Friday, 2016-01-15

« Thursday, 2016-01-14 Index Saturday, 2016-01-16 »
gyeehenrynash_, yes, looking now00:01
henrynash_gyee: thx00:02
*** ayoung has quit IRC00:04
henrynash_lbragstad: thanks for issueing a recheck on https://review.openstack.org/#/c/266617/ it came back good, let me know if you haev questions on it that prevent approval…thanks00:09
*** quick_question has joined #openstack-keystone00:22
quick_questionHi all!00:23
quick_questionIs anybody know how manage permissions to region?00:23
quick_questionI see 'add_endpoint_group_to_project' in 'keystone/policy.json'00:23
quick_questionis it right direction?00:23
*** jsavak has joined #openstack-keystone00:24
*** timcline has joined #openstack-keystone00:24
*** quick_question has quit IRC00:32
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26434600:34
*** tsymanczyk has joined #openstack-keystone00:34
*** tsymanczyk is now known as Guest1215500:35
*** spzala has joined #openstack-keystone00:37
*** spzala has quit IRC00:42
*** jsavak has quit IRC00:47
openstackgerrithenry-nash proposed openstack/keystone: Support the reading of default values of domain configuration options  https://review.openstack.org/26033500:52
*** lhcheng_ has quit IRC00:55
*** ayoung has joined #openstack-keystone00:58
*** ChanServ sets mode: +v ayoung00:58
*** timcline has quit IRC00:59
*** fawadkhaliq has joined #openstack-keystone01:00
*** shoutm has joined #openstack-keystone01:00
*** EinstCrazy has joined #openstack-keystone01:07
*** Guest12155 has quit IRC01:07
*** lhcheng has joined #openstack-keystone01:08
*** ChanServ sets mode: +v lhcheng01:08
*** ankita_w_ has quit IRC01:18
*** henrynash_ has quit IRC01:21
*** henrynash_ has joined #openstack-keystone01:22
*** ChanServ sets mode: +v henrynash_01:22
*** tsymancz1k has joined #openstack-keystone01:22
*** shoutm_ has joined #openstack-keystone01:23
*** shoutm has quit IRC01:24
*** _zouyee has joined #openstack-keystone01:27
openstackgerrithenry-nash proposed openstack/keystone: Support the reading of default values of domain configuration options  https://review.openstack.org/26033501:27
*** davechen has joined #openstack-keystone01:30
*** tsymancz1k is now known as tsymanczyk01:31
*** henrynash_ has quit IRC01:32
*** _cjones_ has quit IRC01:33
*** spzala has joined #openstack-keystone01:38
*** shoutm_ has quit IRC01:41
*** _zouyee has quit IRC01:43
*** spzala has quit IRC01:43
*** shoutm has joined #openstack-keystone01:45
*** csoukup has joined #openstack-keystone01:48
*** shoutm_ has joined #openstack-keystone02:11
*** shoutm has quit IRC02:13
*** spzala has joined #openstack-keystone02:19
*** richm has quit IRC02:26
*** c_soukup has joined #openstack-keystone02:28
*** csoukup has quit IRC02:31
*** wanghua has joined #openstack-keystone02:34
*** sigmavirus24_awa is now known as sigmavirus2402:40
*** henrynash_ has joined #openstack-keystone02:45
*** ChanServ sets mode: +v henrynash_02:45
davechennotmorgan, stevemar: I want to bug you that there might be still some issues from `keystone-manage bootstrap`.02:48
davechenhttps://bugs.launchpad.net/keystone/+bug/153414002:48
openstackLaunchpad bug 1534140 in OpenStack Identity (keystone) "keystone-manage bootstrap should not create user/project if it fails" [Undecided,New] - Assigned to Dave Chen (wei-d-chen)02:48
*** edmondsw has quit IRC02:49
davechenthe user/project or whatever should not be created if the bootstrap fails, it make end user to remove them manually.02:49
davechenand hard to identify the root cause is where they are.02:49
*** sigmavirus24 is now known as sigmavirus24_awa02:49
davechenrollback may helpful in this case.02:50
openstackgerritLin Hua Cheng proposed openstack/keystone: Improve Conflict error message in IdP creation  https://review.openstack.org/26527902:51
*** lhcheng has quit IRC02:52
*** tonytan4ever has quit IRC02:53
*** fawadkhaliq has quit IRC02:54
*** spandhe has quit IRC03:06
*** sigmavirus24_awa is now known as sigmavirus2403:09
*** dims has quit IRC03:11
*** ngupta has joined #openstack-keystone03:14
henrynash_stevemar: a couple of (hopefully) quick ones for you to approve: https://review.openstack.org/#/c/266617/ and   https://review.openstack.org/#/c/260335/03:15
*** _zouyee has joined #openstack-keystone03:17
*** jasonsb has joined #openstack-keystone03:20
openstackgerritDave Chen proposed openstack/keystone: Add schema for OAuth1 consumer API  https://review.openstack.org/26679103:23
*** shoutm has joined #openstack-keystone03:25
lbragstadstevemar can you review this guy again - https://review.openstack.org/#/c/266617/03:25
*** shoutm_ has quit IRC03:26
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity  https://review.openstack.org/26204503:34
*** gyee has quit IRC03:49
*** links has joined #openstack-keystone03:49
*** links has quit IRC03:56
*** fawadkhaliq has joined #openstack-keystone04:20
*** vgridnev has joined #openstack-keystone04:33
*** sigmavirus24 is now known as sigmavirus24_awa04:35
*** itlinux has joined #openstack-keystone04:35
*** yogirackspace has joined #openstack-keystone04:39
*** links has joined #openstack-keystone04:40
*** yogirackspace has quit IRC04:43
*** fawadkhaliq has quit IRC04:51
*** itlinux has quit IRC05:06
*** fawadkhaliq has joined #openstack-keystone05:08
*** vivekd has joined #openstack-keystone05:16
*** jaosorior has joined #openstack-keystone05:19
*** chlong has joined #openstack-keystone05:24
*** spzala has quit IRC05:24
*** agireud has quit IRC05:27
*** agireud has joined #openstack-keystone05:28
*** sirushti has quit IRC05:34
*** itlinux has joined #openstack-keystone05:37
*** wanghua has quit IRC05:44
openstackgerritDave Chen proposed openstack/keystone-specs: Enable `id`, `enabled` filter for list IdP  https://review.openstack.org/26794905:50
openstackgerritDave Chen proposed openstack/keystone-specs: Enable `id`, `enabled` filter for list IdP  https://review.openstack.org/26794905:53
*** _zouyee has quit IRC06:00
*** Nirupama has joined #openstack-keystone06:00
*** vivekd has quit IRC06:01
*** boris-42 has quit IRC06:03
*** c_soukup has quit IRC06:04
*** Ephur has quit IRC06:11
*** vgridnev has quit IRC06:12
*** henrynash_ has quit IRC06:14
stevemarhenrynash: yep, i have it open06:14
