Friday, 2015-07-31

« Thursday, 2015-07-30 Index Saturday, 2015-08-01 »
*** htruta has quit IRC00:05
*** dims_ has joined #openstack-keystone00:08
*** geoffarnold has quit IRC00:23
jiaxibknudson: I suggest that you have a little discuss with David. And then give a conclusion.00:38
*** spandhe has quit IRC00:49
*** piyanai has joined #openstack-keystone00:50
*** ankita_wagh has quit IRC00:54
jiaxibknudson: I hope that we can discuss in IRC , not in review comment.00:57
*** boris-42 has joined #openstack-keystone00:57
*** browne has quit IRC00:59
*** topol has joined #openstack-keystone01:04
*** ChanServ sets mode: +v topol01:04
*** topol has quit IRC01:09
dstanekjiaxi: just be patient; it'll get worked out01:12
jiaxidstanek: Form last comment, he given many options.01:13
jiaxidstanek: He say url with space is valid.  And He want me to split the commit in two. He want me to use library.01:14
jiaxidstanek: His logic is too strange.01:14
*** tqtran has quit IRC01:15
jiaxistanek: If url with space is valid as he said, Why should I split it into tow01:15
jiaxitwo01:15
dstanekjiaxi: like i said earlier i don't have a problem with it as it stands, but i wouldn't have a problem removing the space check01:15
dstaneklbragstad: you still around?01:16
*** btully has quit IRC01:16
dstanekjiaxi: because a commit should be as concise as possible; i understand why he would want that01:17
dstanekjiaxi: i wouldn't worry about it right now, just wait and see what happens01:17
jiaxidstanek: It's all okay with me. But after I remove space check. bknudson will come to say that please use library01:17
dstanekjiaxi: i really don't think so. he may want another commit to do that, but there was a reason that we stopped validating URLs in a strict way. that's why i was pinging lbragstad. i don't remember01:18
jiaxidstanek: The real problem he dont't like to come to IRC for discussion01:18
jiaxidstanek: You should ping bknudson!!!01:20
lhchengjiaxi: it 8pm his time, you can't expect people to be online in IRC all the time.01:20
*** jasonsb has quit IRC01:20
jiaxilhcheng: But in his daytime. I saw him talking in IRC.01:21
jiaxiBut didn't reply me01:21
jiaxilhcheng: If IRC has log, We can find that.01:21
dstanekjiaxi: i was talking to him this morning about something else. he is very often in here, but he does have a job to do and I'm sure is pretty busy01:23
lhchengjiaxi: perhaps try again tomorrow, keep it cool :)01:23
dstaneklhcheng: ++01:23
jiaxidstanek: David, do you think a url with space is valid ?01:24
jiaxidstanek: I'm surprised about his logic. Use www.facebook.com and www.f ac e book.com  can get very different result.01:25
dstanekjiaxi: that's different that a space in the path because a space in the domain won't resolve dns01:26
jiaxidstanek: use www.f ac e book.com  can only get search result. use  www.facebook.com can enter facebook01:26
dstanekbut no a space is not valid according to rfc173801:26
dstanekjiaxi: that's DNS and nothing more01:26
dstanekit seems that the best course of action if you must do anything is to just stop looking for the space in the url01:27
jiaxidstanek: I will tackle it. Only check substitution.01:28
dstanekjiaxi: what you have to realize is that low priority and wishlist bugs are lower down on the list of things people are looking at; so it may take time to get a review through01:29
dstanekno need to ping everyone when you update or add a comment; we all get notified and if we don't response that's because we are busy :-)01:29
*** piyanai has quit IRC01:29
jiaxidstanek: So I often ask people to come to review01:29
*** davechen has joined #openstack-keystone01:30
dstanekjiaxi: right, dont ;-)01:30
*** pballand has quit IRC01:33
*** henrynash_ has joined #openstack-keystone01:33
*** ChanServ sets mode: +v henrynash_01:33
*** henrynash has quit IRC01:35
*** henrynash_ is now known as henrynash01:35
*** ankita_wagh has joined #openstack-keystone01:48
*** ankita_wagh has joined #openstack-keystone01:49
*** lhcheng has quit IRC01:49
*** piyanai has joined #openstack-keystone01:52
*** topol has joined #openstack-keystone02:08
*** ChanServ sets mode: +v topol02:08
*** bapalm has joined #openstack-keystone02:09
*** topol has quit IRC02:12
*** sigmavirus24 is now known as sigmavirus24_awa02:12
*** ankita_wagh has quit IRC02:19
*** bapalm has quit IRC02:19
*** markvoelker has joined #openstack-keystone02:19
*** markvoelker_ has joined #openstack-keystone02:21
*** markvoelker has quit IRC02:23
*** lhcheng has joined #openstack-keystone02:23
*** lhcheng has quit IRC02:24
*** lhcheng has joined #openstack-keystone02:24
*** ChanServ sets mode: +v lhcheng02:24
*** jasonsb has joined #openstack-keystone02:25
*** browne has joined #openstack-keystone02:26
*** topol has joined #openstack-keystone02:29
*** ChanServ sets mode: +v topol02:29
openstackgerritjiaxi proposed openstack/keystone: Reject create endpoint with invalid urls  https://review.openstack.org/20051202:31
*** openstackgerrit has quit IRC02:31
*** openstackgerrit has joined #openstack-keystone02:32
jiaxibknudson: Are you here ?02:34
*** flwang1 has quit IRC02:38
*** hrou has joined #openstack-keystone02:38
*** btully has joined #openstack-keystone02:44
*** ankita_wagh has joined #openstack-keystone02:47
*** topol has quit IRC02:47
*** ankita_wagh has quit IRC02:47
*** topol has joined #openstack-keystone02:47
*** ChanServ sets mode: +v topol02:47
*** ankita_wagh has joined #openstack-keystone02:48
*** btully has quit IRC02:48
*** flwang1 has joined #openstack-keystone02:51
*** hakimo has joined #openstack-keystone02:52
*** hakimo_ has quit IRC02:54
*** richm has quit IRC03:14
dstanekjiaxi: i doubt it. i think it's 10:30pm his time03:21
