Thursday, 2016-01-21

*** tsymanczyk has quit IRC00:02
*** tsymanczyk has joined #openstack-keystone00:02
*** tsymanczyk is now known as Guest1981800:03
*** phalmos has joined #openstack-keystone00:03
*** jbell8 has quit IRC00:09
*** jbell8 has joined #openstack-keystone00:10
openstackgerritEric Brown proposed openstack/keystone: Remove additional references to ldap role attribs
*** shoutm_ has joined #openstack-keystone00:13
dstaneknotmorgan: :-) sounds smart to me00:13
dstaneksimple commit == ATC00:13
*** shoutm has quit IRC00:14
*** PsionTheory has quit IRC00:17
*** su_zhang has quit IRC00:20
openstackgerrithenry-nash proposed openstack/keystone: Change project unique constraint
*** dims has quit IRC00:29
*** henrynash has quit IRC00:32
*** phalmos has quit IRC00:33
*** markvoelker_ has quit IRC00:41
openstackgerritLin Hua Cheng proposed openstack/keystone: Fix typo abstact in comments
*** su_zhang has joined #openstack-keystone00:46
*** RichardRaseley has quit IRC00:51
*** Guest19818 has quit IRC00:52
openstackgerritMerged openstack/keystone: Deprecating API v2.0
*** lhcheng has quit IRC00:58
*** gildub has joined #openstack-keystone00:59
*** su_zhang has quit IRC01:02
*** shoutm has joined #openstack-keystone01:05
*** shoutm_ has quit IRC01:06
*** jbell8 has quit IRC01:08
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
*** shoutm_ has joined #openstack-keystone01:36
*** shoutm has quit IRC01:38
*** dims has joined #openstack-keystone01:54
*** _cjones_ has quit IRC01:54
stevemarhogepodge: i wrote up something that could be potentially outdated now ...
*** bill_az has quit IRC02:00
*** vivekd has joined #openstack-keystone02:00
hogepodgestevemar: thanks, I'll take a look02:01
*** davechen has joined #openstack-keystone02:07
*** shoutm_ has quit IRC02:09
*** shoutm has joined #openstack-keystone02:10
*** jbell8 has joined #openstack-keystone02:12
*** davechen1 has joined #openstack-keystone02:12
*** davechen has quit IRC02:15
*** davechen has joined #openstack-keystone02:17
*** davechen1 has quit IRC02:20
*** jbell8 has quit IRC02:22
*** spandhe has quit IRC02:25
*** woodster_ has quit IRC02:26
*** henrynash has joined #openstack-keystone02:28
*** ChanServ sets mode: +v henrynash02:28
*** shoutm_ has joined #openstack-keystone02:41
*** shoutm has quit IRC02:44
*** jasonsb has joined #openstack-keystone02:48
*** shoutm has joined #openstack-keystone02:50
*** roxanaghe has quit IRC02:50
*** shoutm_ has quit IRC02:52
*** shoutm_ has joined #openstack-keystone02:53
*** shoutm has quit IRC02:55
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains
*** roxanaghe has joined #openstack-keystone02:59
*** EinstCrazy has joined #openstack-keystone03:03
*** dgonzalez has quit IRC03:03
*** shoutm has joined #openstack-keystone03:11
*** agireud has quit IRC03:11
*** shoutm_ has quit IRC03:13
*** dgonzalez has joined #openstack-keystone03:13
*** agireud has joined #openstack-keystone03:15
*** doug-fish has joined #openstack-keystone03:16
openstackgerritDave Chen proposed openstack/keystone: Relax the schema validation to accept empty request body
*** doug-fish has quit IRC03:21
davechenlbragstad: since update region need at least one property, i cannot give a testcase to update region with empty body.03:23
*** oomichi is now known as oomichi_away03:23
davechenlbragstad: but i add back two general testcases to prove it's possible.03:23
openstackgerritTony Wang proposed openstack/keystone: improve credential tests
*** shoutm has quit IRC03:24
*** browne has quit IRC03:25
notmorganstevemar: i'm going to go out on a limb and say i'm against emitting warnings in default deployment scenarios [re: sdague's plan]03:27
*** agireud has quit IRC03:27
*** spandhe has joined #openstack-keystone03:27
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains
*** dgonzalez has quit IRC03:39
*** dgonzalez has joined #openstack-keystone03:40
*** dims has quit IRC03:42
openstackgerritDave Chen proposed openstack/keystone: Add testcases to check cache invalidation
*** richm has quit IRC03:49
*** roxanaghe has quit IRC03:52
*** agireud has joined #openstack-keystone03:52
*** su_zhang has joined #openstack-keystone03:53
*** shoutm has joined #openstack-keystone03:53
*** roxanaghe has joined #openstack-keystone03:54
openstackgerritMerged openstack/keystonemiddleware: Bandit profile updates
*** vgridnev has joined #openstack-keystone04:06
openstackgerritMerged openstack/keystone: Fix test_crud_user_project_role_grants
*** shoutm has quit IRC04:14
*** shoutm has joined #openstack-keystone04:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
*** browne has joined #openstack-keystone04:18
*** lhcheng has joined #openstack-keystone04:25
*** ChanServ sets mode: +v lhcheng04:25
*** browne has quit IRC04:28
*** browne has joined #openstack-keystone04:29
*** shoutm_ has joined #openstack-keystone04:34
*** shoutm has quit IRC04:35
*** vgridnev has quit IRC04:35
*** browne has quit IRC04:40
*** vgridnev has joined #openstack-keystone04:58
*** shoutm_ has quit IRC04:58
*** shoutm has joined #openstack-keystone04:59
*** roxanaghe has quit IRC05:00
*** david-lyle has quit IRC05:02
*** david-lyle has joined #openstack-keystone05:03
*** markvoelker has joined #openstack-keystone05:07
*** roxanaghe has joined #openstack-keystone05:07
*** markvoelker has quit IRC05:12
*** shoutm has quit IRC05:12
*** markvoelker has joined #openstack-keystone05:12
*** su_zhang has quit IRC05:13
*** shoutm has joined #openstack-keystone05:17
*** doug-fish has joined #openstack-keystone05:30
*** shoutm_ has joined #openstack-keystone05:31
*** shoutm has quit IRC05:33
*** doug-fish has quit IRC05:35
*** vivekd has quit IRC05:44
*** doug-fish has joined #openstack-keystone05:44
*** vgridnev has quit IRC05:45
*** jaosorior has joined #openstack-keystone05:47
*** jasonsb has quit IRC05:47
*** doug-fish has quit IRC05:49
stevemarnotmorgan: a release note would be good though05:49
notmorganstevemar: yes.05:50
notmorganstevemar: we should add a release note05:50
*** spandhe_ has joined #openstack-keystone05:59
*** spandhe has quit IRC06:01
*** spandhe_ is now known as spandhe06:01
*** markvoelker_ has joined #openstack-keystone06:01
*** markvoelker has quit IRC06:05
*** markvoelker has joined #openstack-keystone06:05
*** spandhe has quit IRC06:06
*** markvoelker_ has quit IRC06:06
*** vgridnev has joined #openstack-keystone06:08
*** spandhe has joined #openstack-keystone06:09
*** jasonsb has joined #openstack-keystone06:10
davechenmarekd: hi, are you around?06:10
davechenmarekd: one question, why it's the endpoint filter to accommodate the change for service provider filtering?06:11
*** oomichi_away is now known as oomichi06:11
davechenmarekd: endpoint filter seems like something about endpoints, but any connection of service provider with endpoints?06:12
*** Nirupama has joined #openstack-keystone06:13
davechenper my understanding, all we need is the capability to filter SP based on the project id, again, I am not quite understanding, why it's endpoints filtering?06:13
davechenand why the change is made against keystone catalog?06:13
davechenstevemar: in case you are still here, do you have any ideas?06:15
*** jasonsb has quit IRC06:16
*** ayoung has quit IRC06:16
openstackgerritRakesh H S proposed openstack/pycadf: Enable cadf support for Heat
