Thursday, 2016-03-03

« Wednesday, 2016-03-02 Index Friday, 2016-03-04 »
*** roxanaghe has quit IRC00:01
*** jorge_munoz has joined #openstack-keystone00:02
*** dims has joined #openstack-keystone00:06
*** markvoelker has quit IRC00:06
*** mylu has joined #openstack-keystone00:21
openstackgerritMerged openstack/keystone: Add release notes for projects acting as domains.  https://review.openstack.org/28723300:22
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656500:24
*** shaleh has quit IRC00:28
*** jorge_munoz has quit IRC00:36
*** berserk has joined #openstack-keystone00:38
berserkWith KILO, I am trying to add mutli domain support. Really what I am trying to do is use the local SQL DB for openstack and ldap for user access.  I dont have the ability to manage the ldap to create the openstack service accounts and what not.  I have horizon using v3 API so that it asks for a domain as well as shows the domain section in the portal.  My issue is with keystone.  When ever I set dom00:39
berserkain_specific_drivers_enabled I get the following error:  ERROR: openstack The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): ['/etc/keystone/domains/keystone.Default.conf'].  That error will happen whether the file is blank or as the SQL driver in it.  I also did remove the catch all from the main config as well.  Can anyone offer any guidance?00:39
*** sdake_ has quit IRC00:41
*** rk4n has joined #openstack-keystone00:43
*** bjornar has quit IRC00:43
*** sdake has joined #openstack-keystone00:45
*** rk4n has quit IRC00:47
*** rk4n has joined #openstack-keystone00:49
*** roxanaghe has joined #openstack-keystone00:54
openstackgerritMerged openstack/keystone: add hints to list_services for templated backend  https://review.openstack.org/28614200:58
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656501:00
*** pgbridge has quit IRC01:07
*** dims has quit IRC01:08
*** berserk has quit IRC01:10
*** markvoelker has joined #openstack-keystone01:10
*** doug-fish has joined #openstack-keystone01:12
*** EinstCrazy has joined #openstack-keystone01:17
*** davechen has joined #openstack-keystone01:26
*** sdake_ has joined #openstack-keystone01:29
*** sdake_ has quit IRC01:30
*** sdake has quit IRC01:30
*** sdake_ has joined #openstack-keystone01:30
*** ninag has joined #openstack-keystone01:37
*** ninag has quit IRC01:37
*** lhcheng has quit IRC01:37
openstackgerritMerged openstack/keystone: Minor edits to the developing doc  https://review.openstack.org/28512001:38
*** amit213 has joined #openstack-keystone01:41
*** rk4n has quit IRC01:42
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656501:43
*** spandhe has quit IRC01:45
*** spandhe has joined #openstack-keystone01:45
*** spandhe has quit IRC01:45
davechenlbragstad: ping?01:47
*** openstackgerrit has quit IRC01:47
*** openstackgerrit has joined #openstack-keystone01:47
davechenlbragstad: what the token provider are you using? fernet or uuid?  - https://review.openstack.org/#/c/277436/01:48
patchbotdavechen: patch 277436 - keystone - Return 404 instead of 401 for tokens w/o roles01:48
davechenlbragstad: i did the same thing as you, but return 401 when i try to verify it with fernet token.01:49
*** sdake_ has quit IRC01:51
*** fawadkhaliq has quit IRC01:53
*** roxanaghe has quit IRC01:55
*** jasonsb has joined #openstack-keystone01:56
*** dims has joined #openstack-keystone01:59
*** jasonsb has quit IRC02:02
*** anush has joined #openstack-keystone02:03
*** doug-fis_ has joined #openstack-keystone02:16
*** xek_ has joined #openstack-keystone02:16
*** huats__ has joined #openstack-keystone02:17
*** gerhardq1x has joined #openstack-keystone02:18
*** alex_xu_ has joined #openstack-keystone02:21
*** BAKfr_ has joined #openstack-keystone02:22
*** odyssey4me_ has joined #openstack-keystone02:22
*** jrist_ has joined #openstack-keystone02:23
*** agireud has quit IRC02:23
*** mkoderer__ has quit IRC02:23
*** odyssey4me has quit IRC02:23
*** gerhardqux has quit IRC02:23
*** huats_ has quit IRC02:23
*** LZ has quit IRC02:23
*** sbezverk has quit IRC02:23
*** stevemar has quit IRC02:23
*** BAKfr has quit IRC02:23
*** bjornar__ has quit IRC02:23
*** clenimar has quit IRC02:23
*** alex_xu has quit IRC02:23
*** doug-fish has quit IRC02:23
*** jrist has quit IRC02:23
*** xek has quit IRC02:23
*** mkoderer___ has joined #openstack-keystone02:23
*** lunarlamp is now known as mariusv02:23
*** BAKfr_ is now known as BAKfr02:23
*** clenimar has joined #openstack-keystone02:24
*** sbezverk has joined #openstack-keystone02:24
*** bjornar__ has joined #openstack-keystone02:24
*** agireud has joined #openstack-keystone02:24
*** stevemar has joined #openstack-keystone02:24
*** spzala has joined #openstack-keystone02:24
*** doug-fis_ has quit IRC02:24
*** shoutm_ has joined #openstack-keystone02:24
*** roxanagh_ has joined #openstack-keystone02:24
*** LZ has joined #openstack-keystone02:26
*** doug-fish has joined #openstack-keystone02:27
*** shoutm has quit IRC02:27
*** spzala has quit IRC02:28
*** shoutm_ has quit IRC02:29
*** shoutm has joined #openstack-keystone02:35
*** ChanServ sets mode: +o stevemar02:39
stevemarmorgan: 115 now02:50
stevemar2 more fix releases02:50
stevemarmorgan: dstanek if you remove the incomplete and fix committed, it's actually down to 10202:50
stevemarwhich is pretty damn awesome02:50
*** jrist_ is now known as jrist02:52
*** jrist has quit IRC02:52
*** jrist has joined #openstack-keystone02:52
*** fangxu has quit IRC02:52
*** shoutm has quit IRC03:07
*** ThomasHsiao has quit IRC03:08
*** doug-fish has quit IRC03:10
*** browne has quit IRC03:11
*** spzala has joined #openstack-keystone03:17
*** shoutm has joined #openstack-keystone03:18
*** jraim_ has joined #openstack-keystone03:23
lbragstaddavechen I did the process I commented on with the fernet provider and got a 40403:25