*** markvoelker_ has quit IRC03:23
dstanekjiaxi: i'm sure he'll see the email tomorrow and get to the review when he has a chance03:23
dstanekjiaxi: take a look at my reviews... https://review.openstack.org/#/q/owner:%22David+Stanek%22+status:open,n,z ... i have lots open and some several week old03:25
*** markvoelker_ has joined #openstack-keystone03:26
jiaxidstanek: Okay , I will03:26
*** h00327910__ has quit IRC03:28
jiaxidstanek: I'm not familiar with stackforge/os-ansible-deployment , I will look only keystone03:28
dstanekjiaxi: no, i'm not asking for reviews necessarily. just wanted to show you that many/most of us have a dozen or more open at a time. jamielennox|away or bknudson sometime have double or triple that03:29
jiaxidstanek: I will look bknudson's03:30
dstanekjiaxi: i am suggesting a small change to the commit message to make it a little clearer03:31
jiaxidstanek: okay03:31
*** dims_ has quit IRC03:33
*** stevemar has joined #openstack-keystone03:44
*** ChanServ sets mode: +v stevemar03:44
davechenjiaxi: not suprise, i have several patches both in cinder/keystone which is longer than half years. :)03:44
jiaxidavechen: A little crazy. In company, after submit patch, I will ask my colleague to review my patch.03:46
davechenjiaxi: yeah, but this is opensource project, most of us is not coming from the same company and we have different priorities.03:47
davechenjiaxi, lunch time, take a break, buddy. :)03:48
jiaxidavechen: Okay, go out for lunch.03:48
*** nkinder has quit IRC03:52
*** edmondsw has quit IRC03:56
openstackgerritjiaxi proposed openstack/keystone: Reject create endpoint with invalid urls  https://review.openstack.org/20051203:59
*** jiaxi has quit IRC04:03
*** htruta___ has joined #openstack-keystone04:23
*** htruta has joined #openstack-keystone04:24
*** htruta___ has quit IRC04:26
*** htruta has quit IRC04:27
*** htruta has joined #openstack-keystone04:28
*** htruta_____ has joined #openstack-keystone04:29
*** htruta_____ has quit IRC04:30
*** htruta has quit IRC04:30
openstackgerritEric Brown proposed openstack/keystoneauth: py34 not py33 is tested and supported  https://review.openstack.org/20108804:36
*** piyanai has quit IRC04:51
*** flwang1 has quit IRC04:55
*** rm_work is now known as rm_work|away05:16
*** amickus has joined #openstack-keystone05:22
*** jaosorior has joined #openstack-keystone05:23
*** ig0r_ has joined #openstack-keystone05:24
*** stevemar has quit IRC05:29
*** stevemar has joined #openstack-keystone05:29
*** ChanServ sets mode: +v stevemar05:29
*** Nirupama has joined #openstack-keystone05:32
*** josecastroleon has joined #openstack-keystone05:46
*** markvoelker_ has quit IRC05:48
openstackgerritMorgan Fainberg proposed openstack/keystone: Adds missing list_endpoints tests  https://review.openstack.org/17643405:49
openstackgerritMorgan Fainberg proposed openstack/keystone: Removes KVS catalog backend  https://review.openstack.org/15844205:49
*** spandhe has joined #openstack-keystone05:52
*** spandhe_ has joined #openstack-keystone05:55
*** spandhe has quit IRC05:56
*** spandhe_ is now known as spandhe05:56
*** btully has joined #openstack-keystone05:56
*** hrou has quit IRC06:00
*** evrardjp_ is now known as evrardjp06:07
*** ParsectiX has joined #openstack-keystone06:08
*** stevemar has quit IRC06:08
*** stevemar has joined #openstack-keystone06:09
*** ChanServ sets mode: +v stevemar06:09
*** spandhe has quit IRC06:09
*** spandhe has joined #openstack-keystone06:11
*** ig0r__ has joined #openstack-keystone06:11
*** stevemar has quit IRC06:11
*** ig0r_ has quit IRC06:12
*** stevemar has joined #openstack-keystone06:13
*** ChanServ sets mode: +v stevemar06:13
*** stevemar has quit IRC06:31
*** josecastroleon has quit IRC06:44
*** lsmola has joined #openstack-keystone06:44
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/20688906:45
*** markvoelker has joined #openstack-keystone06:48
*** browne has quit IRC06:49
*** belmoreira has joined #openstack-keystone06:52
*** markvoelker has quit IRC06:53
*** josecastroleon has joined #openstack-keystone07:00
*** josecastroleon has quit IRC07:02
openstackgerritDave Chen proposed openstack/keystone: Cleanup tearDown in unit tests  https://review.openstack.org/20775307:07
*** boris-42 has quit IRC07:10
*** spandhe has quit IRC07:31
*** yottatsa has joined #openstack-keystone07:32
*** lhcheng has quit IRC07:36
*** yottatsa has quit IRC07:36
*** yottatsa has joined #openstack-keystone07:39
*** fhubik has joined #openstack-keystone07:39
*** ParsectiX has quit IRC07:42
*** ParsectiX has joined #openstack-keystone07:43
*** jaosorior has quit IRC07:44
*** josecastroleon has joined #openstack-keystone07:46
*** jaosorior has joined #openstack-keystone07:47
*** henrynash has quit IRC07:56
*** marzif_ has joined #openstack-keystone07:57
*** marzif_ has quit IRC08:09
*** afazekas has joined #openstack-keystone08:09
*** fhubik is now known as fhubik_afk08:13
openstackgerritMarek Denis proposed openstack/keystone: Add groups in scoped federated tokens  https://review.openstack.org/20716708:17
*** fhubik_afk is now known as fhubik08:18
*** btully has quit IRC08:25
*** jistr has joined #openstack-keystone08:32
*** flwang1 has joined #openstack-keystone08:33
bretonmarekd: won't the patch ^ result in token size > 255?08:35
marekdbreton: ?08:35
*** e0ne has joined #openstack-keystone08:35
marekdbreton: a, sorry i am blind08:36
marekdread "won't" as "won"08:36
marekdit may, but we already put groups in the token payload08:36