*** vgridnev has quit IRC06:26
*** gyee has quit IRC06:39
*** shoutm_ has quit IRC06:40
*** spandhe_ has joined #openstack-keystone06:43
*** lhcheng has quit IRC06:44
*** spandhe has quit IRC06:45
*** spandhe_ is now known as spandhe06:45
*** lhcheng has joined #openstack-keystone06:46
*** ChanServ sets mode: +v lhcheng06:46
*** vgridnev has joined #openstack-keystone06:47
*** lhcheng has quit IRC06:54
*** shoutm has joined #openstack-keystone06:58
*** spandhe has quit IRC07:02
*** shoutm has quit IRC07:03
*** henrynash has quit IRC07:04
*** agireud has quit IRC07:04
*** spandhe has joined #openstack-keystone07:05
*** shoutm has joined #openstack-keystone07:06
*** gildub has quit IRC07:09
*** roxanaghe has quit IRC07:14
*** agireud has joined #openstack-keystone07:16
*** rcernin has joined #openstack-keystone07:20
*** vgridnev has quit IRC07:26
*** su_zhang has joined #openstack-keystone07:31
*** jaosorior has quit IRC07:53
*** ayoung has joined #openstack-keystone08:01
*** ChanServ sets mode: +v ayoung08:01
*** mkoderer_ is now known as mkoderer08:03
*** jaosorior has joined #openstack-keystone08:06
*** spandhe has quit IRC08:17
*** su_zhang has quit IRC08:18
*** shoutm has quit IRC08:18
*** vgridnev has joined #openstack-keystone08:28
*** shoutm has joined #openstack-keystone08:29
*** fhubik has joined #openstack-keystone08:34
*** fhubik is now known as fhubik_brb08:34
*** agireud has quit IRC08:35
*** dikonoor has joined #openstack-keystone08:35
*** pnavarro has joined #openstack-keystone08:46
*** agireud has joined #openstack-keystone08:47
openstackgerritDina Belova proposed openstack/keystone: Integrate OSprofiler in Keystone
*** fhubik_brb is now known as fhubik08:50
*** agireud has quit IRC09:05
*** agireud has joined #openstack-keystone09:09
*** markvoelker has quit IRC09:12
*** topol has quit IRC09:15
*** topol_ has joined #openstack-keystone09:16
*** jistr has joined #openstack-keystone09:16
*** daemontool has joined #openstack-keystone09:20
*** arunkant has quit IRC09:31
*** mhickey has joined #openstack-keystone09:31
openstackgerritRakesh H S proposed openstack/pycadf: Enable cadf support for Heat
*** vgridnev has quit IRC09:32
*** vgridnev has joined #openstack-keystone09:33
openstackgerritRakesh H S proposed openstack/pycadf: Enable cadf support for Heat
*** tyagiprince has joined #openstack-keystone09:40
tyagiprinceHey people.. I wanna know which python module does openstack each service uses to provide the REST api09:41
*** markvoelker has joined #openstack-keystone09:42
*** topol_ is now known as topol09:45
*** ChanServ sets mode: +v topol09:45
*** markvoelker has quit IRC09:48
tyagiprinceis openstack using paste for this purpose? or is it using falcon or some other module?09:50
*** davechen has quit IRC09:57
*** fhubik is now known as fhubik_brb09:59
*** Ephur has quit IRC09:59
*** openstackgerrit has quit IRC10:02
*** openstackgerrit has joined #openstack-keystone10:02
*** tyagiprince_ has joined #openstack-keystone10:03
*** fhubik_brb is now known as fhubik10:03
*** tyagiprince_ has quit IRC10:05
*** daemontool_ has joined #openstack-keystone10:07
*** shoutm_ has joined #openstack-keystone10:07
*** daemontool has quit IRC10:07
*** jaosorior has quit IRC10:09
*** shoutm has quit IRC10:09
*** jaosorior has joined #openstack-keystone10:10
*** jaosorior has quit IRC10:10
*** dikonoor has quit IRC10:11
*** jaosorior has joined #openstack-keystone10:11
*** daemontool_ is now known as daemontool10:14
*** arunkant has joined #openstack-keystone10:17
*** gildub has joined #openstack-keystone10:19
*** doug-fish has joined #openstack-keystone10:22
*** aix has joined #openstack-keystone10:24
*** doug-fish has quit IRC10:27
*** rm_work has quit IRC10:29
*** zeus has quit IRC10:29
*** zeus has joined #openstack-keystone10:30
*** zeus is now known as Guest6542510:30
*** rm_work has joined #openstack-keystone10:32
*** shoutm_ has quit IRC10:36
*** markvoelker has joined #openstack-keystone10:39
*** shoutm has joined #openstack-keystone10:43
notmorgantyagiprince: depends on which servicd10:44
*** markvoelker has quit IRC10:44
tyagiprincenotmorgan: Lets say keystone..10:44
notmorgantyagiprince: we use a custom wsgi layer, paste to define the filters, routes to define the API URL REGEX -> code entry point10:45
notmorgannova uses much the same, but uses eventlet as the wsgi app container vs mod_wsgi like we do10:45
notmorgansome services use pecan/[wsme], some use falcon (i think one)10:46
notmorganit is a little all over the map10:46
tyagiprincenotmorgan: Can you point me to some tutorial which can help me to understand the openstack code.10:48
notmorgantyagiprince: sadly no i don't have such a link :(10:49
notmorganand each project is very different10:49
notmorganalso it's 2:50am here and i should have slept hours ago10:49
tyagiprincenotmorgan: Thank you..10:49
*** lhcheng has joined #openstack-keystone10:51
*** ChanServ sets mode: +v lhcheng10:51
*** lhcheng has quit IRC10:56
*** e0ne has joined #openstack-keystone10:58
*** dims has joined #openstack-keystone11:04
*** aix has quit IRC11:07
*** ajayaa has joined #openstack-keystone11:22
*** vgridnev has quit IRC11:31
*** vgridnev has joined #openstack-keystone11:31
*** shoutm has quit IRC11:34
*** markvoelker has joined #openstack-keystone11:34
*** shoutm has joined #openstack-keystone11:37
*** markvoelker has quit IRC11:39
*** fhubik is now known as fhubik_brb11:43
*** fhubik_brb is now known as fhubik11:49
openstackgerritAjaya Agrawal proposed openstack/keystone: Ensure pycadf initiator IDs are UUID
*** aix has joined #openstack-keystone12:03
*** boris-42 has quit IRC12:03
*** tyagiprince has quit IRC12:07
*** gildub has quit IRC12:12
*** shoutm_ has joined #openstack-keystone12:13
*** fhubik is now known as fhubik_brb12:14
*** fhubik_brb is now known as fhubik12:14
*** shoutm has quit IRC12:16
*** vgridnev has quit IRC12:16
*** pauloewerton has joined #openstack-keystone12:17
*** vgridnev has joined #openstack-keystone12:18
*** shoutm_ has quit IRC12:19
*** raildo-afk is now known as raildo12:20
*** shoutm has joined #openstack-keystone12:21
*** tyagiprince has joined #openstack-keystone12:25
*** doug-fish has joined #openstack-keystone12:25
*** oomichi is now known as oomichi_away12:26
*** markvoelker has joined #openstack-keystone12:29
*** oomichi_away has quit IRC12:31
*** markvoelker has quit IRC12:35
*** shoutm_ has joined #openstack-keystone12:36
*** shoutm has quit IRC12:37
ajayaaGuys. I want to write a release note for a patch. Please let me know how to write one.12:47
ajayaaI am confused on the naming part of the yaml file.12:47
*** pnavarro is now known as pnavarro|lunch13:01
*** fhubik is now known as fhubik_brb13:04
*** jamielennox is now known as jamielennox|away13:07
*** gordc has joined #openstack-keystone13:10
*** Guest7791 is now known as bradjones13:12
*** bradjones has joined #openstack-keystone13:12
*** bill_az has joined #openstack-keystone13:14
*** fhubik_brb is now known as fhubik13:18
*** daemontool has quit IRC13:19
*** jed56 has quit IRC13:23
*** markvoelker has joined #openstack-keystone13:24
*** alejandrito has joined #openstack-keystone13:26
*** markvoelker has quit IRC13:29
*** vgridnev has quit IRC13:34
*** vgridnev has joined #openstack-keystone13:37
*** Nirupama has quit IRC13:39
*** Ephur has joined #openstack-keystone13:43
*** EinstCrazy has quit IRC13:47
*** Guest65425 is now known as zeus13:50
*** zeus has joined #openstack-keystone13:50
*** markvoelker has joined #openstack-keystone13:50
dstanektyagiprince: have you tried looking at the code? i gave you  pointers a few days ago right?13:51
