Monday, 2014-08-04

« Sunday, 2014-08-03 Index Tuesday, 2014-08-05 »
*** hrybacki has quit IRC00:01
*** henrynash has joined #openstack-keystone00:07
*** xianghuihuihui has joined #openstack-keystone00:32
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Convert shell tests to requests-mock  https://review.openstack.org/11021000:33
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Change unscoped token fallback to be session aware  https://review.openstack.org/10477100:33
*** gokrokve_ has joined #openstack-keystone00:42
*** ayoung has quit IRC00:44
*** gokrokve has quit IRC00:45
*** gokrokve_ has quit IRC00:46
*** gokrokve has joined #openstack-keystone01:12
*** gokrokve has quit IRC01:17
*** jogo has left #openstack-keystone01:21
*** gokrokve has joined #openstack-keystone01:22
*** gokrokve has quit IRC01:28
*** gokrokve has joined #openstack-keystone01:29
*** xianghuihuihui has quit IRC01:31
*** gokrokve has quit IRC01:33
*** gokrokve has joined #openstack-keystone01:35
openstackgerritA change was merged to openstack/keystone: Add pluggable range functions for token flush  https://review.openstack.org/10172601:36
*** oomichi has joined #openstack-keystone01:37
*** stevemar has joined #openstack-keystone02:01
*** xianghui has joined #openstack-keystone02:05
*** xianghui has quit IRC02:18
*** diegows has quit IRC02:18
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Isolate get_discovery function  https://review.openstack.org/10756902:22
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Allow unauthenticated discovery  https://review.openstack.org/10757002:22
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Control identity plugin reauthentication  https://review.openstack.org/10755502:22
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Use token and discovery fixture in identity tests  https://review.openstack.org/10755402:22
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Version independent password authentication plugin  https://review.openstack.org/8114702:22
*** bvandenh_ has quit IRC02:23
*** xianghui has joined #openstack-keystone02:31
*** jamielennox is now known as jamielennox|away02:35
*** shakamunyi has joined #openstack-keystone02:41
*** shakamunyi has quit IRC03:00
*** mitz_ has quit IRC03:11
*** mitz has joined #openstack-keystone03:14
*** xianghui has quit IRC03:22
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/11162003:23
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/11162103:23
*** topol has joined #openstack-keystone03:29
*** chandankumar has joined #openstack-keystone03:36
openstackgerritwanghong proposed a change to openstack/keystone: trustor_user_id not available in v2 trust token  https://review.openstack.org/10182903:40
*** xianghui has joined #openstack-keystone03:40
*** wanghong has quit IRC03:40
*** xianghui has quit IRC03:49
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Remove debug CADF payload for every authN request  https://review.openstack.org/11163403:58
*** jamielennox|away is now known as jamielennox04:00
*** xianghui has joined #openstack-keystone04:02
openstackgerritA change was merged to openstack/keystone: Update the config file  https://review.openstack.org/11116204:40
*** gabriel-bezerra has quit IRC04:41
*** gabriel-bezerra has joined #openstack-keystone04:41
*** k4n0 has joined #openstack-keystone04:54
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Remove debug CADF payload for every authN request  https://review.openstack.org/11163405:08
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Add docs for how to create an OAuth auth instance  https://review.openstack.org/10901305:14
*** jaosorior has joined #openstack-keystone05:18
openstackgerritJoe Gordon proposed a change to openstack/keystone: Don't override tox envdir for pep8 and cover jobs  https://review.openstack.org/11164405:31
*** topol has quit IRC05:42
*** stevemar has quit IRC05:43
*** stevemar has joined #openstack-keystone05:44
*** k4n0 has quit IRC05:44
*** gokrokve has quit IRC05:47
*** ajayaa has joined #openstack-keystone05:53
*** ukalifon has joined #openstack-keystone05:54
*** k4n0 has joined #openstack-keystone05:58
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/10693906:06
*** ukalifon has left #openstack-keystone06:06
ajayaaHi. When I do a git pull on my master branch rand run tox after that, it throws out garbage.06:07
ajayaaWhich means that the syntax is somewhere wrong. Has anyone faced this issue?06:08
openstackgerritJamie Lennox proposed a change to openstack/keystonemiddleware: Load session from builtin session loader  https://review.openstack.org/11165506:12
ajayaajamielennox,06:13
jamielennoxajayaa: that doesn't sound right, the master branch should be passing06:13
jamielennoxwhat tox job are you runnign06:14
ajayaajamielennox, tox -epy2706:14
ajayaaThis is the second time I am facing this issue. However If I do a hard reset to a earlier commit then it works.06:14
ajayaaI am doing something wrong, which I am not able to figure out.06:15
*** rm_work is now known as rm_work|away06:18
*** afazekas has quit IRC06:41
jamielennoxajayaa: do you have the output handy?06:41
ajayaaoutput of "tox -epy27"?06:48
ajayaajamielennox,06:48
jamielennoxajayaa: yea06:48
ajayaajust a sec06:49
ajayaajamielennox, http://paste.openstack.org/show/89938/06:50
jamielennoxhmm, that generally means an import error or something06:50
jamielennoxhave you tried removing the tox environment and running it again?06:51
ajayaado you mean delete everything under .tox?06:51
openstackgerritA change was merged to openstack/python-keystoneclient: Redact tokens in request headers  https://review.openstack.org/11011706:53
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Update CADF auditing example to show non-payload information  https://review.openstack.org/11165706:53
jamielennoxajayaa: that will work07:00
jamielennoxbut .tox/py2707:00
jamielennoxajayaa: it will just rebuild it when next you run tox07:01
