Wednesday, 2016-03-30

« Tuesday, 2016-03-29 Index Thursday, 2016-03-31 »
openstackgerritMerged openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604100:04
*** roxanaghe has joined #openstack-keystone00:04
*** harlowja has quit IRC00:05
*** dflorea has joined #openstack-keystone00:07
*** roxanaghe has quit IRC00:08
openstackgerritMerged openstack/keystone: Switch migration tests to oslo.db DbTestCase  https://review.openstack.org/29424600:09
openstackgerritMerged openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601700:09
openstackgerritMerged openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601800:09
openstackgerritMerged openstack/keystone: Opportunistic testing with different DBs  https://review.openstack.org/29583700:10
*** gokrokve has joined #openstack-keystone00:10
*** dflorea has quit IRC00:11
*** richm has quit IRC00:13
*** dflorea has joined #openstack-keystone00:14
*** timcline has joined #openstack-keystone00:14
*** gokrokve has quit IRC00:15
*** dflorea has quit IRC00:15
*** dflorea has joined #openstack-keystone00:16
*** timcline has quit IRC00:19
*** fawadkhaliq has quit IRC00:20
*** fawadkhaliq has joined #openstack-keystone00:20
*** dan_nguyen has quit IRC00:22
*** sdake has quit IRC00:22
*** mylu has quit IRC00:24
*** sdake has joined #openstack-keystone00:24
*** roxanaghe_ has quit IRC00:24
*** gokrokve has joined #openstack-keystone00:24
*** fawadkhaliq has quit IRC00:24
*** timcline has joined #openstack-keystone00:25
*** mylu has joined #openstack-keystone00:25
*** furface has quit IRC00:26
*** furface has joined #openstack-keystone00:27
*** timcline has quit IRC00:29
*** shaleh has quit IRC00:30
*** mylu has quit IRC00:30
*** mylu has joined #openstack-keystone00:32
*** mylu has quit IRC00:36
*** dflorea has quit IRC00:37
*** dflorea has joined #openstack-keystone00:40
*** gokrokve has quit IRC00:43
*** mylu has joined #openstack-keystone00:43
*** mylu has quit IRC00:49
*** mylu has joined #openstack-keystone00:53
*** harlowja has joined #openstack-keystone00:54
*** mylu has quit IRC00:54
*** mylu has joined #openstack-keystone00:58
*** sdake_ has joined #openstack-keystone00:59
*** mylu has quit IRC01:00
*** dflorea has quit IRC01:01
*** browne has quit IRC01:01
*** sdake has quit IRC01:02
*** sheel has joined #openstack-keystone01:03
*** mylu has joined #openstack-keystone01:09
*** EinstCrazy has joined #openstack-keystone01:13
*** tqtran has quit IRC01:19
*** timcline has joined #openstack-keystone01:26
*** raginbajin has quit IRC01:30
*** krotscheck_dcm has quit IRC01:31
*** mnaser has quit IRC01:31
*** timcline has quit IRC01:31
*** raginbajin has joined #openstack-keystone01:31
*** krotscheck has joined #openstack-keystone01:33
*** EinstCrazy has quit IRC01:34
*** EinstCrazy has joined #openstack-keystone01:34
*** spandhe has quit IRC01:38
*** mnaser has joined #openstack-keystone01:38
*** dflorea has joined #openstack-keystone01:43
*** gyee has quit IRC01:47
*** dave-mccowan has joined #openstack-keystone01:54
EmilienMayoung: re- policies: maybe if you describe me the manual actions that are required to make it work, maybe I can determine if our current puppet-keystone is able to do it or not and if we can do it or not01:54
ayoungEmilienM, cool...ok01:54
ayoungLet me explain...no ... is too much, let me sum up01:55
EmilienMahah ok01:55
ayoungPolicies are not supposed to be the static things they are now01:55
*** dflorea has quit IRC01:55
EmilienMright, currently policy.json file make them static.01:55
ayoungfor example,  differnt sites want to chose to allow or not allow end users to manage neutron stuff01:55
ayoungso..trying to get a way to make them changeable post deploy01:56
ayoungthere was a mail I read a day or so ago from one of our consultants who was trying to get a read-only role implemented01:56
ayoungbasically, he created a repo in the undercloud01:56
ayoungit was just a directory, with a layout mirroring /etc01:57
ayoungany of the files he wanted to sync to the overcloud controllers he put in there.  THen...01:57
ayounghe did iteratvie development and testing on the policy until it looked right, and synced them down to the node via ssh01:57
ayounghe did puppet's job for puppet01:57
ayoungso...this points out the two things we need:01:58
ayoung1 some sort of staging repo01:58
ayoung2 some way to sync from there to the nodes01:58
ayoungnow, I have a third thing I want01:58
ayoungwhich is to put the files into the keystone policy API, so that other people can query "what policy is in effect"01:58
ayoungthe api has 2 steps01:59
ayoungthe first is uploading a file01:59
ayoungthe second is the service or endpoint association01:59
ayoungmeaning endpoijg id xyz (some nova node) might get a custom policy01:59
*** dims has quit IRC01:59
ayoungEmilienM, so, what I was thinking was that we could possibly use the Keystone API *as* the staging area02:00
EmilienMso operators have to create a file and upload it?02:00
ayoungEmilienM, right02:00
ayoungHowever, this might rub some people the wrong way02:00
ayoungits like, staging a config file inside a web server02:00
EmilienMwhat puppet could do is, generate as many files as you want, and upload it02:00
*** dan_nguyen has joined #openstack-keystone02:02
ayoungEmilienM, from a workflow perspective,  I think it would start on the admins laptop. They should have the tools to test and develop the policy file, then copy it to the undercloud.  Puppet should take it from there.  However...that menas that all consuemrs of policy need to be managed by the same puppet.02:03
ayoungwhich might be fine02:03
*** tqtran has joined #openstack-keystone02:03
ayoungbut under the big tent, I don't know if that is actually wise?  Are we going to have third party services that need to comsume tokens etc?02:03
ayoungand have their own policy and stuff?  I would think so.02:04
EmilienMI'm a bit confused by undercloud & "managed by the same puppet"02:04
ayoungWhich is one reason I like syncing from the Keystone policy API02:04
*** dims has joined #openstack-keystone02:04
ayoungEmilienM, say there is a third party app for, Fluid Dynamics02:04
ayoungit spins up a cluster to run some big data/HOC type app02:05
EmilienMto me, this sounds like a DAY 2 operation02:05
ayoungright02:05
ayoungDAY 2...I guess..exactly...what is day 2?02:05
EmilienMwell, DAY 1 is initial deployment02:05
EmilienMDAY 2 is start operations02:05
ayoungOK,  I've ggogled it02:05
ayoungyes DAY 2, or even DAY 1502:05
EmilienMif it's DAY 2, I'm not sure we need Puppet.02:06
ayoungBut the thing is, anyone can fetch their policy out of Keystone, so no big deal...we just autodeploy the DAY 1 stuff.02:06