*** gema_ has joined #openstack-keystone03:25
*** topol_ has joined #openstack-keystone03:25
*** dansmith_ has joined #openstack-keystone03:25
*** tjcocozz_ has joined #openstack-keystone03:25
*** spring_ has joined #openstack-keystone03:25
*** jraim has quit IRC03:26
*** dansmith has quit IRC03:26
*** gema has quit IRC03:26
*** topol has quit IRC03:26
*** miguelgrinberg has quit IRC03:26
*** tjcocozz has quit IRC03:26
*** spring__ has quit IRC03:26
*** mnaser has quit IRC03:26
*** clayton has quit IRC03:26
*** richm has quit IRC03:26
*** lennyb has quit IRC03:26
*** miguelgrinberg_ has joined #openstack-keystone03:26
*** miguelgrinberg_ is now known as miguelgrinberg03:26
*** jraim_ is now known as jraim03:26
*** dansmith_ is now known as dansmith03:27
*** woodster_ has quit IRC03:27
*** richm has joined #openstack-keystone03:27
*** lennyb has joined #openstack-keystone03:27
*** dansmith is now known as Guest6049703:27
*** clayton has joined #openstack-keystone03:28
*** mnaser has joined #openstack-keystone03:28
*** links has joined #openstack-keystone03:29
*** spzala has quit IRC03:29
*** spring_ is now known as grassy03:31
openstackgerritDave Chen proposed openstack/keystone: Switch to use `new_domain_ref` for testcases  https://review.openstack.org/28451003:31
*** shoutm has quit IRC03:32
*** lennyb__ has joined #openstack-keystone03:35
*** lennyb has quit IRC03:40
*** dims has quit IRC03:48
*** shoutm has joined #openstack-keystone03:56
*** doug-fish has joined #openstack-keystone04:00
*** doug-fish has quit IRC04:05
*** browne has joined #openstack-keystone04:06
*** lhcheng has joined #openstack-keystone04:11
*** ChanServ sets mode: +v lhcheng04:11
*** woodster_ has joined #openstack-keystone04:20
*** marg7175_ has quit IRC04:21
*** shoutm has quit IRC04:24
openstackgerritSteve Martinelli proposed openstack/keystone: remove deprecated revoke_by_expiration function  https://review.openstack.org/27113504:25
openstackgerritMerged openstack/keystone: IPV6 test unblacklist  https://review.openstack.org/28733904:34
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656504:36
*** mylu has quit IRC04:36
*** mylu has joined #openstack-keystone04:37
*** shoutm has joined #openstack-keystone04:38
*** roxanagh_ has quit IRC04:44
*** jasonsb has joined #openstack-keystone04:45
*** mylu has quit IRC04:48
*** fpatwa_ has joined #openstack-keystone04:53
*** mylu has joined #openstack-keystone04:56
*** dan_nguyen has quit IRC04:58
*** fpatwa_ has quit IRC05:15
*** alex_xu has joined #openstack-keystone05:18
*** roxanaghe has joined #openstack-keystone05:20
*** alex_xu_ has quit IRC05:21
*** shoutm_ has joined #openstack-keystone05:27
*** shoutm has quit IRC05:28
*** Nirupama has joined #openstack-keystone05:32
*** jdennis1 has joined #openstack-keystone05:35
*** jdennis has quit IRC05:35
*** kiran-r has joined #openstack-keystone05:37
*** alex_xu_ has joined #openstack-keystone05:50
*** fpatwa_ has joined #openstack-keystone05:51
*** alex_xu has quit IRC05:53
*** sdake has joined #openstack-keystone05:59
*** dave-mccowan has quit IRC06:01
*** sdake has quit IRC06:16
davechenstevemar: looks like you hold a patch to remove eventlet relevant code. - https://review.openstack.org/#/c/249486/06:18
patchbotdavechen: patch 249486 - keystone - Remove eventlet support06:18
stevemardavechen: yep!06:18
stevemardavechen: i was hoping to do that in M06:18
stevemardavechen: but i think i will wait til N, just to make sure all operators are OK with that...06:19
davechenstevemar: so, this patch seems unneeded anymore - https://review.openstack.org/#/c/283078/06:19
patchbotdavechen: patch 283078 - keystone - Deprecate logger.WritableLogger06:19
stevemardavechen: doesn't hurt06:19
davechencode lgtm anymore.06:19
davechenokay, will push that through, i agree it's harmless.06:19
*** sheel has joined #openstack-keystone06:20
stevemardavechen: thank you sir06:20
*** yarkot_ has joined #openstack-keystone06:21
*** woodster_ has quit IRC06:27
*** fpatwa_ has quit IRC06:29
*** amit213 has quit IRC06:33
*** subscope has joined #openstack-keystone06:35
*** richm has quit IRC06:35
*** mylu has quit IRC06:38
*** mylu has joined #openstack-keystone06:39
*** ChanServ sets mode: +v topol_06:40
*** topol_ is now known as topol06:40
*** mylu_ has joined #openstack-keystone06:41
*** mylu has quit IRC06:44
*** dan_nguyen has joined #openstack-keystone06:47
*** dan_nguyen has quit IRC06:48
*** yarkot_ has quit IRC06:52
*** roxanaghe has quit IRC06:53
*** spandhe has joined #openstack-keystone06:54
*** mylu_ has quit IRC06:54
*** roxanaghe has joined #openstack-keystone06:55
*** amit213 has joined #openstack-keystone07:04
*** amit213 has quit IRC07:06
*** amit213 has joined #openstack-keystone07:08
*** amit213 has quit IRC07:10
*** jaosorior has joined #openstack-keystone07:15
*** amit213 has joined #openstack-keystone07:15
*** jasonsb has quit IRC07:16
*** amit213 has quit IRC07:18
*** prosun has quit IRC07:21
*** prosun has joined #openstack-keystone07:21
*** spandhe has quit IRC07:23
*** boris-42 has quit IRC07:34
*** boris-42 has joined #openstack-keystone07:35
stevemarmorgan: o/07:36
stevemartopol: go home07:36
stevemarmorgan: thanks for the bug triaging again ^_^07:36
*** amit213 has joined #openstack-keystone07:40
*** amit213 has quit IRC07:42
*** pcaruana has joined #openstack-keystone07:45
*** roxanaghe has quit IRC07:46
morgan?07:47
