Friday, 2014-09-12

*** david-lyle has quit IRC		00:00
*** oomichi_ has joined #openstack-keystone		00:05
*** wanghong has joined #openstack-keystone		00:08
*** oomichi has quit IRC		00:08
*** RockKuo_Office has joined #openstack-keystone		00:09
*** dims__ has quit IRC		00:17
*** richm1 has quit IRC		00:27
jamielennox	morganfainberg: what did you call the tracking id you added to a token?	00:46
morganfainberg	jamielennox, audit_id and i just responded to that thread	00:46
morganfainberg	;)	00:46
*** david-lyle has joined #openstack-keystone		00:48
*** amcrn has quit IRC		00:48
jamielennox	morganfainberg: your answer is way more comprehensive than mine	00:51
morganfainberg	jamielennox, hehehe	00:51
morganfainberg	oh crap... i need food.	00:53
morganfainberg	be back later	00:53
*** rodrigods_ has joined #openstack-keystone		00:55
*** arosen has left #openstack-keystone		00:56
*** ayoung has joined #openstack-keystone		01:06
*** wanghong has quit IRC		01:07
openstackgerrit	Nathan Kinder proposed a change to openstack/keystone: Set LDAP certificate trust options for LDAPS and TLS https://review.openstack.org/120954	01:08
*** alex_xu has quit IRC		01:14
*** rodrigods_ has quit IRC		01:15
openstackgerrit	Jamie Lennox proposed a change to openstack/keystonemiddleware: Convert authentication into a plugin https://review.openstack.org/115857	01:16
*** shakamunyi has joined #openstack-keystone		01:16
*** shakamunyi has quit IRC		01:24
*** alex_xu has joined #openstack-keystone		01:24
*** dims_ has joined #openstack-keystone		01:28
*** shakamunyi has joined #openstack-keystone		01:31
*** dims_ has quit IRC		01:31
*** dims_ has joined #openstack-keystone		01:32
*** dims_ has quit IRC		01:39
*** marcoemorais has quit IRC		01:40
*** dims_ has joined #openstack-keystone		01:40
*** dims__ has joined #openstack-keystone		01:44
*** dims_ has quit IRC		01:44
*** dims__ has quit IRC		01:51
*** dims_ has joined #openstack-keystone		01:52
*** hrybacki has quit IRC		01:52
*** dims_ has quit IRC		01:57
openstackgerrit	Jamie Lennox proposed a change to openstack/python-keystoneclient: Versioned Endpoint hack for Sessions https://review.openstack.org/90632	02:02
jamielennox	ayoung: re-opened ^, i don't know any better way and i don't think we have another choice	02:02
ayoung	jamielennox, what is the repo for the kerberos plugin going to be called? what is the python namespace?	02:13
jamielennox	keystoneclient_kerberos	02:14
dolphm	jamielennox: i do not see anything that needs fixing in middleware, but just wanted to give you the chance to make changes if you thought any were necessary	02:15
jamielennox	probably having the plugin at keystoneclient_kerberos.Auth() is sufficient	02:15
jamielennox	dolphm: ok, if swift unit tests are the only ones having problems i think it's ok	02:15
jamielennox	dolphm: just having it marked critical i thought i should check	02:16
dolphm	jamielennox: that's why i marked it critical :) just to make sure we discuss it	02:16
jamielennox	swift were the ones who originally requested it being handled elsewhere	02:16
*** sunrenjie6 has joined #openstack-keystone		02:26
r1chardj0n3s	ayoung: FYI https://review.openstack.org/#/c/120964/ is the CORS in oslo implementation; if you're going to give it a try beware of https://bugs.launchpad.net/oslo.middleware/+bug/1368490	02:27
uvirtbot	Launchpad bug 1368490 in oslo.middleware "oslo.middleware.sizelimit configuration conflict" [Undecided,New]	02:27
r1chardj0n3s	ayoung: now that's submitted I'll move on to the angularjs-with-proxy codebase	02:27
*** gokrokve has joined #openstack-keystone		02:36
*** stevemar has joined #openstack-keystone		02:41
*** yasu_ has joined #openstack-keystone		02:52
*** KanagarajM has joined #openstack-keystone		02:56
*** harlowja is now known as harlowja_away		02:56
*** wanghong has joined #openstack-keystone		03:04
*** rushiagr_away is now known as rushiagr		03:07
*** stevemar has quit IRC		03:16
*** stevemar2 has joined #openstack-keystone		03:16
ayoung	r1chardj0n3s, looking	03:16
*** gokrokve_ has joined #openstack-keystone		03:17
ayoung	r1chardj0n3s, I think that makes sense. I think the proxy is going to have issues long term, but some people are going to want it, and it will allow the Javascript coding to start while we deal with the CORS issues	03:17
r1chardj0n3s	ayoung: yup. who knows, maybe a saner solution to CORS might pop out...	03:17
*** gokrokve has quit IRC		03:20
*** gokrokve_ has quit IRC		03:21
*** shakamunyi has quit IRC		03:22
*** rushiagr is now known as rushiagr_away		03:28
*** jimhoagland has joined #openstack-keystone		03:43
*** hrybacki has joined #openstack-keystone		03:46
*** gokrokve has joined #openstack-keystone		04:07
*** rushiagr_away is now known as rushiagr		04:12
*** jimhoagland has quit IRC		04:37
*** gokrokve has quit IRC		04:50
*** HenryG is now known as HenryG_afk		04:55
*** hrybacki has quit IRC		04:57
*** hrybacki has joined #openstack-keystone		04:58
*** jaosorior has joined #openstack-keystone		05:01
*** hrybacki has quit IRC		05:03
*** HenryG_afk has quit IRC		05:04
*** jimhoagland has joined #openstack-keystone		05:12
*** HenryG has joined #openstack-keystone		05:23
*** HenryG is now known as HenryG_afk		05:24
openstackgerrit	A change was merged to openstack/keystone: LDAP: refactor use of "1.1" OID https://review.openstack.org/120478	05:29