*** marekd|away is now known as marekd07:01
ajayaajamielennox, That worked btw. I think I should file a bug for this. When you are running low on data or slow internet connection, this could be a blocker for development. :)07:09
jamielennoxajayaa: ok, cool - it's relatively common because tox won't automatically update your pip packages07:09
jamielennoxthere is something you can do to just update tox but i don't remember the command off the top of my head07:10
ajayaajamielennox, no problem. Thanks. :)07:11
*** rm_work|away is now known as rm_work07:11
*** stevemar has quit IRC07:11
marekdajayaa: you can try tox -repy2707:16
marekdajayaa: which will rebuild your packages, but that's sometimes not enough. That 'garbage' comes sometimes from the error in your code.07:17
marekdajayaa: bad import for instance (a typo is enough) - then the Python interpreter will not complain but simply spit out that garbage07:17
marekdsadly i don't know the good way to automatically find where is the error - i usually go through the changes and look for silly mistakes.07:18
marekdanyway, -r  == rebuild virtualenv07:18
ajayaamarekd, agree. That's the price we will have to pay for using an interpreted language, I guess.07:19
ajayaaI will try to document these things in a blog post or something, so that it gets indexed by google.07:20
marekdajayaa: i am not sure...tox is somehow screwed up at this point.07:20
marekdajayaa: make a typo in an import and run the Python code from the interpreter - it will point out there is somethinf wrong (raise ImportError)07:21
marekdajayaa: and I *always* run -pep8 test before i run py2707:21
ajayaamarekd, So it is a problem with tox then. In this particular case (git pull) pep8 passes without a problem.07:22
marekdjamielennox: Hey. You are probably half on you way home, but I wanted to ask if you could add https://review.openstack.org/#/c/107393/ and  https://review.openstack.org/#/c/106751/ yo your review queue :-)07:23
marekdajayaa: because pep8 can pass and you still might have some stupid typo07:23
marekdwhich makes py27 test produce garbage.07:23
marekd*maybe* there is a way to catch the problem with tox - I don't know it :(07:24
marekdajayaa: anyway, if you find out a solution, let me know :-)07:25
ajayaamarekd, sure. :)07:25
openstackgerritwanghong proposed a change to openstack/keystone: trustor_user_id not available in v2 trust token  https://review.openstack.org/10182907:29
*** ajayaa has quit IRC07:33
*** wanghong has joined #openstack-keystone07:35
*** afazekas has joined #openstack-keystone07:41
*** ajayaa has joined #openstack-keystone07:46
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add get_auth_plugin_name function  https://review.openstack.org/11166507:49
*** shausy has joined #openstack-keystone07:51
*** jamielennox is now known as jamielennox|away07:51
bjornaros keystone endpoint-get command supposed to work=07:58
*** henrynash has quit IRC08:40
openstackgerritAjaya Agrawal proposed a change to openstack/keystone: Implemented caching in identity layer.  https://review.openstack.org/11057508:46
*** gabriel-bezerra has quit IRC08:46
*** k4n0 has quit IRC08:46
*** gabriel-bezerra has joined #openstack-keystone08:49
*** shafeek has joined #openstack-keystone08:51
*** gabriel-bezerra has joined #openstack-keystone08:51
*** k4n0 has joined #openstack-keystone08:59
*** ajayaa has quit IRC09:02
*** ajayaa has joined #openstack-keystone09:14
*** k4n0 has quit IRC09:22
*** k4n0 has joined #openstack-keystone09:25
ajayaaHi. Openstack projects such as trove are moving to keystonemiddleware project. Shouldn't it be added to global-requirements.txt?09:52
openstackgerritJeffrey Zhang proposed a change to openstack/keystone: Redirect stdout and stderr when using subprocess  https://review.openstack.org/5161009:52
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Use metadata.create_all() to fill a test database  https://review.openstack.org/9355809:59
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063009:59
*** i159 has joined #openstack-keystone10:03
*** RockKuo_Office has joined #openstack-keystone10:08
i159bknudson1: Hi! I have a problem with pep8 tests. An error raised on the module which I didn't chenged: ""10:09
i159/keystone/tests/core.py:29:1: H302  import only modules.'from oslo.config import fixture as config_fixture' does not import a module10:09
i159from oslo.config import fixture as config_fixture10:09
i159bknudson1: Did this bug concerned you?10:11
i159bknudson1: and this is module in oslo.config, btw...10:12
*** k4n0 has quit IRC10:16
shafeekgood day10:24
shafeekany information on developing extensions for keystone10:24
shafeekI need to create an extension that will update a password on a third party system when an update is done on the user i keystone10:25
*** k4n0 has joined #openstack-keystone10:30
shafeekanyone?10:49
openstackgerritA change was merged to openstack/python-keystoneclient: Use keystoneclient.exceptions  https://review.openstack.org/10867510:56
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/11162010:59
openstackgerritJuan Antonio Osorio Robles proposed a change to openstack/keystone: Enable filtering of services by name  https://review.openstack.org/11090411:04
openstackgerritJuan Antonio Osorio Robles proposed a change to openstack/keystone: Filter users by email  https://review.openstack.org/11097011:04
*** RockKuo_Office has quit IRC11:16
*** dhellmann_ has quit IRC11:42
*** dhellmann has joined #openstack-keystone11:42
*** diegows has joined #openstack-keystone11:43
*** shafeek is now known as keystone_noob12:08
*** rharwood_ has joined #openstack-keystone12:11
*** raildo1 has joined #openstack-keystone12:13
*** jimbaker` has joined #openstack-keystone12:14
*** ajayaa has quit IRC12:16
*** nkinder has joined #openstack-keystone12:17
*** xianghui has quit IRC12:19
*** jimbaker has quit IRC12:19
*** raildo has quit IRC12:19
*** rharwood has quit IRC12:19
*** rharwood_ is now known as rharwood12:19
*** cjellick has joined #openstack-keystone12:22
*** cjellick has quit IRC12:24
*** cjellick has joined #openstack-keystone12:24
*** xianghui has joined #openstack-keystone12:26
*** ajayaa has joined #openstack-keystone12:26
keystone_noobhi12:28