ayoungfor the Overcloud, we use Puppet.  Question is, where do we stage?02:07
EmilienMthis operation sounds like the same as "creating an Image" or "spawning a VM", it's something very specific to the cloud tenant02:07
EmilienMor the cloud admin02:07
ayoungIN Keystone, or stage to a directory, and then copy to the services and to Keystone?02:07
*** tqtran has quit IRC02:07
EmilienMeverything (currently) in tripleo is happenning on DAY 1 and at each upgrade or update.02:08
ayoungEmilienM, is there a web UI coming for the Undercloud deploy process?02:08
ayounger...02:08
ayoungfor managing the underclioud,02:08
ayoungand doing the OVERCLOUD deploy process?02:08
EmilienMthere is tripleo UI, work in progress02:08
EmilienMbut not sure it does undercloud02:08
ayoungOK...so this needs to fit in there02:08
ayoungright, my guess is it runs on the undercloud02:08
EmilienMagain, AFIK OOO is not able to manage DAY 2 things right now02:09
EmilienMbut I might be wrong02:09
EmilienMwe better ask more folks02:09
ayoungNeither is Keystone, but ..weel To me Keystone is kindof useless02:09
ayoungits hobbled.02:09
EmilienMbut, there is a but :)02:09
EmilienMI can see an implementation in puppet-keystone02:09
ayoungright..lets talk about that02:10
ayoungwe don't really have a repo strategy in Tripleo.  Puppet has no where to fetch data from02:10
ayoungI mean,there are the templates, and there is the file you feed to overcloud deploy02:10
EmilienMwhere we could have 1) a define function (like we already have) to create policy (we have one, static now, we can make it dynamic) and 2) a provider that upload this file in keystone API02:10
*** mylu has quit IRC02:10
ayoungWe could also make it flexible enough that we could store the policy in the undercloud Keystone policy API when we tear down the overcloud02:11
*** mylu has joined #openstack-keystone02:11
EmilienM1) means making keystone::policy dynamic, with a define function, that would be able to generate multiple policy.json files02:11
ayoungwe don;t yet need to generate them02:11
EmilienM2) means create a puppet provider that takes the file generated by 1) and upload it02:11
EmilienMstop talking about undercloud / overcloud02:11
EmilienMlet's ignore tripleo02:12
ayoungand by upload, you mean copy to the controller node02:12
EmilienMand make it generic02:12
EmilienMayoung: keystone class is applied on controllers, yes02:12
ayoungEmilienM, so I would add in there a "gather" step02:12
EmilienMcan you describe this step?02:12
ayounggo and grab the policy files from the places that the packages drop them02:12
ayoungok..  so say you are running puppet from a node that does not have Keystone RPM or comparable on it02:13
ayoungwhere does it get policy.json in the first place?02:13
ayoungit installs the RPM, and grabs from there.02:13
EmilienMall nodes running ::keystone class are installing keystone02:13
EmilienMso we would likely use a controller to generate / manage the policies.02:13
ayoungright, os it grabs policy from the first node02:13
ayoungor just stakes a sha256 hash and records that, whatever02:14
ayoungso long as we know how to start the customization process02:14
ayoungRemember, each of the service teams (Nova etc) are responsible for producing the first cut of policy.  So we want to let that live in the ROPMs, but then on deploy, treat it as a manged resource02:15
ayoungremember the quest step, too02:15
*** mylu has quit IRC02:15
ayoungright now, there is no way to ask Nova "what is your policy"02:15
EmilienMlike I said, puppet-keystone does not break existing policy.json (at its current state)02:15
EmilienMwe append it02:15
ayoungEmilienM, append?02:15
EmilienMerr02:15
EmilienMI should learn english02:16
EmilienMwe append it, it's english02:16
EmilienMwe add stuffs02:16
EmilienMwe don't drop stuffs02:16
EmilienMwe can also modify stuffs02:16
EmilienMayoung: maybe we can have a chat tomorrow, with richm, our keystone liaison02:17
ayoungEmilienM, um..sure, but he's really focusod on Logging these days02:17
EmilienMI see02:17
ayoungI think I am going to end up with that role instead02:17
EmilienMayoung: great, we like having experts in our puppet modules02:18
EmilienMayoung: richm is core on puppet-keystone fyi02:18
ayoungI know. I wish he were still focused on it.  But he's smart, and in demand.02:18
ayoungYou'll have to settle for me. But I am trainable02:19
EmilienMI have no doubt02:19
EmilienMayoung: I go to sleep now, can we continue tomorrow? it sounds very interesting02:19
ayoungEmilienM, please go to sleep.  And We will certainly solitic more input02:19
ayoungfrom otheres involved.02:19
EmilienMnice insights, thanks for your patience :-P02:20
*** dflorea has joined #openstack-keystone02:20
*** mylu has joined #openstack-keystone02:21
*** mylu has quit IRC02:26
*** timcline has joined #openstack-keystone02:27
*** mylu has joined #openstack-keystone02:27
*** dflorea has quit IRC02:28
*** timcline has quit IRC02:31
*** mylu has quit IRC02:33
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624602:37
*** Nakato_ is now known as Nakato02:44
*** timcline has joined #openstack-keystone02:45
*** dims_ has joined #openstack-keystone02:45
*** spandhe has joined #openstack-keystone02:45
*** dims has quit IRC02:46
*** GB21 has joined #openstack-keystone02:49
*** agrebennikov has quit IRC03:02
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624603:03
*** lhcheng has quit IRC03:04
*** sdake_ is now known as sdake03:07
*** roxanaghe has joined #openstack-keystone03:07
*** roxanaghe has quit IRC03:12
*** lhcheng has joined #openstack-keystone03:13
*** ChanServ sets mode: +v lhcheng03:13
openstackgerritProsunjit Biswas proposed openstack/keystoneauth: Fix for PEP8 violation - D202  (No blank lines allowed after function docstring.)  https://review.openstack.org/29909903:13
*** lhcheng_ has joined #openstack-keystone03:14
*** lhcheng has quit IRC03:14
*** ebalduf has joined #openstack-keystone03:14
*** mylu has joined #openstack-keystone03:16
*** sdake_ has joined #openstack-keystone03:17
*** sdake has quit IRC03:20
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624603:21
*** GB21 has quit IRC03:25
openstackgerritProsunjit Biswas proposed openstack/keystoneauth: Fix for PEP8 violation - D202  (No blank lines allowed after function docstring.)  https://review.openstack.org/29909903:28
*** links has joined #openstack-keystone03:40
*** lhcheng_ has quit IRC03:48
*** spandhe_ has joined #openstack-keystone03:49
*** spandhe has quit IRC03:51
*** spandhe_ is now known as spandhe03:51
*** lhcheng has joined #openstack-keystone03:55
*** ChanServ sets mode: +v lhcheng03:55
*** ebalduf has quit IRC04:00
openstackgerritProsunjit Biswas proposed openstack/keystoneauth: Fix for PEP8 violation - D204 \n (1 blank line required after class docstring)  https://review.openstack.org/29911504:11