*** jasonsb has joined #openstack-keystone07:47
*** EinstCra_ has joined #openstack-keystone07:52
*** jasonsb has quit IRC07:52
*** e0ne has joined #openstack-keystone07:55
*** EinstCrazy has quit IRC07:56
*** e0ne has quit IRC07:56
*** jed56 has joined #openstack-keystone07:57
stevemarmorgan: nothing else, just thanks07:58
*** markvoelker has quit IRC08:03
*** wxy has joined #openstack-keystone08:06
*** EinstCra_ has quit IRC08:06
*** EinstCrazy has joined #openstack-keystone08:06
*** amit213 has joined #openstack-keystone08:09
*** amit213 has quit IRC08:13
*** neophy has joined #openstack-keystone08:14
*** amit213 has joined #openstack-keystone08:16
*** GB21 has joined #openstack-keystone08:17
*** amit213 has quit IRC08:18
*** amit213 has joined #openstack-keystone08:25
*** lhcheng has quit IRC08:26
*** henrynash has joined #openstack-keystone08:33
*** ChanServ sets mode: +v henrynash08:33
*** e0ne has joined #openstack-keystone08:36
*** browne has quit IRC08:37
*** e0ne has quit IRC08:38
*** henrynash has quit IRC08:42
*** henrynash has joined #openstack-keystone08:43
*** ChanServ sets mode: +v henrynash08:43
*** jasonsb has joined #openstack-keystone08:51
*** jasonsb has quit IRC08:55
*** petertr7_away has quit IRC09:03
*** markvoelker has joined #openstack-keystone09:03
*** petertr7_away has joined #openstack-keystone09:07
*** petertr7_away is now known as petertr709:07
*** jistr has joined #openstack-keystone09:17
*** EinstCrazy has quit IRC09:18
*** EinstCrazy has joined #openstack-keystone09:19
*** daemontool_ has joined #openstack-keystone09:19
*** josecastroleon has joined #openstack-keystone09:23
*** e0ne has joined #openstack-keystone09:24
*** mhickey has joined #openstack-keystone09:30
*** subscope has quit IRC09:38
*** belmoreira has joined #openstack-keystone09:51
*** grassy is now known as davechen_afk09:52
*** davechen has left #openstack-keystone09:52
*** openstackgerrit_ has joined #openstack-keystone09:53
*** e0ne has quit IRC10:00
*** openstackgerrit_ has quit IRC10:02
*** openstackgerrit_ has joined #openstack-keystone10:02
*** openstackgerrit_ has quit IRC10:02
*** boris-42 has quit IRC10:04
*** odyssey4me_ is now known as odyssey4me10:07
*** e0ne has joined #openstack-keystone10:10
*** EinstCrazy has quit IRC10:13
*** EinstCrazy has joined #openstack-keystone10:13
*** EinstCrazy has quit IRC10:18
*** raildo-afk is now known as raildo10:42
*** mvk has joined #openstack-keystone10:43
*** josecastroleon has quit IRC10:43
openstackgerritKalaswan Datta proposed openstack/keystone: Clear the project ID from user information  https://review.openstack.org/27770710:45
*** jasonsb has joined #openstack-keystone10:52
*** jasonsb has quit IRC10:57
*** doug-fish has joined #openstack-keystone11:00
*** GB21 has quit IRC11:00
*** alex_xu_ has quit IRC11:01
*** alex_xu has joined #openstack-keystone11:02
*** jed56 has quit IRC11:03
*** doug-fish has quit IRC11:05
*** Nirupama has quit IRC11:08
*** links has quit IRC11:08
*** Nirupama has joined #openstack-keystone11:09
*** links has joined #openstack-keystone11:10
*** raildo is now known as raildo-afk11:12
*** dims has joined #openstack-keystone11:14
*** neophy has quit IRC11:17
openstackgerritMerged openstack/keystone: Deprecate logger.WritableLogger  https://review.openstack.org/28307811:20
openstackgerritMerged openstack/keystone: Return 404 instead of 401 for tokens w/o roles  https://review.openstack.org/27743611:22
*** dims has quit IRC11:26
*** dims has joined #openstack-keystone11:27
*** jed56 has joined #openstack-keystone11:28
*** GB21 has joined #openstack-keystone11:31
*** mvk has quit IRC11:32
*** pece has joined #openstack-keystone11:34
*** tqtran has quit IRC11:42
*** fpatwa_ has joined #openstack-keystone11:50
*** EinstCrazy has joined #openstack-keystone11:55
*** dave-mccowan has joined #openstack-keystone11:56
*** mvk has joined #openstack-keystone11:59
*** openstackgerrit has quit IRC12:03
*** openstackgerrit has joined #openstack-keystone12:03
*** shoutm has joined #openstack-keystone12:05
*** shoutm_ has quit IRC12:09
*** doug-fish has joined #openstack-keystone12:19
openstackgerritJens Rosenboom proposed openstack/keystoneauth: Swap the order of username deprecation  https://review.openstack.org/28775412:22
*** rk4n has joined #openstack-keystone12:27
*** GB21 has quit IRC12:30
*** josecastroleon has joined #openstack-keystone12:30
*** doug-fish has quit IRC12:31
*** belmoreira has quit IRC12:31
*** belmoreira has joined #openstack-keystone12:31
*** doug-fish has joined #openstack-keystone12:34
*** jaosorior has quit IRC12:39
*** jaosorior has joined #openstack-keystone12:39
*** jaosorior has quit IRC12:39
*** jaosorior has joined #openstack-keystone12:40
*** gordc has joined #openstack-keystone12:41
*** pauloewerton has joined #openstack-keystone12:52
*** jdennis1 has quit IRC12:52
*** jdennis has joined #openstack-keystone12:52
*** jasonsb has joined #openstack-keystone12:54
*** jasonsb has quit IRC12:59
*** henrynash has quit IRC13:00
*** raildo-afk is now known as raildo13:11
*** fpatwa_ has quit IRC13:11
*** markvoelker has quit IRC13:11
*** markvoelker has joined #openstack-keystone13:11
*** sdake has joined #openstack-keystone13:14
*** Nirupama has quit IRC13:34
*** links has quit IRC13:34
*** kiran-r has quit IRC13:40
*** ninag has joined #openstack-keystone13:42
*** richm has joined #openstack-keystone13:43
*** edmondsw has joined #openstack-keystone13:48
*** kiran-r has joined #openstack-keystone13:50
*** anush has quit IRC13:52
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552113:53