marekdthat's first08:36
marekdsecond is without this the fernet token is useless08:36
marekdi've debugging that since last week more or less.08:37
marekdno groups -> no way to build roles for a project.08:37
marekddolphm: doesn't seem to be super sad about that.08:38
*** e0ne has quit IRC08:40
marekdbreton: we can think about swueezeng group into group of groups08:40
marekdbyt...08:40
marekdbut08:40
*** marzif_ has joined #openstack-keystone08:40
*** marzif_ has quit IRC08:41
*** marzif_ has joined #openstack-keystone08:42
*** fhubik has quit IRC08:43
*** markvoelker has joined #openstack-keystone08:49
*** markvoelker has quit IRC08:54
*** yottatsa has quit IRC08:56
*** davechen has left #openstack-keystone08:57
bretonmarekd: I don't quite understand the logic which was before the patch. The groups were included only for unscoped token, right?08:59
marekdbreton: right09:00
marekdbreton: so groups were included either way and we cannot do anything about that...09:00
*** aix has joined #openstack-keystone09:02
marekdwell, you can take a look at this chain of patches: https://review.openstack.org/#/c/20716709:02
marekdi basically think groups should be kept always (unscoped and scoped) token in federated user case.09:02
marekdwhile not keeping them in UUID/PKI case is not harmful it's a no-go in a federated token.09:03
marekdso either we keep groups everywhere (it doesn't really change anything in terms of uuid/pki) or we will do some hacks/workarounds or simply break the contract in fernet token.09:03
openstackgerritMarek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups()  https://review.openstack.org/20778509:05
*** fhubik has joined #openstack-keystone09:09
*** flwang1 has quit IRC09:11
*** e0ne has joined #openstack-keystone09:13
openstackgerritMarek Denis proposed openstack/keystone: Add groups in scoped federated tokens  https://review.openstack.org/20716709:17
openstackgerritMarek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups()  https://review.openstack.org/20778509:17
*** amickus has quit IRC09:22
*** ankita_wagh has quit IRC09:26
*** ankita_wagh has joined #openstack-keystone09:32
*** henrynash has joined #openstack-keystone09:41
*** ChanServ sets mode: +v henrynash09:41
openstackgerritMarek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens.  https://review.openstack.org/20217609:49
*** ankita_wagh has quit IRC09:51
openstackgerritMarek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens.  https://review.openstack.org/20217610:02
openstackgerritMarek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups()  https://review.openstack.org/20778510:06
*** e0ne has quit IRC10:07
openstackgerritMarek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens.  https://review.openstack.org/20217610:09
*** henrynash has quit IRC10:11
openstackgerritMarek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens.  https://review.openstack.org/20217610:13
openstackgerritMarek Denis proposed openstack/keystone: Refactor: rename Fernet's unscoped federated payload  https://review.openstack.org/20219010:15
openstackgerritMarek Denis proposed openstack/keystone: Better error message when unable to map user  https://review.openstack.org/20698710:18
*** dg__ has joined #openstack-keystone10:20
*** dg__ has quit IRC10:21
*** henrynash has joined #openstack-keystone10:26
*** ChanServ sets mode: +v henrynash10:26
*** e0ne has joined #openstack-keystone10:31
*** josecastroleon has quit IRC10:37
*** henrynash has quit IRC10:43
*** dg__ has joined #openstack-keystone10:48
dg__anyone around and able to help with a dumb question about roles?10:50
*** fhubik has quit IRC11:04
*** dims_ has joined #openstack-keystone11:04
*** ig0r__ has quit IRC11:15
*** ig0r_ has joined #openstack-keystone11:19
*** josecastroleon has joined #openstack-keystone11:22
*** dgonzalez has joined #openstack-keystone11:25
*** jeffDeville has joined #openstack-keystone11:27
*** yottatsa has joined #openstack-keystone11:27
*** afazekas has quit IRC11:31
openstackgerritMerged openstack/keystone: pemutils isn't used anymore  https://review.openstack.org/20752411:31
*** jeffDeville has quit IRC11:32
openstackgerritMerged openstack/keystone: Fixes a docstring to reflect actual return values  https://review.openstack.org/20752511:35
samueldmqmorning11:38
*** dg__ has quit IRC11:45
*** e0ne has quit IRC11:48
*** e0ne has joined #openstack-keystone11:50
*** piyanai has joined #openstack-keystone11:55
*** bdossant has joined #openstack-keystone11:55
*** fhubik has joined #openstack-keystone11:56
*** marzif_ has quit IRC12:05
*** gordc has joined #openstack-keystone12:09
openstackgerritjaveme proposed openstack/python-keystoneclient: pass correct max_positional_arg 4 utils.positional  https://review.openstack.org/20785712:09
*** raildo has joined #openstack-keystone12:10
openstackgerritMerged openstack/keystone: Fix test_admin to expect admin endpoint  https://review.openstack.org/20649612:17
*** amakarov_away is now known as amakarov12:20
openstackgerritAlexander Makarov proposed openstack/keystone: Materialized path mixin  https://review.openstack.org/19841812:21
openstackgerritjaveme proposed openstack/python-keystoneclient: pass correct max_positional_arg 4 utils.positional  https://review.openstack.org/20785712:23
openstackgerritAlexander Makarov proposed openstack/keystone: Materialized path mixin  https://review.openstack.org/19841812:26