*** dave-mccowan has quit IRC04:16
openstackgerritProsunjit Biswas proposed openstack/keystoneauth: Fix for PEP8 violation - D204 (1 blank line required after class docstring)  https://review.openstack.org/29911504:16
*** fawadkhaliq has joined #openstack-keystone04:18
openstackgerritProsunjit Biswas proposed openstack/keystoneauth: Fix for PEP8 violation - D202 (No blank lines allowed after function docstring.)  https://review.openstack.org/29909904:19
*** harlowja_at_home has joined #openstack-keystone04:33
*** markvoelker has joined #openstack-keystone04:36
*** agrebennikov has joined #openstack-keystone04:46
*** EinstCrazy has quit IRC04:50
*** timcline has quit IRC04:53
*** roxanaghe has joined #openstack-keystone04:53
*** GB21 has joined #openstack-keystone04:57
*** EinstCrazy has joined #openstack-keystone05:08
*** jaosorior has joined #openstack-keystone05:14
*** spandhe has quit IRC05:19
*** sdake_ has quit IRC05:20
*** spandhe has joined #openstack-keystone05:22
*** roxanaghe has quit IRC05:22
*** timcline has joined #openstack-keystone05:24
*** rk4n has joined #openstack-keystone05:27
*** timcline has quit IRC05:28
*** sdake has joined #openstack-keystone05:29
*** mylu has quit IRC05:38
*** maestro has joined #openstack-keystone05:38
*** spandhe has quit IRC05:43
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Reorder the specs repo  https://review.openstack.org/29913205:44
*** maestro has left #openstack-keystone05:45
*** stevemar changes topic to "Tag bugs as mitaka-rc-potential - fix more bugs! | Master is accepting code for Newton!"05:46
*** sdake has quit IRC05:48
*** sdake has joined #openstack-keystone05:51
*** EinstCra_ has joined #openstack-keystone05:59
*** harlowja_at_home has quit IRC06:01
*** EinstCrazy has quit IRC06:02
*** Nirupama has joined #openstack-keystone06:05
*** markvoelker has quit IRC06:10
*** lhcheng has quit IRC06:12
*** timcline has joined #openstack-keystone06:24
*** rcernin has joined #openstack-keystone06:26
*** markvoelker has joined #openstack-keystone06:26
*** timcline has quit IRC06:29
*** daemontool has joined #openstack-keystone06:37
*** markvoelker has quit IRC06:39
*** wanghua has joined #openstack-keystone06:44
*** tesseract has joined #openstack-keystone06:45
*** tesseract is now known as Guest2315706:46
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add wrapper classes for return-request-id-to-caller  https://review.openstack.org/26118806:48
*** woodster_ has quit IRC06:57
*** agrebennikov_ has joined #openstack-keystone07:00
*** agrebennikov has quit IRC07:02
*** fawadkhaliq has quit IRC07:24
*** GB21 has quit IRC07:25
*** timcline has joined #openstack-keystone07:25
*** timcline has quit IRC07:30
*** daemontool has quit IRC07:30
*** permalac has joined #openstack-keystone07:31
*** henrynash has quit IRC07:33
*** agrebennikov_ has quit IRC07:39
*** markvoelker has joined #openstack-keystone07:40
*** jed56 has joined #openstack-keystone07:40
*** daemontool has joined #openstack-keystone07:41
*** markvoelker has quit IRC07:45
*** sdake_ has joined #openstack-keystone07:49
*** sdake has quit IRC07:51
*** agrebennikov_ has joined #openstack-keystone07:54
*** mkoderer__ has quit IRC08:00
*** mkoderer__ has joined #openstack-keystone08:02
*** mvk has joined #openstack-keystone08:07
*** agrebennikov_ has quit IRC08:13
*** EinstCra_ has quit IRC08:15
*** EinstCra_ has joined #openstack-keystone08:15
*** gangadhar has joined #openstack-keystone08:17
*** jistr has joined #openstack-keystone08:25
*** timcline has joined #openstack-keystone08:26
*** mhickey has joined #openstack-keystone08:29
*** timcline has quit IRC08:30
openstackgerritMerged openstack/keystoneauth: Fix for PEP8 violation - D202 (No blank lines allowed after function docstring.)  https://review.openstack.org/29909908:32
*** sdake_ has quit IRC08:36
*** bjornar has joined #openstack-keystone08:41
*** markvoelker has joined #openstack-keystone08:42
morgansamueldmq: how far did you get with the tests?08:47
*** markvoelker has quit IRC08:47
morgansamueldmq: i have a stab at the if you haven't gottten very far (mine will need some work, and easier if you've made progress)08:47
*** e0ne has joined #openstack-keystone08:48
*** GB21 has joined #openstack-keystone08:56
*** GB21 has quit IRC09:01
*** GB21 has joined #openstack-keystone09:01
*** pece has joined #openstack-keystone09:08
*** daemontool has quit IRC09:17
*** timcline has joined #openstack-keystone09:27
*** timcline has quit IRC09:31
*** rk4n has quit IRC09:35
openstackgerritKalaswan Datta proposed openstack/keystone: Clear the project ID from user information  https://review.openstack.org/27770709:40
*** markvoelker has joined #openstack-keystone09:44
*** markvoelker has quit IRC09:49
*** rk4n has joined #openstack-keystone10:06
*** rk4n has quit IRC10:25
*** timcline has joined #openstack-keystone10:27
*** EinstCra_ has quit IRC10:28
*** timcline has quit IRC10:32
*** mvk has quit IRC10:34
*** mvk has joined #openstack-keystone10:37
*** GB21 has quit IRC10:47
*** daemontool has joined #openstack-keystone10:57
*** rk4n has joined #openstack-keystone11:08
-openstackstatus- NOTICE: Gate on project-config is currently broken due to IRC tests. The problem has been detected and we are working to fix the issue as soon as possible.11:14
samueldmqmorgan: hi11:18
samueldmqmorgan: I wrote a very nice method doc, explaining the mistake we needed to fix, and what we wanted to test11:19
samueldmqmorgan: trying to test the migrations, I've not got that far11:19
samueldmqmorgan: if you can upload what you have, I can continue11:19
*** ericksonsantos has quit IRC11:21
*** iurygregory has quit IRC11:22
*** timcline has joined #openstack-keystone11:28
*** iurygregory has joined #openstack-keystone11:31
*** timcline has quit IRC11:33
*** permalac has quit IRC11:35
*** dave-mccowan has joined #openstack-keystone11:40
*** GB21 has joined #openstack-keystone11:41
*** iurygregory has quit IRC11:46
*** markvoelker has joined #openstack-keystone11:46
*** openstackgerrit has quit IRC11:47
*** openstackgerrit has joined #openstack-keystone11:47
*** GB21 has quit IRC11:49
*** GB21 has joined #openstack-keystone11:51
*** markvoelker has quit IRC11:51
*** rk4n has quit IRC11:58
*** rodrigods has quit IRC11:59
*** rodrigods has joined #openstack-keystone11:59
*** EinstCrazy has joined #openstack-keystone11:59
*** iurygregory has joined #openstack-keystone12:02
*** trown|outtypewww is now known as trown12:05
*** raildo-afk is now known as raildo12:11
*** david-lyle_ has joined #openstack-keystone12:17
*** david-lyle has quit IRC12:17
*** GB21 has quit IRC12:17
*** GB21 has joined #openstack-keystone12:19
*** daemontool has quit IRC12:27
*** timcline has joined #openstack-keystone12:29
*** daemontool has joined #openstack-keystone12:32
*** openstackgerrit has quit IRC12:33
*** openstackgerrit has joined #openstack-keystone12:33
*** timcline has quit IRC12:34
*** rmallah has joined #openstack-keystone12:38
*** jaosorior has quit IRC12:38
*** GB21 has quit IRC12:38
*** jaosorior has joined #openstack-keystone12:39
*** gordc has joined #openstack-keystone12:40
*** ayoung has quit IRC12:46
*** rk4n has joined #openstack-keystone12:47
*** markvoelker has joined #openstack-keystone12:47
rmallahwhat is the difference between port 5000 and port 35357 of keystone ?12:48