*** jimhoagland has quit IRC		05:30
stevemar2	morganfainberg, ping	05:50
*** morganfainberg is now known as stevemar3		05:50
stevemar3	stevemar2 pong	05:50
stevemar3	>.>	05:51
stevemar2	stevemar3, i have a bunch the same reviews for you to review :D	05:51
*** stevemar3 is now known as morganfainberg		05:51
morganfainberg	oh noes	05:51
morganfainberg	:)	05:51
stevemar2	nooo i wanted to talk to myself	05:51
stevemar2	https://review.openstack.org/#/c/119422/	05:51
stevemar2	https://review.openstack.org/#/c/120105/	05:51
stevemar2	and https://review.openstack.org/#/c/118537/	05:51
stevemar2	i'm too impatient >.<	05:52
morganfainberg	heh	05:52
stevemar2	partially because i feel they are easy (especially the third one)	05:52
morganfainberg	i'll look at them in a few	05:53
stevemar2	m'alrighty	05:55
stevemar2	i'm out for now i guess	05:55
*** stevemar2 is now known as stevemar		05:56
openstackgerrit	OpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex https://review.openstack.org/120695	06:02
*** ajayaa has joined #openstack-keystone		06:03
*** sunrenjie6 has quit IRC		06:04
*** RockKuo_Office has quit IRC		06:09
*** stevemar has quit IRC		06:10
*** yasu_ has quit IRC		06:23
*** yasu_ has joined #openstack-keystone		06:24
*** henrynash has joined #openstack-keystone		06:26
*** andreaf has joined #openstack-keystone		06:30
*** ukalifon has joined #openstack-keystone		06:33
*** bvandenh has joined #openstack-keystone		06:35
*** k4n0 has joined #openstack-keystone		06:45
*** ajayaa has quit IRC		06:57
*** hrybacki has joined #openstack-keystone		06:59
*** RockKuo_Office has joined #openstack-keystone		07:01
*** hrybacki has quit IRC		07:04
r1chardj0n3s	ayoung: https://github.com/r1chardj0n3s/angboard	07:08
*** yasu_ has quit IRC		07:11
*** yasu_ has joined #openstack-keystone		07:12
*** marekd has joined #openstack-keystone		07:17
*** ukalifon has quit IRC		07:18
*** wanghong has quit IRC		07:22
*** ajayaa has joined #openstack-keystone		07:24
*** wanghong has joined #openstack-keystone		07:24
*** dobson has quit IRC		07:29
*** dobson has joined #openstack-keystone		07:32
*** ukalifon has joined #openstack-keystone		07:40
*** garnav has joined #openstack-keystone		07:43
*** ukalifon has quit IRC		07:45
*** ukalifon1 has joined #openstack-keystone		07:46
openstackgerrit	A change was merged to openstack/identity-api: Remove expected dates for new features https://review.openstack.org/118537	08:08
*** oomichi has joined #openstack-keystone		08:12
*** oomichi has quit IRC		08:12
*** YorikSar_ has joined #openstack-keystone		08:13
*** oomichi_ has quit IRC		08:16
*** YorikSar has quit IRC		08:17
*** wanghong has quit IRC		08:26
openstackgerrit	Alexander Makarov proposed a change to openstack/keystone: LDAP additional attribute mappings validation https://review.openstack.org/118590	08:28
*** Dafna has joined #openstack-keystone		08:54
openstackgerrit	A change was merged to openstack/keystone: Sync jsonutils from oslo-incubator 32e7f0b5 https://review.openstack.org/119639	08:55
*** wanghong has joined #openstack-keystone		08:55
openstackgerrit	A change was merged to openstack/keystone: Add V3 JSON Home support to GET / https://review.openstack.org/118240	08:55
*** hrybacki has joined #openstack-keystone		09:00
*** rushiagr is now known as rushiagr_away		09:01
*** hrybacki has quit IRC		09:05
*** rushiagr_away is now known as rushiagr		09:13
*** ukalifon1 has quit IRC		09:32
*** YorikSar_ has quit IRC		09:45
*** YorikSar has joined #openstack-keystone		09:45
openstackgerrit	A change was merged to openstack/python-keystoneclient: Expose auth methods on the adapter https://review.openstack.org/117709	09:47
openstackgerrit	A change was merged to openstack/keystone: Make the extension docs a top level entry in the landing page https://review.openstack.org/119159	09:47
*** dims_ has joined #openstack-keystone		10:11
*** alex_xu has quit IRC		10:14
*** dims_ has quit IRC		10:16
*** dims_ has joined #openstack-keystone		10:16
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: SAML2 federated authentication for ADFS. https://review.openstack.org/111771	10:17
*** dims_ has quit IRC		10:20
openstackgerrit	Rakesh H S proposed a change to openstack/python-keystoneclient: handles keyboard interrupt https://review.openstack.org/121046	10:23
*** YorikSar has quit IRC		10:28
openstackgerrit	Peter Razumovsky proposed a change to openstack/keystone: Add a simple module to work with filters and DNs to LDAP backend https://review.openstack.org/117484	10:29
*** KanagarajM2 has joined #openstack-keystone		10:30
*** YorikSar has joined #openstack-keystone		10:30
*** KanagarajM has quit IRC		10:31
*** KanagarajM2 has quit IRC		10:34
openstackgerrit	Peter Razumovsky proposed a change to openstack/keystone: Add a simple module to work with filters and DNs to LDAP backend https://review.openstack.org/117484	10:36
openstackgerrit	Marek Denis proposed a change to openstack/keystone: Add documentation on LDAP 'user_id_attribute' https://review.openstack.org/93480	10:41