*** Nirupama has quit IRC12:28
*** yottatsa has quit IRC12:30
*** yottatsa has joined #openstack-keystone12:34
*** edmondsw has joined #openstack-keystone12:36
*** tjcocozz has joined #openstack-keystone12:40
*** bapalm has joined #openstack-keystone12:42
*** fhubik is now known as fhubik_afk12:43
*** fhubik_afk is now known as fhubik12:50
*** yottatsa has quit IRC12:50
*** yottatsa has joined #openstack-keystone12:51
*** dikonoor has joined #openstack-keystone12:54
*** marzif_ has joined #openstack-keystone12:54
*** marzif_ has quit IRC12:56
*** marzif_ has joined #openstack-keystone12:56
*** hrou has joined #openstack-keystone12:57
*** browne has joined #openstack-keystone12:57
*** stevemar has joined #openstack-keystone12:59
*** ChanServ sets mode: +v stevemar12:59
*** jsavak has joined #openstack-keystone13:07
openstackgerritRodrigo Duarte proposed openstack/python-keystoneclient: Add Keystone2Keystone auth plugin for K2K  https://review.openstack.org/20758513:15
*** bknudson has quit IRC13:16
*** marzif_ has quit IRC13:17
*** htruta has joined #openstack-keystone13:18
*** topol has quit IRC13:21
*** topol has joined #openstack-keystone13:22
*** ChanServ sets mode: +v topol13:22
*** TheIntern has joined #openstack-keystone13:23
*** bknudson has joined #openstack-keystone13:23
*** ChanServ sets mode: +v bknudson13:23
*** pawel_ has joined #openstack-keystone13:26
openstackgerritMerged openstack/keystone: Adds proper isolation to templated catalog tests  https://review.openstack.org/17455613:26
*** markvoelker has joined #openstack-keystone13:26
*** browne has quit IRC13:26
*** topol has quit IRC13:26
pawel_hey. I was wondering why doesn't the function token.persistence.backends.sql.Token.delete_token() in fact remove a token from the db but only sets `valid` to 013:29
*** markvoelker_ has joined #openstack-keystone13:30
*** markvoelker has quit IRC13:31
*** jsavak has quit IRC13:31
*** piyanai has quit IRC13:31
pawel_and what's actually the difference between delete_token and revoke_token in that case?13:31
*** jsavak has joined #openstack-keystone13:32
marekdayoung: to the rescue ^^13:38
ayoungDon't care.13:39
* ayoung elbow deep in Ansible guts at the moment13:39
*** jiaxi_ has joined #openstack-keystone13:43
*** ayoung is now known as ayoung-shh-busy13:43
ayoung-shh-busyjiaxi_, pawel_ just make up a random answer to your questions.  That is really all I do13:45
stevemarmarekd: pawel_ lol13:47
marekdstevemar: what's that?13:47
jiaxi_ayoung-shh-busy:  What is pawel_ ?????????13:47
stevemarthe response was funny13:47
marekdstevemar: ah, yes13:48
jiaxi_I haven't receive the response .13:48
stevemarjiaxi_: pawel_ is a developer working with marekd13:48
stevemarpawel_: i think the motivation for marking it as invalid in the token backend, and not deleting it, was so if an authentication request comes with that token, the user knows it's revoked, and not "Not Found"13:49
pawel_stevemar: fair enough. but the name in the api is kind of misleading ;)13:50
*** jiaxi__ has joined #openstack-keystone13:50
stevemarpawel_: True!13:50
jiaxi__I found a big bug of IRC13:51
jiaxi__If wifi is broken, then IRC is stopped.  When the wifi is ok, the chat log didn't recorded.13:52
*** jiaxi_ has quit IRC13:52
jiaxi__Just now, I asked a qustion. Maybe steve answered me. But I never had chance knew it13:52
marekdso i'd say wifi is broken....13:54
marekdwe should file a bug agains wifi13:54
*** jaosorior has quit IRC13:54
marekdwifi should not fail13:54
rodrigodsmarekd, lol13:54
raildomarekd: lol13:54
*** mefist has joined #openstack-keystone13:57
ayoung-shh-busydelete token was the name of the API for a user to delete.  It was a soft delete.  In the case of the PKI/revocation-list call, we needed the token around13:59
ayoung-shh-busyrevocation list was done in the same backend as tokens13:59
ayoung-shh-busyinstead of changing that, we put out revocation events.13:59
ayoung-shh-busyjiaxi__, and pawel_ is another user on IRC also asking questions.  IRC logging is done by your machine, so if it drops off the network, it can't log.  However, logs of the chatroom are put up on evesdrop...theres is a delay: http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/14:00
* ayoung-shh-busy still busy14:00
*** sigmavirus24_awa is now known as sigmavirus2414:03
*** ParsectiX has quit IRC14:05
lbragstaddstanek: o/14:05
marekdstevemar: Jenkins has some hickups and failure seems to be random - dolphm was curious what you think about it: https://review.openstack.org/#/c/207167/414:07
*** jsavak has quit IRC14:09
*** jsavak has joined #openstack-keystone14:09
stevemarmarekd: i shall take a look14:12
*** diazjf has joined #openstack-keystone14:18
*** bhenderson has quit IRC14:23
*** richm has joined #openstack-keystone14:23
*** pnavarro has joined #openstack-keystone14:23
*** bapalm_ has joined #openstack-keystone14:23
*** h00327910__ has joined #openstack-keystone14:24
*** bapalm has quit IRC14:26
ayoung-shh-busylbragstad, , I'm using ansible pre-2.0  and I bring up an interface using nmcli.  It does not update the facts, so I don't have ansible_eth1.ipv4.address .  Is it possible to trigger a facts refresh?14:27
*** josecastroleon has quit IRC14:28
lbragstadayoung-shh-busy: you can explicitly tell ansible to (or not) gather facts for you. I have an example somewhere.14:29
ayoung-shh-busylbragstad, not the same thing14:29
ayoung-shh-busythat is done up front14:29
ayoung-shh-busylbragstad, I want the initial gathered facts, just they need to be updated, or I'll end up doing something custom14:30
ayoung-shh-busyits kindof like updating inventory dynamically, I think.14:30
lbragstadoh, like ansible doesn't know what it's processing?14:30
lbragstadoh...14:30
lbragstadyeah I understand14:30