*** e0ne has quit IRC12:48
SamYaplermallah: about 30,00012:49
SamYaplermallah: i kid of course. one is used for "public" communnication, the other for "admin". only the 35357 port can do admin operations12:49
bretonrmallah: SamYaple: this is only true for v2 API12:51
bretonrmallah: SamYaple: for v3 API there is no difference12:51
SamYaplebreton: oh? this is news to me12:51
*** markvoelker has quit IRC12:51
SamYapleso there need be only one listening port for v3, but two are there for backwards compatibility?12:51
*** edmondsw has joined #openstack-keystone12:52
bretonport 35357 is somehow fixed for OpenStack Keystone, and 5000 we use... just because we use.12:52
openstackgerritTim Kelsey proposed openstack/keystone: Bandit test results  https://review.openstack.org/29937312:52
bretonyes, we use both ports for backward compatibility12:52
*** ninag has joined #openstack-keystone12:53
bretonwe use ports by themselves because of backward compatibility, because keystone in devstack can listen on :80/identity/12:53
rmallahhey thanks ! and excited to see ppl are awake :)12:54
rmallahi am actually a newbie and trying cope with the new concepts under v312:54
rmallahis there a new documents that explains the inter relation of domains , users , projects , tenants , services  , endpoints ( and list if i missed any)12:57
rmallahsorry new was a typo12:57
*** edmondsw has quit IRC12:58
rmallahi am currently reading http://docs.openstack.org/developer/keystone/index.html but it seems to be meant for developers/contributors12:58
tjcocozzrmallah, check out section 1.1.3.1 https://books.google.com/books?id=nZYpCwAAQBAJ&pg=PT62&lpg=PT62&dq=six.binary_type+example&source=bl&ots=xZ9jTq2CLu&sig=-wCxi95JKp32ucVTE0KP38czd1g&hl=en&sa=X&ved=0ahUKEwjTif7KjNXLAhWIej4KHcS0CUUQ6AEITDAJ#v=onepage&q&f=false13:03
*** rmallah has quit IRC13:12
*** openstackgerrit has quit IRC13:18
*** openstackgerrit has joined #openstack-keystone13:18
*** pauloewerton has joined #openstack-keystone13:20
*** rmallah has joined #openstack-keystone13:22
*** doug-fis_ has quit IRC13:25
*** naresht has joined #openstack-keystone13:27
*** links has quit IRC13:30
*** timcline has joined #openstack-keystone13:30
*** doug-fish has joined #openstack-keystone13:31
*** edmondsw has joined #openstack-keystone13:34
*** timcline has quit IRC13:34
*** doug-fish has quit IRC13:35
*** trown is now known as trown|afk13:37
*** ninag has quit IRC13:39
*** ninag has joined #openstack-keystone13:41
*** Nirupama has quit IRC13:41
*** ninag has quit IRC13:42
*** ebalduf has joined #openstack-keystone13:43
edmondswstevemar, wanted to hear your thoughts on how to fix https://bugs.launchpad.net/keystoneauth/+bug/149441313:45
openstackLaunchpad bug 1494413 in python-openstackclient "AttributeError: auth_ref when trying to do user create" [Undecided,Confirmed]13:45
edmondswI think we need to update global requirements, and then push that into openstackclient... should keystoneauth also start showing a requirement on keystoneclient?13:47
*** markvoelker has joined #openstack-keystone13:48
*** doug-fish has joined #openstack-keystone13:50
edmondswand what version of keystoneclient should we make the new lower bound?13:50
*** shangxdy has joined #openstack-keystone13:50
*** e0ne has joined #openstack-keystone13:50
*** clenimar has joined #openstack-keystone13:51
*** doug-fis_ has joined #openstack-keystone13:52
*** markvoelker has quit IRC13:52
*** richm has joined #openstack-keystone13:53
breton> keystoneauth also start showing a requirement on keystoneclient13:55
bretonyou want keystoneauth to depend on keystoneclient?13:55
bretonedmondsw:13:55
*** doug-fish has quit IRC13:55
edmondswbreton I'm not sure... I think the answer is probably no, but then I don't know if folks will correctly understand that keystoneauth1 is incompatible with keystoneclient 1.613:56
*** ametts has joined #openstack-keystone13:57
*** tqtran has joined #openstack-keystone13:57
edmondswwe probably just update global requirements13:57
*** ebalduf has quit IRC13:58
*** knikolla has joined #openstack-keystone14:05
*** real56 has joined #openstack-keystone14:07
*** EinstCrazy has quit IRC14:07
*** e0ne has quit IRC14:11
*** pushkaru has joined #openstack-keystone14:12
*** sigmavirus24_awa is now known as sigmavirus2414:12
*** e0ne has joined #openstack-keystone14:16
*** markvoelker has joined #openstack-keystone14:16
bretonedmondsw: i wonder if te issue is there with current master14:21
bretonedmondsw: because it probably won't be fixed for kilo14:21
*** trown|afk is now known as trown14:21
edmondswbreton, I'm using mitaka14:22
bretonwhat's the lower-constraint for ksc in mitaka?14:22
edmondsw1.614:22
breton>=1.6.014:22
bretonyep14:22
bretonkeystoneauth will not depend on ksc because there will be circular dependency14:23
*** slberger has joined #openstack-keystone14:25
*** rk4n has quit IRC14:29
*** links has joined #openstack-keystone14:30
*** timcline has joined #openstack-keystone14:31
*** timcline has quit IRC14:35
*** spandhe has joined #openstack-keystone14:35
*** rderose has joined #openstack-keystone14:38
*** spandhe has quit IRC14:40
*** rderose has quit IRC14:41
stevemaredmondsw: let me take a looksy14:42
edmondswstevemar, ty sir14:42
*** jsavak has joined #openstack-keystone14:43
*** rk4n has joined #openstack-keystone14:43
*** rderose has joined #openstack-keystone14:43
*** sdake has joined #openstack-keystone14:44
*** hogepodge has quit IRC14:44
*** markvoelker has quit IRC14:46
morgansamueldmq: give me a few14:46
morganI don't know if they'll work14:47
openstackgerritMorgan Fainberg proposed openstack/keystone: Correct `role_name` constraint dropping  https://review.openstack.org/29840214:48
morgansamueldmq: ^14:48
*** links has quit IRC14:49
*** rderose has quit IRC14:50
*** rderose has joined #openstack-keystone14:51
openstackgerritDolph Mathews proposed openstack/keystone-specs: Shadow users (continuation for newton)  https://review.openstack.org/29612314:54