*** markvoelker has quit IRC13:53
*** markvoelker has joined #openstack-keystone13:53
dstanekajayaa: what are you finding confusing?13:53
*** ninag has joined #openstack-keystone13:53
dstanekajayaa: have you seen ?13:55
*** richm has joined #openstack-keystone13:55
*** markvoelker has quit IRC13:57
*** markvoelker has joined #openstack-keystone13:59
*** fhubik is now known as fhubik_brb13:59
*** tyagiprince has quit IRC14:01
*** fhubik_brb is now known as fhubik14:03
*** daemontool has joined #openstack-keystone14:05
*** edmondsw has joined #openstack-keystone14:08
ajayaadstanek, Thank you. I hadn't seen the docs.14:12
*** peter-hamilton has joined #openstack-keystone14:12
*** shoutm_ has quit IRC14:12
*** fhubik is now known as fhubik_brb14:20
*** raildo is now known as raildo-afk14:24
*** pauloewerton has quit IRC14:25
*** alejandrito has quit IRC14:26
*** dslev has joined #openstack-keystone14:39
*** fhubik_brb is now known as fhubik14:40
openstackgerritAjaya Agrawal proposed openstack/keystone: Change get_project permission
*** fawadkhaliq has joined #openstack-keystone14:42
*** peter-hamilton has quit IRC14:47
*** avarner has joined #openstack-keystone14:49
*** pnavarro|lunch is now known as pnavarro14:50
*** zqfan has joined #openstack-keystone14:59
*** phalmos has joined #openstack-keystone15:00
*** vgridnev has quit IRC15:01
*** sigmavirus24_awa is now known as sigmavirus2415:03
*** fawadkhaliq has quit IRC15:03
*** pushkaru has joined #openstack-keystone15:05
*** boris-42 has joined #openstack-keystone15:07
*** jasonsb has joined #openstack-keystone15:09
*** ajayaa has quit IRC15:10
*** henrynash has joined #openstack-keystone15:19
*** ChanServ sets mode: +v henrynash15:19
*** tonytan4ever has joined #openstack-keystone15:22
*** jasonsb has quit IRC15:22
*** henrynash has quit IRC15:23
*** fawadkhaliq has joined #openstack-keystone15:25
*** jsavak has joined #openstack-keystone15:30
*** fhubik is now known as fhubik_brb15:30
*** fhubik_brb is now known as fhubik15:31
*** timcline has joined #openstack-keystone15:31
*** fhubik has quit IRC15:31
*** fhubik has joined #openstack-keystone15:35
lbragstadjorge_munoz working on reviewing your latest trust redelegation patch15:35
*** jsavak has quit IRC15:38
*** markvoelker has quit IRC15:38
lbragstadayoung amakarov mind double checking my review here - ?15:39
lbragstadcc dolphm ^15:40
lbragstadit's around the trust api behavior with redelegation15:40
*** su_zhang has joined #openstack-keystone15:41
amakarovlbragstad, sure15:41
lbragstadamakarov thanks!15:42
*** fawadkhaliq has quit IRC15:42
*** csoukup has joined #openstack-keystone15:44
*** EinstCrazy has joined #openstack-keystone15:45
*** fhubik has quit IRC15:45
*** spzala has joined #openstack-keystone15:46
*** slberger has joined #openstack-keystone15:59
*** diazjf has joined #openstack-keystone16:00
*** markvoelker has joined #openstack-keystone16:01
*** roxanaghe has joined #openstack-keystone16:03
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities
*** jasonsb has joined #openstack-keystone16:04
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities
*** dhellmann has joined #openstack-keystone16:07
*** rcernin has quit IRC16:09
*** spzala has quit IRC16:14
*** jasonsb has quit IRC16:14
*** spzala has joined #openstack-keystone16:14
openstackgerritTom Cocozzello proposed openstack/keystone: Fix nits in include names patch
*** fawadkhaliq has joined #openstack-keystone16:17
openstackgerritTom Cocozzello proposed openstack/python-keystoneclient: set up include names for list role assignments
*** vgridnev has joined #openstack-keystone16:22
*** raildo-afk is now known as raildo16:24
*** fawadkhaliq has quit IRC16:25
*** aix has quit IRC16:26
*** browne has joined #openstack-keystone16:29
*** alexpro has quit IRC16:33
*** ducttape_ has joined #openstack-keystone16:33
ducttape_I have a keystone question around this api:
ducttape_there are two tokens used in that example, is the first one a unscoped token?  it doesn't need to be an admin token, does it ?16:34
*** tsymanczyk has joined #openstack-keystone16:34
*** tsymanczyk is now known as Guest9460416:34
*** rbak has joined #openstack-keystone16:35
*** LukeH has joined #openstack-keystone16:41
*** fawadkhaliq has joined #openstack-keystone16:44
*** fmarco76 has joined #openstack-keystone16:48
*** fmarco76 has quit IRC16:49
*** rcernin has joined #openstack-keystone16:49
*** vgridnev has quit IRC16:51
*** _cjones_ has joined #openstack-keystone16:52
*** spandhe has joined #openstack-keystone16:52
*** fawadkhaliq has quit IRC16:54
*** fawadkhaliq has joined #openstack-keystone16:54
*** smcginnis has joined #openstack-keystone16:55
*** gyee has joined #openstack-keystone16:56
*** ChanServ sets mode: +v gyee16:56
*** vgridnev has joined #openstack-keystone16:58
stevemarducttape_: nope, it doesn't have to be an admin token17:00
*** rderose has joined #openstack-keystone17:00
stevemarducttape_: an unscoped token is the result of just sending your username and password (no project)17:00
stevemarthe only thing an unscoped token is useful for... listing projects you have access to17:01
*** vgridnev has quit IRC17:01
ducttape_stevemar - so in that example, could the same token be used in both spots ?17:02
*** vgridnev has joined #openstack-keystone17:03
*** blogan is now known as patient-zer0-bl017:06
*** patient-zer0-bl0 is now known as patient-0-bl0gan17:06
*** peter-hamilton has joined #openstack-keystone17:17
*** vikram has joined #openstack-keystone17:19
vikramCan someone plz offer help in resolving --17:19
vikram Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.17:19
vikram2016-01-21 17:16:50.863 | Could not determine a suitable URL for the plugin17:19
vikramI am getting this error while running devstack17:20
*** spzala has quit IRC17:22
*** spzala has joined #openstack-keystone17:22
*** spzala_ has joined #openstack-keystone17:23
*** jistr has quit IRC17:24
*** sigmavirus24 is now known as sigmavirus24_awa17:27
*** spzala has quit IRC17:27
*** spzala_ has quit IRC17:28
*** pauloewerton has joined #openstack-keystone17:28
vikramCan someone plz help17:30
vikramgetting error while running devstack17:30
vikram2016-01-21 17:28:43.824 | ++ openstack token issue -c id -f value --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url --os-password openstack17:30
vikram2016-01-21 17:28:44.851 | Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.17:30
vikram2016-01-21 17:28:44.851 | Could not determine a suitable URL for the plugin17:30
vikramany clue?17:31
*** ducttape_ has quit IRC17:32
LukeHany help needed with bandit, I can put my hat in, testing, docs etc. Its great tool, been using it against my own projs17:33
LukeHwrong channel, my bad17:36
*** vikram has quit IRC17:36
*** e0ne has quit IRC17:37
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements
*** su_zhang has quit IRC17:50
*** jasonsb has joined #openstack-keystone17:52
*** fesp has joined #openstack-keystone17:56
*** lhcheng has joined #openstack-keystone17:58
*** ChanServ sets mode: +v lhcheng17:58
*** roxanaghe has quit IRC17:59
samueldmqif I tell keystone is the service providing authn, authz and catalog services for openstack17:59
samueldmqis this accurate ? complete ?18:00
stevemarsamueldmq: i'd say it's accurate18:00
*** aix has joined #openstack-keystone18:01
samueldmqstevemar: ++ thanks18:01
*** LukeH has quit IRC18:02
ayounganyone know how to change an API from returning 200 OK to 201 Created?18:02
*** fawadk has joined #openstack-keystone18:04
*** fawadkhaliq has quit IRC18:04
samueldmqayoung: I know, but it's forbidden in openstack APIs18:06
ayoungsamueldmq, what?  Really?18:07
ayoungsamueldmq, link?18:07
samueldmqayoung: yes, you can't simply change status codes18:07
samueldmqayoung: sure, one moment18:07
ayoungsamueldmq, nah, that is not what I meant18:07
ayoungsamueldmq, we have an API published sayuing create_implied_role needs to return 20118:07
ayoungit returns 20018:07
ayounghow do I force it to return a 20118:08
ayoungsamueldmq, this is in an not-yet-approved review18:08
samueldmqayoung: ah, cool18:08
samueldmqayoung: see
ayoungsamueldmq, thankls18:09
*** jaosorior has quit IRC18:09
samueldmqayoung: np18:10
*** jaosorior has joined #openstack-keystone18:10
*** pnavarro has quit IRC18:16
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities
smcginnisHey all. Just starting to look in to whether we can switch from keystoneclient to keystoneauth in Cinder.18:19
smcginnisDoes anyone have any recommendations/insight for what the new way would be to do what we are doing here:18:20
smcginnisAnd here:18:20
*** mhickey has quit IRC18:22
raildosmcginnis: other services are doing the same thing.. like
raildosmcginnis: and
*** timcline has quit IRC18:30
*** timcline has joined #openstack-keystone18:31
smcginnisraildo: Thanks! I had looked at the ironic one and didn't see any equivalent pattern. I'll check out the ceilometer one.18:31
smcginnisraildo: Thanks for the point!18:31
raildosmcginnis: np, and if you need help on it, just ping me :)18:32
*** woodster_ has joined #openstack-keystone18:32
smcginnisraildo: Will do!18:32
*** fesp has quit IRC18:32
*** rderose has quit IRC18:32
*** gyee has quit IRC18:34
*** daemontool has quit IRC18:35
*** jaosorior_ has joined #openstack-keystone18:36
*** dtroyer has quit IRC18:38
*** edmondsw has quit IRC18:41
*** dtroyer has joined #openstack-keystone18:41
openstackgerritHenrique Truta proposed openstack/keystone: Manager support for project cascade update
*** fawadk has quit IRC18:43
stevemarlbragstad: you had to comment on that max roles bug18:43
lbragstadstevemar hmm?18:43
lbragstadstevemar I left a comment in the review - yes18:43
openstackgerritMorgan Fainberg proposed openstack/keystonemiddleware: Add reno for caching change
stevemarlbragstad: i was hoping to let it die of old age18:44
notmorganstevemar: ^18:44
notmorganstevemar: reno18:44
*** su_zhang has joined #openstack-keystone18:44
stevemarnotmorgan: yeah, just saw, thanks18:44
* notmorgan is disappointed that the cap blocking landed18:44
lbragstadstevemar I just added a comment so that it would be removed from my review queue - if the fix isn't going to be pursued then it should be abandon18:44
*** lhcheng has quit IRC18:44
notmorganstevemar: i am also still against warning for the sake of "GO SETUP CACHE" in default deployments18:45
dstaneklbragstad: i'm just going to go ahead and abandon that patch. no reason to keep it open18:45
lbragstaddstanek I agree - if we want to re-discuss it, I think it will have to be done in a meeting with everyone present18:46
*** lhcheng has joined #openstack-keystone18:46
*** ChanServ sets mode: +v lhcheng18:46
*** lhcheng_ has joined #openstack-keystone18:47
*** lhcheng has quit IRC18:47
dstaneklbragstad: we should try to get the bug count below 250 for tomorrow18:47
lbragstaddstanek I *only* have 87 more openstack/keystone@ project reviews left18:47
lbragstaddstanek I'm down18:47
lbragstaddstanek I can take some time to update the etherpad18:48
dstaneklbragstad: we won't see the fruits of out labor until Sunday because of the slowness of the gate18:48
*** lhcheng_ has quit IRC18:48
lbragstadthis is true18:48
dstanekbut at least we'll get lots of stuff out of the way18:48
*** lhcheng has joined #openstack-keystone18:48
*** ChanServ sets mode: +v lhcheng18:48
*** tonytan4ever has quit IRC18:49
dstanek259 now by my count18:49
*** lhcheng_ has joined #openstack-keystone18:50
*** lhcheng has quit IRC18:53
openstackgerritAndreas Jaeger proposed openstack/keystonemiddleware: Remove bandit tox environment
openstackgerritAndreas Jaeger proposed openstack/keystonemiddleware: Merge pep8 and bandit into linters
lbragstaddstanek we were over 300 before December18:56
dstaneklbragstad: yup, we're doing good18:56
*** e0ne has joined #openstack-keystone18:56
dstaneki'd really like to be under 200 before the summit18:57
lbragstaddstanek that would be awesome18:58
lbragstadi remember when i first started working on keystone the total count was below 170 some18:58
stevemarlbragstad: you're being so nice18:59
stevemarjust abandon some of the patches18:59
dstanekmy ideal situation would be just a handful of bugs that we can easily manage and task out19:00
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Enable `id`, `enabled` filter for list IdP
*** sigmavirus24_awa is now known as sigmavirus2419:02
*** shaleh has joined #openstack-keystone19:05
*** jasonsb has quit IRC19:08
lbragstaddstanek I agree - that's the way tempest does it I think19:12
lbragstaddstanek or at least thats how I remember them doing it in the meetings19:12
lbragstaddstanek I removed the reviews that have been merged -
*** fesp has joined #openstack-keystone19:13
lbragstaddstanek that list should be good to go - unless you want me to try and build a gerrit query for it19:13
*** rbak_ has joined #openstack-keystone19:16
*** aix has quit IRC19:19
*** rbak has quit IRC19:20
stevemarnotmorgan: commented on
stevemarnotmorgan: small stuff19:21
notmorganstevemar: yeah figured there would be just hacked it out super quick so we don't forget19:22
dstaneklbragstad: i've been using
notmorganstevemar: are we supposed toalways use the nova or Nova... iirc it is a proper noun19:22
notmorganstevemar: i hate our style guide on names like that cause it never makes snese to me19:22
notmorgansame with keystone... proper noun?19:23
stevemarnotmorgan: i don't care which, just be consistent. you swapped between Nova and glance19:24
dstanekstevemar: notmorgan: is there a definitive rule on the naming. for a while it was upper for text and lower for code; now i think is't lower everywhere19:25
openstackgerritMorgan Fainberg proposed openstack/keystonemiddleware: Add reno for caching change
notmorganwell i just went capital everywhere19:25
notmorganit's consistent19:25
*** tonytan4ever has joined #openstack-keystone19:26
lbragstaddstanek that must be something like -
stevemarnotmorgan: dstanek i like capital everywhere, but i think it's supposed to be lower everywhere19:26
notmorganhonestly, i just don't care enough either way19:26
notmorgani feel swapping capital vs lower cases in if those are the only changes is so far into bikeshed land that i'd just ignore the comments19:27