stevemarlbragstad: i'll try!06:15
*** agireud has quit IRC06:16
*** agireud has joined #openstack-keystone06:18
openstackgerritSteve Martinelli proposed openstack/keystone: Support the reading of default values of domain configuration options  https://review.openstack.org/26033506:20
*** ankita_wagh has joined #openstack-keystone06:25
*** ninag has joined #openstack-keystone06:33
openstackgerritSteve Martinelli proposed openstack/keystone: Fix indentation for oauth context  https://review.openstack.org/26764906:37
*** ninag has quit IRC06:37
*** chlong has quit IRC06:40
*** agireud has quit IRC06:42
*** jasonsb has quit IRC06:42
*** agireud has joined #openstack-keystone06:44
*** jaosorior has quit IRC06:45
*** jaosorior has joined #openstack-keystone06:46
*** vgridnev has joined #openstack-keystone06:52
*** jaosorior has quit IRC06:55
*** gildub has quit IRC07:02
*** agireud has quit IRC07:08
*** _zouyee has joined #openstack-keystone07:09
openstackgerritMerged openstack/oslo.policy: Add oslopolicy-checker command-line tool  https://review.openstack.org/17097807:09
*** agireud has joined #openstack-keystone07:10
*** jaosorior has joined #openstack-keystone07:11
*** links has quit IRC07:17
*** vivekd has joined #openstack-keystone07:19
*** fawadkhaliq has quit IRC07:29
*** fawadkhaliq has joined #openstack-keystone07:29
*** links has joined #openstack-keystone07:30
stevemarnight keystone is quiet tonight07:35
*** links has quit IRC07:39
*** vivekd has quit IRC07:41
*** links has joined #openstack-keystone07:41
*** ankita_wagh has quit IRC07:43
*** vivekd has joined #openstack-keystone07:45
*** fawadkhaliq has quit IRC08:08
*** fawadkhaliq has joined #openstack-keystone08:09
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v3)  https://review.openstack.org/26745608:09
*** pnavarro has joined #openstack-keystone08:15
*** vivekd has quit IRC08:16
*** vgridnev has quit IRC08:16
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800308:20
*** fawadkhaliq has quit IRC08:20
*** fawadkhaliq has joined #openstack-keystone08:21
stevemarjamielennox: did ksm go from assertRaises to with mock.patch.object in it's tests between kilo and liberty?08:33
stevemarfor general checking of exceptions?08:33
jamielennoxstevemar: ahh, i don't think so - doesn't it still use assertTraises?08:34
stevemarjamielennox: https://review.openstack.org/#/c/230157/208:34
stevemarthe tests specifically08:34
*** shoutm_ has joined #openstack-keystone08:35
stevemarjamielennox: having trouble with tests, not just the ones included in the backport08:36
*** shoutm has quit IRC08:36
stevemarlocally anyway08:36
*** daemontool has joined #openstack-keystone08:36
stevemarjamielennox: i noticed that there is a call in liberty... call_middleware08:37
stevemarinstead of set_middleware and then calling self.middleware()08:37
jamielennoxwe moved a bunch of stuff around in there over the last cycle or two08:37
stevemaryeah, it's making backports hard >.<08:37
stevemarhttp://paste.openstack.org/show/483975/08:38
stevemarthere we go ^08:38
stevemarthat's why i asked about assertions, all the failures look like they are not catching exceptions when they should08:38
*** shoutm_ has quit IRC08:40
stevemarwell i'm stuck08:45
stevemarjust compared the kilo proposed backport with the liberty one, and they look the same to me08:46
* stevemar shrugs08:46
*** itlinux has quit IRC08:49
stevemarjamielennox: if you have 5 minutes, take a look, i'm scratching my head as to why it's failing: https://jenkins02.openstack.org/job/gate-keystonemiddleware-python27/125/console08:54
stevemarthis was the *last* thing on my todo list :@08:54
stevemarit has defeated me08:54
jamielennoxhmm, where those errors are raise might hvae moved08:55
*** csoukup_ has joined #openstack-keystone09:00
*** ninag has joined #openstack-keystone09:00
*** csoukup_ has quit IRC09:05
*** ninag has quit IRC09:05
*** belmoreira has joined #openstack-keystone09:05
*** fhubik has joined #openstack-keystone09:07
*** fawadkhaliq has quit IRC09:09
*** fawadkhaliq has joined #openstack-keystone09:09
*** mhickey has joined #openstack-keystone09:11
*** fhubik has quit IRC09:12
*** vgridnev has joined #openstack-keystone09:15
*** jistr has joined #openstack-keystone09:27
*** gildub has joined #openstack-keystone09:36
*** vivekd has joined #openstack-keystone09:51
*** davechen has left #openstack-keystone09:55
*** EinstCrazy has quit IRC10:08
*** e0ne has joined #openstack-keystone10:08
*** EinstCrazy has joined #openstack-keystone10:08
*** EinstCrazy has quit IRC10:14
*** mhickey has quit IRC10:25
*** thiagolib has joined #openstack-keystone10:28
thiagolibsomeone did deploy the opentack Solaris 11 and have seen this error svcadm : Instance " svc : / application / OpenStack / Keystone : default " is in maintenance state .10:29
*** fhubik has joined #openstack-keystone10:37
*** shoutm has joined #openstack-keystone10:38
*** gildub has quit IRC10:42
*** mhickey has joined #openstack-keystone10:44
*** sileht has quit IRC10:48
*** sileht has joined #openstack-keystone10:48
*** agireud has quit IRC10:49
*** agireud has joined #openstack-keystone10:51
*** _zouyee has quit IRC10:53
*** ninag has joined #openstack-keystone10:55
*** ninag has quit IRC10:59
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26434611:03
*** dims has joined #openstack-keystone11:12
*** hughsaunders_ has joined #openstack-keystone11:26
*** hughsaunders has quit IRC11:27
*** hughsaunders_ is now known as hughsaunders11:27
samueldmqmorning keystoners11:34
*** fawadkhaliq has quit IRC11:57
*** fawadkhaliq has joined #openstack-keystone11:58
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy SQL driver  https://review.openstack.org/21200612:14
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy drivers  https://review.openstack.org/21200612:19
*** agireud has quit IRC12:25
*** agireud has joined #openstack-keystone12:27
*** EinstCrazy has joined #openstack-keystone12:28
*** Quick has joined #openstack-keystone12:32
QuickHello everyone! Is it possible to restrict access to the Region for the Tenant or User (Juno)?12:35