*** sdake_ has joined #openstack-keystone14:56
morgandolphm: soooo http://fossbytes.com/microsoft-canonical-bring-ubuntu-linux-on-windows-10/ (cc dstanek )14:57
*** sdake has quit IRC14:57
*** ametts has quit IRC14:57
*** ninag has joined #openstack-keystone14:58
stevemarmorgan: interesting14:58
morganstevemar: right?14:58
stevemardolphm: pretty sure federated users need to to be funneled into groups now14:59
morgani hope it's not April 1 thing.14:59
*** david_cu has joined #openstack-keystone14:59
*** rmallah has quit IRC15:00
*** jsavak has quit IRC15:01
morgananyway so stevemar pushed a change with tests15:02
morganfor the blocker bug. waiting to see if gate is cranky with it.15:02
stevemarmorgan: haha15:02
morganstevemar: i might have written the code at 1am last night15:02
stevemarmorgan: still have 3 days til apr 115:02
stevemar2*15:03
*** real56 has quit IRC15:05
*** jsavak has joined #openstack-keystone15:06
*** roxanaghe has joined #openstack-keystone15:06
*** sdake has joined #openstack-keystone15:08
*** real56 has joined #openstack-keystone15:10
*** sdake_ has quit IRC15:10
openstackgerritDolph Mathews proposed openstack/keystone-specs: Shadow users (continuation for newton)  https://review.openstack.org/29612315:10
*** roxanaghe has quit IRC15:11
*** jorge_munoz has joined #openstack-keystone15:11
bknudsondangerous move for MS - people will find that ubuntu works well enough and dump windows.15:13
*** diazjf has joined #openstack-keystone15:14
*** bknudson has left #openstack-keystone15:14
*** bknudson has joined #openstack-keystone15:14
*** ChanServ sets mode: +v bknudson15:14
samueldmqmorgan: thanks will look15:16
*** bjornar has quit IRC15:17
*** diazjf has quit IRC15:17
*** jsavak has quit IRC15:18
*** jsavak has joined #openstack-keystone15:18
*** Guest23157 has quit IRC15:21
lbragstadmorgan it'd be nice if they just started selling them like that15:22
morganlbragstad: hehe15:22
lbragstadmorgan so it saves me the step of blowing MS off whatever I buy15:22
*** rderose has quit IRC15:22
morganlbragstad: we'll see how it goes, but i'm tentatively excited15:23
bknudsonlbragstad: you're paying the tax for the MS license.15:23
lbragstadmorgan same15:23
*** rderose has joined #openstack-keystone15:23
bknudsonthe sellers get so many kickbacks from the bundled adware that it's essentially free15:23
morganbknudson: i'm actually ok with it for a desktop if it meets my needs. -- heck most of the time you pay for windows on laptops anyway... (OEM) even if you don't use it.15:24
morgan(unless mac or like dell xps dev edition15:24
morgan)15:24
*** markvoelker has joined #openstack-keystone15:29
*** timcline has joined #openstack-keystone15:31
*** diazjf has joined #openstack-keystone15:32
*** woodster_ has joined #openstack-keystone15:32
*** diazjf has quit IRC15:33
*** timcline_ has joined #openstack-keystone15:35
*** diazjf has joined #openstack-keystone15:35
*** timcline has quit IRC15:35
*** dan_nguyen has joined #openstack-keystone15:36
*** arunkant has quit IRC15:43
*** arunkant has joined #openstack-keystone15:43
*** real56 has quit IRC15:43
*** permalac has joined #openstack-keystone15:44
*** real56 has joined #openstack-keystone15:44
*** tellesnobrega is now known as tellesnobrega_af15:44
*** real56 has quit IRC15:44
*** agrebennikov_ has joined #openstack-keystone15:44
*** roxanaghe has joined #openstack-keystone15:46
stevemardolphm: pretty sure federated users need to be funneled into groups15:47
*** ametts has joined #openstack-keystone15:51
stevemarrderose: dolphm please use https://blueprints.launchpad.net/keystone/+spec/shadow-users-newton for tracking purposes15:52
stevemaror porpoises, your choice15:53
rderosestevemar: okay :)15:54
openstackgerritMerged openstack/keystone-specs: Shadow users (continuation for newton)  https://review.openstack.org/29612315:55
openstackgerritRon De Rose proposed openstack/keystone: WIP - Concrete role assignments for federated users  https://review.openstack.org/28494315:55
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663915:56
*** gyee has joined #openstack-keystone15:58
*** ChanServ sets mode: +v gyee15:58
*** ericksonsantos has joined #openstack-keystone15:59
openstackgerritBrant Knudson proposed openstack/keystone: Define identity interface - easy cases  https://review.openstack.org/29195016:00
*** david_cu has quit IRC16:00
*** real56 has joined #openstack-keystone16:02
*** david_cu has joined #openstack-keystone16:03
*** real56_ has joined #openstack-keystone16:04
*** real56 has quit IRC16:04
*** real56_ is now known as real5616:04
*** jaosorior has quit IRC16:06
*** topol has quit IRC16:07
*** stevemar has quit IRC16:08
*** doug-fish has joined #openstack-keystone16:10
*** jistr has quit IRC16:10
*** doug-fis_ has quit IRC16:12
*** real56 has quit IRC16:12
*** phalmos has joined #openstack-keystone16:12
*** doug-fish has quit IRC16:14
*** rmallah has joined #openstack-keystone16:14
*** tellesnobrega_af is now known as tellesnobrega16:15
*** rmallah has quit IRC16:15
*** daemontool has quit IRC16:18
*** cdcasey has joined #openstack-keystone16:18
*** stevemar has joined #openstack-keystone16:19
*** ChanServ sets mode: +o stevemar16:19
*** openstack has joined #openstack-keystone17:03
*** gyee has joined #openstack-keystone17:03
*** ChanServ sets mode: +v gyee17:03
*** openstackstatus has joined #openstack-keystone17:04
*** ChanServ sets mode: +v openstackstatus17:04
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609017:06
*** permalac has quit IRC17:07
*** fawadkhaliq has quit IRC17:10
*** fawadkhaliq has joined #openstack-keystone17:11
*** gyee has quit IRC17:12
*** dflorea has joined #openstack-keystone17:13
*** rmallah has joined #openstack-keystone17:15
*** jsavak has quit IRC17:18
*** shangxdy has quit IRC17:19
*** gyee has joined #openstack-keystone17:24
*** ChanServ sets mode: +v gyee17:24
*** tellesnobrega_af is now known as tellesnobrega17:25
*** jsavak has joined #openstack-keystone17:27
openstackgerritDolph Mathews proposed openstack/keystone-specs: Shadow users: work item to relax mapping requirements  https://review.openstack.org/29954617:28
*** spandhe has joined #openstack-keystone17:29
*** trown|lunch is now known as trown17:30
*** ayoung has joined #openstack-keystone17:30
*** ChanServ sets mode: +v ayoung17:30
*** jsavak has quit IRC17:32
*** jsavak has joined #openstack-keystone17:33
jmloweayoung: one more quick question about keystone middleware, where do I go to find the people maintaining it?17:34
ayoungjmlowe, here17:34
jmloweperfect17:34
*** dflorea has quit IRC17:34
ayoungjmlowe, you found me17:34