*** edmondsw has joined #openstack-keystone19:29
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test
*** spzala has joined #openstack-keystone19:35
openstackgerritJorge Munoz proposed openstack/keystone: Fix trust redelegation and associated test
*** daemontool has joined #openstack-keystone19:42
smcginnisnotmorgan, stevemar: There was a discussion on that last summer:
smcginnisProbably more discussion than it's worth. ;)19:45
notmorgansmcginnis: yep19:45
notmorgansmcginnis: far more nit-picky than i care to dive into19:45
smcginnisnotmorgan: +1 :)19:46
notmorgansmcginnis: if someone nitpicks on caps vs non caps in names and brings no other comments, i will absolutely ignore it ;), but if there are other changes i'm fine with an ask for making it consistent19:46
*** ChanServ sets mode: +o notmorgan19:47
smcginnisnotmorgan: Me too. There are far more important things to be worrying about right now.19:47
*** notmorgan changes topic to "MidCycle: | Mitaka-2:"19:47
*** notmorgan sets mode: -o notmorgan19:47
*** stevemar changes topic to "MidCycle: | Mitaka-3:"19:48
stevemarnotmorgan: i am the topic changer!19:48
stevemarmitaka-2 is officially out19:48
*** ChanServ changes topic to "MidCycle: | Mitaka-3: | OMG A TOPIC CHANGE"19:49
*** ChanServ sets mode: +o notmorgan19:49
*** e0ne has quit IRC19:49
*** notmorgan changes topic to "MidCycle: | Mitaka-3: | See you at the midcycle!"19:49
notmorganstevemar: ^_^19:50
*** ChanServ sets mode: -o notmorgan19:50
notmorganstevemar: i should be able to do the followup on the LDAP things todya19:51
stevemarnotmorgan: i accept19:51
stevemarnotmorgan: ldap things?19:51
notmorganthe folloup on the removals19:51
stevemarnotmorgan: ah right19:54
stevemardo it up19:54
stevemarnotmorgan: dolphm turns out we can only ask one question in the user survey :(19:55
stevemarnotmorgan: dolphm should we ask about tokens or identity stores?19:55
stevemaror catalogs19:55
notmorganstevemar: bargain for 219:55
notmorganand ask about catalogs and identity stores19:55
dolphmstevemar: offer a ptl as sacrifice19:55
notmorganin that order19:55
notmorgandolphm: ++19:55
dolphmbknudson: ++19:55
*** ayoung has quit IRC19:56
stevemarbknudson: "do you keystone?"19:57
stevemarnotmorgan: dolphm on the off chance that we can only do one, which are you thinking? i'm leaning toward "where do your identities exist?"19:58
*** vgridnev has quit IRC19:58
* notmorgan shrugs19:58
notmorganprobably all the same19:58
dolphmwhat was the catalog question?19:58
bknudsonI'd be interested to know if operators are moving towards SAML federation.19:59
dolphmor, what's stopping them20:00
bknudsonlike we keep telling them to do.20:00
dolphmbut that's not multiple chioce20:00
*** daemontool has quit IRC20:01
*** daemontool has joined #openstack-keystone20:02
*** fesp has quit IRC20:04
tjcocozzWhat is "gate-rally-dsvm-keystone" Jenkins check?20:11
*** gildub has joined #openstack-keystone20:11
*** zqfan has quit IRC20:11
*** markvoelker has quit IRC20:11
*** slberger1 has joined #openstack-keystone20:13
*** daemontool_ has joined #openstack-keystone20:15
*** slberger has quit IRC20:15
*** daemontool has quit IRC20:17
*** su_zhang has quit IRC20:18
notmorgantjcocozz: something that runs rally but hasn't progressed anywhere beyond the basic20:20
notmorganit's not super useful atm.20:20
tjcocozznotmorgan, yeah take a look at this patch
notmorganyeah i'd ignoe it20:20
tjcocozznotmorgan, what do i click on when i'm in the logs ....?20:20
notmorganunstable means the job disappeared20:21
notmorgannothing you can do20:21
notmorganit's non-voting20:21
notmorganyou can recheck it if you want, but20:21
notmorganthat is unlikely to be your fault20:21
tjcocozznotmorgan, there will be another patch set for it. I was just curious what it did.20:21
notmorganit is supposed to show some basic "how long this scenario takes"20:21
notmorganbut the issue is that performance is dictated by the node20:22
notmorgansome clouds are faster20:22
notmorgansome are slower20:22
notmorganit really isn't useful in isolation and we don't track the aggregate/overtime20:22
notmorganso be frank, i just ignore the job20:22
tjcocozznotmorgan, so what do these .gz files represent?  yeah i'd imagin this would be useless if they aren't keeping the cloud it is being run on the same20:23
notmorgantjcocozz: ythis is what the results should look like
notmorganyou could possibly extract the data20:24
notmorganor write further plugins20:24
notmorganrally is useful.. if you use it on consistent hardware etc. but the way we use it in keystone it's less than useful20:25
* notmorgan is still of the opinion we should just remove the job for now.20:25
*** vgridnev has joined #openstack-keystone20:26
tjcocozznotmorgan, i will ignore it for now.  thanks for the docs.20:27
bknudsonrally was an interesting experiment but if nobody's done anything with it by now we should get the resources back.20:27
notmorganbknudson: it's useful when used outside of the gate20:27
notmorganbknudson: if we started aggregating the data and tracking it over time, it would alos be useful20:27
notmorganbut that effort has not happened20:27
notmorganbknudson: so.. yeah we should prob remove the job [or make it experimental so people can trigger it if they want still]20:28
tjcocozznotmorgan, we can't get rid of it... we are the user stories:
notmorganwe can get rid of the gate job20:30
notmorgani mean20:30
notmorgannot the project itself20:30
notmorganthe gate job is uninteresting20:30
*** markvoelker has joined #openstack-keystone20:31
notmorganand the fix for that bug...20:31
notmorganalso pretty much has been broken20:31
notmorganthe fix was a drive-by code dump20:33
notmorganand isn't very maintainable20:33
*** timcline_ has joined #openstack-keystone20:34
tjcocozznotmorgan, lol drive-by code dumb.20:34
notmorgantjcocozz: it's an accurate description ;)20:34
tjcocozznotmorgan, yeah this added a lot... At least you had 6 reviewers to back you up.20:36
*** timcline has quit IRC20:37
notmorganstevemar: ^ cc20:38
*** Guest94604 is now known as tsymanczyk20:38
*** mhickey has joined #openstack-keystone20:43
*** ducttape_ has joined #openstack-keystone20:45
*** yarkot has joined #openstack-keystone20:45
*** peter-hamilton has quit IRC20:46
*** jamielennox|away is now known as jamielennox20:47
*** mhickey has quit IRC20:48
*** daemontool_ has quit IRC20:52
*** daemontool_ has joined #openstack-keystone20:52
lbragstadjamielennox do you know where the Namespace object comes from in openstackclient?20:54
lbragstador where it is defined?20:54
lbragstadI'm taking a look at what navidp is working on - switching python-openstackclient to use keystoneauth instead of keystoneclient20:54
jamielennoxlbragstad: it's a argparse object, it's created somewhere by cliff though and saved on self20:55
lbragstadjamielennox ahh - that would make sense20:55
jamielennoxlbragstad: i don't remember exactly but there is a run() method and a get_argguments or something20:56
jamielennoxand cliff just prepares it for you before run()20:56
*** gyee has joined #openstack-keystone20:57
*** ChanServ sets mode: +v gyee20:57
navidpjamielennox, lbragstad , when changing osc to use keystoneauth i get this "AttributeError: 'Namespace' object has no attribute 'url'20:59
navidpjamielennox, this is the paste for it : AttributeError:
*** shaleh is now known as shaleh|away20:59
jamielennoxnavidp: makes sense, openstackclient registers OS_URL and OS_TOKEN for admin access and uses that as a priority from memory21:00
*** dslev has quit IRC21:00
*** gordc has quit IRC21:00
jamielennoxnavidp: i would look really closely at what os-client-config gives you and try and integrate with that21:00
jamielennoxat summit and previously we've just kind of decided os-client-config would hold a lot of that auth construction logic21:01
lbragstadjamielennox ah so I take it this ( is what we need to look at21:03
lbragstadnavidp ^21:03
dstaneklbragstad: os-client-config is awesome; no more nasty environment variables21:04
jamielennoxlbragstad: there is already some integration with os-client-config21:04
lbragstaddstanek sweet! I need to read about this21:04
jamielennoxdstanek: there are still environment variables but much better formats21:04
lbragstadjamielennox integration between osc and os-client-config?21:04
jamielennoxlbragstad: yea, it's a weird standoff between the two at the moment21:05
jamielennoxlbragstad: i think os-client-config is just constructing dicts or arguments and osc is using them21:05
dstanekjamielennox: what environment variables do you still need?21:05
jamielennoxdstanek: it still takes env vars for everything not specified in the clouds.yml (i actually don't know which way priority is given)21:06
lbragstadjamielennox gotcha, so osc asks os-client-config for stuff somewhere on startup/init?21:06
jamielennoxso it handles all the old OS_ vars21:06
jamielennoxi've said for a while though that we need nicer interfaces in os-client-config so if you come up with some add them21:07
dstanekjamielennox: interesting. i don't think i have any environment vars set on my mac, but i don't use the osc there much. i use the ansible modules21:08
jamielennoxdstanek: i don't think in practice it would make a bunch of sense to mix and match, however because os-client-config ships with a bunch of defaults you can do stuff like21:10
jamielennoxOS_CLOUD=rax OS_USERNAME=user OS_PASSWORD=pass21:10
jamielennoxand have it prefill the rest21:10
lbragstadnavidp here is where it actually import os-client-config -
jamielennox(i have no idea if OS_CLOUD=rax is a thing)21:11
lbragstadme either21:11
dstanekit is if you define a rax cloud in your clouds.yaml21:11
lbragstadi'm very illiterate with the client side of keystone - so this is a good learning exercise for me, too21:11
dstanekOS_CLOUD or --os-cloud allow you to select which config to use21:11
navidplbragstad ^21:11
lbragstadso, to summarize navidp's problem - he could be seeing an issue with switch osc to use keystoneauth because of what os-client-config is passing back and what ksa expects21:12
dstanekfor example, i have a personal cloud and a rax cloud that i use21:12
dstaneklbragstad: is navidp defining a clouds.yaml at all?21:13
jamielennoxlbragstad: i'm not sure, os-client-config is already based around keystoneauth, so if there was going to be any issues it would likely be now21:13
jamielennoxnavidp, lbragstad: i mentioned this the other day, this conversion wouldn't seem too hard but there is a reason it hasn't happened yet21:14
navidpdstanek, what is cloud.yaml relation to ksa and osc?21:15
dstaneknavidp: clouds.yaml is basically a way to specify the same information that is usually in the OS_* environ vars21:15
dstaneknavidp: i user to source or to set the vars for the account i wanted to use. now i have a clouds.yaml that has both in it and i pick using --os-cloud21:16
dstanekif there is an actual issue mordred would know. he is the one that got me started down the path to happiness21:17
mordredI can't possibly have done anything like happiness21:17
dstanekmordred: yes, you have surprised us all!21:18
mordredif you do OS_CLOUD=rax you need to have a cloud defined in your clouds.yaml named 'rax'21:18
*** spzala has quit IRC21:18
mordredthat cloud can be "profile: rackspacE"21:18
mordredthat cloud can be "profile: rackspace"21:18
*** yarkot has quit IRC21:18
mordredand in fact, should be, if it's the rackspace cloud, so that you get all the weird overrides needed and auth_url and whatnot21:18
*** spzala has joined #openstack-keystone21:18
mordredbut I have not actually read all the scrollback yet21:19
navidpdstanek, aha thansk21:19
dstanekmordred: navidp was getting an error and somehow the conversation turned to is being something with os-client-config21:19
*** dslev has joined #openstack-keystone21:19
mordredah yes21:19
mordredI see now21:19
mordredso - yes, in moving osc to use ksa instead of ksc21:20
mordredI would highly recommend letting occ do the ksa auth construction21:20
mordredif it's not possible to pass in all the right things from osc that you'd expect, we should make sure it is possible21:20
navidpjamielennox, should i continue working on this?21:21
mordrednavidp: it will be a very good task to complete once completed21:21
mordrednavidp: so it is definitely worthy of work - there will almost certainly be a few really weird corner cases though21:21
mordredso put on a helmet21:22
*** spzala_ has joined #openstack-keystone21:22
*** pauloewerton has quit IRC21:22
*** spzala_ has quit IRC21:24
*** spzala_ has joined #openstack-keystone21:24
notmorganmordred's path is the path to happiness21:24
jamielennoxnavidp: it's a great goal, it's just not an easy project you're signing up for21:24
*** spzala has quit IRC21:24
jamielennoxjust wanted to make you aware21:24
notmorgandstanek: soo i want your opinoon [not keystone related]21:25
notmorgandstanek: if you're up for some non-work advice21:25
jamielennoxmordred: i'm a little concerned about things like
*** spzala_ has quit IRC21:26
notmorgandstanek: notably.. home server, I have PCIe SSD for it, should i RAID 0 the drives, raid 1, or send one back and spend the $ on something else. this will mostly be for local vm testing / some other stable vms / root drive [the main storage drives will be mirrored 6TB drives]21:27
notmorganjamielennox, mordred: ^ your input if you care to jump in would be welcome too.21:27
mordredjamielennox: whyfor?21:27
* notmorgan also wants to know what jamielennox is concerned by now.21:28
notmorgancause i'm following that convo too21:28
jamielennoxmordred: a) json? b) why is os-client-config learning about the different clients?21:28
notmorganjamielennox: json / yaml / all about the same, pick a format21:28
notmorgan[i can answer that]21:28
lbragstadmordred jamielennox dstanek cool - navidp and I will dig into it a bit more21:29
jamielennoxnotmorgan: json/yaml/all the same _configurable_ format - that is not something a user will edit, why wouldn't it just be a python dict21:29
lbragstadmordred jamielennox dstanek navidp is relatively new to the contribution process but it should be a good learning experience for both of us :)21:29
notmorganjamielennox: because it is something that should be very easy for anyone to add to and if someone has a custom client they maaay want to override21:30
notmorganjamielennox: and that way you don't need to muck in python code. iirc the choice was made [i remember when asking for this] because we did have a case where on-disk override made sense21:30
notmorganit's not typically a user editable thing/user edited thing.21:31
