Thursday, 2016-01-21

*** tsymanczyk has quit IRC		00:02
*** tsymanczyk has joined #openstack-keystone		00:02
*** tsymanczyk is now known as Guest19818		00:03
*** phalmos has joined #openstack-keystone		00:03
*** jbell8 has quit IRC		00:09
*** jbell8 has joined #openstack-keystone		00:10
openstackgerrit	Eric Brown proposed openstack/keystone: Remove additional references to ldap role attribs https://review.openstack.org/270551	00:11
*** shoutm_ has joined #openstack-keystone		00:13
dstanek	notmorgan: :-) sounds smart to me	00:13
dstanek	simple commit == ATC	00:13
*** shoutm has quit IRC		00:14
*** PsionTheory has quit IRC		00:17
*** su_zhang has quit IRC		00:20
openstackgerrit	henry-nash proposed openstack/keystone: Change project unique constraint https://review.openstack.org/158372	00:21
*** dims has quit IRC		00:29
*** henrynash has quit IRC		00:32
*** phalmos has quit IRC		00:33
*** markvoelker_ has quit IRC		00:41
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Fix typo abstact in comments https://review.openstack.org/270558	00:44
*** su_zhang has joined #openstack-keystone		00:46
*** RichardRaseley has quit IRC		00:51
*** Guest19818 has quit IRC		00:52
openstackgerrit	Merged openstack/keystone: Deprecating API v2.0 https://review.openstack.org/251530	00:57
*** lhcheng has quit IRC		00:58
*** gildub has joined #openstack-keystone		00:59
*** su_zhang has quit IRC		01:02
*** shoutm has joined #openstack-keystone		01:05
*** shoutm_ has quit IRC		01:06
*** jbell8 has quit IRC		01:08
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	01:18
*** shoutm_ has joined #openstack-keystone		01:36
*** shoutm has quit IRC		01:38
*** dims has joined #openstack-keystone		01:54
*** _cjones_ has quit IRC		01:54
stevemar	hogepodge: i wrote up something that could be potentially outdated now ... https://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty-as-an-openid-connect-provider-for-openstack/	01:56
*** bill_az has quit IRC		02:00
*** vivekd has joined #openstack-keystone		02:00
hogepodge	stevemar: thanks, I'll take a look	02:01
*** davechen has joined #openstack-keystone		02:07
*** shoutm_ has quit IRC		02:09
*** shoutm has joined #openstack-keystone		02:10
*** jbell8 has joined #openstack-keystone		02:12
*** davechen1 has joined #openstack-keystone		02:12
*** davechen has quit IRC		02:15
*** davechen has joined #openstack-keystone		02:17
*** davechen1 has quit IRC		02:20
*** jbell8 has quit IRC		02:22
*** spandhe has quit IRC		02:25
*** woodster_ has quit IRC		02:26
*** henrynash has joined #openstack-keystone		02:28
*** ChanServ sets mode: +v henrynash		02:28
*** shoutm_ has joined #openstack-keystone		02:41
*** shoutm has quit IRC		02:44
*** jasonsb has joined #openstack-keystone		02:48
*** shoutm has joined #openstack-keystone		02:50
*** roxanaghe has quit IRC		02:50
*** shoutm_ has quit IRC		02:52
*** shoutm_ has joined #openstack-keystone		02:53
*** shoutm has quit IRC		02:55
openstackgerrit	henry-nash proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	02:57
*** roxanaghe has joined #openstack-keystone		02:59
*** EinstCrazy has joined #openstack-keystone		03:03
*** dgonzalez has quit IRC		03:03
*** shoutm has joined #openstack-keystone		03:11
*** agireud has quit IRC		03:11
*** shoutm_ has quit IRC		03:13
*** dgonzalez has joined #openstack-keystone		03:13
*** agireud has joined #openstack-keystone		03:15
*** doug-fish has joined #openstack-keystone		03:16
openstackgerrit	Dave Chen proposed openstack/keystone: Relax the schema validation to accept empty request body https://review.openstack.org/237448	03:21
*** doug-fish has quit IRC		03:21
davechen	lbragstad: since update region need at least one property, i cannot give a testcase to update region with empty body.	03:23
*** oomichi is now known as oomichi_away		03:23
davechen	lbragstad: but i add back two general testcases to prove it's possible.	03:23
openstackgerrit	Tony Wang proposed openstack/keystone: improve credential tests https://review.openstack.org/265610	03:24
*** shoutm has quit IRC		03:24
*** browne has quit IRC		03:25
notmorgan	stevemar: i'm going to go out on a limb and say i'm against emitting warnings in default deployment scenarios [re: sdague's plan]	03:27
*** agireud has quit IRC		03:27
*** spandhe has joined #openstack-keystone		03:27
openstackgerrit	Jorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test https://review.openstack.org/269824	03:33
openstackgerrit	henry-nash proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	03:35
*** dgonzalez has quit IRC		03:39
*** dgonzalez has joined #openstack-keystone		03:40
*** dims has quit IRC		03:42
openstackgerrit	Dave Chen proposed openstack/keystone: Add testcases to check cache invalidation https://review.openstack.org/258785	03:47
*** richm has quit IRC		03:49
*** roxanaghe has quit IRC		03:52
*** agireud has joined #openstack-keystone		03:52
*** su_zhang has joined #openstack-keystone		03:53
*** shoutm has joined #openstack-keystone		03:53
*** roxanaghe has joined #openstack-keystone		03:54
openstackgerrit	Merged openstack/keystonemiddleware: Bandit profile updates https://review.openstack.org/267065	04:00
*** vgridnev has joined #openstack-keystone		04:06
openstackgerrit	Merged openstack/keystone: Fix test_crud_user_project_role_grants https://review.openstack.org/253219	04:13
*** shoutm has quit IRC		04:14
*** shoutm has joined #openstack-keystone		04:14
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	04:16
*** browne has joined #openstack-keystone		04:18
*** lhcheng has joined #openstack-keystone		04:25
*** ChanServ sets mode: +v lhcheng		04:25
*** browne has quit IRC		04:28
*** browne has joined #openstack-keystone		04:29
*** shoutm_ has joined #openstack-keystone		04:34
*** shoutm has quit IRC		04:35
*** vgridnev has quit IRC		04:35
*** browne has quit IRC		04:40
*** vgridnev has joined #openstack-keystone		04:58
*** shoutm_ has quit IRC		04:58
*** shoutm has joined #openstack-keystone		04:59
*** roxanaghe has quit IRC		05:00
*** david-lyle has quit IRC		05:02
*** david-lyle has joined #openstack-keystone		05:03
*** markvoelker has joined #openstack-keystone		05:07
*** roxanaghe has joined #openstack-keystone		05:07
*** markvoelker has quit IRC		05:12
*** shoutm has quit IRC		05:12
*** markvoelker has joined #openstack-keystone		05:12
*** su_zhang has quit IRC		05:13
*** shoutm has joined #openstack-keystone		05:17
*** doug-fish has joined #openstack-keystone		05:30
*** shoutm_ has joined #openstack-keystone		05:31
*** shoutm has quit IRC		05:33
*** doug-fish has quit IRC		05:35
*** vivekd has quit IRC		05:44
*** doug-fish has joined #openstack-keystone		05:44
*** vgridnev has quit IRC		05:45
*** jaosorior has joined #openstack-keystone		05:47
*** jasonsb has quit IRC		05:47
*** doug-fish has quit IRC		05:49
stevemar	notmorgan: a release note would be good though	05:49
notmorgan	stevemar: yes.	05:50
notmorgan	stevemar: we should add a release note	05:50
*** spandhe_ has joined #openstack-keystone		05:59
*** spandhe has quit IRC		06:01
*** spandhe_ is now known as spandhe		06:01
*** markvoelker_ has joined #openstack-keystone		06:01
*** markvoelker has quit IRC		06:05
*** markvoelker has joined #openstack-keystone		06:05
*** spandhe has quit IRC		06:06
*** markvoelker_ has quit IRC		06:06
*** vgridnev has joined #openstack-keystone		06:08
*** spandhe has joined #openstack-keystone		06:09
*** jasonsb has joined #openstack-keystone		06:10
davechen	marekd: hi, are you around?	06:10
davechen	marekd: one question, why it's the endpoint filter to accommodate the change for service provider filtering?	06:11
*** oomichi_away is now known as oomichi		06:11
davechen	marekd: endpoint filter seems like something about endpoints, but any connection of service provider with endpoints?	06:12
*** Nirupama has joined #openstack-keystone		06:13
davechen	per my understanding, all we need is the capability to filter SP based on the project id, again, I am not quite understanding, why it's endpoints filtering?	06:13
davechen	and why the change is made against keystone catalog?	06:13
davechen	stevemar: in case you are still here, do you have any ideas?	06:15