*** EinstCrazy has quit IRC13:55
*** EinstCrazy has joined #openstack-keystone13:56
*** henrynash has joined #openstack-keystone13:56
*** ChanServ sets mode: +v henrynash13:56
*** GB21 has joined #openstack-keystone13:58
*** jed56 has quit IRC14:03
*** kashyap has joined #openstack-keystone14:05
*** rodrigods has quit IRC14:06
*** rodrigods has joined #openstack-keystone14:06
*** GB21 has quit IRC14:11
*** mylu has joined #openstack-keystone14:14
*** links has joined #openstack-keystone14:15
*** mylu has quit IRC14:15
*** doug-fish has quit IRC14:17
*** GB21 has joined #openstack-keystone14:21
*** doug-fish has joined #openstack-keystone14:22
*** doug-fish has quit IRC14:24
*** doug-fish has joined #openstack-keystone14:24
lbragstadmorgan remember when we were having a discussion about the v3 validate token path and the v2.0 validate token path?14:25
kashyapayoung: When you get a moment, any hints as to why I see this on instance boot?  "The resource could not be found. (HTTP 404)".  A relavant trace http://paste.openstack.org/show/489154/14:28
ayoungkashyap, user id is bogus?14:28
ayoungor the token itself?14:29
kashyapayoung: I see.  I'm just looking a liberty Nova bug, and that trace is all I've got14:29
kashyap"Shit explodes, please figure it all out"- style bug report14:29
kashyap:-)14:29
ayoungkashyap, PEBCAK14:29
kashyapayoung: Okay, I'm asking the reporter for more details, anyway.  This is not sufficient14:30
*** jsavak has joined #openstack-keystone14:30
* kashyap wrote this - https://wiki.openstack.org/wiki/BugFilingRecommendations long time ago. But hey, expecting someone to read docs is a bit too much I guess :-)14:30
*** links has quit IRC14:30
*** shoutm has quit IRC14:34
*** Guest60497 is now known as dansmith14:36
*** roxanaghe has joined #openstack-keystone14:40
*** roxanaghe has quit IRC14:40
*** knikolla has joined #openstack-keystone14:41
*** mylu has joined #openstack-keystone14:43
*** petertr7 is now known as petertr7_away14:48
*** petertr7_away is now known as petertr714:50
openstackgerritLance Bragstad proposed openstack/keystone: Add notifications to user/group membership  https://review.openstack.org/28785714:54
*** GB21 has quit IRC14:55
lbragstadstevemar I took a stab at https://bugs.launchpad.net/keystone/+bug/1552639 - and having your expert notification opinion would be awesome :)14:57
openstackLaunchpad bug 1552639 in OpenStack Identity (keystone) "notification not generated on adding user to group" [Low,In progress] - Assigned to Lance Bragstad (lbragstad)14:57
*** henrynash has quit IRC15:00
*** belmoreira has quit IRC15:01
*** henrynash has joined #openstack-keystone15:01
*** ChanServ sets mode: +v henrynash15:01
*** henrynash has quit IRC15:04
*** rcernin has joined #openstack-keystone15:04
*** EinstCrazy has quit IRC15:08
*** EinstCrazy has joined #openstack-keystone15:08
*** mylu has quit IRC15:08
*** frickler has joined #openstack-keystone15:11
*** fpatwa_ has joined #openstack-keystone15:11
*** spandhe has joined #openstack-keystone15:11
*** spandhe has quit IRC15:14
*** pushkaru has joined #openstack-keystone15:15
*** fpatwa_ has quit IRC15:16
stevemarlbragstad: cool beans15:18
*** sigmavirus24_awa is now known as sigmavirus2415:18
lbragstadstevemar henrynash had a good comment on that review15:19
lbragstadstevemar we currently don't support the ability to notify two entities in the payload, do we?15:20
lbragstadand in the cadf case - that would be sending the group ID, the user ID of the the user being added to the group, and the user information of the user that performed the operation, right?15:20
openstackgerritTin Lam proposed openstack/keystoneauth: Properly set ClientException message  https://review.openstack.org/28575715:21
*** dikonoor has joined #openstack-keystone15:23
*** slberger has joined #openstack-keystone15:23
*** jasonsb has joined #openstack-keystone15:25
*** dikonoor has quit IRC15:25
*** dave-mccowan has quit IRC15:28
*** dave-mccowan has joined #openstack-keystone15:28
*** dan_nguyen has joined #openstack-keystone15:29
stevemarMITAKA-3 RELEASE HAPPENED Y'ALL!15:30
samueldmqstevemar: \o/15:30
*** john5223 has joined #openstack-keystone15:32
*** mhickey has quit IRC15:34
samueldmqmorgan: marked 1367740 as duplicate; the other bug has been closed already15:34
samueldmqmorgan: so that issue's been solved; thanks for cleaning things up :)15:35
samueldmqstevemar: dstanek: morgan: oh wait, https://bugs.launchpad.net/keystone teels me there are only 114 bugs15:36
samueldmqo/15:36
dstaneksamueldmq: that's still way too high15:36
morgansamueldmq: a bunch of incomplete marked bugs too15:37
samueldmqdstanek: yes, but much much better than we had a few months ago15:37
samueldmqmorgan: ++15:37
morganI think we are at 100 ish.15:38
morganAnd a good 50% are wishlist15:38
morganSo 50 bugs that need to be addressed15:38
morganAnd 50 that would be nice but could wait a loong time15:39
*** dan_nguyen has quit IRC15:39
samueldmqmorgan: great15:40
*** yarkot_ has joined #openstack-keystone15:44
*** yarkot_ has quit IRC15:49
*** EinstCrazy has quit IRC15:50
*** EinstCrazy has joined #openstack-keystone15:50
*** henrynash has joined #openstack-keystone15:52
*** ChanServ sets mode: +v henrynash15:52
*** marg7175 has joined #openstack-keystone15:52
*** EinstCra_ has joined #openstack-keystone15:55
*** pece has quit IRC15:55
navidpstevemar, I uploaded a new patch for osc auth migration https://review.openstack.org/#/c/276350/15:56
patchbotnavidp: patch 276350 - python-openstackclient - Moving authentication from keystoneclient to keyst...15:56
*** kashyap has left #openstack-keystone15:56
*** EinstCrazy has quit IRC15:57
bknudsonnow I get a warning: WARNING:test command found but not installed in testenv15:57