lbragstadyeah, you can do that if you write you own dynamic inventory14:31
lbragstads/you/your/14:31
lbragstaddo you want certain hosts in your inventory to have special attributes or properties?14:32
*** jecarey has joined #openstack-keystone14:33
*** TheIntern has quit IRC14:34
ayoung-shh-busylbragstad, so, not inventory in this case...I want to just retrigger the gathering of facts for a host14:35
ayoung-shh-busyI brought up an interface, and I want that to show up in future checks.14:35
*** btully has joined #openstack-keystone14:36
openstackgerritRodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table  https://review.openstack.org/15742714:36
openstackgerritRodrigo Duarte proposed openstack/keystone: Change project name constraints  https://review.openstack.org/15837214:36
marekdstevemar: thanks!14:36
lbragstadayoung-shh-busy: hmm interesting... you should be able to do that with dynamic inventory14:36
*** mylu has joined #openstack-keystone14:37
lbragstadayoung-shh-busy: dolphm and I were going to look into some dynamic inventory scripts for the keystone-deploy project but we were able to work around it14:37
*** mefist has quit IRC14:37
*** mylu has quit IRC14:38
*** mylu has joined #openstack-keystone14:39
*** markvoelker_ has quit IRC14:40
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687714:41
*** josecastroleon has joined #openstack-keystone14:42
*** ayoung-shh-busy is now known as ayoung14:42
*** TheIntern has joined #openstack-keystone14:42
*** dikonoor has quit IRC14:42
*** lxsli is now known as lexloofer14:43
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687714:45
elmikoanyone around who might be able to talk about trusts, auth plugins, sessions, and clients. i'm having a really weird issue that i don't quite understand14:46
elmikobasically, if i create a keystone v3 Client using the direct methodology (passing username, passwd, etc), then i can create a trust14:46
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764714:47
elmikobut, if i create a client using a v3 Token auth plugin and a Session, when i try to create the trust i get an error about the trust failing to be created because it can't find project {id}14:47
*** pnavarro has quit IRC14:47
elmikoso, it obviously makes the transition from project name to project id, but why does my trust fail?14:47
*** jsavak has quit IRC14:49
*** pgbridge has quit IRC14:49
elmikoayoung: any thoughts about that ^14:50
ayoungelmiko, my answers come from a combination of the dictionary file and /dev/random14:51
elmikoLOL14:51
ayoungelmiko, I thin there is a different auth plugin you use to consume a trust.  You doing that?14:52
ayoungoh, wait.14:52
elmikoyea, i'm using the Token auth plugin14:52
ayoungfailing to create the trust, not consuming14:52
ayoungmisread that ,sorry14:52
elmikoyea14:52
ayoungelmiko, debug14:52
elmikoand i'm using keystoneclient.auth.identity.v3.Token for the auth14:53
ayoungyou sure the request is identical?14:53
ayoungonly difference is the auth plugin you use in the client?14:53
elmikoyes14:53
*** jsavak has joined #openstack-keystone14:54
elmikoi'm trying to switch sahara to use Sessions, and this is a sticking point14:54
elmikoso, i create the client with Client(session=session, auth=auth)14:54
elmikoinstead of Client(auth_url=..., username=..., etc....)14:54
ayoungelmiko, can you paste the code?14:55
*** henrynash has joined #openstack-keystone14:55
*** ChanServ sets mode: +v henrynash14:55
elmikoayoung: ok, its kinda gnarly though14:55
ayoungelmiko, so am I14:56
elmikofair point14:56
elmikohttps://github.com/elmiko/sahara/blob/bp/keystone-sessions/sahara/utils/openstack/keystone.py#L10914:56
elmikothat is the entry point to my auth14:56
ayoungI look like this guy https://www.flickr.com/photos/39081697@N06/552497147714:57
elmikoall my keystone client stuff happens in that file14:57
*** chlong has quit IRC14:57
elmikolol, your hair is much messier than that ;)14:57
*** jecarey_ has joined #openstack-keystone14:58
*** zzzeek has joined #openstack-keystone14:58
*** jsavak has quit IRC14:58
ayoungelmiko, walk me through this...wghere does the initial token come from?  The call that the user made to sahara?14:58
*** jsavak has joined #openstack-keystone14:58
elmikoayoung: yes, ctx is our context object. the token is originating form X-Auth-Token header that user provides14:58
ayoungelmiko, and you take that users token and use it to create a trust, but the create trust fails due to the missing project id?14:59
*** jecarey has quit IRC15:00
elmikoayoung: yea, when i create the trust i get that error "Could not find project: f4d57bfbb9d54b3b8731ac4dfb155b1c"15:00
elmikoayoung: and that id is actually the id for my project15:00
*** jiaxi__ has quit IRC15:00
elmikoand it exists in the Default domain15:00
ayoungelmiko, and the user has a role on that project?15:01
elmikoyes15:01
elmikoayoung: i wonder if i need to also supply a user_domain_name when creating the auth plugin?15:01
elmiko(i figured it would know that from the token)15:01
ayoungelmiko, no clue.  go look at the code15:02
elmikoayoung: ack, thanks for taking a look =)15:02
ayoungbut...it shouldn't....hmmm15:02
ayoungI wonder if we are going to be breaking things here.15:03
*** topol has joined #openstack-keystone15:03
*** ChanServ sets mode: +v topol15:03
ayoungYou use a scoped token to create the auth plugin.15:03
ayoungI don't know if that does a token-for-token thing15:03
elmikohmm15:03
amakarovayoung, hi! I want to backup unified delegation spec with some code - will it make sense to start actual implementation before spec is approved?15:04