*** jasonsb has quit IRC		06:16
*** ayoung has quit IRC		06:16
openstackgerrit	Rakesh H S proposed openstack/pycadf: Enable cadf support for Heat https://review.openstack.org/270206	06:25
*** vgridnev has quit IRC		06:26
*** gyee has quit IRC		06:39
*** shoutm_ has quit IRC		06:40
*** spandhe_ has joined #openstack-keystone		06:43
*** lhcheng has quit IRC		06:44
*** spandhe has quit IRC		06:45
*** spandhe_ is now known as spandhe		06:45
*** lhcheng has joined #openstack-keystone		06:46
*** ChanServ sets mode: +v lhcheng		06:46
*** vgridnev has joined #openstack-keystone		06:47
*** lhcheng has quit IRC		06:54
*** shoutm has joined #openstack-keystone		06:58
*** spandhe has quit IRC		07:02
*** shoutm has quit IRC		07:03
*** henrynash has quit IRC		07:04
*** agireud has quit IRC		07:04
*** spandhe has joined #openstack-keystone		07:05
*** shoutm has joined #openstack-keystone		07:06
*** gildub has quit IRC		07:09
*** roxanaghe has quit IRC		07:14
*** agireud has joined #openstack-keystone		07:16
*** rcernin has joined #openstack-keystone		07:20
*** vgridnev has quit IRC		07:26
*** su_zhang has joined #openstack-keystone		07:31
*** jaosorior has quit IRC		07:53
*** ayoung has joined #openstack-keystone		08:01
*** ChanServ sets mode: +v ayoung		08:01
*** mkoderer_ is now known as mkoderer		08:03
*** jaosorior has joined #openstack-keystone		08:06
*** spandhe has quit IRC		08:17
*** su_zhang has quit IRC		08:18
*** shoutm has quit IRC		08:18
*** vgridnev has joined #openstack-keystone		08:28
*** shoutm has joined #openstack-keystone		08:29
*** fhubik has joined #openstack-keystone		08:34
*** fhubik is now known as fhubik_brb		08:34
*** agireud has quit IRC		08:35
*** dikonoor has joined #openstack-keystone		08:35
*** pnavarro has joined #openstack-keystone		08:46
*** agireud has joined #openstack-keystone		08:47
openstackgerrit	Dina Belova proposed openstack/keystone: Integrate OSprofiler in Keystone https://review.openstack.org/103368	08:49
*** fhubik_brb is now known as fhubik		08:50
*** agireud has quit IRC		09:05
*** agireud has joined #openstack-keystone		09:09
*** markvoelker has quit IRC		09:12
*** topol has quit IRC		09:15
*** topol_ has joined #openstack-keystone		09:16
*** jistr has joined #openstack-keystone		09:16
*** daemontool has joined #openstack-keystone		09:20
*** arunkant has quit IRC		09:31
*** mhickey has joined #openstack-keystone		09:31
openstackgerrit	Rakesh H S proposed openstack/pycadf: Enable cadf support for Heat https://review.openstack.org/270206	09:31
*** vgridnev has quit IRC		09:32
*** vgridnev has joined #openstack-keystone		09:33
openstackgerrit	Rakesh H S proposed openstack/pycadf: Enable cadf support for Heat https://review.openstack.org/270206	09:36
*** tyagiprince has joined #openstack-keystone		09:40
tyagiprince	Hey people.. I wanna know which python module does openstack each service uses to provide the REST api	09:41
*** markvoelker has joined #openstack-keystone		09:42
*** topol_ is now known as topol		09:45
*** ChanServ sets mode: +v topol		09:45
*** markvoelker has quit IRC		09:48
tyagiprince	is openstack using paste for this purpose? or is it using falcon or some other module?	09:50
*** davechen has quit IRC		09:57
*** fhubik is now known as fhubik_brb		09:59
*** Ephur has quit IRC		09:59
*** openstackgerrit has quit IRC		10:02
*** openstackgerrit has joined #openstack-keystone		10:02
*** tyagiprince_ has joined #openstack-keystone		10:03
*** fhubik_brb is now known as fhubik		10:03
tyagiprince	ayoung:	10:04
tyagiprince	bknudson	10:04
tyagiprince	ChanServ	10:04
tyagiprince	dstanek:	10:04
*** tyagiprince_ has quit IRC		10:05
*** daemontool_ has joined #openstack-keystone		10:07
*** shoutm_ has joined #openstack-keystone		10:07
*** daemontool has quit IRC		10:07
*** jaosorior has quit IRC		10:09
*** shoutm has quit IRC		10:09
*** jaosorior has joined #openstack-keystone		10:10
*** jaosorior has quit IRC		10:10
*** dikonoor has quit IRC		10:11
*** jaosorior has joined #openstack-keystone		10:11
*** daemontool_ is now known as daemontool		10:14
*** arunkant has joined #openstack-keystone		10:17
*** gildub has joined #openstack-keystone		10:19
*** doug-fish has joined #openstack-keystone		10:22
*** aix has joined #openstack-keystone		10:24
*** doug-fish has quit IRC		10:27
*** rm_work has quit IRC		10:29
*** zeus has quit IRC		10:29
*** zeus has joined #openstack-keystone		10:30
*** zeus is now known as Guest65425		10:30
*** rm_work has joined #openstack-keystone		10:32
*** shoutm_ has quit IRC		10:36
*** markvoelker has joined #openstack-keystone		10:39
*** shoutm has joined #openstack-keystone		10:43
notmorgan	tyagiprince: depends on which servicd	10:44
*** markvoelker has quit IRC		10:44
tyagiprince	notmorgan: Lets say keystone..	10:44
notmorgan	tyagiprince: we use a custom wsgi layer, paste to define the filters, routes to define the API URL REGEX -> code entry point	10:45
notmorgan	nova uses much the same, but uses eventlet as the wsgi app container vs mod_wsgi like we do	10:45
notmorgan	some services use pecan/[wsme], some use falcon (i think one)	10:46
notmorgan	it is a little all over the map	10:46
tyagiprince	notmorgan: Can you point me to some tutorial which can help me to understand the openstack code.	10:48
notmorgan	tyagiprince: sadly no i don't have such a link :(	10:49
notmorgan	and each project is very different	10:49
notmorgan	also it's 2:50am here and i should have slept hours ago	10:49
tyagiprince	notmorgan: Thank you..	10:49
tyagiprince	oopss..	10:50
*** lhcheng has joined #openstack-keystone		10:51
*** ChanServ sets mode: +v lhcheng		10:51
*** lhcheng has quit IRC		10:56
*** e0ne has joined #openstack-keystone		10:58
*** dims has joined #openstack-keystone		11:04
*** aix has quit IRC		11:07
*** ajayaa has joined #openstack-keystone		11:22
*** vgridnev has quit IRC		11:31
*** vgridnev has joined #openstack-keystone		11:31
*** shoutm has quit IRC		11:34
*** markvoelker has joined #openstack-keystone		11:34
*** shoutm has joined #openstack-keystone		11:37
*** markvoelker has quit IRC		11:39
*** fhubik is now known as fhubik_brb		11:43
*** fhubik_brb is now known as fhubik		11:49
openstackgerrit	Ajaya Agrawal proposed openstack/keystone: Ensure pycadf initiator IDs are UUID https://review.openstack.org/252182	11:59
*** aix has joined #openstack-keystone		12:03
*** boris-42 has quit IRC		12:03
*** tyagiprince has quit IRC		12:07
*** gildub has quit IRC		12:12
*** shoutm_ has joined #openstack-keystone		12:13
*** fhubik is now known as fhubik_brb		12:14
*** fhubik_brb is now known as fhubik		12:14
*** shoutm has quit IRC		12:16
*** vgridnev has quit IRC		12:16
*** pauloewerton has joined #openstack-keystone		12:17
*** vgridnev has joined #openstack-keystone		12:18
*** shoutm_ has quit IRC		12:19
*** raildo-afk is now known as raildo		12:20
*** shoutm has joined #openstack-keystone		12:21
*** tyagiprince has joined #openstack-keystone		12:25
*** doug-fish has joined #openstack-keystone		12:25
*** oomichi is now known as oomichi_away		12:26
*** markvoelker has joined #openstack-keystone		12:29
*** oomichi_away has quit IRC		12:31
*** markvoelker has quit IRC		12:35
*** shoutm_ has joined #openstack-keystone		12:36
*** shoutm has quit IRC		12:37
ajayaa	Guys. I want to write a release note for a patch. Please let me know how to write one.	12:47
ajayaa	I am confused on the naming part of the yaml file.	12:47
*** pnavarro is now known as pnavarro\|lunch		13:01
*** fhubik is now known as fhubik_brb		13:04
*** jamielennox is now known as jamielennox\|away		13:07
*** gordc has joined #openstack-keystone		13:10
*** Guest7791 is now known as bradjones		13:12
*** bradjones has joined #openstack-keystone		13:12
*** bill_az has joined #openstack-keystone		13:14
*** fhubik_brb is now known as fhubik		13:18
*** daemontool has quit IRC		13:19
*** jed56 has quit IRC		13:23
*** markvoelker has joined #openstack-keystone		13:24
*** alejandrito has joined #openstack-keystone		13:26
*** markvoelker has quit IRC		13:29
*** vgridnev has quit IRC		13:34
*** vgridnev has joined #openstack-keystone		13:37
*** Nirupama has quit IRC		13:39
*** Ephur has joined #openstack-keystone		13:43
*** EinstCrazy has quit IRC		13:47
*** Guest65425 is now known as zeus		13:50
*** zeus has joined #openstack-keystone		13:50
*** markvoelker has joined #openstack-keystone		13:50
dstanek	tyagiprince: have you tried looking at the code? i gave you pointers a few days ago right?	13:51
