
*** jkappert has joined #openstack-keystone22:36
*** dhellmann has joined #openstack-keystone22:36
*** ChanServ has joined #openstack-keystone22:36
*** dickson.freenode.net sets mode: +ooo dolphm morganfainberg ChanServ22:36
*** akscram has joined #openstack-keystone22:36
*** gpocentek has joined #openstack-keystone22:36
*** Meeh has joined #openstack-keystone22:36
*** hrybacki has quit IRC22:38
*** bknudson has joined #openstack-keystone22:39
openstackgerritDolph Mathews proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo  https://review.openstack.org/10458422:43
*** kwss has quit IRC22:44
openstackgerritDolph Mathews proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo  https://review.openstack.org/10458422:46
*** andreaf has quit IRC22:46
*** gabriel-bezerra has quit IRC22:48
morganfainbergbknudson, http://logs.openstack.org/84/104584/5/check/gate-keystone-specs-docs/5ff25c6/console.html22:48
openstackgerritMorgan Fainberg proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo  https://review.openstack.org/10458422:50
openstackgerritMorgan Fainberg proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo  https://review.openstack.org/10458422:51
openstackgerritA change was merged to openstack/keystone-specs: move audit middleware to keystonemiddleware repo  https://review.openstack.org/10458422:55
marekdjamielennox: when a auth plugin exposes oslo.config param like foo-bar, when the plugin object will be insantiated the argument that's going to be passed will be foo_bar (with value specified by a user), right?22:55
jamielennoxmarekd: yep22:55
marekdjamielennox: works for me!22:56
jamielennoxit'll become --os-foo-bar, foo_bar in CONF and returned as foo_bar22:56
*** marcoemorais has joined #openstack-keystone22:56
jamielennoxthere is a dest or such variable you can set if you want to have a different display/kwargs naem22:56
*** marcoemorais has quit IRC22:57
*** marcoemorais has joined #openstack-keystone22:57
marekdjamielennox: sure22:57
*** gabriel-bezerra has joined #openstack-keystone23:00
*** david-lyle has quit IRC23:00
*** marcoemorais has quit IRC23:00
*** marcoemorais has joined #openstack-keystone23:01
*** marcoemorais has quit IRC23:01
*** marcoemorais has joined #openstack-keystone23:01
*** harlowja has quit IRC23:05
*** harlowja has joined #openstack-keystone23:05
openstackgerritDolph Mathews proposed a change to openstack/keystone-specs: Revoke tokens when deleting EC2 credential  https://review.openstack.org/10349323:05
*** joesavak has quit IRC23:06
openstackgerritA change was merged to openstack/python-keystoneclient: Direct move of the revoke model from keystone server  https://review.openstack.org/10270223:08
*** bknudson has quit IRC23:09
*** stevemar has quit IRC23:11
*** ChanServ changes topic to "July 9-11 Hackathon notes https://etherpad.openstack.org/p/keystone-juno-hackathon | Now with 100% more gate runs on Apache deployed Keystone"23:11
*** ChanServ changes topic to "July 9-11 Hackathon notes https://etherpad.openstack.org/p/keystone-juno-hackathon | Now with 100% gate and check runs on Apache deployed Keystone"23:12
*** lbragstad has quit IRC23:14
openstackgerritayoung proposed a change to openstack/python-keystoneclient: Revocation event API  https://review.openstack.org/8116623:14
*** topol has quit IRC23:15
*** morganfainberg is now known as morganfainberg_Z23:22
*** radez_g0n3 is now known as radez23:26
*** doddstack has quit IRC23:42
*** elmiko is now known as _elmiko23:43
*** richm has quit IRC23:43
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/10620823:51
*** radez is now known as radez_g0n323:51
openstackgerritOpenStack Proposal Bot proposed a change to openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/10621023:56
« Wednesday, 2014-07-09 Index Friday, 2014-07-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!