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for the policy drivers  https://review.openstack.org/21295712:36
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy drivers  https://review.openstack.org/21200612:39
*** Nirupama has quit IRC12:45
QuickThanks, good point12:45
*** fhubik is now known as fhubik_brb12:47
samueldmqQuick: hi12:47
samueldmqQuick: I know there is endpoint_filtering so taht you can filter the endpoints that goes in a token (scoped to a project) for a given region12:48
samueldmqQuick: if that's what you're looking for ...12:48
samueldmqQuick: but I am not sure that's available in Juno12:49
samueldmqQuick: let me check12:49
*** openstackgerrit has quit IRC12:50
samueldmqQuick: yes endpoint_filter extension is available in juno, which EOL has passed btw12:50
*** openstackgerrit has joined #openstack-keystone12:50
samueldmqQuick: https://github.com/openstack/keystone/blob/juno-eol/keystone/contrib/endpoint_filter/core.py12:50
QuickI would like to split regions between tenants. Tenants A and B can use region 1, 2 and 3. Tenant C can use 3 and 4.12:52
samueldmqQuick: what if you filter endpoints from regions 1, 2 and 3 for projects A and B; and endpoints from regions 3 and 4 for project C ?12:54
*** links has quit IRC12:55
QuickAs I understand it will be the same result.12:56
QuickIdeally Horizon should show available Regions only12:57
*** links has joined #openstack-keystone12:58
*** raildo-afk is now known as raildo13:01
*** pauloewerton has joined #openstack-keystone13:02
*** links has quit IRC13:03
*** Quick has quit IRC13:09
*** ninag has joined #openstack-keystone13:21
*** alexpro has joined #openstack-keystone13:23
*** browne has joined #openstack-keystone13:23
*** fhubik_brb is now known as fhubik13:26
*** fawadkhaliq has quit IRC13:30
*** fawadkhaliq has joined #openstack-keystone13:30
*** Ephur has joined #openstack-keystone13:34
*** vivekd has quit IRC13:36
*** iurygregory has quit IRC13:47
*** browne has quit IRC13:49
*** doug-fish has joined #openstack-keystone13:53
*** dslev has joined #openstack-keystone13:53
*** ngupta has quit IRC13:59
*** richm has joined #openstack-keystone13:59
*** csoukup has joined #openstack-keystone14:04
*** jsavak has joined #openstack-keystone14:05
*** spzala has joined #openstack-keystone14:07
*** fhubik is now known as fhubik_brb14:20
*** fhubik_brb is now known as fhubik14:24
*** fhubik has quit IRC14:24
*** browne has joined #openstack-keystone14:36
*** dansmith is now known as superdan14:43
*** jaosorior has quit IRC14:45
*** jaosorior has joined #openstack-keystone14:46
*** petertr7_away is now known as petertr714:51
openstackgerritTom Cocozzello proposed openstack/keystone: List assignments with names  https://review.openstack.org/24995814:56
*** fawadkhaliq has quit IRC14:56
openstackgerritTom Cocozzello proposed openstack/keystone: List assignments with names  https://review.openstack.org/24995814:58
*** fawadkhaliq has joined #openstack-keystone14:59
lbragstadayoung dolphm how do we want to handle bind in keystone with fernet tokens? We are 52 tests away from passing with fernet as the default for all keystone tests, some of which are 501 because fernet doesn't support bind authentication.15:01
openstackgerritTom Cocozzello proposed openstack/keystone: List assignments with names  https://review.openstack.org/24995815:02
*** kibm has joined #openstack-keystone15:03
lbragstadayoung dolphm pinging you guys because I thought we had a conversation around this before15:04
lbragstadayoung dolphm I want to say we punted on it because bind required us to pack things in the token that could be unbound.15:05
*** EinstCrazy has quit IRC15:07
lbragstador if anyone else wants to weigh in ;) ^15:07
*** Ephur has quit IRC15:08
*** pauloewerton has quit IRC15:11
*** ericksonsantos has quit IRC15:11
*** jaosorior has quit IRC15:11
*** jaosorior has joined #openstack-keystone15:12
*** daemontool has quit IRC15:16
*** fawadkhaliq has quit IRC15:19
*** raildo is now known as raildo-afk15:20
*** sigmavirus24_awa is now known as sigmavirus2415:24
*** timcline has joined #openstack-keystone15:25
tjcocozzlbragstad, found this ... https://bugs.launchpad.net/keystone/+bug/1433311/comments/215:26
openstackLaunchpad bug 1433311 in OpenStack Identity (keystone) "Fernet tokens don't support token bind" [Wishlist,Triaged]15:26
lbragstadtjcocozz ah - i thought it was something along those lines15:27
openstackgerritBrant Knudson proposed openstack/python-keystoneclient: Mark password/secret options as secret  https://review.openstack.org/26819815:27
lbragstadtjcocozz maybe i'll send a note to the mailing list15:27
tjcocozzlbragstad, in evesdrop it sounded like you were still going to push for it.  What changed?15:28
openstackgerritBrant Knudson proposed openstack/keystoneauth: Mark password/secret options as secret  https://review.openstack.org/26819915:29
lbragstadtjcocozz I was just concerned about breaking/people who rely on it but wanted to move to fernet15:30
lbragstadnotmorgan was also a part of that conversationm15:31
*** chmouel has quit IRC15:32
*** pnavarro has quit IRC15:33
*** aix has quit IRC15:33
*** freerunner has quit IRC15:34
openstackgerritLance Bragstad proposed openstack/keystone: Make fernet default token provider  https://review.openstack.org/25865015:35
openstackgerritLance Bragstad proposed openstack/keystone: Fix indentation for oauth context  https://review.openstack.org/26764915:35
openstackgerritLance Bragstad proposed openstack/keystone: Make fernet work with oauth1 authentication  https://review.openstack.org/26778115:35
*** jamie_h has joined #openstack-keystone15:35
*** pnavarro has joined #openstack-keystone15:35
ayounglbragstad, disable the bind tests.15:37
lbragstadayoung so we won't be supporting bind with the default provider?15:38
ayounglbragstad, correct15:38
ayounglbragstad, bind does not do any good in a live lookup15:38
*** chmouel has joined #openstack-keystone15:38
lbragstadok15:38