elmikoi used that token to create the Client object directly before (when it was working)15:04
ayoungyep...we're going to be in trouble...not you elmiko15:04
* elmiko wipes brow15:04
ayoungamakarov, probably15:04
amakarovayoung, ok, thanks15:05
ayoungelmiko, so., yeah, pull all of the data you need out of the ENV.  http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/auth/identity/v3/token.py#n3415:05
ayoungamakarov, a demo is worth a thousand slides15:06
elmikoayoung: ok, so basically build a more thoroughly scoped token?15:06
amakarovayoung, my thought exactly15:06
ayoungelmiko, yep...and that is going to mess up some other code we have.  Basically, I need to allow "use a token to get a token, but of the same or lesser scope"15:07
ayoungactually, there is n "lesser scope" except maybe if we do explicit roles.  But  that does not exist yet15:07
*** pgbridge has joined #openstack-keystone15:07
elmikoayoung: ok, i'll mess around with this a little more. thanks again15:07
elmikoi'll let you know how it goes15:08
*** chlong has joined #openstack-keystone15:11
*** piyanai has joined #openstack-keystone15:11
*** dims_ has quit IRC15:17
*** dims_ has joined #openstack-keystone15:17
*** ankita_wagh has joined #openstack-keystone15:18
*** dims_ is now known as dimsum__15:21
elmikoayoung: the api doesn't show this, neither does the code, but is it possible that the call to create the trust also should take a project_domain_id?15:22
ayoungelmiko, I don't think that is what is failing for you15:22
ayoungI think it is the token-for-token transfer15:23
ayoungbut...no,  trusts are project ID only, I think15:23
elmikothat's what the api says, project id only15:23
*** belmoreira has quit IRC15:24
elmikoayoung: by token-for-token transfer, do you mean that the token auth plugin i create is somehow more narrowly scoped than the original?15:24
ayoungelmiko, scoped the same...well, scoped based on what you pass in (unfortunately)15:24
ayoungI need to talk to jamielennox|away about the token auth plugin after pyconau is over15:24
elmikook, i'll dig into the keystoneclient code a little more in the meantime15:25
elmikoayoung: i'll make a clean section of code to demonstrate this and post it to the ML as well15:26
ayoungelmiko, cool15:26
*** pballand has joined #openstack-keystone15:28
*** ankita_wagh has quit IRC15:31
*** ankita_wagh has joined #openstack-keystone15:32
*** yottatsa has quit IRC15:35
*** yottatsa has joined #openstack-keystone15:35
openstackgerritBoris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796015:36
*** henrynash has quit IRC15:40
*** dikonoor has joined #openstack-keystone15:51
*** jsavak has quit IRC15:53
openstackgerritMerged openstack/keystone: Adds missing list_endpoints tests  https://review.openstack.org/17643415:53
*** josecastroleon has quit IRC15:54
*** markvoelker has joined #openstack-keystone15:59
*** jsavak has joined #openstack-keystone16:01
*** markvoelker has quit IRC16:02
*** bdossant has quit IRC16:03
*** lhcheng has joined #openstack-keystone16:04
*** ChanServ sets mode: +v lhcheng16:04
*** browne has joined #openstack-keystone16:04
*** geoffarnold has joined #openstack-keystone16:08
*** mylu has quit IRC16:09
*** geoffarnold has quit IRC16:10
*** _cjones_ has joined #openstack-keystone16:11
*** geoffarnold has joined #openstack-keystone16:11
*** jecarey_ has quit IRC16:12
*** e0ne has quit IRC16:13
*** samleon has joined #openstack-keystone16:18
*** mylu has joined #openstack-keystone16:19
*** jsavak has quit IRC16:19
*** jsavak has joined #openstack-keystone16:19
*** piyanai has quit IRC16:20
*** dikonoor has quit IRC16:23
*** tjcocozz has quit IRC16:29
*** piyanai has joined #openstack-keystone16:29
*** piyanai has quit IRC16:31
*** mylu has quit IRC16:33
*** piyanai has joined #openstack-keystone16:34
*** jamiec has joined #openstack-keystone16:40
*** piyanai has quit IRC16:42
*** jistr has quit IRC16:42
*** spandhe has joined #openstack-keystone16:43
*** piyanai has joined #openstack-keystone16:44
*** fhubik has quit IRC16:45
*** henrynash has joined #openstack-keystone16:47
*** ChanServ sets mode: +v henrynash16:47
*** mylu has joined #openstack-keystone16:47
*** marzif_ has joined #openstack-keystone16:47
*** jasonsb has quit IRC16:48
*** jasonsb has joined #openstack-keystone16:48
*** amit213 has quit IRC16:50
*** amit213 has joined #openstack-keystone16:50
openstackgerritDolph Mathews proposed openstack/keystone: Test to ensure fernet key rotation results in new key sets  https://review.openstack.org/19281716:51
openstackgerritBoris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796016:52
*** browne has quit IRC16:53
*** jasonsb has quit IRC16:53
openstackgerritDolph Mathews proposed openstack/keystone: Add better user feedback when bind is not implemented  https://review.openstack.org/20378816:53
*** lhcheng_ has joined #openstack-keystone16:54
*** jsavak has quit IRC16:56
*** lhcheng has quit IRC16:56
*** jsavak has joined #openstack-keystone16:56
openstackgerritBoris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796016:59
*** TheIntern has quit IRC17:00
*** e0ne has joined #openstack-keystone17:03
*** tsymanczyk has quit IRC17:03
*** markvoelker has joined #openstack-keystone17:03
openstackgerritBoris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796017:05
*** chlong has quit IRC17:09
*** Ephur has joined #openstack-keystone17:10
*** jsavak has quit IRC17:11
*** jsavak has joined #openstack-keystone17:12
*** mylu has quit IRC17:16
*** tjcocozz has joined #openstack-keystone17:20
*** piyanai has quit IRC17:20
henrynashmorganfainberg: ping17:21