keystone_noobim in the process of creating an extension to keystone12:29
keystone_noobwhat this will do is update a third party system when a user changes hi sor her user details on keystone12:29
keystone_noobi'm reading the the docs now12:29
*** gabriel-bezerra has quit IRC12:29
keystone_noobbut could anybody shed some more light on how i might go about doing this12:30
keystone_noobAny information would be greatly appreciated12:30
*** gabriel-bezerra has joined #openstack-keystone12:30
*** gordc has joined #openstack-keystone12:41
*** ajayaa has quit IRC12:45
*** gabriel-bezerra has quit IRC12:45
*** gabriel-bezerra has joined #openstack-keystone12:46
openstackgerritMatthieu Huin proposed a change to openstack/keystone: Remove unsupported command ShibRequireAll  https://review.openstack.org/11170912:48
*** cjellick_ has joined #openstack-keystone12:57
*** ajayaa has joined #openstack-keystone12:58
*** cjellick has quit IRC13:00
*** jasondotstar has joined #openstack-keystone13:01
*** k4n0 has quit IRC13:01
*** cjellick_ has quit IRC13:02
*** radez_g0n3 is now known as radez13:05
*** ajayaa has quit IRC13:05
*** samuelmz has joined #openstack-keystone13:07
*** cjellick has joined #openstack-keystone13:08
*** cjellick has quit IRC13:09
*** cjellick has joined #openstack-keystone13:09
*** henrynash has joined #openstack-keystone13:11
*** ajayaa has joined #openstack-keystone13:13
*** joesavak has joined #openstack-keystone13:15
*** henrynash has quit IRC13:18
*** bknudson1 has quit IRC13:19
marekdmhu: Thanks for the patch. Did you check if removig ShibRequireAll is backwards compatible (w/ apache 2.2)?13:23
openstackgerritA change was merged to openstack/keystone: Catch correct oslo.db exception  https://review.openstack.org/10893513:26
*** ukalifon3 has joined #openstack-keystone13:27
*** ukalifon has joined #openstack-keystone13:30
*** topol has joined #openstack-keystone13:31
*** chandankumar has quit IRC13:31
*** ukalifon3 has quit IRC13:32
*** chandankumar has joined #openstack-keystone13:33
mhumarekd, if you remove it when using apache 2.2, you'd get the default behavior of granting access if any rule for any module is verified13:36
mhuif you have only mod_shib up, like I assume it should be in most keystone setups, I don't think it is a problem13:37
*** oomichi has quit IRC13:40
mhumarekd, I am actually digging into the doc and I am encountering a problem to set up federation. When trying to access https://sp-test:5000/v3/OS-FEDERATION/identity_providers/testIdP/protocols/saml2/auth for a token, I get the redirection to the IdP login page alright, but then I am sent back to https://sp-test:5000/Shibboleth.sso/SAML/POST which ends up being somehow interpreted as a keystone url ( 'PATH_TRANSLATED': '/var/www/keystone/main/Shi13:41
mhubboleth.sso/SAML2/POST' ). Have you ever met this problem ?13:41
dstanekdolphm: the cover fix broke pip?13:43
mhuI have a hunch it's a problem with the vhost config, some conflict between the <Location /Shibboleth.sso> directive and "WSGIScriptAlias / /var/www/keystone/main"13:43
marekdmhu: sorry, i am back.13:43
marekdmhu: what client are you using?13:44
marekdmhu: if cli/keystoneclient you should not be redirected to any 'webpage'13:44
mhumarekd, for now I am just doing a GET through firefox, I haven't played with ECP yet13:44
*** shausy has quit IRC13:44
dolphmdstanek: i don't know... is there supposed to be a gate failure associated with the new bug? if so, i just haven't seen it13:45
mhuall I want is to make sure I have the shibboleth part correctly set up, for now13:45
dolphmkeystone_noob: keystone can emit notifications for things like that already (i'm not sure if we emit notifications on user event, specifically, though)13:46
marekdmhu: do you think you could share your config with me?13:46
dolphmkeystone_noob: with notifications, it'd be easier to implement a listener on rabbit/whatever to talk to your third party system13:46
marekdmhu: at least the vhost13:46
mhumarekd, sure, no prob13:46
*** gabriel-bezerra has quit IRC13:47
*** gabriel-bezerra has joined #openstack-keystone13:47
mhumarekd, here it is http://paste.openstack.org/show/89999/13:48
*** ajayaa has quit IRC13:49
*** david-lyle has joined #openstack-keystone13:49
*** ayoung has joined #openstack-keystone13:49
*** bknudson has joined #openstack-keystone13:51
openstackgerritRaildo Mascena de Sousa Filho proposed a change to openstack/identity-api: API documentation for Hierarchical Multitenancy  https://review.openstack.org/11135513:51
marekdmhu i am not sure if it matters but I would move WSGIScriptAliasMatch above the WSGIScriptAlias.13:52
mhumarekd, okay I'll give it a shot13:52
mhuI think I'll also follow the doc and default config as in here https://github.com/openstack/keystone/blob/master/httpd/wsgi-keystone.conf13:52
mhumy vhost was generated with devstack ...13:52
dstanekdolphm: it looks like infra wants us to have separate venv for every tox environment13:53
marekdmhu: i think you vhost is fine in general.13:53
dolphmdstanek: yeah, but where is the problem of having only one occurring?13:53
marekdmhu: i am curious what 'Satisfy Any' in Location means?13:54
dstanekthat's a good question - i'm trying to run throught the build scripts now13:54
marekdmhu: and why you changed it.13:55
marekdmhu: is it apache 2.4 specific ?13:55
marekdmhu: maybe that's the problem.13:55
marekdmhu: docs say to setup shib handler, so calls to host/Shibboleth.sso/* are handled by Shibboleth, not Keystone nor anything else.13:56
mhumarekd, that was in the SP doc I followed to set it up, I think it makes the shibboleth urls available from outside13:56
mhumakes sense, let me give it a try13:56
mhuahah, progress ! I replaced "Satisfy Any" and now I have a 401 error. :)13:58
marekdrollbackto Satisfy Any and add "SetHandler shib"13:58