ayoungin order for bind to make sense we should do15:38
ayoungauthenticate against the remote service and just query the keystone server for roles15:38
ayoungI have that as a spec, but Morgan has soemthing slightly better planned and we'll go with that15:39
lbragstadayoung and that wouldn't require any bind auth to keystone directly15:39
ayounglbragstad, I seriously doubt anyone is using bind15:39
ayoungnope15:39
*** vryzhenkin has joined #openstack-keystone15:39
ayoungthe bind had to be set up on the initial token request15:39
ayoungthe fact that it did work with uuid was kindof irrelelvant15:39
lbragstadayoung awesome, thanks... i'll parse those15:44
*** ngupta has joined #openstack-keystone15:44
*** ngupta has quit IRC15:46
jorge_munozI have been having issues redelegating a trusted token. I have taken the step of creating a trust (Trustor User A and Trustee User B) and authenticating with trust to generate a trusted token for User B. Using User’s B trusted token to create a new trust redelegated to User C, returns a 403 Forbbiden. Are these the correct step to redelegate a trust. If not, whose token should be used?15:47
lbragstadjorge_munoz that sounds like redelegation to me15:48
lbragstadjorge_munoz you did have `allow_redelegation` set to True on the trust you created between User A and User B, right?15:49
jorge_munozlbragstad: yes15:49
lbragstadjorge_munoz was redelegation count set, too?15:49
jorge_munozlbragstad: 315:49
*** roxanagh_ has joined #openstack-keystone15:50
lbragstadok, so you have both set15:50
lbragstadand creating a new trust between User B and User C results in a 503?15:50
jorge_munoz403 using the User B trusted token15:51
lbragstadjorge_munoz ah right - 403...15:51
lbragstadayoung does that sound right to you?15:51
lbragstad^15:51
ayoungjorge_munoz, run it in the debugger, see what is actually kicking out the error.15:52
ayoungjorge_munoz, You are passimng the old trust id in when createing the new trust, right?15:53
lbragstadayoung that is the intended use case for redelegation - right?15:53
ayounglbragstad, yeah, but I think you specify the actual trust, too15:53
lbragstadayoung ahhh15:54
lbragstadayoung trying to find an example request15:55
*** tonytan4ever has joined #openstack-keystone15:55
jorge_munozayoung: No, I did not pass the old trust_id on the new trust. I’ll try that.15:56
lbragstadjorge_munoz if that is actually the problem - we should add some documentation here with that request - https://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-trust-ext.html15:56
ayoungjorge_munoz, Read the docs on that one...I think its specified that way15:56
lbragstadayoung those docs ^15:57
*** josecastroleon has quit IRC15:57
lbragstadI'm not seeing an example of "here's how you create a re-delegated trust"15:57
lbragstadjorge_munoz can you use paste to show us what you're seeing?15:58
lbragstadlike, pasteraw or something?15:59
*** henrynash_ has joined #openstack-keystone15:59
*** ChanServ sets mode: +v henrynash_15:59
*** ngupta has joined #openstack-keystone16:00
lbragstadjorge_munoz use http://pasteraw.com/16:00
lbragstadcopy and paste your requests into there and then drop the links here so we can look at them16:00
*** aix has joined #openstack-keystone16:01
*** jsavak has quit IRC16:03
*** slberger has joined #openstack-keystone16:03
jorge_munozlbragstad: http://cdn.pasteraw.com/seeess53b0unouhnuppmyu8m9oaib1j16:03
*** belmoreira has quit IRC16:05
*** roxanagh_ has quit IRC16:06
*** jsavak has joined #openstack-keystone16:07
*** roxanagh_ has joined #openstack-keystone16:10
*** kibm has quit IRC16:20
*** dslev has quit IRC16:20
*** vivekd has joined #openstack-keystone16:25
openstackgerritvenkatamahesh proposed openstack/keystone: Fedora link is too old and so updated with newer version  https://review.openstack.org/22810916:26
*** phalmos has joined #openstack-keystone16:31
*** kibm has joined #openstack-keystone16:31
*** ericksonsantos has joined #openstack-keystone16:31
*** vgridnev has quit IRC16:32
*** timcline has quit IRC16:32
*** pauloewerton has joined #openstack-keystone16:33
*** vgridnev has joined #openstack-keystone16:33
*** vgridnev has quit IRC16:34
*** spandhe has joined #openstack-keystone16:36
*** ryanpetrello is now known as ryanpetrello116:47
*** itlinux has joined #openstack-keystone16:48
*** ryanpetrello1 is now known as ryanpetrello16:48
*** vivekd has quit IRC16:48
*** vivekd has joined #openstack-keystone16:54
*** fawadkhaliq has joined #openstack-keystone16:55
*** timcline has joined #openstack-keystone17:02
*** ninag has quit IRC17:03
*** kibm has quit IRC17:11
*** e0ne has quit IRC17:13
*** lhcheng has joined #openstack-keystone17:15
*** ChanServ sets mode: +v lhcheng17:15
*** vgridnev has joined #openstack-keystone17:16
*** _cjones_ has joined #openstack-keystone17:23
*** raildo-afk is now known as raildo17:24
*** raildo is now known as raildo-afk17:25
*** vryzhenkin is now known as freerunner17:27
*** shaleh has joined #openstack-keystone17:28
*** kibm has joined #openstack-keystone17:30
*** timcline has quit IRC17:34
*** browne has quit IRC17:44
*** sigmavirus24 is now known as sigmavirus24_awa17:46
*** ankita_wagh has joined #openstack-keystone17:48
*** jamielennox is now known as jamielennox|away17:52
*** ericksonsantos has quit IRC17:53
*** pauloewerton has quit IRC17:53
*** jamie_h has quit IRC17:54
*** telemonster has quit IRC17:55
*** kibm has quit IRC17:55
*** jsavak has quit IRC17:55
*** sigmavirus24_awa is now known as sigmavirus2417:57
*** mhickey has quit IRC17:57
*** browne has joined #openstack-keystone17:58
*** browne has quit IRC17:58
*** e0ne has joined #openstack-keystone18:00
*** jsavak has joined #openstack-keystone18:03
*** kibm has joined #openstack-keystone18:03
*** pauloewerton has joined #openstack-keystone18:05
*** ericksonsantos has joined #openstack-keystone18:05
*** jasonsb has joined #openstack-keystone18:10
*** vivekd has quit IRC18:11
*** henrynash_ has quit IRC18:14
*** tonytan4ever has quit IRC18:21
*** jsavak has quit IRC18:21
*** jsavak has joined #openstack-keystone18:22
*** timcline has joined #openstack-keystone18:25
*** timcline_ has joined #openstack-keystone18:29
*** timcline has quit IRC18:30
*** jed56 has quit IRC18:33
*** tonytan4ever has joined #openstack-keystone18:34
*** dslev has joined #openstack-keystone18:34
*** browne has joined #openstack-keystone18:35
lbragstadjorge_munoz do you have redelegation set to true in your keystone config? https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L2013-L201418:38