mordredjamielennox: it totally could have been python dict - but yeah, what notmorgan said. json is easy since it's in the standard lib - and the other shipped config files (vendors files and whatnot) are json already21:31
jamielennoxok, was weird more than a problem21:31
mordred*phew*- I was worried I'd missed a badness21:32
notmorganand it keeps it so you don't have someone adding a client thing and screwing up the raw python injecting something. this is a very standardized format21:32
mordredyes - agree it's not unweird21:32
notmorganso if someone *does* want to add to it....21:32
*** csoukup has quit IRC21:33
notmorganocc learning about clients iirc was also about better UX.21:33
notmorganand cleaning up the references of the <name> -> <thing> when dealing with getting into openstack21:33
mordredwell - same reason as it learned to make ksa objects21:33
notmorganit helps to isolate the "what do i need to know to just do a thing"21:33
mordredit _has_ all of the info - and it turns out the hard part a lot of times is knowing which params to pass to which constructor21:33
notmorganmordred: ++21:34
jamielennoxso i guess i have had long concerns about doing things like os_compute_api_version in clouds.yml because if i'm using os-client-config other than openstackclient it's returning constructed clients that may not have the same interfaces21:34
*** gordc has joined #openstack-keystone21:34
notmorganjamielennox: i have issues with that in general with the way we do libaray interfaces21:34
jamielennoxlike if i do get_client('identity') the interface is very different based on whether the user has v2 or v3 in their config21:35
notmorganjamielennox: doesn't matter what tool constructs them.21:35
jamielennoxnotmorgan: sure an abstraction layer would be good21:35
*** su_zhang has joined #openstack-keystone21:35
notmorganOCC is fitting that role pretty well for lots of things21:36
* mordred has an abstraction layer21:36
mordredas well21:36
mordredjamielennox: the worse part for me are that I don't know what version each of my clouds runs for each service21:37
mordredor, I didn't.21:37
mordredI personaly know this information about every cloud out there now21:37
mordredbut it's atrocious that we expect our users to deal with this21:38
mordredand even worse that the _library_ interfaces change when the REST interfaces do21:38
jamielennoxagreed, and i hope that SDK can do something here21:38
mordredI hope so to - although are they exposing the REST interface or abstracting it?21:38
mordredlast I checked they were exposing it21:39
mordredwhich will necessarily have the same problem21:39
* mordred hasn't had enough time to get involved with that project as he's wanted21:39
jamielennoxmordred: there are layers, though it's been a while since i looked21:39
*** markvoelker has quit IRC21:39
mordredI'd love if they were closer to the rest interfaces than shade is - but still covering up silly things like the name of the 'name' property in heat being 'stack_name' instead of 'name'21:40
mordredshade is a bit extreme - and I think from an openstack perspective actually goes too far in covering up differences ... although I need it from a practical perspective21:40
jamielennoxmordred: but even in the shade case you don't want to have it consume something like os_compute_api_version right? you would want to discover tht21:41
jamielennoxparticularly with the microversioning bs21:41
mordredjamielennox: well- compute is a little special21:41
*** markvoelker has joined #openstack-keystone21:41
mordredshade does not grok microversions yet becauase there are no public clouds running with them yet21:41
mordredshade _absolutely_ wants to consume glance version from the config21:42
mordredand keystone version21:42
mordredalthough I think we do let ksa do auth version discovery and that works GREAT21:42
jamielennoxauth depends on the plugin21:43
jamielennoxbut my expectation there was we would move towards asking the server rather than code it21:43
mordredbut that's all actually in the shade guts and not exposed to the user21:43
jamielennoxthere is _some_ support for that on the session but it's missing something to make that easier21:44
mordredand yeah - as we have that ability in clouds, we'll use it in shade as much as we can21:44
mordredand at that point os_compute_api_version in the config file will be "does this cloud support version discovery" or "is it too old"21:44
jamielennoxhmm, remove a value from default and if nothing is hardcoded then let it discover21:45
mordredwell - fun story21:45
mordredin nova, version=2 means "please try to microversion discover the latest version please"21:45
mordredjamielennox: but yes - I'd love to get to a point where there are no api versions in defaults.json21:46
mordredI think right now not enough of the services give us a good enough story for that21:46
jamielennoxmordred: so i guess the reason i ask is that i was writing a test service the other day and for a while now i've been really fast at doing21:47
jamielennoxkeystoneauth1.register_argparser_arguments, load_from_argparse_arguments and just have it do session and auth for me21:47
jamielennoxdecided i would do os-c-c instead, and when you're not using openstackclient a bunch of the variables are really awkward21:47
jamielennoxi wonder if that script is still around21:48
mordrednod - I'd love to see that ...21:48
*** csoukup has joined #openstack-keystone21:48
mordredI bet the way you're thinking about the problems are differnet than me so far, so I'd love to see what it is that works well for you21:48
jamielennoxso obviously the role bit is just me testing a review21:49
jamielennoxsome of this (most?) is easy to fix, i just haven't proposed it yet21:50
mordredI'm curious about 15-17 ... why is that a grr occ?21:50
mordredare we not passing something in right?21:50
jamielennoxok, maybe its nit here21:51
jamielennoxi don't think you should have to pass ns.os_cloud back into os-c-c21:51
jamielennoxit knows that  and i couldn't find anyway to find that out, i ended up copying that from how osc does it21:51
jamielennoxgrr was because i couldn't pass get_session_client('identity', version=3, interface='public') nor did it honour the os_identity_api_version: 3 identity_interface: public options i had set in my config file21:53
jamielennoxso i had no choice but to set those after the object was created21:53
mordredit's identity_api_version ... no os_21:55
jamielennoxi think i did that, check21:56
mordredif identity_interface didn't work, then that's a bug - we have tests for that21:56
*** dims_ has joined #openstack-keystone21:56
mordredyes. I expect that to work21:57
mordredand I also expect you to not have to pass ns.os_cloud back in21:57
*** dims has quit IRC21:57
edmondswopenstack client uses OS_IDENTITY_API_VERSION... why drop the OS_ here?21:57
mordredso - I agree with you on all points21:57
mordrededmondsw: because it's pointless in a yaml config file21:57
mordrededmondsw: it would be a yaml file full of values all prefixed with os :)21:57
mordredthe OS_IDENTITY_API_VERSION env var still works as expected21:58
edmondswI thought jamielennox said that was an env var... ok21:58
mordredand the OS prefix there makes perfect sense because it's a global namespace21:58