marekdmhu: who issues this 401 - Keystone, Shibboleth?14:00
mhumarekd, keystone14:00
dstanekdolphm: http://git.openstack.org/cgit/openstack-infra/config/commit/?id=c68d022414:00
marekduhm, so add this "SetHandler shib"14:00
marekdI think this might help.14:01
mhumarekd, I did already, this is how I got the 401 error14:01
mhu"Unable to lookup user" with empty value14:01
marekddo you have REMOTE_USER in /etc/shibboleth/shibboleth2.xml ?14:02
marekd(grep for it)14:02
dolphmdstanek: so ours is *never* present now? shouldn't we be failing every change?14:02
mhumarekd, I commented it out as mentioned in the doc14:02
marekdmhu: I am just making sure as sometimes we forget... :-)14:03
dstanekdolphm: unless somehow there is already a .tox/pep814:03
marekdmhu: mapping rules?14:04
marekdmhu: maybe your rules produce empty set of groups which results in Unauthorized14:04
marekdmhu: i would change the rule so it always issues an existing group14:04
*** ajayaa has joined #openstack-keystone14:05
mhumarekd, ok, I will try a simpler ruleset. But I am puzzled by the empty user value14:05
dolphmdstanek: gating this, sort of just to see what happens https://review.openstack.org/#/c/106939/14:06
marekdmhu: there are couple of things i'd try but i don't think anymore this is vhost conf issue since you are reaching Keystone.14:11
*** gabriel-bezerra has quit IRC14:11
nkinderdolphm, dstanek: are you guys discussing the sporadic pep8 gate failures?14:11
marekdmhu: on the other things there can be many poential problems.14:12
dstaneknkinder: yes14:12
dolphmnkinder: yes14:12
nkinderdstanek: yeah, it's an odd problem (and the logs are fairly useless)14:12
*** gabriel-bezerra has joined #openstack-keystone14:12
dstaneknkinder: what's weird is that the infra scripts should fail every time14:13
mhumarekd: :/ I'll keep looking, thanks for the help, at least the situation evolved :)14:13
marekdmhu: set log level to debug in your vhost configuration14:14
marekdand see14:14
marekdthe stacktrace14:14
marekdyou should get to the line that raised the exception.14:14
*** ukalifon has quit IRC14:19
*** ajayaa has quit IRC14:20
*** jgriffith is now known as Guest7167614:23
*** ajayaa has joined #openstack-keystone14:23
*** andreaf has joined #openstack-keystone14:32
*** ukalifon1 has joined #openstack-keystone14:32
*** jdennis has quit IRC14:34
mhumarekd, I solved my problem by removing "external" as a possible auth method in /etc/keystone/keystone.conf14:51
mhuturns out a REMOTE_USER env variable was set, with a value of ''14:51
marekdmhu: LOL14:52
*** thedodd has joined #openstack-keystone14:52
marekdmhu: do you know what set the value?14:52
marekdapache maybe?14:52
mhumarekd, yeah, very smart, eh ?14:52
mhumarekd, I am going to look into this, this might be a problem others will encounter14:52
marekdmhu: well, it's safe to remove 'external' from keystone.conf but you had double checked that REMOTE_USER was not set by shibboleth..14:53
mhumarekd, yeah it's an acceptable workaround for now, but I really want to find out why REMOTE_USER was set, and with a stupid value14:55
mhuand if it cannot be circumvented, maybe this should be patched to discard empty values https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L46814:55
marekdmhu: true.14:56
*** ajayaa has quit IRC14:57
marekdmhu:  I would simply grep for REMOTE_USER in /etc/{httpd,apache} and /etc/shibboleth :-)14:57
mhumarekd, got matches in /etc/shibboleth/upgrade.xsl and /etc/shibboleth/example-shibboleth2.xml ... I don't think they're used by shibd anyway15:00
marekdmhu: it's apache 2.4?15:00
mhumarekd, yes15:00
*** gokrokve has joined #openstack-keystone15:02
keystone_noobthanks dolphm15:05
keystone_noobive figured out how to write extensions15:05
keystone_noobbut notifications would be the way to go15:05
*** KimJ has joined #openstack-keystone15:07
dolphmdstanek: can you squash the four backports here on stable/icehouse into one? https://bugs.launchpad.net/keystone/+bug/123027915:10
uvirtbotLaunchpad bug 1230279 in keystone "malformed endpoint URLs are destroying the API" [Medium,Fix released]15:10
*** keystone_noob has quit IRC15:12
dstanekdolphm: sure15:13
dolphmdstanek: do indicate in the commit message that's 4 squashed patches from master though15:14
*** jdennis has joined #openstack-keystone15:18
*** ukalifon1 has quit IRC15:23
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/11162015:29
*** chandankumar has quit IRC15:29
*** gyee has joined #openstack-keystone15:30
*** morganfainberg_Z is now known as morganfainberg15:35
morganfainbergmornin.15:36
dolphmo/15:40
*** hrybacki has joined #openstack-keystone15:43
morganfainbergbknudson, re: https://review.openstack.org/#/c/109041 I don't want to change functionality when move the code from the provider common to the provider manager.15:46
morganfainbergbknudson, the bug you pointed out i'll get fixed in the next patch. Any other cleanup I'd like to change separate of moving the code around.15:47
morganfainbergdolphm, i'm going to toss the federation domain stuff on the agenda for tomorrow.15:47
morganfainbergfederation user domain that is15:48
morganfainbergdolphm, it's a blocker for non-persistent tokens15:48
dolphmmorganfainberg: ack15:48
morganfainbergdolphm, solving it one way or the other needs tohappen (ignore user domain or add a domain to that section) - i don't care which :)15:48
dolphmmorganfainberg: this is just a matter of auth_token populating the X_USER_DOMAIN_ID X_USER_DOMAIN_NAME headers, right?15:49
morganfainbergdolphm, and revocation events look for the domain for the user15:49
morganfainbergdolphm, and i'm not sure what else might be *yet*. at least those two are the starting point15:50
morganfainbergdolphm, my bigger concern is we have special cased a token format for federated users.15:50
morganfainbergdolphm, so we have v2, v3, v3.federated now (maybe more variations?)15:51
*** rwsu has joined #openstack-keystone15:51
dolphmmorganfainberg: is there a list of potential solutions somewhere we can discuss the merits of?15:52