*** _cjones_ has quit IRC18:39
*** drjones has joined #openstack-keystone18:39
*** ericksonsantos has quit IRC18:40
*** ericksonsantos has joined #openstack-keystone18:40
jorge_munozlbragstad: yes18:41
*** pauloewerton has quit IRC18:43
*** kibm has quit IRC18:45
*** ericksonsantos has quit IRC18:53
*** jasonsb has quit IRC18:57
*** petertr7 is now known as petertr7_away19:00
*** browne has quit IRC19:01
*** kibm has joined #openstack-keystone19:03
*** narengan_ has joined #openstack-keystone19:09
*** jrist has quit IRC19:12
*** shoutm has quit IRC19:19
openstackgerritMerged openstack/keystone: Enable limiting in ldap for users  https://review.openstack.org/23307019:24
*** pnavarro has quit IRC19:25
tjcocozzlbragstad, ping19:27
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26434619:28
lbragstadstevemar is it not possible to do something like http://cdn.pasteraw.com/p0gof3ry8zesnsvsspmzkco0isiamxc with osc19:31
lbragstadstevemar what I end up with is this - http://cdn.pasteraw.com/n49ae3mkxgguwjvcy9yzrv10hdicp1z19:31
stevemarlbragstad: coming at me with trust auth questions...19:31
lbragstadbut trust should technically be the scope19:32
*** ericksonsantos has joined #openstack-keystone19:32
stevemarlbragstad: hmm, it should19:32
lbragstadstevemar it's more of a OSC question ;)19:32
stevemargive me 1 sec, finishing up something else19:32
lbragstadok19:32
lbragstadthanks19:32
openstackgerritayoung proposed openstack/keystone: Implied roles driver and manager  https://review.openstack.org/26426019:33
ayounghenrynash, are you working on the policy file changes for IMplied Roles API or shall I ? https://review.openstack.org/#/c/242614/4719:35
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261419:35
*** jistr has quit IRC19:37
*** kibm has quit IRC19:37
stevemarlbragstad: looking now19:37
stevemarlbragstad: can you add --debug to your command, i wanna see what code bubbled up that error?19:38
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261419:43
lbragstadstevemar yep19:46
stevemarlbragstad: i *just* created a trustee and a trust19:46
stevemarnow how do i auth...19:46
lbragstadhttp://cdn.pasteraw.com/863w4dtba16wlngddn1kuzzid516adr19:47
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: WIP: Extract assignment backend tests to own file  https://review.openstack.org/26830719:47
lbragstadstevemar this is my rc file http://cdn.pasteraw.com/p0gof3ry8zesnsvsspmzkco0isiamxc19:47
lbragstadstevemar i'm trying to auth at the trustee19:47
stevemarlbragstad: yeah, i just tried that, and it barfed19:48
lbragstadstevemar ah19:48
lbragstadstevemar I am trying to recreate some of the issues jorge_munoz keeps hitting19:49
*** kibm has joined #openstack-keystone19:49
lbragstadbut instead of doing it with curl, i was going to see if i could reproduce it with the client19:49
stevemarlbragstad: i know you can auth with different auth types... http://paste.openstack.org/show/484037/19:49
stevemarbut it looks like trust isn't on there19:50
stevemarmaybe OSC is just blocking too much?19:50
lbragstadstevemar yeah I'm not seeing trust19:50
ayoungis it an OSC issue?19:51
*** petertr7_away is now known as petertr719:52
lbragstadayoung I'm hitting something with OSC and trusts - but jorge_munoz is having a hard time with the redelegation stuff19:52
ayounglbragstad, right.  I was asking if redelegation is not supported from OSC?19:52
lbragstadi think what stevemar and I just recreated is possibly a limitation with OSC (or it could be)19:52
ayoungI could see that19:52
lbragstadyeah19:53
ayoungdoes OSC support passing redelegated_trust_id ?19:53
*** tjcocozz has left #openstack-keystone19:54
stevemarlbragstad: trying to patch osc now19:54
lbragstadayoung not that I know of19:54
ayoungwell there ya go.19:54
lbragstadayoung but I don't think that explains jorge_munoz 's issues19:55
ayoungpretty sure it is in KC19:55
*** drjones has quit IRC19:55
dstaneklbragstad: is there any reason you're not using the clouds.yaml format?19:55
lbragstadi just happen to stumble across the OSC thing because that's what I wanted to test it with locally19:55
lbragstaddstanek i have no good reason not to use it19:55
stevemardstanek: old habits die hard19:55
lbragstadstevemar ++19:56
stevemarlbragstad: i patched osc to get past that point, but now it's complaining that there is no service catalog19:56
lbragstadhmmm19:56
lbragstadinteresting19:56
*** browne has joined #openstack-keystone19:56
ayounglbragstad, I don't see it on KC even19:56
lbragstadeither way - jorge_munoz is trying to do https://github.com/openstack/keystone/blob/08ce1a504b73c3f95f60ea6fc990fbf19a8b8c0e/keystone/tests/unit/test_v3_auth.py#L3046-L3105 locally but keeps hitting 403s19:57
ayounglbragstad, http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/v3/contrib/trusts.py19:57
stevemarlbragstad: http://paste.openstack.org/show/484039/19:57
ayounglbragstad, is he hitting an issue with policy ?19:58
lbragstadayoung yeah, there isn't anything in the ksc codebase for redelegated_trust_id19:58
*** _cjones_ has joined #openstack-keystone19:58
lbragstadayoung i believe jorge_munoz is using the standard v3 policy19:58
lbragstadjorge_munoz right?19:58
jorge_munozlbragstad: yes19:58
ayoungjorge_munoz, you have logging turned on?  Is it showing an RBAC failure?19:58
lbragstadjorge_munoz ayoung this one - https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L2013-L201419:59
jorge_munozayoung: yes, both debug and verbose. I’ll add a paste20:00
dstanekjorge_munoz: does the trustor_id match the admin's user_id?20:01
jorge_munozdstanek: yes20:01
*** ankita_wagh has quit IRC20:01
*** ankita_wagh has joined #openstack-keystone20:01
stevemarlbragstad: well, way to give me more osc work :(20:02