jmloweayoung: best I could do in my bug search was https://bugs.launchpad.net/keystonemiddleware/+bug/133605617:34
openstackLaunchpad bug 1336056 in keystonemiddleware "Keystone V3 Should Be Used By Default Over V2" [Wishlist,Fix released] - Assigned to Sam Leong (chio-fai-sam-leong)17:34
ayoungjmlowe, so, the question I have of the other devs is why Keystonemiddleware/ec2 does not support v3?17:34
ayoungif this is an oversight, or a deliberate decision17:35
ayoungjmlowe, did you verify that it does, infact, barf (to use the technical term) when given a v3 token?17:36
*** dflorea has joined #openstack-keystone17:38
jmloweyes, using a v3 url returns a v3 ticket and 400 bad request failure for all users, v2 url works for default domain but users with non default domain fail auth17:39
ayoungjmlowe, file a bug for that.17:39
ayoungmorgan, dolphm is there any reason that the ec2 middleware should not support Keystone V3?  Is there an alternate Middleware approach to replace it?  Can auth_token middleware replace Ec2?17:40
ayoungstevemar, ^^17:40
ayoungjmlowe, I guess no one cares about your pain.17:41
jmloweayoung: emulating amazon isn't very sexy these days17:42
*** sdake has quit IRC17:42
ayoungjmlowe, depends on the Amazon17:42
morganstevemar: I will fix the RC bug in a sec17:43
morganstevemar: we are close.17:43
ayoungjmlowe, so fixing EC2 is non-trivial, but I suspect essential17:43
morgansamueldmq: ^cc17:43
ayoungI need to know if there is another approach.  If not, I can take on the work17:43
*** rmallah has quit IRC17:44
raildolbragstad: ayoung hey, can you guys take a look on the failed tests on this patch, later? https://review.openstack.org/#/c/258650/ there are only 6 errors, but i don't know how to handle with it17:45
patchbotraildo: patch 258650 - keystone - [WIP]Make fernet default token provider17:45
*** e0ne has quit IRC17:45
*** browne has joined #openstack-keystone17:46
ayoungraildo, sure...looking17:47
ayoungtest_delete_tokens_for_user_invalidates_tokens_from_trust17:47
raildoayoung: I don't  know hot to handle with this trusts + fernet issues17:48
ayoungraildo, ok...so...since Fernet is ephemeral, these tokens don't get tagged as revoked.  We need to make sure the revocation happens, but based on the trust ID, I think17:48
ayoungraildo, talk to lbragstad about that. Trusts was one of the last things implemented, and it might be wrong17:48
ayoungthat is 4 tests...17:48
bknudsontests shouldn't be affected by a change to the default value. Just change the config back to uuid.17:48
ayoungthe other is test_request_no_admin_token_auth17:49
ayoungand that I'll look at deeper17:49
ayoungbknudson, ?17:49
*** fawadkhaliq has quit IRC17:49
bknudsonany tests that were using uuid before should continue to use uuid17:49
ayoungbknudson, you talking about the "default fernet" no.  This indicates that Fernet has not handled trusts correctly17:49
knikollawhat are the plans for these patches? https://review.openstack.org/#/q/file:keystone/tests/functional/federation/test_v3_crud.py17:50
bknudsonthen that was broken to begin with and doesn't have anything to do with changing the default to fernet17:50
ayoungbknudson, both uuid and fernet should be run against trusts.  I think this shows a gap in our testing17:50
edmondswhow do I make devstack use a specific version of python-keystoneclient?17:51
bknudsonright, it was a gap in the testing that didn't have anything to do with changing the default17:51
bknudsonso this shouldn't hang up changing the default to fernet17:51
*** fawadkhaliq has joined #openstack-keystone17:51
ayoungraildo, so, bug lance about the trust tests, and move on to looking at the other two.  Have you looked at them yet?17:52
ayoungbknudson, RIGHT17:53
raildoayoung: I have looked into the assignment error, we have a problem when we delete a grant and try revoke the tokens related to this grant17:53
ayoungbknudson, the hangup is that fernet seems to be missing a key piece with trusts.17:54
raildoayoung: that I tried to skip the revoke for fernet, but I'm not sure this is the right solution for this issue17:54
ayoungSo, yes, fixing that and adding test coverage should happen prior to Default to fernet17:54
ayounghmmm17:54
raildoayoung: https://review.openstack.org/#/c/258650/30/keystone/assignment/core.py17:54
patchbotraildo: patch 258650 - keystone - [WIP]Make fernet default token provider17:54
ayoungraildo, so...no, don't skip that.  But when expanding a Fernet token, that grant should not be valid, and the validation should fail17:55
bknudsonI'm fine with fixing the bugs and having the change depend on those fixes. Alternatively, log the bug and run the tests with uuid since they were all working prior to changing the default.17:55
raildoayoung: right, the grant it is not valid any more, but doesn't call the revoke part, sounds wrong for you?17:56
raildoayoung: when we do this revoke, any http request after this will get a 40117:57
ayoungraildo, so I think what is happening here is that the old test was too draconian.  But there is a change in behavior.  Say I have 2 roles on a project due to both direct and group membership.  Then the drop assignment gets dropped. If I now validate a token for that project, fernet would still say it is ok, but only provide my direct assigned role.17:58
ayoungIf, OTOH, this test is passing, but the user should not have any role on the project, there is a problem.17:58
ayoungSo..lok at the result from that check.  If there is a token with no roles in it, then we need a fix in fernet to reject the token17:58
ayoungIf there is one role where before there are two...we can modify the test not to check that...its weird, but acceptable.17:59
ayoungGetting a test that says "either fail OR makes sure there is only one role" would be wonky.17:59
ayoungraildo, so I had a bunch of fixes for tests like this somewhere...I think in the "reduce spurious revoke events" patch:18:00
ayounghttps://review.openstack.org/#/c/285134/  raildo see the corresponding tests there...bet I had to change it.18:00
patchbotayoung: patch 285134 - keystone - Remove unneeded revocation events18:00
*** e0ne has joined #openstack-keystone18:00
*** diazjf has quit IRC18:01
*** dflorea has quit IRC18:01
stevemarmorgan: sure, take your time18:02
stevemarmorgan: thats the last one18:02
raildoayoung: ++ this patch have a direct impact on this tests... I'll review and compare with our errors on the fernet patch, and see what we can do18:02
*** ninag has quit IRC18:03
raildoayoung: about the assignments erros, what I saw is that when I delete a grant for another user, the authenticated user get a 401... it's sounds like a cache issue, since for every request, keystone will get a new token18:04