morganfainbergdolphm, i think the theree solutions are in the review: 1) IdpID == domain_id for federated users, 2) "reserved" federated domain, like default, 3) fix auth_token/other code15:53
morganfainbergdolphm, i'll add those to the agenda as bullet points15:54
hrybackimorganfainberg: I hope this isn't a silly question. I'm not sure how to raise an Unauthorized exception via tests to trigger line 1169 on https://review.openstack.org/#/c/105031/14/keystonemiddleware/auth_token.py -- I've tried a couple of things but haven't had much luck. Any pointers?15:57
morganfainberghrybacki, it's not a silly question, even without reading it15:57
hrybacki:)15:58
morganfainberghrybacki, it'll involve i think httpretty15:58
morganfainberghrybacki, or mock-requests.15:58
morganfainberghrybacki, jamielennox|away is likely the best resource on that.15:58
*** gabriel-bezerra has quit IRC15:58
hrybackimorganfainberg: nods -- I set up a mock URI but I couldn't figure out what kind of token to pass that wouldn't get caught by _is _token_valid (or whatever)15:58
morganfainberghrybacki, a uuid token15:59
hrybackiokay15:59
morganfainberghrybacki, or at least uuid token should be the test case for the verify_token retry=falst (i assume thats what you're trying to write a test for)15:59
hrybackialso for more general knowledge, how the exceptions are triggered aren't exaclty clear via readinh through middlewares exceptions or the common api exceptions16:00
*** gabriel-bezerra has joined #openstack-keystone16:00
hrybackimorganfainberg: yep16:00
morganfainberghrybacki, middleware has some ick in it16:00
hrybackimorganfainberg: I need a shot of 'more hours in the day' along with one for 'more keystone knowledge' so I can resolve that sort of ick16:01
morganfainberghrybacki, the second part will come, I'm sure!16:01
morganfainberghrybacki, i'd recommend lots and lots of coffee for the former, but... uhm.16:01
*** openstackgerrit has quit IRC16:01
*** openstackgerrit_ has joined #openstack-keystone16:02
morganfainberghrybacki, i just got yelled at for that, and am down to 1 medium coffee a day (no other caffiene)16:02
hrybackimorganfainberg: uhm16:02
hrybackimorganfainberg: couldn't do that16:02
hrybackimorganfainberg: so my sympathies =/16:02
*** openstackgerrit_ is now known as openstackgerrit16:03
dstanekdolphm: squashed16:04
dolphmhrybacki: try chugging green tea; it's got less caffeine but comes with bonus chemicals to compensate16:04
dolphmdstanek: danke16:04
hrybackidolphm: any recommended brands?16:05
dolphmhrybacki: Stash16:05
morganfainberghrybacki, kilogram16:05
morganfainberghrybacki, *great* tea. Stash is good and more available16:05
hrybackiI'll look into those. I love a good grean tea / earl grey16:06
dstaneki buy stash from amazon every once in a while16:06
dolphmhrybacki: http://www.amazon.com/dp/B003D4F2US/ yep!16:06
dolphmhrybacki: it's not as fussy as loose leaf and stash is definitely better than anything i've had from my grocery store16:07
morganfainbergdstanek, last time i bought stash from amazon, i accidently got the ~20pack of boxes16:08
morganfainbergdstanek, or they accidently shipped me the 20-pack of boxes16:08
*** gabriel-bezerra has quit IRC16:09
morganfainbergdstanek, I *STILL* have mint tea16:09
hrybackidolphm++ :)16:09
*** gabriel-bezerra has joined #openstack-keystone16:09
*** hyakuhei has joined #openstack-keystone16:09
dstanekwow, that would last a long, long time for me16:09
dolphmmorganfainberg: i've had that happen with amazon. you order quantity=1 and then send you palettes=1 or whatever16:10
dolphmi got a ton of steak knives that way16:10
morganfainbergdolphm, not complaining most of the time16:10
morganfainbergdolphm, hahah steak knives?! hahahahahah16:10
dolphmeveryone got steak knives for christmas *shrug*16:10
morganfainbergreally..16:14
morganfainbergoh *phew* thought i lost all my scrollback16:14
*** gokrokve has quit IRC16:26
*** chandankumar has joined #openstack-keystone16:29
*** i159 has quit IRC16:30
*** henrynash has joined #openstack-keystone16:31
dolphmlbragstad: lance, can you put up a backport to icehouse for https://bugs.launchpad.net/ossa/+bug/134882016:31
uvirtbotLaunchpad bug 1348820 in ossa "Token issued_at time changes on /v3/auth/token GET requests" [High,Confirmed]16:31
dolphmbknudson: same to you for https://bugs.launchpad.net/ossa/+bug/1349597 and https://bugs.launchpad.net/ossa/+bug/134796116:32
uvirtbotLaunchpad bug 1349597 in keystone "Domain-scoped tokens don't get revoked" [High,In progress]16:32
dolphmdanke :D16:32
*** vhoward has left #openstack-keystone16:32
dolphmalthough i guess that last one hasn't landed yet16:32
lbragstaddolphm: sure thing16:34
lbragstadhttps://bugs.launchpad.net/ossa/+bug/1348820 needs both https://review.openstack.org/#/c/109602/3 and https://review.openstack.org/#/c/109747/16:35
uvirtbotLaunchpad bug 1348820 in ossa "Token issued_at time changes on /v3/auth/token GET requests" [High,Confirmed]16:35
dolphmlbragstad: squash those into a single patch for stable/16:37
lbragstadok16:37
openstackgerritMarek Denis proposed a change to openstack/python-keystoneclient: SAML2 federated authentication for ADFS.  https://review.openstack.org/11177116:38
openstackgerritayoung proposed a change to openstack/python-keystoneclient: Enumerate Projects with Unscoped Tokens  https://review.openstack.org/10683816:41
lbragstaddolphm: bknudson https://review.openstack.org/#/c/111772/16:45
bknudsondolphm: I don't know that it's worth it to take the revocation event fixes in piecemeal for the backport.16:45
bknudsonprobably should just take all of them through the mysql fix16:46
ayoungbknudson, are you going to apply them to the client, or are we going to have to go through the whole series a second time?16:46
bknudsonayoung: I'll also apply them to the client16:46
bknudsonI don't think all of them apply to the client16:47
ayoungbknudson, thanks16:47
ayoungbknudson, can you get https://review.openstack.org/#/c/81166/  in before you make them?16:47