lbragstadstevemar :)20:02
jorge_munozhttp://cdn.pasteraw.com/l7v1hn1izkz8kbge13ijffca773qcdf20:02
dstanekjorge_munoz: so you've created a trust between a user and an admin. but when you redelegate from the admin to somebody else it fails?20:02
jorge_munozdstanek: Yes, it fails when redelegating the trust to some other user using the trusted token.20:03
jorge_munozIt might be failing because the user_id on the policy does not match the trustor’s id.20:04
jorge_munozLooking into it now.20:04
ayoungRBAC: Authorization granted inner /home/jorge/source/keystone/keystone/common/controller.py:16220:05
ayoung2016-01-15 20:01:25.664 30424 WARNING keystone.common.wsgi [req-2dded95f-05eb-4b8b-9e45-5e9f8f0160a4 873d63b2cce1464a8d3acd01d53664f5 1cc82e7e6ae94806af7860fd597eb88a - 661775fb45784c12948076da48d03224 661775fb45784c12948076da48d03224] You are not authorized to perform the requested action.20:05
ayoungnot policy  IIUC20:05
*** petertr7 is now known as petertr7_away20:07
ayoungu'redelegated_trust_id': u'a9d062599e8e499daf69d45962b7501d',  <-  So the trustor on this request needs to be the trustee from that one20:07
*** aix has quit IRC20:08
jorge_munozI had tried that too.20:09
jorge_munoz2016-01-15 20:10:02.045 31847 WARNING keystone.common.wsgi [req-c0f13061-6b09-46ca-90a6-2441c1853aad 873d63b2cce1464a8d3acd01d53664f5 1cc82e7e6ae94806af7860fd597eb88a - 661775fb45784c12948076da48d03224 661775fb45784c12948076da48d03224] You are not authorized to perform the requested action: identity:create_trust20:09
jorge_munozThe trust test cases seem to be done incorrectly then. https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L2013-L2014. Following trust use the trustor of all chained trust.20:10
jorge_munozSorry incorrect link: https://github.com/openstack/keystone/blob/08ce1a504b73c3f95f60ea6fc990fbf19a8b8c0e/keystone/tests/unit/test_v3_auth.py#L3046-L310520:12
ayoungjorge_munoz, I don't like the user names used on those tests.20:15
ayoungIdeally it would be  origian_trustor, originial_trustee, redelegated_trustee20:16
jorge_munozayoung: Right, that what i got from the documentation.20:17
ayoungjorge_munoz, can you hack the unit tests to show that it is bad?20:19
*** henrynash_ has joined #openstack-keystone20:20
*** ChanServ sets mode: +v henrynash_20:20
*** e0ne has quit IRC20:23
mc_nairHey everyone - is there a reason that Keystone's get_project command needs to be admin_required instead of admin_or_owner?20:24
mc_nairit's causing some issues with the Nested Quota driver in Cinder and looking through different possible fixes20:24
*** dslev has quit IRC20:24
stevemarmc_nair: who "owns" a project? users have roles on projects20:25
*** kibm has quit IRC20:25
mc_nairstevemar: sorry - was talking more in terms of policy.json (https://github.com/openstack/keystone/blob/master/etc/policy.json#L6).  But I guess more specifically - would it be terrible to let a member of a project be able to do "get_project" for their current project20:26
*** e0ne has joined #openstack-keystone20:26
mc_nairso I guess that would be a policy similar to https://github.com/openstack/cinder/blob/master/etc/cinder/policy.json#L320:27
*** petertr7_away is now known as petertr720:29
dolphmmc_nair: i think you should be able to do that, certainly20:31
ayoungmc_nair, get_proejct should be safe20:31
jorge_munozayoung: So in the line every redelegated trust in the chain is created with the original trustor’s id. https://github.com/openstack/keystone/blob/08ce1a504b73c3f95f60ea6fc990fbf19a8b8c0e/keystone/tests/unit/test_v3_auth.py#L308020:32
ayoungjust about all of the gets should be safe.  Even Trusts are really not secret info, and GET user has no password20:32
ayoungjorge_munoz, let me look at what the code does, then20:32
ayoungmaybe that is right20:32
mc_nairahhhh, that would fix all my problems :) so it'd be reasonable to change the default Keystone policy.json to let get_project for users of the current project then?20:32
*** ericksonsantos has quit IRC20:33
*** kibm has joined #openstack-keystone20:34
ayoungmc_nair, look at the cloudsample version20:35
*** ericksonsantos has joined #openstack-keystone20:36
ayoung"identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or rule:admin_and_matching_target_project_id",20:36
*** spzala has quit IRC20:36
*** ankita_wagh has quit IRC20:36
ayounghmmm...we seem to be overly restrictive there20:36
*** spzala has joined #openstack-keystone20:36
*** ankita_wagh has joined #openstack-keystone20:36
ayoungmc_nair, it is for just these reasons I am pushing the implied roles changes20:37
henrynash_ayoung, stevemar, gyee, dstanek, bknudson, (+ other cores): all the domain specifc set of patches have been up for a while now and had at least some reviews - I’d really like to get some more eyes on them.  They are dependent on Implied Roles of course, which is why that has to be merged first. The actual modification to implies roles is pretty tiny (https://review.openstack.org/#/c/263064/), but the chain of patches sta20:37
henrynash_here: https://review.openstack.org/#/c/261846/20:37
henrynash_(domain specific roles, that is)20:37
ayounghenrynash_, I've figured the best thing to do was to push from the bottom20:37
mc_nairayoung: sorry - didn't follow the last question20:38
ayoungmc_nair, it was a statement20:38
henrynash_ayoung: push from the bottom turtle up?20:38
ayoungHeh20:38
ayounghenrynash_, I want the implied roles stuff in.  Noneof domain specific stuff can get in until implied roles20:39
mc_nairayoung: haha - oh reading.  Could I get a link to that patch your referencing?20:39
henrynash_ayoung: yeah, on get_project..I’d haev thought you can get-project if you have a role on it…20:39
ayoungmc_nair, https://review.openstack.org/#/c/242614/20:40
henrynash_ayoung: no arguing with that!!!!20:40
henrynash_ayoung: implied roles getting in, that is20:40
*** spzala has quit IRC20:40
ayounghenrynash_, We'll get it done...Dave did a decent code review.  After it gets in, I'd like to revisit the policy files.  jamielennox|away has a spec for a default set of roles, but we might want to go even more granular than he did20:41