*** markvoelker has quit IRC		13:53
*** markvoelker has joined #openstack-keystone		13:53
dstanek	ajayaa: what are you finding confusing?	13:53
*** ninag has joined #openstack-keystone		13:53
dstanek	ajayaa: have you seen http://docs.openstack.org/developer/keystone/developing.html#release-notes ?	13:55
*** richm has joined #openstack-keystone		13:55
*** markvoelker has quit IRC		13:57
*** markvoelker has joined #openstack-keystone		13:59
*** fhubik is now known as fhubik_brb		13:59
*** tyagiprince has quit IRC		14:01
*** fhubik_brb is now known as fhubik		14:03
*** daemontool has joined #openstack-keystone		14:05
*** edmondsw has joined #openstack-keystone		14:08
ajayaa	dstanek, Thank you. I hadn't seen the docs.	14:12
*** peter-hamilton has joined #openstack-keystone		14:12
*** shoutm_ has quit IRC		14:12
*** fhubik is now known as fhubik_brb		14:20
*** raildo is now known as raildo-afk		14:24
*** pauloewerton has quit IRC		14:25
*** alejandrito has quit IRC		14:26
*** dslev has joined #openstack-keystone		14:39
*** fhubik_brb is now known as fhubik		14:40
openstackgerrit	Ajaya Agrawal proposed openstack/keystone: Change get_project permission https://review.openstack.org/270057	14:41
*** fawadkhaliq has joined #openstack-keystone		14:42
*** peter-hamilton has quit IRC		14:47
*** avarner has joined #openstack-keystone		14:49
*** pnavarro\|lunch is now known as pnavarro		14:50
*** zqfan has joined #openstack-keystone		14:59
*** phalmos has joined #openstack-keystone		15:00
*** vgridnev has quit IRC		15:01
*** sigmavirus24_awa is now known as sigmavirus24		15:03
*** fawadkhaliq has quit IRC		15:03
*** pushkaru has joined #openstack-keystone		15:05
*** boris-42 has joined #openstack-keystone		15:07
*** jasonsb has joined #openstack-keystone		15:09
*** ajayaa has quit IRC		15:10
*** henrynash has joined #openstack-keystone		15:19
*** ChanServ sets mode: +v henrynash		15:19
*** tonytan4ever has joined #openstack-keystone		15:22
*** jasonsb has quit IRC		15:22
*** henrynash has quit IRC		15:23
*** fawadkhaliq has joined #openstack-keystone		15:25
*** jsavak has joined #openstack-keystone		15:30
*** fhubik is now known as fhubik_brb		15:30
*** fhubik_brb is now known as fhubik		15:31
*** timcline has joined #openstack-keystone		15:31
*** fhubik has quit IRC		15:31
*** fhubik has joined #openstack-keystone		15:35
lbragstad	jorge_munoz working on reviewing your latest trust redelegation patch	15:35
*** jsavak has quit IRC		15:38
*** markvoelker has quit IRC		15:38
lbragstad	ayoung amakarov mind double checking my review here - https://review.openstack.org/#/c/269824/7 ?	15:39
lbragstad	cc dolphm ^	15:40
lbragstad	it's around the trust api behavior with redelegation	15:40
*** su_zhang has joined #openstack-keystone		15:41
amakarov	lbragstad, sure	15:41
lbragstad	amakarov thanks!	15:42
*** fawadkhaliq has quit IRC		15:42
*** csoukup has joined #openstack-keystone		15:44
*** EinstCrazy has joined #openstack-keystone		15:45
*** fhubik has quit IRC		15:45
*** spzala has joined #openstack-keystone		15:46
*** slberger has joined #openstack-keystone		15:59
*** diazjf has joined #openstack-keystone		16:00
*** markvoelker has joined #openstack-keystone		16:01
*** roxanaghe has joined #openstack-keystone		16:03
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities https://review.openstack.org/262045	16:03
*** jasonsb has joined #openstack-keystone		16:04
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities https://review.openstack.org/262045	16:06
*** dhellmann has joined #openstack-keystone		16:07
*** rcernin has quit IRC		16:09
*** spzala has quit IRC		16:14
*** jasonsb has quit IRC		16:14
*** spzala has joined #openstack-keystone		16:14
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Fix nits in include names patch https://review.openstack.org/270884	16:15
*** fawadkhaliq has joined #openstack-keystone		16:17
openstackgerrit	Tom Cocozzello proposed openstack/python-keystoneclient: set up include names for list role assignments https://review.openstack.org/255392	16:17
*** vgridnev has joined #openstack-keystone		16:22
*** raildo-afk is now known as raildo		16:24
*** fawadkhaliq has quit IRC		16:25
*** aix has quit IRC		16:26
*** browne has joined #openstack-keystone		16:29
*** alexpro has quit IRC		16:33
*** ducttape_ has joined #openstack-keystone		16:33
ducttape_	I have a keystone question around this api: http://docs.openstack.org/developer/keystone/api_curl_examples.html#get-tokens-token-id	16:33
ducttape_	there are two tokens used in that example, is the first one a unscoped token? it doesn't need to be an admin token, does it ?	16:34
*** tsymanczyk has joined #openstack-keystone		16:34
*** tsymanczyk is now known as Guest94604		16:34
*** rbak has joined #openstack-keystone		16:35
*** LukeH has joined #openstack-keystone		16:41
*** fawadkhaliq has joined #openstack-keystone		16:44
*** fmarco76 has joined #openstack-keystone		16:48
*** fmarco76 has quit IRC		16:49
*** rcernin has joined #openstack-keystone		16:49
*** vgridnev has quit IRC		16:51
*** _cjones_ has joined #openstack-keystone		16:52
*** spandhe has joined #openstack-keystone		16:52
*** fawadkhaliq has quit IRC		16:54
*** fawadkhaliq has joined #openstack-keystone		16:54
*** smcginnis has joined #openstack-keystone		16:55
*** gyee has joined #openstack-keystone		16:56
*** ChanServ sets mode: +v gyee		16:56
*** vgridnev has joined #openstack-keystone		16:58
stevemar	ducttape_: nope, it doesn't have to be an admin token	17:00
*** rderose has joined #openstack-keystone		17:00
stevemar	ducttape_: an unscoped token is the result of just sending your username and password (no project)	17:00
stevemar	the only thing an unscoped token is useful for... listing projects you have access to	17:01
*** vgridnev has quit IRC		17:01
ducttape_	stevemar - so in that example, could the same token be used in both spots ?	17:02
*** vgridnev has joined #openstack-keystone		17:03
*** blogan is now known as patient-zer0-bl0		17:06
*** patient-zer0-bl0 is now known as patient-0-bl0gan		17:06
*** peter-hamilton has joined #openstack-keystone		17:17
*** vikram has joined #openstack-keystone		17:19
vikram	Can someone plz offer help in resolving --	17:19
vikram	Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.	17:19
vikram	2016-01-21 17:16:50.863 \| Could not determine a suitable URL for the plugin	17:19
vikram	I am getting this error while running devstack	17:20
*** spzala has quit IRC		17:22
*** spzala has joined #openstack-keystone		17:22
*** spzala_ has joined #openstack-keystone		17:23
*** jistr has quit IRC		17:24
*** sigmavirus24 is now known as sigmavirus24_awa		17:27
*** spzala has quit IRC		17:27
*** spzala_ has quit IRC		17:28
*** pauloewerton has joined #openstack-keystone		17:28
vikram	Can someone plz help	17:30
vikram	getting error while running devstack	17:30
vikram	2016-01-21 17:28:43.824 \| ++ openstack token issue -c id -f value --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://192.168.2.5:35357 --os-password openstack	17:30
vikram	2016-01-21 17:28:44.851 \| Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.	17:30
vikram	2016-01-21 17:28:44.851 \| Could not determine a suitable URL for the plugin	17:30
vikram	any clue?	17:31
*** ducttape_ has quit IRC		17:32
LukeH	any help needed with bandit, I can put my hat in, testing, docs etc. Its great tool, been using it against my own projs	17:33
LukeH	wrong channel, my bad	17:36
*** vikram has quit IRC		17:36
*** e0ne has quit IRC		17:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/268513	17:47
*** su_zhang has quit IRC		17:50
*** jasonsb has joined #openstack-keystone		17:52
*** fesp has joined #openstack-keystone		17:56
*** lhcheng has joined #openstack-keystone		17:58
*** ChanServ sets mode: +v lhcheng		17:58
*** roxanaghe has quit IRC		17:59
samueldmq	if I tell keystone is the service providing authn, authz and catalog services for openstack	17:59
samueldmq	is this accurate ? complete ?	18:00
stevemar	samueldmq: i'd say it's accurate	18:00
*** aix has joined #openstack-keystone		18:01
samueldmq	stevemar: ++ thanks	18:01