bknudsonayoung: I'll base them on top of that16:48
ayoungbknudson, can you approve the patch?16:48
ayoungor, short of that, take ownership of it?16:48
*** richm has joined #openstack-keystone16:49
bknudsonok, I'll take a look at it.16:49
ayoungbknudson, thanks.  This whole effort is meaningless unless we set up auth_token middleware to consume the revocation events16:50
*** afazekas has quit IRC16:51
bknudsonsure, and we need revocation events to work16:51
ayoungyep16:52
amerine_I'm lost, I thought there was a way for someone with the "admin" role to get get a token with another project/tentants context.16:54
*** amerine_ is now known as ameirne16:54
*** ameirne is now known as amerine16:54
ayoungbknudson, its frustrating that it is split across three repos.  To be honest, the python rule that things need to be in separate repos to be separate packages is damaging to security concerns.16:54
ayoungamerine, only if they have a role assignment on that other project16:55
amerineayoung: Yeah, that's what I'm doing now. I just remembered wrong I guess. :-(16:55
bknudsonit's going to be hard to keep track of and require extra work to keep requirements up to date16:55
ayoung right now there is no restriction on token-for-token exchanges  for the same user16:55
ayoungbknudson, ++16:55
ayoungbknudson, its pretty much the norm for native servers to to ship  server, common, and client, all out of one code base.16:56
ayoungI know the databases all have to do that.16:56
*** ajayaa has joined #openstack-keystone16:57
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove `with_lockmode` use from Trust SQL backend.  https://review.openstack.org/9705916:59
*** henrynash has quit IRC17:01
*** gokrokve has joined #openstack-keystone17:02
ajayaamorganfainberg, ayoung, dolphm https://review.openstack.org/#/c/110575/17:12
ajayaaplease approve it.17:12
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Make token_provider_api contain token persistence  https://review.openstack.org/10904117:29
*** shakamunyi has joined #openstack-keystone17:30
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not override venvs  https://review.openstack.org/11178117:39
*** david-lyle has quit IRC17:41
*** david-lyle has joined #openstack-keystone17:42
*** david-lyle has quit IRC17:46
*** marcoemorais has joined #openstack-keystone17:49
*** jimbaker` has quit IRC17:57
*** jimbaker has joined #openstack-keystone18:01
*** jimbaker has quit IRC18:01
*** jimbaker has joined #openstack-keystone18:01
*** abhishek has joined #openstack-keystone18:07
abhishekhi all, can any one please review this patch, https://review.openstack.org/#/c/107482/18:08
abhishekthank you18:08
*** browne has joined #openstack-keystone18:12
*** gabriel-bezerra has quit IRC18:14
browneso i notice in the default policy.json, there is a rule for a service role.  and it appears glance at least is assigned service role to the service project.  any reason the other service users are not also using the service role?18:15
ayoungmorganfainberg, are you waiting on someone else to review https://review.openstack.org/#/c/105031/14  ?18:25
ayoungI'm willing to pull the trigger, but you only +1ed.18:26
morganfainbergayoung, the +1 was related to my comment18:27
morganfainberglacking a test18:27
morganfainbergayoung, i've been talking with hrybacki since then, but initially it was "we need this and it can be a follow-on, but we need it"18:27
*** amcrn has joined #openstack-keystone18:28
morganfainbergayoung, i'll double check there wasn't anything else post lunch and move it through unless i think it needs another pair of eyes.18:28
ayoungmorganfainberg, but you gave a +1 to the review itself18:28
ayoungnot a +218:28
morganfainbergayoung, correct, because it was missing the test.18:28
morganfainbergayoung, and i didn't know if hrybacki wanted to put it in *that* review or as a followon18:29
ayoungmorganfainberg, so if he submits it with the test you will upgrade to a +218:29
morganfainbergayoung, post lunch, based on my convos w/ him, i'll look it over and go to +2 even without the patch18:29
ayoungcool18:29
* ayoung heads out18:29
*** ayoung has quit IRC18:29
*** abhishek has quit IRC18:35
*** chandankumar has quit IRC18:42
*** ajayaa has quit IRC18:58
hrybackimorganfainberg, ayoung: I've emailed jamie -- I'll submit a follow up in whichever way he recommends based on my message19:08
morganfainberghrybacki, ++ i'm off to lunch, as i told ayoung i'll review and upgrade ot +2 once i'm back19:09
hrybackimorganfainberg++ enjoy lunch!19:09
morganfainbergbrring anything else major (don't think there is anything elsE)19:09
hrybackishouldn't be unless you spot another snafu19:09
dolphmmorganfainberg: did the bot ever wake up on keystonemiddleware project?19:17
morganfainbergdolphm, yeah it should be now19:17
morganfainbergdolphm, it was a bug in config grouping it to keystone in lp19:17
morganfainbergdolphm, that has been changed19:18
dolphmmorganfainberg: yay! i also wanted to make a release this week19:18
dolphmlike, now, maybe19:18
morganfainbergdolphm, do we want to get hrybacki 's session change in?19:18
dolphmmorganfainberg: yes, but i don't want to wait either :P19:18
lbragstaddstanek: ping, do you know if the tests import the module, run all the tests, and then move on? I'm trying something with the try_import method in o-i but it's not patching properly19:18
morganfainbergdolphm, well i can press go on hrybacki 's now.19:19
dolphmmorganfainberg: link?19:19
morganfainberghttps://review.openstack.org/#/c/105031/1419:19
morganfainbergdolphm, i ws going to review post lunch19:19
morganfainbergit's missing a test but he's working with jamielennox|away to do it the correct way19:19
hrybackimorganfainberg++19:19
dstaneklbragstad: yes, i believe that is what happens; after the list of tests is generated19:20
morganfainbergso it can go in as is and i trust hrybacki and jamielennox|away to get a followup test19:20