*** aix has quit IRC		10:53
*** aix has joined #openstack-keystone		10:54
*** rushiagr is now known as rushiagr_away		10:56
*** dims_ has joined #openstack-keystone		11:00
*** hrybacki has joined #openstack-keystone		11:00
*** RockKuo_Office has quit IRC		11:01
*** andreaf has quit IRC		11:05
*** andreaf has joined #openstack-keystone		11:05
*** hrybacki has quit IRC		11:05
*** amakarov_away is now known as amakarov		11:10
*** Dafna is now known as Dafna_lunch		11:14
*** david-lyle has quit IRC		11:57
*** rushiagr_away is now known as rushiagr		11:58
*** yasu_ has quit IRC		12:02
*** rushiagr is now known as rushiagr_away		12:05
*** rushiagr_away is now known as rushiagr		12:12
*** dims_ has quit IRC		12:21
*** dims_ has joined #openstack-keystone		12:22
*** yasu_ has joined #openstack-keystone		12:30
samuelmz	do we have a specific channel to discuss things about osclient ?	12:31
*** Dafna_lunch is now known as Dafna		12:39
*** HenryG_afk is now known as HenryG		12:51
*** gordc has joined #openstack-keystone		12:52
*** jimhoagland has joined #openstack-keystone		12:52
*** hrybacki has joined #openstack-keystone		13:01
*** enewlands has joined #openstack-keystone		13:05
*** hrybacki has quit IRC		13:08
*** yasu_ has quit IRC		13:13
*** nkinder_ has quit IRC		13:13
*** richm has joined #openstack-keystone		13:19
*** joesavak has joined #openstack-keystone		13:20
*** stevemar has joined #openstack-keystone		13:20
*** garnav has quit IRC		13:22
*** dims_ has quit IRC		13:23
*** enewlands has quit IRC		13:23
*** diegows has joined #openstack-keystone		13:23
*** dims_ has joined #openstack-keystone		13:23
*** topol has joined #openstack-keystone		13:27
*** dims__ has joined #openstack-keystone		13:28
*** dims_ has quit IRC		13:29
*** hockeynut has joined #openstack-keystone		13:31
*** topol has quit IRC		13:31
*** sigmavirus24_awa is now known as sigmavirus24		13:35
openstackgerrit	Richard Megginson proposed a change to openstack/keystone: ldap/core deleteTree not always supported https://review.openstack.org/74897	13:36
*** bknudson has joined #openstack-keystone		13:39
openstackgerrit	Steve Martinelli proposed a change to openstack/python-keystoneclient: don't write python bytecode while testing https://review.openstack.org/121119	13:44
*** enewlands has joined #openstack-keystone		13:46
*** zzzeek has joined #openstack-keystone		13:50
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: don't write python bytecode while testing https://review.openstack.org/121122	13:51
*** sbasam_ has quit IRC		13:52
openstackgerrit	Steve Martinelli proposed a change to openstack/keystonemiddleware: don't write python bytecode while testing https://review.openstack.org/121123	13:53
*** tim_r has quit IRC		13:59
*** nkinder_ has joined #openstack-keystone		14:00
*** zzzeek_ has joined #openstack-keystone		14:02
*** bvandenh has quit IRC		14:02
*** zzzeek has quit IRC		14:04
*** zzzeek_ is now known as zzzeek		14:04
*** dims has joined #openstack-keystone		14:05
*** r-daneel has joined #openstack-keystone		14:05
marekd	stevemar: hello boss	14:07
stevemar	hola marekd !	14:08
marekd	finally back.	14:09
marekd	stevemar: anyway, i wanted follow up with the domain in the fed-token	14:09
marekd	stevemar: you wrote it is on your todo. Did you guys came up with any good fix for that?	14:09
stevemar	marekd, probably just make changes to whatever is incorrectly looking for the domain	14:11
stevemar	theres no reason to stick an invalid property in the token	14:11
marekd	stevemar: ++	14:11
marekd	does dolphm agree with that?	14:11
stevemar	the 'clients' should be smarter and if it's federated, don't look for domain	14:11
stevemar	marekd, last i checked, that was his suggestion :)	14:11
marekd	stevemar: I super like it!!!!!!	14:11
marekd	stevemar: if you haven't started it yet I can take a look.	14:13
stevemar	marekd, nah, i'll do it this afternoon	14:13
stevemar	do you have the resources to test k2k?	14:13
stevemar	i tried out the metadata generator, works perfectly ++	14:13
marekd	stevemar: which means shib sp ate it without complains?	14:14
*** jimhoagland has quit IRC		14:18
*** dims has quit IRC		14:18
*** dims has joined #openstack-keystone		14:18
*** richm has quit IRC		14:19
*** dims has quit IRC		14:22
*** dims__ is now known as dimsum		14:22
*** dimsum is now known as dimsum_		14:22
*** dtroyer has joined #openstack-keystone		14:25
*** radez_g0n3 is now known as radez		14:25
*** rwsu has quit IRC		14:28
*** dtroyer has quit IRC		14:32
*** dtroyer has joined #openstack-keystone		14:33
*** david-lyle has joined #openstack-keystone		14:33
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Add characterization test for cleanup role assignments for group https://review.openstack.org/119630	14:33
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Fix delete group cleans up role assignments with LDAP https://review.openstack.org/119631	14:33
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Fix using local ID to clean up user/group assignments https://review.openstack.org/119629	14:34
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Fix LDAP group role assignment listing https://review.openstack.org/119480	14:34
stevemar	marekd, not to that level :(	14:37
marekd	stevemar: understood.	14:39
*** richm has joined #openstack-keystone		14:41
*** jorge_munoz has joined #openstack-keystone		14:52
*** morganfainberg is now known as morgan		14:53
*** rwsu has joined #openstack-keystone		14:53
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Refactor keystone-all and http/keystone https://review.openstack.org/62275	14:57