jamielennoxyea, you have to do it to make it obvious in the ENV, but you shouldn't have to do that in a yaml file or a command line opt21:59
*** dslev has quit IRC21:59
jamielennoxlike wtf is the point in openstack --os-password ? what else would it be for ? :)22:00
notmorganmordred: yah for dropping pointless previses22:00
notmorganpre... damn it i can't type22:00
notmorganjamielennox: yeah22:01
notmorganjamielennox: i agree the CLI options are silly when prefixed with --os-22:01
jamielennoxnotmorgan: i'm not even trying to fix that one22:02
notmorganjamielennox: not worth it22:03
notmorganjamielennox: but i was just agreeing22:03
*** markvoelker has quit IRC22:04
notmorganjamielennox: oslo.cache bit i'll start reviewing soon.22:05
notmorganjamielennox: for middleware.22:05
*** darrenc is now known as darrenc_afk22:05
notmorganjamielennox: and have you spent any time thinking about how to drop in the auth info from middleware in a sane/consistent place?22:06
jamielennoxnotmorgan: nope, other things22:06
notmorganjamielennox: since i want to start using that concept in places like nova.22:06
openstackgerritTom Cocozzello proposed openstack/python-keystoneclient: Adds an option to include names in role assignment lists
notmorganjamielennox: cool np we can talk more on that after midcycle22:07
*** huats_ has quit IRC22:07
* notmorgan needs to figure out what i messed up in reno22:07
*** jaosorior_ has quit IRC22:09
openstackgerritMerged openstack/keystone: Removes KVS catalog backend
*** dslev has joined #openstack-keystone22:14
openstackgerritMerged openstack/keystone: Remove LDAP Resource and LDAP Assignment backends
openstackgerritMerged openstack/keystone: Remove LDAP Role Backend
notmorganstevemar: keystonemiddleware releasenotes is broken22:16
notmorgan/home/morgan/keystonemiddleware/releasenotes/source/unreleased.rst:1019: WARNING: Inline interpreted text or phrase reference start-string without end-string.22:16
notmorgani removed my reno and it still was happening22:16
*** huats_ has joined #openstack-keystone22:17
*** huats_ has quit IRC22:17
*** huats_ has joined #openstack-keystone22:17
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
openstackgerritEric Brown proposed openstack/keystone: Remove more ldap project references
stevemarnotmorgan: that silly argparse thing?22:20
notmorganstevemar: oh is that it?22:20
notmorganstevemar: the "Start-string without end-string" is that really argparse?22:21
*** darrenc_afk is now known as darrenc22:22
stevemarnotmorgan: i'll look  at it after gym + dinner22:22
notmorganstevemar: yeah i just don't know how to et more info on it. it is a weird error22:23
notmorganstevemar: and sounds good22:23
jamielennoxnotmorgan: - bets on how many things break?22:23
notmorganjamielennox: actually, remarkably, heat22:23
jamielennoxprobably give a window ~522:23
*** diazjf has quit IRC22:23
notmorganmost of the rest of the stuff should work22:23
notmorgantempest errors probably too22:23
*** markvoelker has joined #openstack-keystone22:24
jamielennoxtempest should be ok22:24
jamielennoxtempest registers its own users22:24
notmorgananyway, mostly heat22:24
jamielennoxthere's some glance stuff22:24
notmorgani think i had glance all working v3 in my POC with no patching22:24
notmorganoh there is a cinder thing22:24
jamielennoxand other stuff that i can spot just doing the devstack change22:24
notmorganthere is acinder thing that will break22:24
*** vgridnev has quit IRC22:25
notmorganbecause someone hard coded a cinder thing that can't read any configs in22:26
jamielennoxnotmorgan: going to make a big bug and file it against everything that fails22:26
notmorganjamielennox: ++22:33
notmorganmake sure to tag me on it so i can help22:33
notmorganon pushing code to fix things22:34
*** dslev has quit IRC22:34
openstackgerritMerged openstack/keystone: Remove bandit tox environment
*** vgridnev has joined #openstack-keystone22:36
openstackgerritEric Brown proposed openstack/keystone: Remove additional references to ldap role attribs
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
openstackgerritEric Brown proposed openstack/keystone: Remove additional references to ldap role attribs
smcginnisnotmorgan: What's the cinder issue?22:43
notmorganthere was something that i had to patch22:43
notmorgani'll need to get looking again22:43
smcginnisnotmorgan: Let me know if we need to do anything.22:44
notmorganit was just rolling up some config things iirc22:44
jamielennoxsmcginnis: this might actually be v3 capable but i haven't looked into it
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains
jamielennoxbut they way it is now it's going to fail22:47
smcginnisjamielennox: Do you know what needs to change there? Sorry, I don't know enough about it.22:50
jamielennoxsmcginnis: at the very least we need a way to pass in domain information, but it should be using auth plugins22:50
*** vgridnev has quit IRC22:50
jamielennoxso that the auth type can change22:50
openstackgerritBrant Knudson proposed openstack/keystone: Parameter to return audit ids only in revocation list
openstackgerritBrant Knudson proposed openstack/keystone: Add tests for fetching the revocation list
*** gtmanfred has joined #openstack-keystone22:52
*** tonytan4ever has quit IRC22:53
gtmanfredwith keystone v2, is it possible to add a role to a user without specifying a tenant_id?  Looking at the roles.roles_for_user, it adds tenant_id as an optional kwarg, but if I set it, i get a 'User roles not supported: tenant_id required (HTTP 501)'22:53
gtmanfredthe user-roles-list doesn't require the tenant_id, but it looks like it does a lookup for a tenant
jamielennoxgtmanfred: it was at one point but its at very least discouraged22:55
jamielennoxyou always get a role on a specific project22:55
gtmanfredok, cool thanks22:55
*** harlowja has quit IRC22:56
*** harlowja has joined #openstack-keystone22:56
*** timcline_ has quit IRC22:57
*** ayoung has joined #openstack-keystone22:58
*** ChanServ sets mode: +v ayoung22:58
*** gtmanfred has left #openstack-keystone22:58
*** pushkaru has quit IRC23:00
notmorganjamielennox: actually there was code to prevent that explicitly23:01
notmorganor there is now.23:01
*** csoukup has quit IRC23:01
notmorganbut waaay back in the day23:01
*** gordc has quit IRC23:10
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains
openstackgerrithenry-nash proposed openstack/keystone: Add is_domain parameter to get_project_by_name
*** slberger1 has left #openstack-keystone23:27
openstackgerritMerged openstack/keystonemiddleware: Merge pep8 and bandit into linters
*** bradjones_ has joined #openstack-keystone23:31
*** bradjones_ has quit IRC23:31
*** bradjones_ has joined #openstack-keystone23:31
*** sigmavirus24 is now known as sigmavirus24_awa23:34
*** gildub has quit IRC23:39
*** roxanaghe has joined #openstack-keystone23:46
*** spzala has joined #openstack-keystone23:47
*** rcernin has quit IRC23:47
*** bradjones_ has quit IRC23:47
*** bradjones_ has joined #openstack-keystone23:47
*** bradjones_ has quit IRC23:47
*** bradjones_ has joined #openstack-keystone23:47
*** spzala has quit IRC23:51
*** darrenc is now known as darrenc_afk23:51
*** edmondsw has quit IRC23:55
*** spzala has joined #openstack-keystone23:56
*** shoutm has joined #openstack-keystone23:58

Generated by 2.14.0 by Marius Gedminas - find it at!