morganfainbergdolphm, i just haven't looked at it since last week so i don't want to blindly +2 w/o checking again, but gyee  and ayoung +2'd already19:20
morganfainbergdolphm, it hasn't changed otherwise since the patch with the retrty bug19:21
lbragstaddstanek: ok, so in that case, I should have to re import the module under test19:21
dolphmmorganfainberg: i think i'd rather wait for 1.2 for this19:21
morganfainbergdolphm, works for me19:21
lbragstadin order for my patch to properly work?19:22
dolphmmorganfainberg: only because we'd be shipping two highly impactful changes at once19:22
dstaneklbragstad: why do that? are you trying to implement dolphm's suggestion?19:22
lbragstadyes19:22
morganfainbergdolphm, ++ no complaints with the logic :)19:22
morganfainbergdolphm, i need to get to lunch now. but be back shortly19:22
hrybackiwhen is the 1.2 ?19:23
lbragstadI want to make sure that when the import bombs, we handle the case19:23
dolphmmorganfainberg: i'll go ahead and cut 1.1 now, and then this can go in whenever19:23
dstaneklbragstad: then you don't need to import it - you can set the module variable to something and test19:23
*** packet has joined #openstack-keystone19:23
dolphmhrybacki: whenever we feel appropriate19:23
*** henrynash has joined #openstack-keystone19:24
lbragstaddstanek: I'm wrapping my test with @mock.patch('keystone.common.serializer.importutils', return_value=None)19:24
dstaneklbragstad: i don't think you event have to mock it - you can just update the module level variable right?19:26
dstaneklbragstad: something like set serializer.lxml to None and make sure you get the correct behavior19:27
lbragstaddstanek: ok, let me try that quick and see what happens19:28
lbragstaddstanek: btw, this is what I have so far: http://pasteraw.com/m85le312cg731mafzelartl8tj48wv819:28
morganfainbergdolphm, do you want to mark https://bugs.launchpad.net/keystone/havana/+bug/1335046 as wont fix? or are we actually going to fix before we eol Havana?19:28
uvirtbotLaunchpad bug 1335046 in keystone/havana "project_additional_attribute_mapping not loaded on Havana" [Low,Triaged]19:28
nkinderdstanek: is there a recheck bug for that pep8 gate failure?19:29
morganfainbergdolphm, only asking because of the security-support whatever that ends up meaning19:29
morganfainbergnkinder, 1352134 the pip one where pip doesn't exist?19:29
dolphmbknudson: am i blind, or is there not a patch with Closes-Bug for https://bugs.launchpad.net/ossa/+bug/134959719:29
morganfainbergbug 135213419:29
uvirtbotLaunchpad bug 1349597 in keystone "Domain-scoped tokens don't get revoked" [High,In progress]19:29
uvirtbotLaunchpad bug 1352134 in keystone "/bin/pip: No such file or directory in pep8 and cover jobs" [Undecided,In progress] https://launchpad.net/bugs/135213419:29
nkindermorganfainberg: that'd be the one19:29
morganfainbergnkinder, and the fix is gating19:29
bknudsondolphm: it should have been this one: https://review.openstack.org/#/c/109820/19:30
morganfainbergnkinder, https://review.openstack.org/#/c/111644/ if you want to keep your eye on it19:31
bknudsonI might have forgotten to change Partial-Bug to Closes-Bug when I opened a new bug...19:31
bknudsonyep, https://review.openstack.org/#/c/109820/2..3//COMMIT_MSG19:31
dstanekmorganfainberg: i still don't understand how this can be transient...i thought that we always built with a clean environment19:31
nkindermorganfainberg: awesome19:31
morganfainbergdstanek, some nodes have pep8 built (venv wise) some dont19:32
morganfainbergdstanek, if it isn't built, you don't get the output and it fails, if it is built, we get some bogus pip-freeze19:32
dolphmbknudson: thanks! i thought there was a patch last week lol19:32
dstanekmorganfainberg: how would .tox/pep8/bin exist? is infra manually making that venv?19:33
*** chandankumar has joined #openstack-keystone19:33
morganfainbergdstanek, we re-use pep8 nodes19:33
morganfainbergdstanek, they aren't tempest nodes.19:33
morganfainbergdstanek, or something like that19:34
dstanekmorganfainberg: ah, i was under the impression that we always started with a clean directory19:34
*** topol has quit IRC19:34
morganfainbergdstanek, i *think* pep8 and a few others are reused19:34
morganfainbergdstanek, or they're re-used in some cases *shrug*19:34
*** radez is now known as radez_g0n319:35
*** henrynash_ has joined #openstack-keystone19:37
openstackgerritLance Bragstad proposed a change to openstack/keystone: Refactor serializer import to XmlBodyMiddleware  https://review.openstack.org/11110819:38
*** henrynash has quit IRC19:39
*** henrynash_ is now known as henrynash19:39
openstackgerrithenry-nash proposed a change to openstack/keystone-specs: Endpoint policy extension  https://review.openstack.org/9984219:40
henrynashanyone know how I can change the owner of a patch (e.g. a spec)…i.e. if I am taking it over?19:42
openstackgerritLance Bragstad proposed a change to openstack/keystone: Refactor serializer import to XmlBodyMiddleware  https://review.openstack.org/11110819:42
dolphmhenrynash: git commit --amend --author="Henry Nash <henry@ibm>"19:43
henrynashdolphm: nice, thanks19:43
dolphmhenrynash: assuming you mean commit Author, not review owner (which is immutable without opening a new review)19:43
dolphmmorganfainberg: hrybacki: 1.1 is out https://pypi.python.org/pypi/keystonemiddleware19:44
dolphmhopefully the gate doesn't fall apart now19:44
henrynashdolphm: the “Owner” that shows in the Gerrit review page was waht I was after…maybe that’s the immuatble one?19:44
hrybackidolphm++ thanks for the heads up :)19:44
morganfainberghenrynash, owner can't be changed iirc19:45
morganfainberghenrynash, but author and committer can19:45
dolphmhenrynash: that's the immutable one - that's just whoever opened the review originally, and it doesn't affect anything too useful19:45
henrynashmorganfainberg, dolphm: thanks…19:45
*** ayoung has joined #openstack-keystone19:47
openstackgerrithenry-nash proposed a change to openstack/keystone-specs: Endpoint policy extension  https://review.openstack.org/9984219:49