*** ankita_wagh has quit IRC17:22
*** mylu has joined #openstack-keystone17:23
*** pballand has quit IRC17:23
*** pballand has joined #openstack-keystone17:24
*** markvoelker has quit IRC17:26
*** e0ne has quit IRC17:33
*** amakarov is now known as amakarov_away17:33
*** e0ne has joined #openstack-keystone17:33
*** browne has joined #openstack-keystone17:36
*** henrynash has quit IRC17:42
*** ankita_wagh has joined #openstack-keystone17:42
lbragstadI take it this isn't going to make it in this release? https://blueprints.launchpad.net/keystone/+spec/model-timestamps17:45
*** yottatsa has quit IRC17:50
*** aix has quit IRC17:54
*** haneef_ has quit IRC17:54
*** jasonsb has joined #openstack-keystone17:54
*** ankita_w_ has joined #openstack-keystone18:02
*** tsymanczyk has joined #openstack-keystone18:05
*** ankita_wagh has quit IRC18:05
*** tsymanczyk is now known as Guest9503718:06
*** ankita_w_ has quit IRC18:11
*** jsavak has quit IRC18:11
*** ankita_wagh has joined #openstack-keystone18:11
*** jsavak has joined #openstack-keystone18:13
*** bknudson has quit IRC18:15
*** mylu has quit IRC18:15
*** TheIntern has joined #openstack-keystone18:20
*** mattamizer has joined #openstack-keystone18:21
*** bknudson has joined #openstack-keystone18:21
*** ChanServ sets mode: +v bknudson18:21
*** marzif_ has quit IRC18:25
*** josecastroleon has joined #openstack-keystone18:27
*** markvoelker has joined #openstack-keystone18:28
*** mattamizer has quit IRC18:34
*** e0ne has quit IRC18:37
*** markvoelker has quit IRC18:37
*** jsavak has quit IRC18:37
*** e0ne has joined #openstack-keystone18:45
*** Guest95037 has quit IRC18:45
*** e0ne has quit IRC18:47
*** tsymancz1k has joined #openstack-keystone18:48
openstackgerritDolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet in v3  https://review.openstack.org/20802118:50
*** jsavak has joined #openstack-keystone18:52
*** josecastroleon has quit IRC18:57
*** jsavak has quit IRC18:57
*** jsavak has joined #openstack-keystone18:59
*** tjcocozz has quit IRC19:01
dolphmlbragstad: the auditing concern has since been addressed by CADF19:11
dolphmlbragstad: in fact, all of that is sort of addressed by CADF, it's just not exposed via HTTP19:11
openstackgerritBrant Knudson proposed openstack/keystone: admin and public httpd files  https://review.openstack.org/19444219:13
openstackgerritBrant Knudson proposed openstack/keystone: Update Httpd configuration docs for sites-available/enabled  https://review.openstack.org/20802519:13
lbragstadgotcha, I was just going through all the sql reviews and stumbled across that19:14
openstackgerritDolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet  https://review.openstack.org/20802119:14
dolphmlbragstad: ^19:15
*** afazekas has joined #openstack-keystone19:18
openstackgerritBrant Knudson proposed openstack/keystone: Use extras for ldap dependencies  https://review.openstack.org/20760219:19
openstackgerritBrant Knudson proposed openstack/keystone: admin and public httpd files  https://review.openstack.org/19444219:21
openstackgerritBrant Knudson proposed openstack/keystone: Use extras for memcache and MongoDB packages  https://review.openstack.org/20762019:24
*** ig0r_ has quit IRC19:26
*** afazekas has quit IRC19:26
*** tsymancz1k has quit IRC19:26
*** roxanaghe has joined #openstack-keystone19:31
*** e0ne has joined #openstack-keystone19:32
*** openstack has joined #openstack-keystone19:33
*** openstackstatus has joined #openstack-keystone19:34
*** ChanServ sets mode: +v openstackstatus19:34
*** tsymanczyk has joined #openstack-keystone19:34
*** tsymanczyk is now known as Guest2954419:35
*** jsavak has quit IRC19:36
*** jsavak has joined #openstack-keystone19:41
openstackgerritMerged openstack/keystone: Explain the "or None" on eventlet's client_socket_timeout  https://review.openstack.org/17744319:46
openstackgerritMerged openstack/keystone: Explain the "or None" on eventlet's client_socket_timeout  https://review.openstack.org/17744319:46
*** rm_work|away is now known as rm_work19:49
*** henrynash has joined #openstack-keystone19:49
*** ChanServ sets mode: +v henrynash19:49
openstackgerritBrant Knudson proposed openstack/keystone: Fix SmarterEncoder for python3  https://review.openstack.org/20678519:52
openstackgerritBrant Knudson proposed openstack/keystone: Use dict.items() rather than six.iteritems()  https://review.openstack.org/20076219:52
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Merge test-requirements-py3.txt to test-requirements.txt  https://review.openstack.org/20604419:58
openstackgerrithenry-nash proposed openstack/keystone-specs: Clarify project hierarchy and parent usage within the API  https://review.openstack.org/20062419:59
openstackgerritBrant Knudson proposed openstack/keystone: Extras for bandit  https://review.openstack.org/20764520:00
henrynashstevemar, dstanek: I’m really keen that we get https://review.openstack.org/#/c/137202/ in as soon as we can, lots of other stuff depends on us having a manager level list_assignment method that supports filtering20:08
*** pballand_ has joined #openstack-keystone20:08
*** topol has quit IRC20:08
*** pballand has quit IRC20:10
*** pballand_ is now known as pballand20:10
openstackgerritBoris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796020:16
*** Guest29544 has quit IRC20:24
*** diazjf has left #openstack-keystone20:25
*** TheIntern has quit IRC20:27
*** e0ne has quit IRC20:30
dgonzalezHi all, I am trying to set up a multi-region devstack environment (as explained here https://github.com/openstack-dev/devstack#multi-region-setup). When starting the second node (RegionTwo) the stack.sh script fails with the following message:20:38