henrynash_ayoung: btw, when you added the policy.json entries for implied roles, don’t they have to docuemnted somewhere (policy_mapping.rst ?)- I think there is a test that checks that they are….so you latest patcg might fail20:42
ayounghenrynash_, it might.  If so, it is new to me, but that would not be the first time.  Let's see.20:42
henrynash_ayoung: it’s all greek/json to me….20:42
*** ankita_wagh has quit IRC20:45
*** browne has quit IRC20:46
ayounghenrynash_, I could see an argument that the same mechanism for Domain Specific Roles should work at the Project level20:46
ayoungIf we were to make project specific roles, and use domain-is-a-project...would that serve?20:46
ayoungIt would be strange with name masking, I guess, the way things get inherited20:46
henrynash_ayoung: one can make that argument, although seems to me that usually policy type structrues are made a the company/division level…whcih wht these map to domains20:47
mc_nairayoung: thanks for the info! I'm new to Keystone so let me know if I'm missing something, but would implied roles fix things, without changing the policy.json to not require admin for something like get_project?  Cause a normal member of the project wouldn't inherit that admin role?20:47
ayounghenrynash_, except that far more places have company->project than company->domain if you are ,say ,buying space on a public cloud20:48
ayounghenrynash_, it depends on if you thinkg DSR is assignement side or identity side.  I've been thinking of it as assignment side, in which case it is really project scoped20:49
henrynash_ayoung: well, that’s true today…but I see company->domain becoming more previlent as a company wants more control of how they portion of teh cloud opreates20:49
henrynash_ayoung: that’s why I’m pushing all this domain config stuff via APIs for iinstance, domain roles…I think we’ll want to do domain specific (i.e. polic controlled) federation mapping crud etc.20:50
ayounghenrynash_, I'd like to mull that over.  I think that Proj Specific is the more powerful abstraction, as it carries domain with it.  Can we make that work?  Make DSR a degenerate case, maybe by namespacing the whole thing?20:50
*** fawadkhaliq has quit IRC20:51
*** fawadkhaliq has joined #openstack-keystone20:53
*** fawadkhaliq has quit IRC20:55
*** ankita_wagh has joined #openstack-keystone21:01
*** jrist has joined #openstack-keystone21:04
*** jsavak has quit IRC21:04
*** jaosorior has quit IRC21:05
*** jsavak has joined #openstack-keystone21:05
*** spzala has joined #openstack-keystone21:06
*** jsavak has quit IRC21:11
openstackgerritLin Hua Cheng proposed openstack/keystone: Improve Conflict error message in IdP creation  https://review.openstack.org/26527921:12
*** jsavak has joined #openstack-keystone21:12
lbragstadayoung so, if we aren't going to support bind with the default token format moving forward, can we deprecate it?21:13
ayounglbragstad, yes, I think that is the right call21:13
*** narengan_ has quit IRC21:13
*** rletrocquer has quit IRC21:13
*** roxanaghe has quit IRC21:13
*** kibm has quit IRC21:16
jorge_munozayoung: lbragstad : Thanks solved my issue. The test are correct. Redelegated trust should have the trustor_id from the admin.21:17
lbragstadjorge_munoz awesome!21:18
ayoungjorge_munoz, please explain21:18
lbragstadjorge_munoz so the issue was?21:18
ayoung" from the admin"  is who21:18
jorge_munozWhen redelegating a trust, the trustor_id should be set to the creator of the original trust.21:20
lbragstadjorge_munoz what were you setting it to before/21:20
lbragstad?21:20
*** edmondsw has joined #openstack-keystone21:20
jorge_munozYes, my issue was the the expire time. I made the mistake of setting the expire time for the redelegated trust later then the original.21:21
*** edmondsw has quit IRC21:21
ayoungI think there is a misleading comment in the code that indicates the old logic of enforcing only the trustor may call that method21:21
lbragstadah...21:22
lbragstadthe trustor can only call what method?21:22
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/controllers.py#n12321:22
ayoungshould read "The user creating the trust must either be the trustor, or a trustee redelegating the trust."21:23
lbragstadahhh... so it doesn't matter what the policy is21:23
ayoung"identity:create_trust": "user_id:%(trust.trustor_user_id)s",  is also wrong... (from v3)21:24
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.json#n9921:24
lbragstadayoung yeah, i think it's the same in the original policy file too21:24
*** timcline_ has quit IRC21:24
ayounghow did that work, then?21:25
lbragstadayoung i'm not sure... that's kind of confusing because we have policy enforced in two places, right?21:25
lbragstadwe have some in the policy file and some in the trust api?21:25
ayounglbragstad, it used to be hardcoded into the trust API cuz I was Paranoid21:26
ayoungI thought we killed that, though21:26
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/controllers.py#n11821:27
*** pnavarro has joined #openstack-keystone21:27
*** kibm has joined #openstack-keystone21:27
ayounguser_id == trustore_id is all over the place there21:28
*** doug-fish has quit IRC21:28
lbragstadhmmm21:28
lbragstadso this is strange21:28
lbragstadwhat jorge_munoz seems to have recreated isn't what I was thinking redelegation was21:29
lbragstadwhich could totally be my fault21:29
ayounglbragstad, need amakarov in this discussion21:29
lbragstadayoung yes we do21:29
jorge_munozUsing the trustee’s trusted token I was able to create a new trust, but the trustor on the trust matches the id on the original trust.21:29
lbragstadI haven't seen him in irc for a while though21:30
lbragstadlet's use user-a, user-b, and user-c21:30
lbragstaduser-a is the trustor21:30
ayoungjorge_munoz, in the call to redelegate the trust, what do you specify as the trustor_id?21:30
lbragstaduser-a creates a trust between user-a and user-b21:30
lbragstadmaking user-b the trustee21:30
ayoungcheck21:30
jorge_munozthe trustor id from the original trust.21:31