ayoungraildo, I think it was an overly broad revocation event, IIRC18:04
raildoayoung: got it... thanks sir, anyway I'll talk with lance later and see his point of view on this too :)18:06
*** dflorea has joined #openstack-keystone18:07
*** daemontool has quit IRC18:07
*** stevemar has quit IRC18:08
*** dflorea has quit IRC18:09
*** stevemar has joined #openstack-keystone18:09
*** ChanServ sets mode: +o stevemar18:09
*** e0ne has quit IRC18:11
*** diazjf has joined #openstack-keystone18:12
*** pushkaru has quit IRC18:13
ayoungjmlowe, did you file a bug?18:13
jmloweayoung: not yet, a couple of other things made it to the top of my stack18:15
ayoungjmlowe, when you do, please assigne it to me, or, it you are not allowed to do that, send me a message aand I will grab it.18:17
*** mvk has quit IRC18:19
*** roxanaghe has quit IRC18:19
jmloweayoung: https://bugs.launchpad.net/keystonemiddleware/+bug/156401018:21
openstackLaunchpad bug 1564010 in keystonemiddleware "Keystone middleware for ec2 doesn't work with keystone v3" [Undecided,New]18:21
*** diazjf has quit IRC18:22
*** fawadkhaliq has quit IRC18:22
*** diazjf has joined #openstack-keystone18:22
*** fawadkhaliq has joined #openstack-keystone18:23
*** e0ne has joined #openstack-keystone18:24
*** e0ne has quit IRC18:26
stevemarayoung: thanks for looking at it18:27
jmloweayoung: is that description close enough to get it figured out?18:28
stevemarjmlowe: any config files and steps you have so we can reproduce it would be better :]18:29
*** e0ne has joined #openstack-keystone18:31
*** e0ne has quit IRC18:31
*** e0ne has joined #openstack-keystone18:33
*** e0ne has quit IRC18:33
*** david_cu has joined #openstack-keystone18:34
*** sigmavirus24 is now known as sigmavirus24_awa18:34
*** e0ne has joined #openstack-keystone18:35
*** sigmavirus24_awa is now known as sigmavirus2418:35
*** e0ne has quit IRC18:36
*** e0ne has joined #openstack-keystone18:37
*** e0ne has quit IRC18:37
ayoungjmlowe, looks good18:40
jmloweayoung: just added some steps to reproduce including a python snippet to test boto18:40
ayoungjmlowe, thanks18:41
*** jsavak has quit IRC18:43
*** jsavak has joined #openstack-keystone18:44
*** pushkaru has joined #openstack-keystone18:44
*** krotscheck is now known as krotscheck_dcm18:46
*** woodster_ has quit IRC18:47
*** timcline has joined #openstack-keystone18:48
*** jsavak has quit IRC18:51
*** jsavak has joined #openstack-keystone18:51
stevemaranyone using osc + kerb these days? marekd ?18:53
*** ninag has joined #openstack-keystone18:53
*** roxanaghe has joined #openstack-keystone18:56
*** sdake has joined #openstack-keystone18:57
*** diazjf has quit IRC18:57
*** tellesnobrega is now known as tellesnobrega_af18:57
*** tellesnobrega_af is now known as tellesnobrega18:58
*** tellesnobrega is now known as tellesnobrega_af18:58
*** tellesnobrega_af is now known as tellesnobrega18:58
*** timcline has quit IRC18:58
*** timcline has joined #openstack-keystone18:58
sdakehey folks quick q relating to th e"Member" role18:59
sdakehorizon requires this to opreate18:59
sdakewe are debating whether to create the Member roel in the hoirozn bootstrap or the keystone bootstrap19:00
sdakethe reason is horizon can be turned off19:00
sdakeand then there is no need for a Member role19:00
*** slberger1 has joined #openstack-keystone19:01
bknudsonsdake: if horizon needs it but keystone doesn't then it makes sense to create it for horizon to use.19:01
*** slberger has quit IRC19:02
sdakebknudson this is my thinkking as well, I'm curious i you knwo if any other prjects need it19:02
sdakee.g. is it a global role expectation19:02
sdake(if anyone knows this dificult question)19:02
bknudsonI don't know if any other projects require it. Typically the other projects only require that the user has a role on a project.19:02
bknudsonof course, they can change their policy to require a specific role19:03
sdakebknudson sure not worried about future proof only mitaka :)19:03
bknudsonmitaka allows deployers to change their policy file19:03
*** rmallah has joined #openstack-keystone19:06
*** rmallah has quit IRC19:07
*** e0ne has joined #openstack-keystone19:11
*** mylu has quit IRC19:11
*** tqtran has quit IRC19:12
*** tqtran has joined #openstack-keystone19:12
*** jsavak has quit IRC19:13
*** e0ne has quit IRC19:13
*** mylu has joined #openstack-keystone19:13
*** jsavak has joined #openstack-keystone19:19
*** mhickey has joined #openstack-keystone19:21
*** pushkaru has quit IRC19:25
*** gordc has quit IRC19:25
*** pushkaru has joined #openstack-keystone19:26
*** jsavak has quit IRC19:26
*** jsavak has joined #openstack-keystone19:27
*** fawadkhaliq has quit IRC19:28
*** fawadkhaliq has joined #openstack-keystone19:28
*** gyee has quit IRC19:35
openstackgerritChristopher J Schaefer proposed openstack/python-keystoneclient: Removing bandit.yaml in favor of defaults  https://review.openstack.org/29459719:39
*** cburgess has quit IRC19:46
*** cburgess has joined #openstack-keystone19:47
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609019:49
openstackgerritDolph Mathews proposed openstack/keystone-specs: PCI-DSS v3.1  https://review.openstack.org/27239619:50
*** gordc has joined #openstack-keystone19:52
*** fawadkhaliq has quit IRC19:55
*** rk4n has quit IRC19:55
*** mvk has joined #openstack-keystone19:59
openstackgerritDolph Mathews proposed openstack/keystone-specs: Add spec for multifactor authentication  https://review.openstack.org/27228720:00
*** sdake_ has joined #openstack-keystone20:00
*** mvk_ has joined #openstack-keystone20:00
*** jorge_munoz has quit IRC20:00
*** mylu has quit IRC20:01
*** sudorandom has quit IRC20:01
*** cburgess has quit IRC20:01
edmondswstevemar, do you think anything should be done in keystoneauth re: https://bugs.launchpad.net/python-openstackclient/+bug/1494413 ?20:02
openstackLaunchpad bug 1494413 in python-openstackclient "AttributeError: auth_ref when trying to do user create" [Undecided,Confirmed]20:02
*** sdake has quit IRC20:02
edmondswe.g. to make it work with keystoneclient 1.6.0? I'm guessing no, and that I should remove keystoneauth from "Affects" on that bug20:03
*** mvk has quit IRC20:04
*** cburgess has joined #openstack-keystone20:04
stevemaredmondsw: probably, i can't see how ksa is affected20:04
edmondswk20:04
morganyeah i am not sure how that is KSA20:04
stevemaredmondsw: this is a sympton of osc not using ksa again20:04
morganstevemar: soooon sooooooooooon20:05
*** fawadkhaliq has joined #openstack-keystone20:05
knikolla++20:05
*** sudorandom has joined #openstack-keystone20:05
stevemarmorgan: pretty much when mitaka is unfrozen20:05
*** cburgess has quit IRC20:05
*** cburgess has joined #openstack-keystone20:08
* morgan gets dev env setup for finishing stupid constraint test fixes20:12