dgonzalezERROR: openstack admin endpoint for identity service in RegionTwo region not found20:38
*** bapalm_ has quit IRC20:38
dgonzalezThe command that causes this message is openstack --os-url=http://192.168.33.10:5000/v3 --os-identity-api-version=3 project create alt_demo --domain=default --or-show -f value -c id20:38
dgonzalezAny idea what could cause this?20:39
dgonzalezCould it be that the second region can not find the keystone endpoint, because it runs in the first region?20:39
*** ankita_w_ has joined #openstack-keystone20:42
*** ankita_w_ has quit IRC20:43
*** ankita_wagh has quit IRC20:44
dolphmdgonzalez: is it looking for an identity service in both regions?20:45
dolphmdgonzalez: ++ to your last question20:45
morganfainberghenrynash: pong20:46
*** aix has joined #openstack-keystone20:47
morganfainberghenrynash: i am in australia, so timezone is hard to sync up20:47
dgonzalezdolphm: well i think it should be looking for the identity service in the first region (RegionOne), but the error message sounds like it is looking in the second region.20:47
dolphmdgonzalez: do you have an OS_REGION env var set?20:48
dgonzalezI did some multi-region setups with devstack in the past, but  never stumbled across this error20:48
*** e0ne has joined #openstack-keystone20:48
henrynashmorganfainberg: hi….not sure if you saw my earlier message…..I approved https://review.openstack.org/#/c/148730/ since it seemed to have sufficient +2s…but then suddenly realised, I’m not sure if we had agreed an exception for this?20:48
dolphmdgonzalez: (or you could pass --os-region=RegionOne with your --os-url)20:48
*** doug-fish has left #openstack-keystone20:48
dgonzalezOS_REGION_NAME is set to RegionTwo20:48
morganfainberghenrynash: meh. Its fine.20:48
henrynashmorganfainberg:  ok. just wanted to check….20:49
morganfainberghenrynash: if your really worried send an email. But im ok with it20:49
henrynashmorganfainberg: oh, and don’t mention the cricket !20:49
morganfainbergHahaha20:49
henrynashmorganfainberg: no, I’m not too worried, I’m not pushing it hard, just want to amke sure you were aware20:50
rodrigodshenrynash, there is some nits in the API spec to fix, btw20:51
dgonzalezdolphm: I could do this when i run this script manually, but when installing a devstack environment this is not possible...20:51
henrynashrodigods: feel free to propose a fix20:52
rodrigodshenrynash, ++ working full time in reseller stuff20:52
rodrigodsonce I have some minutes I'll propose this fix20:52
henrynashrodigods: probably the right thing20:52
*** roxanaghe has quit IRC20:52
*** jsavak has quit IRC20:58
*** jsavak has joined #openstack-keystone20:59
*** jsavak has quit IRC21:03
*** jsavak has joined #openstack-keystone21:03
*** stevemar has quit IRC21:05
*** stevemar has joined #openstack-keystone21:05
*** ChanServ sets mode: +v stevemar21:05
*** stevemar has quit IRC21:08
*** tsymanczyk has joined #openstack-keystone21:09
*** dsirrine has quit IRC21:09
*** tsymanczyk is now known as Guest8481521:09
*** raildo has quit IRC21:09
*** jsavak has quit IRC21:10
*** jsavak has joined #openstack-keystone21:10
*** hogepodge has quit IRC21:14
*** Guest84815 has quit IRC21:18
*** hogepodge has joined #openstack-keystone21:21
*** boris-42 has joined #openstack-keystone21:23
openstackgerritRodrigo Duarte proposed openstack/keystone: Honor domain operations in project table  https://review.openstack.org/14376321:24
*** tsymanczyk has joined #openstack-keystone21:24
*** tqtran has joined #openstack-keystone21:27
*** henrynash has quit IRC21:27
*** huats_ has joined #openstack-keystone21:28
*** e0ne has quit IRC21:30
*** bapalm_ has joined #openstack-keystone21:31
openstackgerritSam Leong proposed openstack/keystone: Tokenless authz with X.509 SSL client certificate  https://review.openstack.org/15687021:32
*** iurygregory has quit IRC21:34
*** zzzeek has quit IRC21:43
*** zzzeek has joined #openstack-keystone21:44
*** jsavak has quit IRC21:50
*** jsavak has joined #openstack-keystone21:51
*** bapalm_ has quit IRC21:55
*** piyanai has joined #openstack-keystone21:57
*** gordc has quit IRC22:04
openstackgerritDolph Mathews proposed openstack/keystone: Validate domain ownership for v2 tokens  https://review.openstack.org/20806922:04
*** htruta_____ has joined #openstack-keystone22:07
*** htruta_____ has quit IRC22:20
*** htruta has quit IRC22:21
*** htruta has joined #openstack-keystone22:21
openstackgerritDolph Mathews proposed openstack/keystone: Validate domain ownership for v2 tokens  https://review.openstack.org/20806922:23
openstackgerritDolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet  https://review.openstack.org/20802122:23
*** htruta has quit IRC22:23
*** htruta has joined #openstack-keystone22:23
*** zzzeek has quit IRC22:27
*** hrou has quit IRC22:33
*** piyanai has quit IRC22:38
*** samleon has quit IRC23:03
*** jsavak has quit IRC23:08
openstackgerritDan Nguyen proposed openstack/keystone: Allow Domain Admin to get domain details  https://review.openstack.org/20808223:16
*** _cjones_ has quit IRC23:18
*** jasonsb_ has joined #openstack-keystone23:23
*** jasonsb has quit IRC23:23
*** sigmavirus24 is now known as sigmavirus24_awa23:26
*** topol has joined #openstack-keystone23:30
*** ChanServ sets mode: +v topol23:30
*** topol has quit IRC23:35
*** richm has quit IRC23:43
*** hrou has joined #openstack-keystone23:43
« Thursday, 2015-07-30 Index Saturday, 2015-08-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!