ayoungjorge_munoz, that should fail the policy check21:31
lbragstadwhat jorge_munoz did was get a trust scoped token for *user-b* and created a trust with the trustor being user-a  and the trustee being user-c21:31
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.json#n9921:31
*** daemontool has joined #openstack-keystone21:31
ayounglbragstad, right, and that should fail the check "identity:create_trust": "user_id:%(trust.trustor_user_id)s",21:31
ayoungAH...was this impersonated?21:32
ayoungjorge_munoz, ^^  you were doing impersonation, I remember seeing in the paste you sent21:32
jorge_munozayoung: yes21:32
ayoungthat is why it worked.  Hmmm21:33
*** jsavak has quit IRC21:33
ayoungthat policy check needs to change21:33
ayoungwe're going to force people to do impersonation when we should not be21:33
lbragstadyep21:33
lbragstadthat's weird21:33
*** jsavak has joined #openstack-keystone21:34
ayoungI'm going to sleep on that one.  My kneejerk reaction is that it should not be in the policy file21:34
ayoungAnyone should be able to create some trust, but the rules for who can create a specific trust are too complex for policy21:34
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity  https://review.openstack.org/26204521:35
ayounglbragstad, I could see it working like this, though:  if you are redelegating a trust, specify yourself as the trustor_id in the request.  DUring the redelegation process, we replace the trustor_id with the original trustor_id fetched based on the original redlegated_trust_id21:37
ayoungbut that is working around policy21:38
ayounglbragstad, jorge_munoz https://bugs.launchpad.net/keystone/+bug/1534834  can you mark this as confirmed?21:43
openstackLaunchpad bug 1534834 in OpenStack Identity (keystone) "Policy check forces impersonation for redelgation of trust" [Undecided,New]21:43
*** jsavak has quit IRC21:49
*** jsavak has joined #openstack-keystone21:50
*** kibm has quit IRC21:53
*** jamielennox|away is now known as jamielennox21:54
*** drjones has joined #openstack-keystone21:55
*** _cjones_ has quit IRC21:55
openstackgerritTom Cocozzello proposed openstack/python-keystoneclient: set up incude names for list role assignments  https://review.openstack.org/25539221:55
*** spandhe has quit IRC21:58
*** tonytan4ever has quit IRC21:58
*** dims_ has joined #openstack-keystone21:59
*** dims has quit IRC22:01
*** kibm has joined #openstack-keystone22:05
ayoungstevemar, are the failures here something we should be expecting right now?  https://review.openstack.org/#/c/264260/22:07
*** e0ne has quit IRC22:08
stevemarayoung: no, just recheck, a lot of the jobs have had transient failures lately22:08
ayoungok22:08
*** tonytan4ever has joined #openstack-keystone22:09
jorge_munozayoung: done, thanks22:09
*** pnavarro has quit IRC22:10
*** kibm has quit IRC22:12
*** kibm has joined #openstack-keystone22:12
*** petertr7 is now known as petertr7_away22:14
*** shaleh has quit IRC22:16
*** tonytan4ever has quit IRC22:22
*** daemontool has quit IRC22:24
*** phalmos has quit IRC22:25
*** vgridnev has quit IRC22:26
*** daemontool has joined #openstack-keystone22:28
*** kibm has quit IRC22:30
*** daemontool has quit IRC22:37
openstackgerritSteve Martinelli proposed openstack/keystoneauth: Mark password/secret options as secret  https://review.openstack.org/26819922:43
henrynash_samueldmq, htruta: final part of assignment manager cleanup: https://review.openstack.org/#/c/265650/22:47
*** kibm has joined #openstack-keystone22:48
*** sigmavirus24 is now known as sigmavirus24_awa22:50
stevemarbknudson_: this is finally passing yay - https://review.openstack.org/#/c/257127/522:50
jamielennoxstevemar: sorry for delay, going to look into that middleware backport now22:52
jamielennoxstevemar: also i _bet_ that ^ breaks someone22:52
stevemarjamielennox: oh for sure22:53
jamielennoxi don't understand how that pattern got started22:53
stevemarjamielennox: step 1 was making sure it didn't break devstack22:53
jamielennoxoh? one of the core projects?22:53
stevemarjamielennox: neutron :)22:53
stevemarneutronclient anyway22:54
jamielennoxstevemar: how much time did you put into that backport to kilo?22:54
stevemarjamielennox: i had to patch all these projects: https://review.openstack.org/#/q/topic:stop_using_oslo_inc22:54
stevemarjamielennox: about an hour at 2am :P22:54
*** csoukup has quit IRC22:54
jamielennoxwow, seriously? shows the proliferation of copy & paste22:55
stevemarjamielennox: oh yeah? stupid mistake somewhere?22:55
jamielennoxno the projects using openstack.comon22:55
stevemaroh, that, yeah ... ugh22:55
jamielennoxfor the backport i'm wondering if i should just start again so i understand what got changed22:55
stevemari did a search on hound/codesearch and was gonna cry22:56
stevemarjamielennox: if you think that's best, sure22:56
stevemari started from the beginning as well, thinking the same thing22:56
stevemarjamielennox: it's saturday, take it easy22:57
*** ankita_wagh has quit IRC22:59
*** jsavak has quit IRC23:10
*** jsavak has joined #openstack-keystone23:11
*** spzala has quit IRC23:14
*** spzala has joined #openstack-keystone23:15
*** kibm has quit IRC23:16
*** spzala has quit IRC23:19
*** slberger has left #openstack-keystone23:26
*** kibm has joined #openstack-keystone23:28
*** dims_ has quit IRC23:29
openstackgerritMerged openstack/keystone: Update v3policysample tests to use admin_project not special domain_id  https://review.openstack.org/26661723:33
*** roxanagh_ has quit IRC23:33
*** roxanaghe has joined #openstack-keystone23:34
*** dims has joined #openstack-keystone23:37
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26434623:37
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26434623:38
openstackgerritayoung proposed openstack/keystone: Implied roles driver and manager  https://review.openstack.org/26426023:42
*** roxanaghe has quit IRC23:44
*** spandhe has joined #openstack-keystone23:53
*** jsavak has quit IRC23:56
*** dims has quit IRC23:59
« Thursday, 2016-01-14 Index Saturday, 2016-01-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!