*** anush has joined #openstack-keystone15:58
*** spzala has joined #openstack-keystone15:58
*** henrynash has quit IRC15:59
bknudsonmaybe we need a different way to track wishlist bugs if it's too annoying to have them in launchpad?16:00
*** EinstCra_ has quit IRC16:01
*** EinstCrazy has joined #openstack-keystone16:01
*** e0ne has quit IRC16:02
*** jsavak has quit IRC16:06
navidpstevemar, if you have time can you look at this patch https://review.openstack.org/#/c/276350/16:06
patchbotnavidp: patch 276350 - python-openstackclient - Moving authentication from keystoneclient to keyst...16:06
*** EinstCrazy has quit IRC16:06
*** rcernin has quit IRC16:06
*** jistr is now known as jistr|call16:08
*** permalac has joined #openstack-keystone16:12
*** browne has joined #openstack-keystone16:13
*** jsavak has joined #openstack-keystone16:25
*** jistr|call is now known as jistr16:26
*** ryanpetrello has quit IRC16:30
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552116:30
morganbknudson: maybe launchpad is the issue :P16:31
morganbknudson: reardless of the bug prio16:32
*** pgbridge has joined #openstack-keystone16:32
*** jsavak has quit IRC16:32
*** jsavak has joined #openstack-keystone16:33
*** rk4n has quit IRC16:45
*** mhickey has joined #openstack-keystone16:46
*** petertr7 is now known as petertr7_away16:49
*** ryanpetrello has joined #openstack-keystone16:51
*** jorge_munoz has joined #openstack-keystone16:52
openstackgerritLance Bragstad proposed openstack/keystone: Add notifications to user/group membership  https://review.openstack.org/28785716:52
openstackgerritLance Bragstad proposed openstack/keystone: Add ability to send notifications for actors  https://review.openstack.org/28797716:52
lbragstadstevemar thoughts? https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bug/155263916:54
*** woodster_ has joined #openstack-keystone16:55
bknudsonis there a new https://launchpad.net/keystone/+milestone/mitaka-3 for rc ?16:55
bknudsonah, https://launchpad.net/keystone/+milestone/mitaka-rc116:56
*** spzala has quit IRC16:56
*** spzala has joined #openstack-keystone16:56
*** tellesnobrega is now known as tellesnobrega_af16:57
*** ninag has quit IRC16:57
*** shangxdy has joined #openstack-keystone16:57
*** tellesnobrega_af is now known as tellesnobrega16:57
stevemarbknudson: was just gonna say.. -rc117:00
*** stevemar changes topic to "mitaka-3 done, no more features (you missed your chance) until Newton | Tag bugs as rc-potential - fix more bugs! | https://launchpad.net/keystone/+milestone/mitaka-rc1"17:00
*** ninag has joined #openstack-keystone17:01
*** gyee has joined #openstack-keystone17:01
*** ChanServ sets mode: +v gyee17:01
*** doug-fish has quit IRC17:02
*** ninag_ has joined #openstack-keystone17:02
*** jaosorior has quit IRC17:04
*** ryanpetrello has quit IRC17:05
*** spzala has quit IRC17:05
*** ninag has quit IRC17:05
*** ryanpetrello has joined #openstack-keystone17:05
*** dan_nguyen has joined #openstack-keystone17:06
*** ninag_ has quit IRC17:06
*** petertr7_away is now known as petertr717:07
*** doug-fish has joined #openstack-keystone17:09
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestFernetTokenProvider unscoped token tests  https://review.openstack.org/28690617:12
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestFernetTokenProvider domain-scoped tests  https://review.openstack.org/28690717:12
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestFernetTokenProvider project-scoped tests  https://review.openstack.org/28690817:12
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestFernetTokenProvider trust-scoped tests  https://review.openstack.org/28690917:12
openstackgerritLance Bragstad proposed openstack/keystone: Remove TestFernetTokenProvider  https://review.openstack.org/28691017:12
*** fpatwa_ has joined #openstack-keystone17:12
*** fpatwa_ has quit IRC17:16
*** shaleh has joined #openstack-keystone17:18
navidpdstanek, yes I looked at montys patch17:18
navidpdstanek, what I tried to do is to keep current plugins offered by osc working instead of removing them and if we want to remove them, we can deprecate them, reove later.17:19
*** petertr7 is now known as petertr7_away17:20
navidpdstanek, for the service_catalog issue, In tests/v3/test_token.py there is no test checking token_issue from service_catlalog.17:21
*** jaosorior has joined #openstack-keystone17:26
*** rderose has joined #openstack-keystone17:26
*** spandhe has joined #openstack-keystone17:33
*** pushkaru has quit IRC17:33
*** jistr has quit IRC17:33
dstaneknavidp: i took a quick look at that patch17:34
dstaneknavidp: have you tried to reproduce the failure manually?17:34
navidpdstanek, not yet, but it seems like it is trying to call method which is removed in kas, so is should figure out if it is in different part of code.17:37
navidpI wanted to wirte a test, but it seems the mock service catalog is used, maybe there is other way to get token in ksa17:38
navidpdstanek, this ithink where it throws error https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v3/token.py#L17517:40