*** LukeH has quit IRC		18:02
ayoung	anyone know how to change an API from returning 200 OK to 201 Created?	18:02
*** fawadk has joined #openstack-keystone		18:04
*** fawadkhaliq has quit IRC		18:04
samueldmq	ayoung: I know, but it's forbidden in openstack APIs	18:06
ayoung	samueldmq, what? Really?	18:07
ayoung	samueldmq, link?	18:07
samueldmq	ayoung: yes, you can't simply change status codes	18:07
samueldmq	ayoung: sure, one moment	18:07
ayoung	samueldmq, nah, that is not what I meant	18:07
ayoung	samueldmq, we have an API published sayuing create_implied_role needs to return 201	18:07
ayoung	it returns 200	18:07
ayoung	how do I force it to return a 201	18:08
ayoung	samueldmq, this is in an not-yet-approved review	18:08
samueldmq	ayoung: ah, cool	18:08
samueldmq	ayoung: see https://review.openstack.org/#/c/253208/2/keystone/catalog/controllers.py	18:09
ayoung	https://review.openstack.org/#/c/242614/55/keystone/assignment/controllers.py	18:09
ayoung	samueldmq, thankls	18:09
*** jaosorior has quit IRC		18:09
samueldmq	ayoung: np	18:10
*** jaosorior has joined #openstack-keystone		18:10
*** pnavarro has quit IRC		18:16
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities https://review.openstack.org/262045	18:18
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities https://review.openstack.org/262045	18:19
smcginnis	Hey all. Just starting to look in to whether we can switch from keystoneclient to keystoneauth in Cinder.	18:19
smcginnis	Does anyone have any recommendations/insight for what the new way would be to do what we are doing here:	18:20
smcginnis	https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L212	18:20
smcginnis	And here:	18:20
smcginnis	https://github.com/openstack/cinder/blob/master/cinder/keymgr/barbican.py#L104	18:20
*** mhickey has quit IRC		18:22
raildo	smcginnis: other services are doing the same thing.. like https://review.openstack.org/#/c/236982/	18:28
raildo	smcginnis: and https://review.openstack.org/#/c/237537/	18:30
*** timcline has quit IRC		18:30
*** timcline has joined #openstack-keystone		18:31
smcginnis	raildo: Thanks! I had looked at the ironic one and didn't see any equivalent pattern. I'll check out the ceilometer one.	18:31
smcginnis	raildo: Thanks for the point!	18:31
smcginnis	*pointer	18:31
raildo	smcginnis: np, and if you need help on it, just ping me :)	18:32
*** woodster_ has joined #openstack-keystone		18:32
smcginnis	raildo: Will do!	18:32
*** fesp has quit IRC		18:32
*** rderose has quit IRC		18:32
*** gyee has quit IRC		18:34
*** daemontool has quit IRC		18:35
*** jaosorior_ has joined #openstack-keystone		18:36
*** dtroyer has quit IRC		18:38
*** edmondsw has quit IRC		18:41
*** dtroyer has joined #openstack-keystone		18:41
openstackgerrit	Henrique Truta proposed openstack/keystone: Manager support for project cascade update https://review.openstack.org/243584	18:42
*** fawadk has quit IRC		18:43
stevemar	lbragstad: you had to comment on that max roles bug	18:43
lbragstad	stevemar hmm?	18:43
lbragstad	stevemar I left a comment in the review - yes	18:43
openstackgerrit	Morgan Fainberg proposed openstack/keystonemiddleware: Add reno for caching change https://review.openstack.org/270974	18:44
stevemar	lbragstad: i was hoping to let it die of old age	18:44
notmorgan	stevemar: ^	18:44
notmorgan	stevemar: reno	18:44
*** su_zhang has joined #openstack-keystone		18:44
stevemar	notmorgan: yeah, just saw, thanks	18:44
* notmorgan is disappointed that the cap blocking landed		18:44
lbragstad	stevemar I just added a comment so that it would be removed from my review queue - if the fix isn't going to be pursued then it should be abandon	18:44
*** lhcheng has quit IRC		18:44
notmorgan	stevemar: i am also still against warning for the sake of "GO SETUP CACHE" in default deployments	18:45
dstanek	lbragstad: i'm just going to go ahead and abandon that patch. no reason to keep it open	18:45
lbragstad	dstanek I agree - if we want to re-discuss it, I think it will have to be done in a meeting with everyone present	18:46
*** lhcheng has joined #openstack-keystone		18:46
*** ChanServ sets mode: +v lhcheng		18:46
*** lhcheng_ has joined #openstack-keystone		18:47
*** lhcheng has quit IRC		18:47
dstanek	lbragstad: we should try to get the bug count below 250 for tomorrow	18:47
lbragstad	dstanek I only have 87 more openstack/keystone@ project reviews left	18:47
lbragstad	dstanek I'm down	18:47
lbragstad	dstanek I can take some time to update the etherpad	18:48
dstanek	lbragstad: we won't see the fruits of out labor until Sunday because of the slowness of the gate	18:48
*** lhcheng_ has quit IRC		18:48
lbragstad	this is true	18:48
dstanek	but at least we'll get lots of stuff out of the way	18:48
*** lhcheng has joined #openstack-keystone		18:48
*** ChanServ sets mode: +v lhcheng		18:48
*** tonytan4ever has quit IRC		18:49
dstanek	259 now by my count	18:49
*** lhcheng_ has joined #openstack-keystone		18:50
*** lhcheng has quit IRC		18:53
openstackgerrit	Andreas Jaeger proposed openstack/keystonemiddleware: Remove bandit tox environment https://review.openstack.org/269260	18:53
openstackgerrit	Andreas Jaeger proposed openstack/keystonemiddleware: Merge pep8 and bandit into linters https://review.openstack.org/269259	18:53
lbragstad	dstanek we were over 300 before December	18:56
dstanek	lbragstad: yup, we're doing good	18:56
*** e0ne has joined #openstack-keystone		18:56
dstanek	i'd really like to be under 200 before the summit	18:57
lbragstad	dstanek that would be awesome	18:58
lbragstad	i remember when i first started working on keystone the total count was below 170 some	18:58
stevemar	lbragstad: you're being so nice	18:59
stevemar	just abandon some of the patches	18:59
dstanek	my ideal situation would be just a handful of bugs that we can easily manage and task out	19:00
openstackgerrit	Steve Martinelli proposed openstack/keystone-specs: Enable `id`, `enabled` filter for list IdP https://review.openstack.org/267949	19:01
*** sigmavirus24_awa is now known as sigmavirus24		19:02
*** shaleh has joined #openstack-keystone		19:05
*** jasonsb has quit IRC		19:08
lbragstad	dstanek I agree - that's the way tempest does it I think	19:12
lbragstad	dstanek or at least thats how I remember them doing it in the meetings	19:12
lbragstad	dstanek I removed the reviews that have been merged - https://etherpad.openstack.org/p/keystone-office-hours	19:13
*** fesp has joined #openstack-keystone		19:13
lbragstad	dstanek that list should be good to go - unless you want me to try and build a gerrit query for it	19:13
*** rbak_ has joined #openstack-keystone		19:16
*** aix has quit IRC		19:19
*** rbak has quit IRC		19:20
stevemar	notmorgan: commented on https://review.openstack.org/#/c/270974/1	19:21
stevemar	notmorgan: small stuff	19:21
notmorgan	stevemar: yeah figured there would be just hacked it out super quick so we don't forget	19:22
dstanek	lbragstad: i've been using http://bit.ly/keystone-bug-reviews	19:22
notmorgan	stevemar: are we supposed toalways use the nova or Nova... iirc it is a proper noun	19:22
notmorgan	stevemar: i hate our style guide on names like that cause it never makes snese to me	19:22
notmorgan	same with keystone... proper noun?	19:23
stevemar	notmorgan: i don't care which, just be consistent. you swapped between Nova and glance	19:24
dstanek	stevemar: notmorgan: is there a definitive rule on the naming. for a while it was upper for text and lower for code; now i think is't lower everywhere	19:25
openstackgerrit	Morgan Fainberg proposed openstack/keystonemiddleware: Add reno for caching change https://review.openstack.org/270974	19:25
notmorgan	well i just went capital everywhere	19:25
notmorgan	it's consistent	19:25
notmorgan	:P	19:25
*** tonytan4ever has joined #openstack-keystone		19:26
lbragstad	dstanek that must be something like - https://goo.gl/GMkDuL	19:26
stevemar	notmorgan: dstanek i like capital everywhere, but i think it's supposed to be lower everywhere	19:26
notmorgan	honestly, i just don't care enough either way	19:26
notmorgan	i feel swapping capital vs lower cases in if those are the only changes is so far into bikeshed land that i'd just ignore the comments	19:27