*** jimhoagland has joined #openstack-keystone		15:02
*** zzzeek_ has joined #openstack-keystone		15:06
*** zzzeek has quit IRC		15:06
*** zzzeek_ is now known as zzzeek		15:06
*** meker12 has joined #openstack-keystone		15:09
*** cjellick has joined #openstack-keystone		15:11
*** enewlands has quit IRC		15:15
*** enewlands has joined #openstack-keystone		15:23
*** r-daneel_ has joined #openstack-keystone		15:24
*** r-daneel has quit IRC		15:25
*** r-daneel__ has joined #openstack-keystone		15:26
*** zzzeek has quit IRC		15:28
*** r-daneel_ has quit IRC		15:30
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Handle federated tokens. https://review.openstack.org/121146	15:30
*** zzzeek has joined #openstack-keystone		15:30
*** enewlands has quit IRC		15:33
*** openstackgerrit_ has joined #openstack-keystone		15:35
*** Ugallu has joined #openstack-keystone		15:35
*** enewlands has joined #openstack-keystone		15:38
*** jorge_munoz has quit IRC		15:40
*** ayoung has quit IRC		15:40
*** Ugallu has quit IRC		15:44
openstackgerrit	Lance Bragstad proposed a change to openstack/keystone: Allow users to clean up role assignments. https://review.openstack.org/119843	15:50
*** ajayaa has quit IRC		15:51
*** rushiagr is now known as rushiagr_away		15:52
*** zzzeek_ has joined #openstack-keystone		15:59
*** zzzeek has quit IRC		16:00
*** zzzeek_ is now known as zzzeek		16:00
*** morgan is now known as morganfainberg		16:02
*** wwriverrat has joined #openstack-keystone		16:03
*** enewlands has quit IRC		16:07
*** enewlands has joined #openstack-keystone		16:07
*** jsavak has joined #openstack-keystone		16:08
*** joesavak has quit IRC		16:11
*** rushiagr_away is now known as rushiagr		16:12
*** r-daneel__ has quit IRC		16:16
*** enewlands has quit IRC		16:16
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Handle federated tokens. https://review.openstack.org/121146	16:21
*** mitz has quit IRC		16:23
*** enewlands has joined #openstack-keystone		16:25
openstackgerrit	Morgan Fainberg proposed a change to openstack/keystone: Update sample config https://review.openstack.org/121166	16:25
*** r-daneel__ has joined #openstack-keystone		16:28
*** marcoemorais has joined #openstack-keystone		16:29
*** enewlands has quit IRC		16:29
*** Dafna has quit IRC		16:29
*** amakarov is now known as amakarov_away		16:33
openstackgerrit	Morgan Fainberg proposed a change to openstack/keystone: Update sample config https://review.openstack.org/121166	16:39
*** k4n0 has quit IRC		16:40
*** zzzeek has quit IRC		16:50
YorikSar	morganfainberg: Hi	16:57
morganfainberg	YorikSar, hi	16:57
YorikSar	morganfainberg: Did you have a chance to have another round on memcache pool change?	16:57
morganfainberg	YorikSar, haven't had a chance to review yet, sorry	16:58
morganfainberg	just getting going today	16:58
YorikSar	morganfainberg: Ok, np.	16:58
YorikSar	morganfainberg: I think I'll start working on backport to Icehouse on Monday	16:59
morganfainberg	sounds good	16:59
*** marcoemorais has quit IRC		16:59
*** marcoemorais has joined #openstack-keystone		17:00
YorikSar	morganfainberg: If there won't be any big issue with this in master, of course.	17:00
*** marcoemorais has quit IRC		17:00
*** marcoemorais has joined #openstack-keystone		17:01
morganfainberg	YorikSar, likely no big issues	17:02
YorikSar	morganfainberg: btw, where should I target keystonemiddleware part?	17:04
YorikSar	morganfainberg: it looks like we should just encourage using latest python-keystoneclient with keystonemiddleware, right?	17:05
*** rkofman has quit IRC		17:05
*** rkofman has joined #openstack-keystone		17:06
YorikSar	morganfainberg: Oh, wait... keystoneclient has a copy of auth_token. I thought it was importing auth_token from keystonemiddleware.	17:07
morganfainberg	it is	17:07
morganfainberg	keystoneclient is frozen/deprecated	17:07
morganfainberg	for the middelware	17:07
YorikSar	morganfainberg: But in Icehouse services use it	17:08
YorikSar	morganfainberg: So we should add memcache pool there as well?..	17:08
*** lsmola_ has quit IRC		17:18
*** grantbow has quit IRC		17:18
*** lsmola_ has joined #openstack-keystone		17:19
henrynash	dolphm: I’d really like to get a fix for https://bugs.launchpad.net/keystone/+bug/1217017 into RC1….the fix is trivial, but the testing is a bit more complex…..I should have it posted tonight	17:19
*** Guest55717 has quit IRC		17:19
uvirtbot	Launchpad bug 1217017 in keystone "dependency injection fails to init domain-specific identity drivers" [Medium,New]	17:19
*** grantbow has joined #openstack-keystone		17:19
morganfainberg	YorikSar, we'll evaluate keystoneclient once middleware is merged	17:21
morganfainberg	YorikSar, don't worry about it until then.	17:21
morganfainberg	YorikSar, basically anything that merged to python-keystoneclient middleware needs to first merge to keystonemiddleware. and we can see if it is something we want to do.	17:22
*** wwriverrat1 has joined #openstack-keystone		17:24
*** wwriverrat2 has joined #openstack-keystone		17:25
YorikSar	morganfainberg: Ok. I'll just work on Icehouse Keystone then and we'll see if we need to port middleware changes to client.	17:27
*** wwriverrat2 has left #openstack-keystone		17:27
*** wwriverrat has quit IRC		17:28
*** wwriverrat1 has quit IRC		17:28
*** harlowja_away is now known as harlowja		17:34
openstackgerrit	Bob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping https://review.openstack.org/117723	17:39