*** henrynash has joined #openstack-keystone17:46
*** ChanServ sets mode: +v henrynash17:46
*** lhcheng has joined #openstack-keystone17:46
*** ChanServ sets mode: +v lhcheng17:46
*** jasonsb has quit IRC17:47
*** rderose has quit IRC17:47
*** jsavak has quit IRC17:51
*** ninag has joined #openstack-keystone17:52
*** ninag_ has joined #openstack-keystone17:52
*** richm has quit IRC17:54
*** e0ne has joined #openstack-keystone17:55
*** ninag has quit IRC17:56
*** richm has joined #openstack-keystone17:58
*** rk4n has joined #openstack-keystone17:58
*** marg7175 has quit IRC17:58
*** marg7175 has joined #openstack-keystone18:01
*** henrynash has quit IRC18:01
*** mariusv has quit IRC18:05
*** jsavak has joined #openstack-keystone18:06
*** Ephur has joined #openstack-keystone18:12
*** anush has quit IRC18:14
*** anush has joined #openstack-keystone18:14
*** Ephur_ has joined #openstack-keystone18:16
*** permalac has quit IRC18:17
*** Ephur has quit IRC18:18
*** shangxdy has quit IRC18:18
*** anush has quit IRC18:23
*** marg7175_ has joined #openstack-keystone18:30
*** jaosorior has quit IRC18:31
*** marg7175 has quit IRC18:34
*** spandhe has quit IRC18:35
*** henrynash has joined #openstack-keystone18:37
*** ChanServ sets mode: +v henrynash18:37
*** daemontool_ has quit IRC18:38
*** kiran-r has quit IRC18:38
*** spandhe has joined #openstack-keystone18:42
*** petertr7_away is now known as petertr718:43
*** rcernin has joined #openstack-keystone18:44
openstackgerritguang-yee proposed openstack/keystoneauth: Support TOTP auth plugin  https://review.openstack.org/28108618:46
*** gyee has quit IRC18:46
*** mhickey has quit IRC18:48
*** henrynash has quit IRC18:48
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552118:49
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552118:51
*** marg7175_ has quit IRC18:54
*** mvk has quit IRC18:57
*** e0ne has quit IRC18:57
*** pushkaru has joined #openstack-keystone18:58
*** neophy has joined #openstack-keystone18:58
*** marg7175 has joined #openstack-keystone19:00
*** jsavak has quit IRC19:05
*** jsavak has joined #openstack-keystone19:06
openstackgerritLance Bragstad proposed openstack/keystone: Add notifications to user/group membership  https://review.openstack.org/28785719:07
openstackgerritLance Bragstad proposed openstack/keystone: Add ability to send notifications for actors  https://review.openstack.org/28797719:07
*** fangxu has joined #openstack-keystone19:09
*** spzala has joined #openstack-keystone19:10
*** fpatwa_ has joined #openstack-keystone19:13
*** rloo has joined #openstack-keystone19:13
*** spzala has quit IRC19:15
*** spzala has joined #openstack-keystone19:16
*** sheel has quit IRC19:17
*** rloo has left #openstack-keystone19:17
*** fpatwa_ has quit IRC19:17
*** spzala has quit IRC19:17
*** spzala has joined #openstack-keystone19:18
lbragstadjorge_munoz had a quick comment here https://review.openstack.org/#/c/287413/1/keystone/revoke/core.py19:25
patchbotlbragstad: patch 287413 - keystone - Deprecated revocation functions19:25
*** sdake_ has joined #openstack-keystone19:35
*** sdake has quit IRC19:35
*** bjornar has joined #openstack-keystone19:45
*** marg7175 has quit IRC19:49
*** fangxu has quit IRC19:51
*** browne has quit IRC19:53
*** boris-42 has joined #openstack-keystone19:55
*** ayoung has quit IRC19:56
*** anush has joined #openstack-keystone20:02
*** jsavak has quit IRC20:04
*** jsavak has joined #openstack-keystone20:04
*** phalmos has joined #openstack-keystone20:05
*** Ephur_ has quit IRC20:10
*** sdake_ has quit IRC20:11
*** sdake has joined #openstack-keystone20:12
*** breton has quit IRC20:16
*** slberger has quit IRC20:20
*** slberger1 has joined #openstack-keystone20:20
openstackgerritJorge Munoz proposed openstack/keystone: Deprecated revocation functions  https://review.openstack.org/28741320:23
*** dave-mccowan has quit IRC20:26
*** e0ne has joined #openstack-keystone20:32
*** ayoung has joined #openstack-keystone20:33
*** ChanServ sets mode: +v ayoung20:33
lbragstaddolphm right now UUID tokens are validated with the information that was put into the database when they were created20:36
dolphmwe were discussing in the wrong channel if anyone wants to catch up: http://cdn.pasteraw.com/ro8xxz1hhsit7igcvqyvqv5r3o677ri20:36
lbragstadso it is possible for uuid tokens to be validated with stale data20:36
lbragstadwhich is where the revocation events come into play for uuid tokens20:36
lbragstadin order for https://review.openstack.org/#/c/287413/2 to be removed before uuid tokens are removed - then uuid tokens need to follow the same validation approach that fernet takes (if i'm understanding everything correctly)20:37
patchbotlbragstad: patch 287413 - keystone - Deprecated revocation functions20:37
lbragstadit's essentially this comment - https://github.com/openstack/keystone/blob/e2ee0641922c46c5cd5f9b541865f45b63d7b78d/keystone/token/providers/common.py#L773-L78020:38
dolphmprior to revocation events, we did the revocation list with valid=False in SQL, and a ton of querying whenever a revocation event occurred20:39
*** spzala has quit IRC20:39
dolphmsuper slow20:39
dolphmwe can't go back to that20:39
*** spzala has joined #openstack-keystone20:39
lbragstaddolphm so what if we removed all the stuff that is shoved into extras when a uuid token is persisted?20:40
lbragstadand force keystone to rebuild the token reference when it validates a uuid token?20:41
lbragstadjust like it does with a fernet token?20:41
bknudsonuuid validation should be the same as fernet validation20:42
bknudsonalthough I can see how a revocation event might not work correctly when the properties of the token change.20:43
lbragstadinstead of relying on what was persisted in the database and assuming nothing changed (example, user gets a token, user is removed from project, user validates a token).20:43
lbragstadin ^ that case - we have to rely on revocation events because the token reference consists of stale data20:43
lbragstaddata that *was* valid when the token was created.20:44