*** edmondsw has joined #openstack-keystone		19:29
openstackgerrit	Jorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test https://review.openstack.org/269824	19:31
*** spzala has joined #openstack-keystone		19:35
openstackgerrit	Jorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test https://review.openstack.org/269824	19:36
*** daemontool has joined #openstack-keystone		19:42
smcginnis	notmorgan, stevemar: There was a discussion on that last summer: https://openstack.nimeyo.com/51304/openstack-dev-should-project-name-be-uppercase-or-lowercase	19:45
smcginnis	Probably more discussion than it's worth. ;)	19:45
notmorgan	smcginnis: yep	19:45
notmorgan	smcginnis: far more nit-picky than i care to dive into	19:45
smcginnis	notmorgan: +1 :)	19:46
notmorgan	smcginnis: if someone nitpicks on caps vs non caps in names and brings no other comments, i will absolutely ignore it ;), but if there are other changes i'm fine with an ask for making it consistent	19:46
*** ChanServ sets mode: +o notmorgan		19:47
smcginnis	notmorgan: Me too. There are far more important things to be worrying about right now.	19:47
*** notmorgan changes topic to "MidCycle: https://wiki.openstack.org/wiki/Sprints/KeystoneMitakaSprint \| Mitaka-2: https://launchpad.net/keystone/+milestone/mitaka-2"		19:47
*** notmorgan sets mode: -o notmorgan		19:47
*** stevemar changes topic to "MidCycle: https://wiki.openstack.org/wiki/Sprints/KeystoneMitakaSprint \| Mitaka-3: https://launchpad.net/keystone/+milestone/mitaka-3"		19:48
stevemar	notmorgan: i am the topic changer!	19:48
stevemar	mitaka-2 is officially out	19:48
*** ChanServ changes topic to "MidCycle: https://wiki.openstack.org/wiki/Sprints/KeystoneMitakaSprint \| Mitaka-3: https://launchpad.net/keystone/+milestone/mitaka-3 \| OMG A TOPIC CHANGE"		19:49
notmorgan	>.>	19:49
notmorgan	<.<	19:49
*** ChanServ sets mode: +o notmorgan		19:49
*** e0ne has quit IRC		19:49
*** notmorgan changes topic to "MidCycle: https://wiki.openstack.org/wiki/Sprints/KeystoneMitakaSprint \| Mitaka-3: https://launchpad.net/keystone/+milestone/mitaka-3 \| See you at the midcycle!"		19:49
notmorgan	stevemar: ^_^	19:50
*** ChanServ sets mode: -o notmorgan		19:50
notmorgan	stevemar: i should be able to do the followup on the LDAP things todya	19:51
stevemar	notmorgan: i accept	19:51
stevemar	notmorgan: ldap things?	19:51
notmorgan	the folloup on the removals	19:51
stevemar	notmorgan: ah right	19:54
stevemar	do it up	19:54
stevemar	notmorgan: dolphm turns out we can only ask one question in the user survey :(	19:55
stevemar	notmorgan: dolphm should we ask about tokens or identity stores?	19:55
stevemar	or catalogs	19:55
notmorgan	stevemar: bargain for 2	19:55
notmorgan	and ask about catalogs and identity stores	19:55
dolphm	stevemar: offer a ptl as sacrifice	19:55
notmorgan	in that order	19:55
bknudson	"keystone?"	19:55
notmorgan	dolphm: ++	19:55
dolphm	bknudson: ++	19:55
*** ayoung has quit IRC		19:56
stevemar	bknudson: "do you keystone?"	19:57
stevemar	notmorgan: dolphm on the off chance that we can only do one, which are you thinking? i'm leaning toward "where do your identities exist?"	19:58
*** vgridnev has quit IRC		19:58
* notmorgan shrugs		19:58
notmorgan	probably all the same	19:58
dolphm	what was the catalog question?	19:58
bknudson	I'd be interested to know if operators are moving towards SAML federation.	19:59
dolphm	or, what's stopping them	20:00
bknudson	like we keep telling them to do.	20:00
dolphm	but that's not multiple chioce	20:00
*** daemontool has quit IRC		20:01
*** daemontool has joined #openstack-keystone		20:02
*** fesp has quit IRC		20:04
tjcocozz	What is "gate-rally-dsvm-keystone" Jenkins check?	20:11
*** gildub has joined #openstack-keystone		20:11
*** zqfan has quit IRC		20:11
*** markvoelker has quit IRC		20:11
*** slberger1 has joined #openstack-keystone		20:13
*** daemontool_ has joined #openstack-keystone		20:15
*** slberger has quit IRC		20:15
*** daemontool has quit IRC		20:17
*** su_zhang has quit IRC		20:18
notmorgan	tjcocozz: something that runs rally but hasn't progressed anywhere beyond the basic	20:20
notmorgan	it's not super useful atm.	20:20
notmorgan	imo	20:20
tjcocozz	notmorgan, yeah take a look at this patch https://review.openstack.org/#/c/270057/3	20:20
notmorgan	yeah i'd ignoe it	20:20
tjcocozz	notmorgan, what do i click on when i'm in the logs ....?	20:20
notmorgan	unstable means the job disappeared	20:21
notmorgan	nothing you can do	20:21
notmorgan	it's non-voting	20:21
notmorgan	you can recheck it if you want, but	20:21
notmorgan	that is unlikely to be your fault	20:21
tjcocozz	notmorgan, there will be another patch set for it. I was just curious what it did.	20:21
notmorgan	it is supposed to show some basic "how long this scenario takes"	20:21
notmorgan	but the issue is that performance is dictated by the node	20:22
notmorgan	some clouds are faster	20:22
notmorgan	some are slower	20:22
notmorgan	it really isn't useful in isolation and we don't track the aggregate/overtime	20:22
notmorgan	so be frank, i just ignore the job	20:22
tjcocozz	notmorgan, so what do these .gz files represent? yeah i'd imagin this would be useless if they aren't keeping the cloud it is being run on the same	20:23
notmorgan	tjcocozz: ythis is what the results should look like http://logs.openstack.org/60/256260/7/check/gate-rally-dsvm-keystone/f059a94/	20:24
notmorgan	you could possibly extract the data	20:24
notmorgan	or write further plugins	20:24
notmorgan	rally is useful.. if you use it on consistent hardware etc. but the way we use it in keystone it's less than useful	20:25
* notmorgan is still of the opinion we should just remove the job for now.		20:25
*** vgridnev has joined #openstack-keystone		20:26
tjcocozz	notmorgan, i will ignore it for now. thanks for the docs.	20:27
bknudson	rally was an interesting experiment but if nobody's done anything with it by now we should get the resources back.	20:27
notmorgan	bknudson: it's useful when used outside of the gate	20:27
notmorgan	bknudson: if we started aggregating the data and tracking it over time, it would alos be useful	20:27
notmorgan	but that effort has not happened	20:27
notmorgan	bknudson: so.. yeah we should prob remove the job [or make it experimental so people can trigger it if they want still]	20:28
tjcocozz	notmorgan, we can't get rid of it... we are the user stories: https://rally.readthedocs.org/en/latest/user_stories.html	20:28
notmorgan	we can get rid of the gate job	20:30
notmorgan	i mean	20:30
notmorgan	not the project itself	20:30
notmorgan	the gate job is uninteresting	20:30
notmorgan	s/gate/check	20:30
*** markvoelker has joined #openstack-keystone		20:31
notmorgan	and the fix for that bug...	20:31
notmorgan	also pretty much has been broken	20:31
notmorgan	since.	20:32
notmorgan	the fix was a drive-by code dump	20:33
notmorgan	and isn't very maintainable	20:33
*** timcline_ has joined #openstack-keystone		20:34
tjcocozz	notmorgan, lol drive-by code dumb.	20:34
notmorgan	tjcocozz: it's an accurate description ;)	20:34
tjcocozz	notmorgan, yeah this added a lot... At least you had 6 reviewers to back you up.	20:36
*** timcline has quit IRC		20:37
notmorgan	https://review.openstack.org/#/c/183836/	20:38
notmorgan	stevemar: ^ cc	20:38
*** Guest94604 is now known as tsymanczyk		20:38
*** mhickey has joined #openstack-keystone		20:43
*** ducttape_ has joined #openstack-keystone		20:45
*** yarkot has joined #openstack-keystone		20:45
*** peter-hamilton has quit IRC		20:46
*** jamielennox\|away is now known as jamielennox		20:47
*** mhickey has quit IRC		20:48
*** daemontool_ has quit IRC		20:52
*** daemontool_ has joined #openstack-keystone		20:52
lbragstad	jamielennox do you know where the Namespace object comes from in openstackclient?	20:54
lbragstad	or where it is defined?	20:54
lbragstad	I'm taking a look at what navidp is working on - switching python-openstackclient to use keystoneauth instead of keystoneclient	20:54
jamielennox	lbragstad: it's a argparse object, it's created somewhere by cliff though and saved on self	20:55
lbragstad	jamielennox ahh - that would make sense	20:55
lbragstad	cool	20:56
jamielennox	lbragstad: i don't remember exactly but there is a run() method and a get_argguments or something	20:56