*** wwriverrat has joined #openstack-keystone		17:41
*** meker12 has quit IRC		17:43
openstackgerrit	Bob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping https://review.openstack.org/117723	17:43
*** rushiagr is now known as rushiagr_away		17:45
*** wwriverrat has left #openstack-keystone		17:47
*** meker12_ has joined #openstack-keystone		17:48
*** marcoemorais has quit IRC		17:49
*** marcoemorais has joined #openstack-keystone		17:50
*** marcoemorais has quit IRC		17:50
*** marcoemorais has joined #openstack-keystone		17:50
*** marcoemorais has quit IRC		17:51
*** marcoemorais has joined #openstack-keystone		17:51
*** meker12_ has quit IRC		17:59
*** zzzeek has joined #openstack-keystone		18:00
openstackgerrit	Bob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping https://review.openstack.org/117723	18:02
openstackgerrit	Bob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping https://review.openstack.org/117723	18:05
*** topol has joined #openstack-keystone		18:20
*** _cjones_ has joined #openstack-keystone		18:31
*** meker12 has joined #openstack-keystone		18:35
*** bjornar_ has joined #openstack-keystone		18:39
*** meker12 has quit IRC		18:41
*** meker12 has joined #openstack-keystone		18:42
bknudson	henrynash: so sql backend needs to take a conf?	18:48
henrynash	bknudson: yes	18:48
bknudson	ok, just making sure I understood it	18:48
henrynash	bknudson: the testing around proving that it works well is what’s taling the time (without duplicating swathes of test code)	18:49
henrynash	bknudson: should have it licked tonight	18:49
stevemar	marekd, you took it from my todo list :)	18:50
*** saipandi has joined #openstack-keystone		18:52
*** stevemar has quit IRC		18:52
*** stevemar has joined #openstack-keystone		18:53
*** amcrn has joined #openstack-keystone		18:55
*** bambam1 has quit IRC		18:55
marekd	stevemar: i had few spare cycles...tbh when we talked before I was not sure you will be fine with that but i took the risk :-)	18:57
marekd	i hope you are fine with that.	18:58
stevemar	marekd, hehe, of course i am!	18:59
marekd	stevemar: allright.	19:00
marekd	need to get some food, be back soon.	19:00
stevemar	kk	19:00
*** jaosorior has quit IRC		19:02
*** _cjones_ has quit IRC		19:11
stevemar	marekd, did you try if that fixes the issue?	19:16
stevemar	I'm worried that now we won't get a KeyError, but maybe another error	19:17
openstackgerrit	ayoung proposed a change to openstack/python-keystoneclient: Enumerate Projects with Unscoped Tokens https://review.openstack.org/106838	19:29
*** wwriverrat1 has joined #openstack-keystone		19:39
*** wwriverrat1 has left #openstack-keystone		19:39
*** bambam1 has joined #openstack-keystone		19:45
*** andreaf has quit IRC		19:48
*** andreaf has joined #openstack-keystone		19:49
bknudson	morganfainberg: your comment worked!	19:50
marekd	stevemar: nope, to be honest not really.	19:51
morganfainberg	bknudson, hehe	19:51
marekd	stevemar: i need to setup new vm with full devstack, so i can try nova/glance/other services.	19:51
stevemar	marekd, alright	19:51
stevemar	marekd, cause I'm noticing auth_token middleware still calls auth_ref.user_domain_name	19:52
stevemar	and i'm wondering what will happen if thats None	19:52
marekd	stevemar: can you copy the line number (where auth_token calls it)	19:53
marekd	?	19:53
stevemar	marekd, 1 sec	19:54
stevemar	marekd, https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L959	19:54
stevemar	keep in mind, that code is in keystonemiddleware repo now	19:54
*** amcrn has quit IRC		19:59
marekd	stevemar: hm, what's the role of keystonemiddleware btw?	19:59
marekd	and why it was moved to a separated repo?	19:59
stevemar	marekd, keystonemiddleware is what all the other services like nova/glance use to interact with keystone	20:00
marekd	so auth plugins as well?	20:00
stevemar	separate repo because realistically, it belonged there, let client handle the client API calls, let middleware be the place that other projects use	20:01
stevemar	no, just middleware stuff	20:01
stevemar	bknudson, dstanek any thing else you think i'm missing ^	20:01
bknudson	keystonemiddleware contains the middleware	20:02
bknudson	e.g. auth_token	20:02
marekd	bknudson: and what's the purpose of the auth_token ?	20:04
*** marcoemorais1 has joined #openstack-keystone		20:04
*** marcoemorais1 has quit IRC		20:04
bknudson	marekd: it sits in front of nova-api, etc., and validates the token in the request	20:04
*** marcoemorais1 has joined #openstack-keystone		20:05
marekd	bknudson: ok.	20:05
*** zzzeek has quit IRC		20:07
*** marcoemorais has quit IRC		20:07
*** joesavak has joined #openstack-keystone		20:08
*** jsavak has quit IRC		20:09
*** henrynash has quit IRC		20:11
*** zzzeek has joined #openstack-keystone		20:11
*** andreaf has quit IRC		20:24
*** andreaf has joined #openstack-keystone		20:25
*** achampion has joined #openstack-keystone		20:25
achampion	are sessions meant to be fully working in keystoneclient?	20:28
*** ayoung has joined #openstack-keystone		20:29
achampion	I seem to have to pass an auth_url/endpoint into the Client in addition to the session object	20:29
*** r-daneel__ has quit IRC		20:29
achampion	sess = session.Session(auth=auth); keystone = client.Client(version=(2,0), session=sess)	20:30