*** spzala has quit IRC20:44
*** jsavak has quit IRC20:44
bknudsonwhat if you revoke a token with role = whatever20:45
*** jsavak has joined #openstack-keystone20:45
bknudsonthen the user roles change so they don't have role=whatever20:45
bknudsonnow all their old tokens are valid again20:45
bknudsonbecause the user doesn't have the role anymore20:46
*** alex_xu has quit IRC20:46
bknudsonmaybe we don't support revoking all tokens with role = whatever?20:46
lbragstadbknudson we could issue a revoke by user id revocation event20:46
bknudsonuser id isn't going to change so we don't have to worry about that condition20:47
*** rk4n has quit IRC20:48
lbragstadbknudson so your case is - user gets a role on a project, user authenticates, user's role is removed, user validates and is 404'd, user's role is re-added and their original token is valid?20:48
bknudsonlbragstad: I'd have to know what are the types of revocations we support to come up with an example20:49
*** alex_xu has joined #openstack-keystone20:49
lbragstadbknudson for starts we want to get rid of https://review.openstack.org/#/c/287413/220:49
patchbotlbragstad: patch 287413 - keystone - Deprecated revocation functions20:49
*** doug-fis_ has joined #openstack-keystone20:49
*** doug-fish has quit IRC20:50
*** tqtran has joined #openstack-keystone20:50
*** anush has quit IRC20:51
*** dave-mccowan has joined #openstack-keystone20:51
bknudsonbknudson: right, based on that change server could check at time n and the resource isn't "live" and then it comes back "live" later and the token is back to valid20:51
bknudsonstrange, but I guess it's not going to lead to incorrect results20:51
*** dave-mcc_ has joined #openstack-keystone20:54
*** e0ne has quit IRC20:54
*** gyee has joined #openstack-keystone20:55
*** ChanServ sets mode: +v gyee20:55
raildobknudson: about your comment on this patch, so we can just remove this code on mitaka, right?20:56
morganbknudson: it should be "ok"20:56
morganbknudson: but generally speaking that is a concern with any/all revocation things :(20:57
*** dave-mccowan has quit IRC20:57
bknudsonI thought we might have a "revoke all tokens with this role before this time" (when someone disables a role)20:58
morganbknudson: we do...-ish20:58
dstanekweird... getting "Couldn't find remote ref refs/changes/####/7" when trying to "git review -d" - has anyone seen that before?20:58
morganbknudson: it's not particularly good20:58
lbragstaddstanek wrong repository20:58
morganbknudson: it almost would be better to just revoke user/project combo,20:58
bknudsonraildo: y, either remove the code or wait until n to remove the code20:59
bknudsonno need to deprecate internal methods20:59
bknudsonmorgan: with the propsed change, there is no revoking user+project20:59
raildobknudson: got it... thanks20:59
lbragstadbknudson morgan would we need to do that if we rebuild the token reference on validation?20:59
*** e0ne has joined #openstack-keystone21:00
morganlbragstad: not as much21:00
morganlbragstad: which is thankfully how fernet works21:00
morganlbragstad: if we move uuid to the same mechanism it's less important EXCEPT when cached...which is a know "meh"21:00
bknudsonwhy do we still need revoke by user_id in https://review.openstack.org/#/c/287413/2/keystone/revoke/core.py ?21:00
patchbotbknudson: patch 287413 - keystone - Deprecated revocation functions21:00
morganbknudson: ^ cc21:00
dstaneklbragstad: hmm....it's not though :-( maybe i screwed something up and i just need a fresh clone21:01
lbragstadso we go from having a bunch of revocation events to having less than a bunch21:01
bknudsonyou can check if the user is enabled or deleted21:01
morganbknudson: password change21:01
lbragstaddstanek strange21:01
bknudsonmorgan: ok, makes sense21:01
morganbknudson: it's the only case where a revoke-by-user-id is aboslutely required.21:01
lbragstadyeah - then all revoke because role assignment stuff goes away21:01
morganso, if we rebuild all the roles etc every time and the token body [like we should] most of the revokes don't matter ouside of the 300-600s cache21:02
jorge_munozbknudson: So for deployers creating their now drivers, wouldn’t it be good to show the deprecation warning?21:04
bknudsonjorge_munoz: deployers create their drivers using the driver interface, not the manager21:04
bknudsonthe driver interface is at line 242 in revoke/core.py21:05
bknudsonthe driver interface uses keystone.revoke.model.RevocationEvent , so if that's changing we'll need to warn driver implementations21:06
lbragstadthe only other case would be if people were writing their own drivers (i.e. identity driver) and they were calling into the revocation manager from their driver.21:07
lbragstadthat would be a possibility - not sure how likely but...21:07
bknudsonthe manager doesn't provide a stable interface. it's only the drivers21:08
*** raildo is now known as raildo-afk21:08
bknudsonlet's not make this harder on ourselves21:08
jorge_munozbknudson: Ok, that makes sense. I’m all for just removing the code when it’s not longer being used.21:09
*** rk4n has joined #openstack-keystone21:13
*** rk4n has quit IRC21:14
*** spzala has joined #openstack-keystone21:14
dolphmlbragstad: drivers should not call back into managers, anyway21:14
*** fpatwa_ has joined #openstack-keystone21:14
dolphmdstanek: i threw this together, and then discovered that there are test which directly disagree with my commit message (feature deprecated in A for removal in A); what's the point? https://review.openstack.org/#/c/288127/21:15
patchbotdolphm: patch 288127 - oslo.log - Validate the value of remove_in21:15