*** packet has quit IRC20:09
*** henrynash has quit IRC20:12
openstackgerritDolph Mathews proposed a change to openstack/identity-api: add name filter on list services  https://review.openstack.org/11181820:27
*** packet has joined #openstack-keystone20:28
*** marcoemorais has quit IRC20:34
*** chandankumar has quit IRC20:34
*** marcoemorais has joined #openstack-keystone20:35
*** notstevemar has joined #openstack-keystone20:37
*** andreaf has quit IRC20:40
*** henrynash has joined #openstack-keystone20:42
*** andreaf has joined #openstack-keystone20:43
*** dolphm is now known as notdolphm20:50
*** jsavak has joined #openstack-keystone21:00
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Add docs for how to create an OAuth auth instance  https://review.openstack.org/10901321:01
openstackgerritA change was merged to openstack/keystone: Don't override tox envdir for pep8 and cover jobs  https://review.openstack.org/11164421:02
openstackgerritMatthieu Huin proposed a change to openstack/keystone: Improve instructions about federation  https://review.openstack.org/11170921:03
*** joesavak has quit IRC21:03
openstackgerritA change was merged to openstack/keystone: Fix revoking domain-scoped tokens  https://review.openstack.org/10982021:06
*** fifieldt has quit IRC21:07
*** jasondotstar has quit IRC21:08
notdolphmbknudson: yay ^^21:10
bknudsonnotdolphm: y, didn't have to rebase on 11164421:11
openstackgerritA change was merged to openstack/keystone: Do not override venvs  https://review.openstack.org/11178121:12
bknudsonI wonder where https://review.openstack.org/#/c/109125/ is now...21:13
openstackgerritA change was merged to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/10693921:13
bknudsonI'll just recheck no bug it.21:14
bknudsonnotdolphm: or would it be safer to rebase?21:14
notdolphmbknudson: i haven't seen it all day. rebase so it starts fresh21:15
bknudsonok, I'll rebase.21:15
notdolphmbknudson: it'll have all the tox fixes that way too :)21:15
bknudsony, that's what I was hoping to avoid the pip fail21:15
notdolphmi guess it'll be tested with those either way. don't mind me!21:16
bknudsonoh, really?21:16
bknudsonI suppose it merges21:16
notstevemarlbragstad, gyee notdolphm morganfainberg bknudson a request to think of a structure for notifications for role_assignemts? https://etherpad.openstack.org/p/notifications-for-role-assignments21:16
*** notdolphm is now known as dolphm21:16
*** fifieldt has joined #openstack-keystone21:22
openstackgerritNathan Kinder proposed a change to openstack/keystone: Allow LDAP lock attributes to be used as enable attributes  https://review.openstack.org/10440821:22
*** afazekas has joined #openstack-keystone21:23
*** hrybacki_ has joined #openstack-keystone21:23
notstevemarupdated the etherpad...21:26
*** hrybacki has quit IRC21:27
*** hrybacki_ has quit IRC21:28
bknudsondo we need the tox.ini change back in stable/icehouse, too?21:29
bknudson(looks like it21:29
*** notstevemar has quit IRC21:31
*** ByteSore has quit IRC21:34
*** jkappert has quit IRC21:36
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove `with_lockmode` use from Trust SQL backend.  https://review.openstack.org/9705921:37
openstackgerritRodrigo Duarte proposed a change to openstack/keystone: Add parent_project_id field  https://review.openstack.org/11184021:39
openstackgerritRodrigo Duarte proposed a change to openstack/keystone: Base methods to handle hierarchical projects  https://review.openstack.org/11184121:39
openstackgerritRodrigo Duarte proposed a change to openstack/keystone: Create, update and delete hierarchical projects  https://review.openstack.org/11184221:39
bknudsonhttps://review.openstack.org/111845 is the backport21:42
*** henrynash has quit IRC21:46
*** packet has quit IRC21:49
*** dhellmann is now known as dhellmann_21:53
*** jsavak has quit IRC21:56
dolphmbknudson: yes! thanks21:59
openstackgerritMorgan Fainberg proposed a change to openstack/python-keystoneclient: Mark the keystoneclient s3_token middleware deprecated  https://review.openstack.org/11184722:04
*** cjellick_ has joined #openstack-keystone22:08
*** cjellick has quit IRC22:12
*** cjellick_ has quit IRC22:13
*** bknudson has quit IRC22:21
*** ByteSore has joined #openstack-keystone22:35
*** jkappert has joined #openstack-keystone22:35
*** thedodd has quit IRC22:42
*** morganfainberg is now known as morganfainberg_Z22:44
*** bknudson has joined #openstack-keystone22:49
*** gokrokve has quit IRC22:55
*** gokrokve has joined #openstack-keystone22:56
*** KimJ has quit IRC22:57
dstaneklbragstad: you around?22:59
openstackgerritA change was merged to openstack/keystone: Remove debug CADF payload for every authN request  https://review.openstack.org/11163423:01
*** gordc has quit IRC23:04
*** david-lyle has joined #openstack-keystone23:11
*** jaosorior has quit IRC23:12
openstackgerritA change was merged to openstack/keystone: Add a test for revoking a scoped token from an unscoped  https://review.openstack.org/10912523:14
*** rwsu has quit IRC23:19
*** marcoemorais has quit IRC23:33
*** marcoemorais1 has joined #openstack-keystone23:33
nkinderbknudson: thanks for re-reviewing my trusts unit test patch!23:34
bknudsonnkinder: I try to re-review things.23:35
*** rwsu has joined #openstack-keystone23:40
*** marcoemorais1 has quit IRC23:45
*** marcoemorais has joined #openstack-keystone23:46
*** marcoemorais has quit IRC23:46
*** marcoemorais has joined #openstack-keystone23:47
*** oomichi has joined #openstack-keystone23:49
openstackgerritDavid Stanek proposed a change to openstack/keystone: Refactor serializer import to XmlBodyMiddleware  https://review.openstack.org/11110823:57
*** stevemar has joined #openstack-keystone23:57
*** david-lyle has quit IRC23:58
*** david-lyle has joined #openstack-keystone23:58
*** david-lyle has quit IRC23:58
*** david-lyle has joined #openstack-keystone23:59
« Sunday, 2014-08-03 Index Tuesday, 2014-08-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!