stevemar	achampion, did you check out http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html	20:30
achampion	DiscoveryFailure: Not enough information to determine URL. Provide either auth_url or endpoint	20:31
achampion	Yes	20:31
*** meker12 has quit IRC		20:31
achampion	Though using v2.0 API vs v3	20:32
stevemar	achampion, it should work, can you write the code/error in a paste?	20:32
*** gyee has joined #openstack-keystone		20:34
*** andreaf has quit IRC		20:34
*** andreaf has joined #openstack-keystone		20:35
achampion	http://paste.openstack.org/show/110793/	20:36
stevemar	bknudson, if the token is validated, the token info gets slotted into headers right? so i guess it's up to nova/glace/etc to use the headers if they want? cc marekd	20:36
bknudson	stevemar: right, it pulls fields out of the token and puts them into the request context.	20:36
bknudson	that's used in policy checks mostly, but can also be used elsewhere.	20:37
stevemar	bknudson, would nova or novaclient look @ that content?	20:37
stevemar	trying to find a example of it actually being consumed	20:37
achampion	I'm using branch origin/master	20:38
bknudson	stevemar: y, nova would look at it. The token has the roles so it matches the roles against the policy.	20:39
stevemar	bknudson, i'm wondering if anything looks @ user_domain_name or user_domain_id	20:40
bknudson	stevemar: probably not due to nobody using identity v3	20:41
bknudson	stevemar: I think morganfainberg might have been looking at a policy change to check for domain-scoped tokens?	20:41
*** radez is now known as radez_g0n3		20:42
*** ayoung has quit IRC		20:42
achampion	tested with v3 api and same result: DiscoveryFailure - hmmm.	20:42
achampion	It seems the wrapper class keystone.client breaks when using sessions, using the direct client keystone.v2.client works okay.	20:45
achampion	I mean: keystoneclient.v2_0.client	20:45
stevemar	bknudson, marekd seems like nova uses X-auth-token, roles, userid, tenantid, status and catalog, thats about it	20:47
stevemar	and it just uses them to create a glance client, to create an image, sure why not	20:48
*** fifieldt_ has joined #openstack-keystone		20:50
*** meker12 has joined #openstack-keystone		20:51
*** marcoemorais1 has quit IRC		20:52
*** marcoemorais has joined #openstack-keystone		20:53
*** marcoemorais has quit IRC		20:53
*** marcoemorais has joined #openstack-keystone		20:54
*** fifieldt has quit IRC		20:54
*** marcoemorais has quit IRC		20:55
*** marcoemorais has joined #openstack-keystone		20:55
*** ayoung has joined #openstack-keystone		20:57
*** rodrigods has quit IRC		20:59
*** henrynash has joined #openstack-keystone		21:02
marekd	stevemar: where did you find it?	21:08
marekd	stevemar: btw i grepped for X-Project-Domain-Id in nova and found nothing, but to me it doesn't prove it will never use it.	21:09
stevemar	marekd, https://github.com/openstack/nova/blob/master/nova/image/glance.py#L121-L129	21:09
*** jsavak has joined #openstack-keystone		21:10
stevemar	marekd, as bknudson said, I doubt any project is using X-User-Domain-Id or Name, since none are really talking v3	21:10
marekd	stevemar: ++	21:10
stevemar	marekd, i think we'll be OK for the time being	21:12
*** joesavak has quit IRC		21:13
*** topol has quit IRC		21:17
marekd	stevemar: so review, please :-)	21:18
marekd	stevemar: i will add jamielennox	21:18
marekd	as a reviewer	21:18
stevemar	marekd, haha, of course	21:19
stevemar	I was wondering if we could have a test that actually tries to push that sort of data through the middleware	21:19
*** zzzeek has quit IRC		21:20
nkinder_	marekd: jamielennox is going to be gone for a while	21:20
marekd	nkinder_: why?	21:20
nkinder_	marekd: getting married and going on honeymoon	21:21
bknudson	jamielennox is gone, dolphm is gone... time to party.	21:21
marekd	nkinder_: wow! I didn't know that.	21:21
marekd	bknudson: and dolph is where?	21:21
*** dhellmann is now known as dhellmann_		21:22
bknudson	marekd: he said he was going to be out for a couple weeks.	21:22
marekd	bknudson: okay.	21:23
marekd	hope is is doing fine.	21:23
stevemar	marekd, reviewed	21:24
marekd	stevemar: looking.	21:25
openstackgerrit	A change was merged to openstack/keystone: Update the docs that list sections in keystone.conf https://review.openstack.org/118550	21:34
*** andreaf has quit IRC		21:34
openstackgerrit	henry-nash proposed a change to openstack/keystone: Ensure identity sql driver supports domain-specific configuration. https://review.openstack.org/121246	21:34
*** andreaf has joined #openstack-keystone		21:34
*** dimsum_ has quit IRC		21:36
marekd	stevemar: well, it's more like academic discussion, but i didn't put the tests in test_saml2_auth because this change is federation specific, not saml2 specific.	21:36
*** dimsum_ has joined #openstack-keystone		21:36
bknudson	henrynash: doesn't the sql backend need to use a different engine and session?	21:37
*** stevemar2 has joined #openstack-keystone		21:37
henrynash	bknudson: so, this patch only let’s you have one sql backend….	21:37
henrynash	bknudson: e.g. LDAP for evyerthing, but put my service users in an SQL backend one domain	21:38
henrynash	bknudson: a further enhancement is to see if we can actually have multiple SQL backends	21:38
bknudson	otherwise it's using the same database.	21:38