*** e0ne has quit IRC21:17
*** e0ne has joined #openstack-keystone21:17
morgandolphm: uhm isn't in 0 meant to be "no plans for removal"?21:18
morganthat was my understanding of it21:18
morganmaybe it should be -121:18
*** spzala has quit IRC21:18
*** fpatwa_ has quit IRC21:18
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Generate swagger  https://review.openstack.org/28749921:19
dstanekdolphm: hmmm...and there's a test for that case?21:20
dstanekdolphm: A meaning 0 or some other number?21:21
bknudsonif you paste http://paste.openstack.org/raw/489241/ into http://editor.swagger.io/#/ , you'll see some rendered docs generated from the server21:21
bknudson(collapse the errors it's still WIP)21:22
bknudsonthe other thing you can do is go to http://editor.swagger.io/#/ and generate a python client library from the swagger21:24
*** pauloewerton has quit IRC21:24
*** fangxu has joined #openstack-keystone21:24
*** ayoung has quit IRC21:24
dstanekdolphm: that failing test is just checking that the thing won't be removed because remove_in=021:25
*** spzala has joined #openstack-keystone21:26
*** e0ne has quit IRC21:28
openstackgerritMichael Krotscheck proposed openstack/keystone: Consolidate configuration default overrides  https://review.openstack.org/28629121:28
*** breton has joined #openstack-keystone21:28
*** tqtran has quit IRC21:31
*** dave-mcc_ has quit IRC21:31
*** e0ne has joined #openstack-keystone21:37
*** dave-mccowan has joined #openstack-keystone21:40
bknudsonhere's an improved swagger doc with no errors (luckily we've already got the path vars from JSONHome): http://paste.openstack.org/raw/489246/21:41
*** spzala has quit IRC21:43
*** rcernin has quit IRC21:45
*** rk4n has joined #openstack-keystone21:46
*** rk4n has quit IRC21:46
openstackgerritSean Perry proposed openstack/keystone: Adding 'domain_id' filter to list_user_projects()  https://review.openstack.org/18256921:53
*** rk4n has joined #openstack-keystone21:53
*** fawadkhaliq has joined #openstack-keystone21:55
openstackgerritTrevor McCasland proposed openstack/keystone: Add and change max size validation parameters  https://review.openstack.org/28539321:56
*** rk4n has quit IRC21:57
shalehbknudson: good work with the swagger stuff21:59
bknudsonshaleh: thanks! we'll see if this gets anywhere.22:00
shalehbknudson: first step is having it do something. Now people can bike shed.22:01
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Generate swagger  https://review.openstack.org/28749922:02
lbragstaddolphm ++ agreed, I'd like to think that we would discourage that case if we did something that broke someone22:03
shalehbknudson: so will we need to add more HTTP codes to keystone/common/wsgi.py? What about expected failure codes?22:04
bknudsonshaleh: yes, there's a lot of work to do. Figuring out the HTTP codes to improve the docs is one thing to do.22:05
bknudsonalso is to get a schema for input / output22:05
bknudsonand other input / output parameters22:05
shalehbknudson: so long term the idea is to have changes to the API docs reflected here in wsgi.py?22:06
*** Ephur has joined #openstack-keystone22:06
*** yarkot_ has joined #openstack-keystone22:07
bknudsonshaleh: hopefully we can have the API docs in swagger22:07
*** petertr7 is now known as petertr7_away22:07
bknudsonbut of course everything in the API docs / spec now should be in our swagger definition22:07
bknudsonthe docs team is working on a tool to convert the WADLs that generates the API docs to swagger22:08
*** spandhe has quit IRC22:08
bknudsonfairyslipper22:08
bknudsonI'm not sure that's the best way to get our swagger doc... maybe we should generate it from keystone22:08
*** henrynash has joined #openstack-keystone22:12
*** ChanServ sets mode: +v henrynash22:12
*** spandhe has joined #openstack-keystone22:13
*** yarkot_ has quit IRC22:16
shalehit is ugly grunt work in any direction22:19
shaleh(sorry, team meeting)22:19
*** knikolla has quit IRC22:20
openstackgerritLance Bragstad proposed openstack/keystone: Add notifications to user/group membership  https://review.openstack.org/28785722:27
*** edmondsw has quit IRC22:28
*** e0ne has quit IRC22:35
*** ayoung has joined #openstack-keystone22:36
*** ChanServ sets mode: +v ayoung22:36
*** ninag_ has quit IRC22:47
*** jorge_munoz has quit IRC22:55
*** ayoung has quit IRC22:55
*** jorge_munoz has joined #openstack-keystone22:55
*** sdake has quit IRC22:57
*** sdake has joined #openstack-keystone23:00
*** jsavak has quit IRC23:02
*** GB21 has joined #openstack-keystone23:09
*** sdake has quit IRC23:11
*** fpatwa_ has joined #openstack-keystone23:15
*** sdake has joined #openstack-keystone23:17
*** ayoung has joined #openstack-keystone23:18
*** ChanServ sets mode: +v ayoung23:18
*** fawadkhaliq has quit IRC23:18
*** fawadkhaliq has joined #openstack-keystone23:18
*** fpatwa_ has quit IRC23:19
*** fawadkhaliq has quit IRC23:21
*** fawadkhaliq has joined #openstack-keystone23:21
*** sdake has quit IRC23:22
*** ianw has quit IRC23:28
*** gordc has quit IRC23:29
openstackgerritSean Perry proposed openstack/keystoneauth: Apply a heuristic for product name if a user_agent is not provided  https://review.openstack.org/28817523:30
*** tqtran has joined #openstack-keystone23:30
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Generate swagger  https://review.openstack.org/28749923:33
*** neophy has quit IRC23:34
*** sdake has joined #openstack-keystone23:41
*** knikolla has joined #openstack-keystone23:44
*** knikolla has quit IRC23:51
*** ianw has joined #openstack-keystone23:59
« Wednesday, 2016-03-02 Index Friday, 2016-03-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!