jamielennox	and cliff just prepares it for you before run()	20:56
*** gyee has joined #openstack-keystone		20:57
*** ChanServ sets mode: +v gyee		20:57
navidp	jamielennox, lbragstad , when changing osc to use keystoneauth i get this "AttributeError: 'Namespace' object has no attribute 'url'	20:59
navidp	"	20:59
navidp	jamielennox, this is the paste for it : AttributeError: http://paste.openstack.org/show/484612/	20:59
*** shaleh is now known as shaleh\|away		20:59
jamielennox	navidp: makes sense, openstackclient registers OS_URL and OS_TOKEN for admin access and uses that as a priority from memory	21:00
*** dslev has quit IRC		21:00
*** gordc has quit IRC		21:00
jamielennox	navidp: i would look really closely at what os-client-config gives you and try and integrate with that	21:00
jamielennox	at summit and previously we've just kind of decided os-client-config would hold a lot of that auth construction logic	21:01
lbragstad	jamielennox ah so I take it this (https://github.com/openstack/os-client-config) is what we need to look at	21:03
lbragstad	navidp ^	21:03
dstanek	lbragstad: os-client-config is awesome; no more nasty environment variables	21:04
jamielennox	lbragstad: there is already some integration with os-client-config	21:04
lbragstad	dstanek sweet! I need to read about this	21:04
jamielennox	dstanek: there are still environment variables but much better formats	21:04
lbragstad	jamielennox integration between osc and os-client-config?	21:04
jamielennox	lbragstad: yea, it's a weird standoff between the two at the moment	21:05
jamielennox	lbragstad: i think os-client-config is just constructing dicts or arguments and osc is using them	21:05
dstanek	jamielennox: what environment variables do you still need?	21:05
jamielennox	dstanek: it still takes env vars for everything not specified in the clouds.yml (i actually don't know which way priority is given)	21:06
lbragstad	jamielennox gotcha, so osc asks os-client-config for stuff somewhere on startup/init?	21:06
jamielennox	so it handles all the old OS_ vars	21:06
jamielennox	lbragstad: https://github.com/openstack/python-openstackclient/blob/master/openstackclient/shell.py#L237	21:07
jamielennox	i've said for a while though that we need nicer interfaces in os-client-config so if you come up with some add them	21:07
dstanek	jamielennox: interesting. i don't think i have any environment vars set on my mac, but i don't use the osc there much. i use the ansible modules	21:08
jamielennox	dstanek: i don't think in practice it would make a bunch of sense to mix and match, however because os-client-config ships with a bunch of defaults you can do stuff like	21:10
jamielennox	OS_CLOUD=rax OS_USERNAME=user OS_PASSWORD=pass	21:10
jamielennox	and have it prefill the rest	21:10
lbragstad	navidp here is where it actually import os-client-config - https://github.com/openstack/python-openstackclient/blob/master/openstackclient/shell.py#L38	21:10
jamielennox	(i have no idea if OS_CLOUD=rax is a thing)	21:11
lbragstad	me either	21:11
dstanek	it is if you define a rax cloud in your clouds.yaml	21:11
lbragstad	i'm very illiterate with the client side of keystone - so this is a good learning exercise for me, too	21:11
dstanek	OS_CLOUD or --os-cloud allow you to select which config to use	21:11
navidp	lbragstad ^	21:11
jamielennox	https://github.com/openstack/os-client-config/blob/master/os_client_config/vendors/rackspace.json	21:11
lbragstad	so, to summarize navidp's problem - he could be seeing an issue with switch osc to use keystoneauth because of what os-client-config is passing back and what ksa expects	21:12
dstanek	for example, i have a personal cloud and a rax cloud that i use	21:12
dstanek	lbragstad: is navidp defining a clouds.yaml at all?	21:13
jamielennox	lbragstad: i'm not sure, os-client-config is already based around keystoneauth, so if there was going to be any issues it would likely be now	21:13
jamielennox	navidp, lbragstad: i mentioned this the other day, this conversion wouldn't seem too hard but there is a reason it hasn't happened yet	21:14
navidp	dstanek, what is cloud.yaml relation to ksa and osc?	21:15
dstanek	navidp: clouds.yaml is basically a way to specify the same information that is usually in the OS_* environ vars	21:15
dstanek	navidp: i user to source personal.sh or rax.sh to set the vars for the account i wanted to use. now i have a clouds.yaml that has both in it and i pick using --os-cloud	21:16
dstanek	if there is an actual issue mordred would know. he is the one that got me started down the path to happiness	21:17
mordred	I can't possibly have done anything like happiness	21:17
dstanek	mordred: yes, you have surprised us all!	21:18
mordred	if you do OS_CLOUD=rax you need to have a cloud defined in your clouds.yaml named 'rax'	21:18
*** spzala has quit IRC		21:18
mordred	that cloud can be "profile: rackspacE"	21:18
mordred	that cloud can be "profile: rackspace"	21:18
*** yarkot has quit IRC		21:18
mordred	and in fact, should be, if it's the rackspace cloud, so that you get all the weird overrides needed and auth_url and whatnot	21:18
*** spzala has joined #openstack-keystone		21:18
mordred	but I have not actually read all the scrollback yet	21:19
navidp	dstanek, aha thansk	21:19
dstanek	mordred: navidp was getting an error and somehow the conversation turned to is being something with os-client-config	21:19
*** dslev has joined #openstack-keystone		21:19
mordred	ah yes	21:19
mordred	I see now	21:19
mordred	so - yes, in moving osc to use ksa instead of ksc	21:20
mordred	I would highly recommend letting occ do the ksa auth construction	21:20
mordred	if it's not possible to pass in all the right things from osc that you'd expect, we should make sure it is possible	21:20
navidp	jamielennox, should i continue working on this?	21:21
mordred	navidp: it will be a very good task to complete once completed	21:21
mordred	navidp: so it is definitely worthy of work - there will almost certainly be a few really weird corner cases though	21:21
mordred	so put on a helmet	21:22
*** spzala_ has joined #openstack-keystone		21:22
*** pauloewerton has quit IRC		21:22
*** spzala_ has quit IRC		21:24
*** spzala_ has joined #openstack-keystone		21:24
notmorgan	mordred's path is the path to happiness	21:24
jamielennox	navidp: it's a great goal, it's just not an easy project you're signing up for	21:24
*** spzala has quit IRC		21:24
jamielennox	just wanted to make you aware	21:24
notmorgan	dstanek: soo i want your opinoon [not keystone related]	21:25
notmorgan	dstanek: if you're up for some non-work advice	21:25
jamielennox	mordred: i'm a little concerned about things like https://github.com/openstack/os-client-config/blob/master/os_client_config/constructors.json	21:25
*** spzala_ has quit IRC		21:26
notmorgan	dstanek: notably.. home server, I have PCIe SSD for it, should i RAID 0 the drives, raid 1, or send one back and spend the $ on something else. this will mostly be for local vm testing / some other stable vms / root drive [the main storage drives will be mirrored 6TB drives]	21:27
notmorgan	jamielennox, mordred: ^ your input if you care to jump in would be welcome too.	21:27
mordred	jamielennox: whyfor?	21:27
* notmorgan also wants to know what jamielennox is concerned by now.		21:28
notmorgan	cause i'm following that convo too	21:28
jamielennox	mordred: a) json? b) why is os-client-config learning about the different clients?	21:28
notmorgan	jamielennox: json / yaml / all about the same, pick a format	21:28
notmorgan	[i can answer that]	21:28
lbragstad	mordred jamielennox dstanek cool - navidp and I will dig into it a bit more	21:29
jamielennox	notmorgan: json/yaml/all the same _configurable_ format - that is not something a user will edit, why wouldn't it just be a python dict	21:29
lbragstad	mordred jamielennox dstanek navidp is relatively new to the contribution process but it should be a good learning experience for both of us :)	21:29
notmorgan	jamielennox: because it is something that should be very easy for anyone to add to and if someone has a custom client they maaay want to override	21:30
notmorgan	jamielennox: and that way you don't need to muck in python code. iirc the choice was made [i remember when asking for this] because we did have a case where on-disk override made sense	21:30