*** stevemar has quit IRC		21:38
*** csd has quit IRC		21:39
*** jamielennox has quit IRC		21:39
henrynash	bknudson: agreed…and I should state the limitations with the patch, you are right	21:39
*** jamielenz has joined #openstack-keystone		21:40
*** jamielenz is now known as jamielennox		21:40
*** dimsum_ has quit IRC		21:40
*** rkofman has quit IRC		21:41
*** nonameentername has quit IRC		21:41
*** rkofman has joined #openstack-keystone		21:41
*** csd has joined #openstack-keystone		21:42
*** nonameentername has joined #openstack-keystone		21:42
*** bjornar_ has quit IRC		21:43
*** arunkant has quit IRC		21:43
*** stevemar2 has quit IRC		21:43
*** rodrigods has joined #openstack-keystone		21:43
*** rodrigods has quit IRC		21:43
*** rodrigods has joined #openstack-keystone		21:43
*** bjornar_ has joined #openstack-keystone		21:44
morganfainberg	bknudson, not sure how hard it would be to switch over to audit_ids.	21:44
morganfainberg	bknudson, instead of the REDACTED bit	21:44
morganfainberg	bknudson, but i think that should be the end goal if possible.	21:44
*** arunkant has joined #openstack-keystone		21:46
bknudson	morganfainberg: I also would prefer audit ids, but sometimes all we have is the token ID	21:46
morganfainberg	right	21:47
bknudson	henrynash: can that be enforced in code (as in, fail to start if you're trying to config with multiple sql backends, or have sql config options in your local config...)	21:48
henrynash	bknudson: let me think on that one	21:49
openstackgerrit	A change was merged to openstack/keystone: Enable filtering of services by name https://review.openstack.org/110904	21:52
openstackgerrit	henry-nash proposed a change to openstack/keystone: Ensure identity sql driver supports domain-specific configuration. https://review.openstack.org/121246	21:54
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Handle federated tokens. https://review.openstack.org/121146	21:55
*** david-lyle has quit IRC		22:03
*** gordc has quit IRC		22:05
*** nkinder_ has quit IRC		22:08
*** topol has joined #openstack-keystone		22:12
*** richm1 has joined #openstack-keystone		22:13
*** rodrigods has quit IRC		22:14
*** ctracey has quit IRC		22:15
*** serverascode has quit IRC		22:15
*** sigmavirus24 is now known as sigmavirus24_awa		22:15
*** ctracey has joined #openstack-keystone		22:15
*** jraim___ has joined #openstack-keystone		22:16
*** joesavak has joined #openstack-keystone		22:17
*** electrichead has joined #openstack-keystone		22:17
*** serverascode has joined #openstack-keystone		22:18
*** richm has quit IRC		22:18
*** afazekas has quit IRC		22:18
*** dhellmann_ has quit IRC		22:18
*** jraim__ has quit IRC		22:18
*** Alexander has joined #openstack-keystone		22:19
*** Alexander is now known as Guest37890		22:19
*** jraim___ is now known as jraim__		22:20
*** boris-42_ has joined #openstack-keystone		22:22
*** nkinder_ has joined #openstack-keystone		22:23
*** mfisch` has joined #openstack-keystone		22:23
henrynash	bknudson: yes, I think it can be enforced with code….I will add that over the weekend	22:24
bknudson	henrynash: cool. I'm sure someone would try it and complain to us if it didn't fail early and hard.	22:24
henrynash	bknudsonL indeed…it wouldn’t corrupt data if they did that (since we still pass the domain into sql backend tables)…but it wouldn’t do what they were expecting	22:25
henrynash	bknudson: which is bad	22:26
*** andreaf has quit IRC		22:26
*** topol_ has joined #openstack-keystone		22:26
*** stevemar has joined #openstack-keystone		22:27
*** nonameentername has quit IRC		22:27
*** openstack has joined #openstack-keystone		23:36
*** sendak.freenode.net sets mode: +ns		23:36
*** meker12 has joined #openstack-keystone		23:38
*** bjornar has joined #openstack-keystone		23:38
*** sendak.freenode.net sets mode: -o openstack		23:42
-sendak.freenode.net- *** Notice -- TS for #openstack-keystone changed from 1410565002 to 1377384024		23:42
*** sendak.freenode.net sets mode: +ct-s		23:42
*** YorikSar has joined #openstack-keystone		23:42
*** dimsum_ has joined #openstack-keystone		23:42
*** xianghui has joined #openstack-keystone		23:42
*** marcoemorais has joined #openstack-keystone		23:42
*** afazekas has joined #openstack-keystone		23:42
*** nonameentername has joined #openstack-keystone		23:42
*** ekarlso- has joined #openstack-keystone		23:42
*** raildo has joined #openstack-keystone		23:42
*** thiagop has joined #openstack-keystone		23:42
*** dhellmann has joined #openstack-keystone		23:42
*** openstackgerrit has joined #openstack-keystone		23:42
*** Guest37890 has joined #openstack-keystone		23:42
*** sigmavirus24_awa has joined #openstack-keystone		23:42
*** Daviey has joined #openstack-keystone		23:42
*** larsks has joined #openstack-keystone		23:42
*** HenryG has joined #openstack-keystone		23:42
*** diegows has joined #openstack-keystone		23:42
*** gus has joined #openstack-keystone		23:42
*** afaranha has joined #openstack-keystone		23:42
*** marzif_ has joined #openstack-keystone		23:42
*** Guest74618 has joined #openstack-keystone		23:42
*** montanvi has joined #openstack-keystone		23:42
*** cjellick_ has joined #openstack-keystone		23:42
*** rm_work has joined #openstack-keystone		23:42
*** lbragstad has joined #openstack-keystone		23:42
*** d34dh0r53 has joined #openstack-keystone		23:42
*** csd has joined #openstack-keystone		