notmorgan	it's not typically a user editable thing/user edited thing.	21:31
mordred	jamielennox: it totally could have been python dict - but yeah, what notmorgan said. json is easy since it's in the standard lib - and the other shipped config files (vendors files and whatnot) are json already	21:31
jamielennox	ok, was weird more than a problem	21:31
mordred	phew- I was worried I'd missed a badness	21:32
notmorgan	and it keeps it so you don't have someone adding a client thing and screwing up the raw python injecting something. this is a very standardized format	21:32
mordred	yes - agree it's not unweird	21:32
notmorgan	so if someone does want to add to it....	21:32
*** csoukup has quit IRC		21:33
notmorgan	occ learning about clients iirc was also about better UX.	21:33
notmorgan	and cleaning up the references of the <name> -> <thing> when dealing with getting into openstack	21:33
mordred	well - same reason as it learned to make ksa objects	21:33
notmorgan	it helps to isolate the "what do i need to know to just do a thing"	21:33
mordred	it _has_ all of the info - and it turns out the hard part a lot of times is knowing which params to pass to which constructor	21:33
notmorgan	mordred: ++	21:34
jamielennox	so i guess i have had long concerns about doing things like os_compute_api_version in clouds.yml because if i'm using os-client-config other than openstackclient it's returning constructed clients that may not have the same interfaces	21:34
*** gordc has joined #openstack-keystone		21:34
notmorgan	jamielennox: i have issues with that in general with the way we do libaray interfaces	21:34
jamielennox	like if i do get_client('identity') the interface is very different based on whether the user has v2 or v3 in their config	21:35
notmorgan	jamielennox: doesn't matter what tool constructs them.	21:35
jamielennox	notmorgan: sure an abstraction layer would be good	21:35
*** su_zhang has joined #openstack-keystone		21:35
notmorgan	OCC is fitting that role pretty well for lots of things	21:36
* mordred has an abstraction layer		21:36
mordred	as well	21:36
mordred	jamielennox: the worse part for me are that I don't know what version each of my clouds runs for each service	21:37
mordred	or, I didn't.	21:37
mordred	I personaly know this information about every cloud out there now	21:37
mordred	but it's atrocious that we expect our users to deal with this	21:38
mordred	and even worse that the _library_ interfaces change when the REST interfaces do	21:38
jamielennox	agreed, and i hope that SDK can do something here	21:38
mordred	I hope so to - although are they exposing the REST interface or abstracting it?	21:38
mordred	last I checked they were exposing it	21:39
mordred	which will necessarily have the same problem	21:39
* mordred hasn't had enough time to get involved with that project as he's wanted		21:39
jamielennox	mordred: there are layers, though it's been a while since i looked	21:39
*** markvoelker has quit IRC		21:39
mordred	I'd love if they were closer to the rest interfaces than shade is - but still covering up silly things like the name of the 'name' property in heat being 'stack_name' instead of 'name'	21:40
mordred	shade is a bit extreme - and I think from an openstack perspective actually goes too far in covering up differences ... although I need it from a practical perspective	21:40
jamielennox	mordred: but even in the shade case you don't want to have it consume something like os_compute_api_version right? you would want to discover tht	21:41
jamielennox	particularly with the microversioning bs	21:41
mordred	jamielennox: well- compute is a little special	21:41
*** markvoelker has joined #openstack-keystone		21:41
mordred	shade does not grok microversions yet becauase there are no public clouds running with them yet	21:41
mordred	shade _absolutely_ wants to consume glance version from the config	21:42
mordred	and keystone version	21:42
mordred	although I think we do let ksa do auth version discovery and that works GREAT	21:42
jamielennox	auth depends on the plugin	21:43
mordred	yah	21:43
jamielennox	but my expectation there was we would move towards asking the server rather than code it	21:43
mordred	but that's all actually in the shade guts and not exposed to the user	21:43
jamielennox	there is _some_ support for that on the session but it's missing something to make that easier	21:44
mordred	and yeah - as we have that ability in clouds, we'll use it in shade as much as we can	21:44
mordred	and at that point os_compute_api_version in the config file will be "does this cloud support version discovery" or "is it too old"	21:44
jamielennox	hmm, remove a value from default and if nothing is hardcoded then let it discover	21:45
mordred	well - fun story	21:45
mordred	in nova, version=2 means "please try to microversion discover the latest version please"	21:45
mordred	jamielennox: but yes - I'd love to get to a point where there are no api versions in defaults.json	21:46
mordred	I think right now not enough of the services give us a good enough story for that	21:46
jamielennox	mordred: so i guess the reason i ask is that i was writing a test service the other day and for a while now i've been really fast at doing	21:47
jamielennox	keystoneauth1.register_argparser_arguments, load_from_argparse_arguments and just have it do session and auth for me	21:47
jamielennox	decided i would do os-c-c instead, and when you're not using openstackclient a bunch of the variables are really awkward	21:47
jamielennox	i wonder if that script is still around	21:48
mordred	nod - I'd love to see that ...	21:48
*** csoukup has joined #openstack-keystone		21:48
mordred	I bet the way you're thinking about the problems are differnet than me so far, so I'd love to see what it is that works well for you	21:48
jamielennox	mordred: http://paste.openstack.org/show/484619/	21:48
jamielennox	so obviously the role bit is just me testing a review	21:49
jamielennox	some of this (most?) is easy to fix, i just haven't proposed it yet	21:50
mordred	I'm curious about 15-17 ... why is that a grr occ?	21:50
mordred	are we not passing something in right?	21:50
jamielennox	ok, maybe its nit here	21:51
jamielennox	i don't think you should have to pass ns.os_cloud back into os-c-c	21:51
jamielennox	it knows that and i couldn't find anyway to find that out, i ended up copying that from how osc does it	21:51
jamielennox	grr was because i couldn't pass get_session_client('identity', version=3, interface='public') nor did it honour the os_identity_api_version: 3 identity_interface: public options i had set in my config file	21:53
jamielennox	so i had no choice but to set those after the object was created	21:53
mordred	it's identity_api_version ... no os_	21:55
jamielennox	i think i did that, check	21:56
mordred	if identity_interface didn't work, then that's a bug - we have tests for that	21:56
*** dims_ has joined #openstack-keystone		21:56
jamielennox	/etc/openstack/clouds.yml: http://paste.openstack.org/show/484620/	21:56
mordred	yes. I expect that to work	21:57
mordred	and I also expect you to not have to pass ns.os_cloud back in	21:57
*** dims has quit IRC		21:57
edmondsw	openstack client uses OS_IDENTITY_API_VERSION... why drop the OS_ here?	21:57
mordred	so - I agree with you on all points	21:57
mordred	edmondsw: because it's pointless in a yaml config file	21:57
mordred	edmondsw: it would be a yaml file full of values all prefixed with os :)	21:57
mordred	the OS_IDENTITY_API_VERSION env var still works as expected	21:58
edmondsw	I thought jamielennox said that was an env var... ok	21:58
mordred	and the OS prefix there makes perfect sense because it's a global namespace	21:58
jamielennox	yea, you have to do it to make it obvious in the ENV, but you shouldn't have to do that in a yaml file or a command line opt	21:59
edmondsw	right	21:59
*** dslev has quit IRC		21:59
jamielennox	like wtf is the point in openstack --os-password ? what else would it be for ? :)	22:00
notmorgan	mordred: yah for dropping pointless previses	22:00
notmorgan	prefixed	22:00
notmorgan	pre... damn it i can't type	22:00
notmorgan	jamielennox: yeah	22:01