23:42
*** adam_g has joined #openstack-keystone		23:42
*** gokrokve has joined #openstack-keystone		23:42
*** dolphm has joined #openstack-keystone		23:42
*** boris-42 has joined #openstack-keystone		23:42
*** jimbaker has joined #openstack-keystone		23:42
*** r1chardj0n3s_afk has joined #openstack-keystone		23:42
*** kevinbenton has joined #openstack-keystone		23:42
*** harlowja_ has joined #openstack-keystone		23:42
*** amerine_ has joined #openstack-keystone		23:42
*** mfisch` has joined #openstack-keystone		23:42
*** serverascode has joined #openstack-keystone		23:42
*** electrichead has joined #openstack-keystone		23:42
*** joesavak has joined #openstack-keystone		23:42
*** jraim__ has joined #openstack-keystone		23:42
*** ctracey has joined #openstack-keystone		23:42
*** richm1 has joined #openstack-keystone		23:42
*** bjornar_ has joined #openstack-keystone		23:42
*** rkofman has joined #openstack-keystone		23:42
*** jamielennox has joined #openstack-keystone		23:42
*** ayoung has joined #openstack-keystone		23:42
*** gyee has joined #openstack-keystone		23:42
*** saipandi has joined #openstack-keystone		23:42
*** lsmola_ has joined #openstack-keystone		23:42
*** rwsu has joined #openstack-keystone		23:42
*** dtroyer has joined #openstack-keystone		23:42
*** hockeynut has joined #openstack-keystone		23:42
*** aix has joined #openstack-keystone		23:42
*** wanghong has joined #openstack-keystone		23:42
*** dobson has joined #openstack-keystone		23:42
*** marekd\|away has joined #openstack-keystone		23:42
*** gothicmindfood has joined #openstack-keystone		23:42
*** portante has joined #openstack-keystone		23:42
*** miqui has joined #openstack-keystone		23:42
*** f13o has joined #openstack-keystone		23:42
*** gabriel-bezerra has joined #openstack-keystone		23:42
*** jasondotstar has joined #openstack-keystone		23:42
*** lvh has joined #openstack-keystone		23:42
*** comstud has joined #openstack-keystone		23:42
*** Haneef has joined #openstack-keystone		23:42
*** htruta has joined #openstack-keystone		23:42
*** roock has joined #openstack-keystone		23:42
*** morgan_remote has joined #openstack-keystone		23:42
*** morgan has joined #openstack-keystone		23:42
*** palendae has joined #openstack-keystone		23:42
*** mflobo has joined #openstack-keystone		23:42
*** esmute has joined #openstack-keystone		23:42
*** therve has joined #openstack-keystone		23:42
*** vishy has joined #openstack-keystone		23:42
*** rushiagr_away has joined #openstack-keystone		23:42
*** EmilienM has joined #openstack-keystone		23:42
*** hyakuhei has joined #openstack-keystone		23:42
*** zhiyan has joined #openstack-keystone		23:42
*** mhu has joined #openstack-keystone		23:42
*** radez_g0n3 has joined #openstack-keystone		23:42
*** chmouel has joined #openstack-keystone		23:42
*** notmyname has joined #openstack-keystone		23:42
*** rharwood has joined #openstack-keystone		23:42
*** sudorandom has joined #openstack-keystone		23:42
*** jamiec has joined #openstack-keystone		23:42
*** dvorak has joined #openstack-keystone		23:42
*** uvirtbot has joined #openstack-keystone		23:42
*** wolsen has joined #openstack-keystone		23:42
*** gmurphy has joined #openstack-keystone		23:42
*** anteaya has joined #openstack-keystone		23:42
*** sendak.freenode.net sets mode: +o morgan		23:42
*** zigo has joined #openstack-keystone		23:42
*** achudnovets has joined #openstack-keystone		23:42
*** ByteSore has joined #openstack-keystone		23:42
*** shufflebot has joined #openstack-keystone		23:42
*** d0ugal has joined #openstack-keystone		23:42
*** ChanServ has joined #openstack-keystone		23:42
*** dstanek has joined #openstack-keystone		23:42
*** sendak.freenode.net sets mode: +o ChanServ		23:42
*** sendak.freenode.net sets mode: +b *!awrbgh@197.123.75.191		23:42
*** sendak.freenode.net changes topic to "Review RC1 blockers plzkthx https://gist.github.com/dolph/651c6a1748f69637abd0"		23:42
*** dimsum_ has quit IRC		23:43
*** grantbow has joined #openstack-keystone		23:44
*** hrybacki has joined #openstack-keystone		23:44
*** amerine has joined #openstack-keystone		23:44
*** harlowja has joined #openstack-keystone		23:44
*** amerine has quit IRC		23:44
*** harlowja has quit IRC		23:44
*** gokrokve has quit IRC		23:46
*** montanvi has quit IRC		23:48
*** amerine_ is now known as amerine		23:50
*** dimsum_ has joined #openstack-keystone		23:54
*** jimhoagland has joined #openstack-keystone		23:54
*** fifieldt has joined #openstack-keystone		23:54
*** arunkant has joined #openstack-keystone		23:54
*** andreaf has joined #openstack-keystone		23:54
*** samuelmz has joined #openstack-keystone		23:54
*** mitz has joined #openstack-keystone		23:54
*** mitz has quit IRC		23:54
*** dimsum_ has quit IRC		23:54
*** mitz has joined #openstack-keystone		23:55
*** dimsum_ has joined #openstack-keystone		23:55
*** bjornar_ has quit IRC		23:56
*** ctracey has quit IRC		23:58
*** ctracey has joined #openstack-keystone		23:58
*** jraim__ has quit IRC		23:58
*** jraim__ has joined #openstack-keystone		23:58
*** serverascode has quit IRC		23:58
*** serverascode has joined #openstack-keystone		23:58
*** harlowja_ has quit IRC		23:58
*** harlowja_ has joined #openstack-keystone		23:58
*** marzif_ has quit IRC		23:59
*** marzif_ has joined #openstack-keystone		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!