notmorgan	jamielennox: i agree the CLI options are silly when prefixed with --os-	22:01
jamielennox	notmorgan: i'm not even trying to fix that one	22:02
notmorgan	jamielennox: not worth it	22:03
notmorgan	jamielennox: but i was just agreeing	22:03
notmorgan	;)	22:03
*** markvoelker has quit IRC		22:04
notmorgan	jamielennox: oslo.cache bit i'll start reviewing soon.	22:05
notmorgan	jamielennox: for middleware.	22:05
*** darrenc is now known as darrenc_afk		22:05
notmorgan	jamielennox: and have you spent any time thinking about how to drop in the auth info from middleware in a sane/consistent place?	22:06
jamielennox	notmorgan: nope, other things	22:06
notmorgan	jamielennox: since i want to start using that concept in places like nova.	22:06
openstackgerrit	Tom Cocozzello proposed openstack/python-keystoneclient: Adds an option to include names in role assignment lists https://review.openstack.org/255392	22:06
notmorgan	jamielennox: cool np we can talk more on that after midcycle	22:07
*** huats_ has quit IRC		22:07
* notmorgan needs to figure out what i messed up in reno		22:07
*** jaosorior_ has quit IRC		22:09
openstackgerrit	Merged openstack/keystone: Removes KVS catalog backend https://review.openstack.org/158442	22:13
*** dslev has joined #openstack-keystone		22:14
openstackgerrit	Merged openstack/keystone: Remove LDAP Resource and LDAP Assignment backends https://review.openstack.org/231872	22:14
openstackgerrit	Merged openstack/keystone: Remove LDAP Role Backend https://review.openstack.org/269385	22:14
notmorgan	stevemar: keystonemiddleware releasenotes is broken	22:16
notmorgan	/home/morgan/keystonemiddleware/releasenotes/source/unreleased.rst:1019: WARNING: Inline interpreted text or phrase reference start-string without end-string.	22:16
notmorgan	i removed my reno and it still was happening	22:16
*** huats_ has joined #openstack-keystone		22:17
*** huats_ has quit IRC		22:17
*** huats_ has joined #openstack-keystone		22:17
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	22:17
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	22:18
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	22:19
openstackgerrit	Eric Brown proposed openstack/keystone: Remove more ldap project references https://review.openstack.org/270530	22:20
stevemar	notmorgan: that silly argparse thing?	22:20
notmorgan	stevemar: oh is that it?	22:20
notmorgan	stevemar: the "Start-string without end-string" is that really argparse?	22:21
*** darrenc_afk is now known as darrenc		22:22
stevemar	notmorgan: i'll look at it after gym + dinner	22:22
notmorgan	stevemar: yeah i just don't know how to et more info on it. it is a weird error	22:23
notmorgan	stevemar: and sounds good	22:23
jamielennox	notmorgan: https://review.openstack.org/#/c/271051/1 - bets on how many things break?	22:23
notmorgan	ahahah	22:23
notmorgan	jamielennox: actually, remarkably, heat	22:23
jamielennox	probably give a window ~5	22:23
*** diazjf has quit IRC		22:23
notmorgan	most of the rest of the stuff should work	22:23
notmorgan	tempest errors probably too	22:23
*** markvoelker has joined #openstack-keystone		22:24
jamielennox	tempest should be ok	22:24
jamielennox	tempest registers its own users	22:24
notmorgan	hah	22:24
notmorgan	anyway, mostly heat	22:24
jamielennox	there's some glance stuff	22:24
notmorgan	i think i had glance all working v3 in my POC with no patching	22:24
notmorgan	oh there is a cinder thing	22:24
jamielennox	and other stuff that i can spot just doing the devstack change	22:24
notmorgan	there is acinder thing that will break	22:24
*** vgridnev has quit IRC		22:25
notmorgan	because someone hard coded a cinder thing that can't read any configs in	22:26
notmorgan	iirc	22:26
jamielennox	notmorgan: going to make a big bug and file it against everything that fails	22:26
notmorgan	jamielennox: ++	22:33
notmorgan	make sure to tag me on it so i can help	22:33
notmorgan	on pushing code to fix things	22:34
*** dslev has quit IRC		22:34
openstackgerrit	Merged openstack/keystone: Remove bandit tox environment https://review.openstack.org/269253	22:34
*** vgridnev has joined #openstack-keystone		22:36
openstackgerrit	Eric Brown proposed openstack/keystone: Remove additional references to ldap role attribs https://review.openstack.org/270551	22:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/269479	22:38
openstackgerrit	Eric Brown proposed openstack/keystone: Remove additional references to ldap role attribs https://review.openstack.org/270551	22:39
smcginnis	notmorgan: What's the cinder issue?	22:43
notmorgan	there was something that i had to patch	22:43
notmorgan	i'll need to get looking again	22:43
smcginnis	notmorgan: Let me know if we need to do anything.	22:44
notmorgan	it was just rolling up some config things iirc	22:44
jamielennox	smcginnis: this might actually be v3 capable but i haven't looked into it https://github.com/openstack-dev/devstack/blob/master/lib/cinder#L353-L356	22:46
openstackgerrit	henry-nash proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	22:47
jamielennox	but they way it is now it's going to fail	22:47
jamielennox	s/they/the	22:47
smcginnis	jamielennox: Do you know what needs to change there? Sorry, I don't know enough about it.	22:50
jamielennox	smcginnis: at the very least we need a way to pass in domain information, but it should be using auth plugins	22:50
*** vgridnev has quit IRC		22:50
jamielennox	so that the auth type can change	22:50
openstackgerrit	Brant Knudson proposed openstack/keystone: Parameter to return audit ids only in revocation list https://review.openstack.org/260153	22:51
openstackgerrit	Brant Knudson proposed openstack/keystone: Add tests for fetching the revocation list https://review.openstack.org/271071	22:51
*** gtmanfred has joined #openstack-keystone		22:52
*** tonytan4ever has quit IRC		22:53
gtmanfred	with keystone v2, is it possible to add a role to a user without specifying a tenant_id? Looking at the roles.roles_for_user, it adds tenant_id as an optional kwarg, but if I set it, i get a 'User roles not supported: tenant_id required (HTTP 501)'	22:53
gtmanfred	the user-roles-list doesn't require the tenant_id, but it looks like it does a lookup for a tenant https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/shell.py#L381	22:54
gtmanfred	https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/roles.py#L58	22:54
jamielennox	gtmanfred: it was at one point but its at very least discouraged	22:55
jamielennox	you always get a role on a specific project	22:55
gtmanfred	ok, cool thanks	22:55
*** harlowja has quit IRC		22:56
*** harlowja has joined #openstack-keystone		22:56
*** timcline_ has quit IRC		22:57
*** ayoung has joined #openstack-keystone		22:58
*** ChanServ sets mode: +v ayoung		22:58
*** gtmanfred has left #openstack-keystone		22:58
*** pushkaru has quit IRC		23:00
notmorgan	jamielennox: actually there was code to prevent that explicitly	23:01
notmorgan	or there is now.	23:01
*** csoukup has quit IRC		23:01
notmorgan	but waaay back in the day	23:01
*** gordc has quit IRC		23:10
openstackgerrit	henry-nash proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	23:11
openstackgerrit	henry-nash proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	23:13
*** slberger1 has left #openstack-keystone		23:27
openstackgerrit	Merged openstack/keystonemiddleware: Merge pep8 and bandit into linters https://review.openstack.org/269259	23:27
*** bradjones_ has joined #openstack-keystone		23:31
*** bradjones_ has quit IRC		23:31
*** bradjones_ has joined #openstack-keystone		23:31
*** sigmavirus24 is now known as sigmavirus24_awa		23:34
*** gildub has quit IRC		23:39
*** roxanaghe has joined #openstack-keystone		23:46
*** spzala has joined #openstack-keystone		23:47
*** rcernin has quit IRC		23:47
*** bradjones_ has quit IRC		23:47
*** bradjones_ has joined #openstack-keystone		23:47
*** bradjones_ has quit IRC		23:47
*** bradjones_ has joined #openstack-keystone		23:47
*** spzala has quit IRC		23:51
*** darrenc is now known as darrenc_afk		23:51
*** edmondsw has quit IRC		23:55
*** spzala has joined #openstack-keystone		23:56
*** shoutm has joined #openstack-keystone		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!