*** jorge_munoz has joined #openstack-keystone20:14
*** cburgess has quit IRC20:14
*** cburgess has joined #openstack-keystone20:19
*** pleia2 has quit IRC20:19
*** pleia2 has joined #openstack-keystone20:20
*** mylu has joined #openstack-keystone20:20
*** phalmos has quit IRC20:21
*** dan_nguyen has quit IRC20:21
*** diazjf has joined #openstack-keystone20:23
*** fawadkhaliq has quit IRC20:24
*** fawadkhaliq has joined #openstack-keystone20:25
*** spzala has joined #openstack-keystone20:25
*** ninag has quit IRC20:26
stevemarmorgan: whenever you get a chance :P20:28
stevemarmorgan: if your thumb isn't chopped off20:28
morganstevemar: waiting for the trusty64 vbox to download20:28
morgani just want to run the tests [i know what i did wrong, but... still]20:28
*** stevemar changes topic to "Tag bugs as mitaka-rc-potential - fix more bugs! | Master is accepting code for Newton! | submit newton design summit topics: https://etherpad.openstack.org/p/keystone-newton-summit-brainstorm"20:31
*** sdake has joined #openstack-keystone20:32
*** sdake_ has quit IRC20:33
*** mylu has quit IRC20:37
*** trown is now known as trown|outtypewww20:37
*** ebalduf has joined #openstack-keystone20:38
*** mylu has joined #openstack-keystone20:40
ayoungstevemar, look at what Nova wants to do. https://review.openstack.org/#/c/289405/1/specs/newton/approved/discoverable-policy-api.rst20:41
patchbotayoung: patch 289405 - nova-specs - Adds Nova discoverable policy API spec20:41
ayoungsdake, you need "some" role20:42
*** mylu has quit IRC20:43
ayoungdoes not need to be Member, and the only reason that was there was due to Horizon20:43
ayoungwe stuck in _member_ many interations ago as a migration thing20:43
ayoungbut both are used to indicate that a user has basic roles in a project, not admin20:43
ayoungpersonally, I'd leave Member and drop any other role that means the same thing20:44
*** inc0 has joined #openstack-keystone20:47
*** ebalduf has quit IRC20:48
inc0hey guys...quick question. I want to use keystone client in python code, but there is openstackclient out there. Only openstackclient is not well documented for using it as python lib20:48
*** openstackgerrit has quit IRC20:48
*** openstackgerrit has joined #openstack-keystone20:48
inc0is keystoneclient deprecated only for shell usage or do we need to write better docs how to openstaclient as python lib?20:48
stevemarinc0: only for shell usage20:49
morganinc0: keystoneclient CLI is deprecated, but as a library it is not20:49
inc0ok, that's good to hear20:49
inc0thanks20:49
dtroyerosc is not meant to be used as a lib, although the abstraction in the ClientManager could be used that way.20:49
morganinc0: especially considering openstackclient relies on keystoneclient :)20:49
dtroyerWe're suggesting the SDK for new app work, and the project libs otherwise20:49
inc0I'll stick to keystoneclient then, old habits die hard20:50
inc0thanks20:50
*** mylu has joined #openstack-keystone20:51
openstackgerritRon De Rose proposed openstack/keystone: Remove backend interface and common code out of identity.core  https://review.openstack.org/29614020:51
*** rk4n has joined #openstack-keystone20:52
*** mylu has quit IRC20:52
*** gordc has quit IRC20:53
*** mylu has joined #openstack-keystone20:54
*** stevemar has quit IRC20:55
*** stevemar has joined #openstack-keystone20:55
*** ChanServ sets mode: +o stevemar20:55
*** mhickey has quit IRC20:55
*** roxanaghe has quit IRC20:55
morganrderose: commented on ^ have a suggestion20:56
morganrderose: so we can drop the driver thing in core eventually20:56
*** henrynash has joined #openstack-keystone20:58
*** ChanServ sets mode: +v henrynash20:58
rderosemorgan: okay20:58
morganrderose: :) but def. a good move [and we should likewise do the same for the other .core things20:58
*** mylu has quit IRC20:58
rderosemorgan: cool, thx20:58
*** stevemar has quit IRC21:00
*** roxanaghe has joined #openstack-keystone21:07
*** raildo is now known as raildo-afk21:08
*** jsavak has quit IRC21:08
*** shangxdy has joined #openstack-keystone21:09
*** mylu has joined #openstack-keystone21:13
*** clenimar has quit IRC21:16
*** jsavak has joined #openstack-keystone21:16
openstackgerritBrant Knudson proposed openstack/keystone: Define identity interface - easy cases  https://review.openstack.org/29195021:18
*** david_cu has quit IRC21:20
*** cdcasey has quit IRC21:20
*** david_cu has joined #openstack-keystone21:21
*** david_cu_ has joined #openstack-keystone21:21
*** tqtran is now known as tqtran-afk21:22
openstackgerritRon De Rose proposed openstack/keystone: WIP - Remove backend interface out of assignment.core  https://review.openstack.org/29963521:22
*** pauloewerton has quit IRC21:23
openstackgerritRon De Rose proposed openstack/keystone: WIP - Remove backend interface out of assignment.core  https://review.openstack.org/29963521:25
*** david_cu has quit IRC21:25
*** jsavak has quit IRC21:27
*** jsavak has joined #openstack-keystone21:28
*** david_cu_ has quit IRC21:28
*** david_cu has joined #openstack-keystone21:29
*** david_cu has quit IRC21:34
*** henrynash has quit IRC21:39
*** shangxdy has quit IRC21:42
*** fawadkhaliq has quit IRC21:45
*** mkrcmari__ has joined #openstack-keystone21:46
*** mvk_ has quit IRC21:49
*** mvk has joined #openstack-keystone21:49
*** mkrcmari__ has quit IRC21:51
*** fawadkhaliq has joined #openstack-keystone21:52
*** mvk_ has joined #openstack-keystone21:52
*** pece has quit IRC21:55
*** mvk has quit IRC21:56
*** stevemar has joined #openstack-keystone21:56
*** ChanServ sets mode: +o stevemar21:56
openstackgerritRon De Rose proposed openstack/keystone: Remove backend interface out of assignment.core  https://review.openstack.org/29963521:57
*** stevemar has quit IRC22:01
*** diazjf has quit IRC22:04
openstackgerritMerged openstack/keystone: Improve error message for schema validation  https://review.openstack.org/29903622:06
*** mylu has quit IRC22:06
inc0soo...another question: MissingAuthPlugin22:07
inc0I'm trying to bootsrap admin in liberty code22:08
*** spzala has quit IRC22:08
inc0so no keystone bootstrap and admin_token stuff with v222:08
*** mylu has joined #openstack-keystone22:08
inc0I keep hitting MissingAuthPlugin when I'm trying to do anything, what am I doing wrong?22:08
*** spzala has joined #openstack-keystone22:08
*** dan_nguyen has joined #openstack-keystone22:08
inc0ks = client.Client(token="foo", auth_url="http://192.168.4.8:35357/v2.0", version=(2,))   >> ks.services.list()22:09
*** spzala has quit IRC22:13
*** slberger1 has left #openstack-keystone22:13
*** rderose has quit IRC22:15
*** jsavak has quit IRC22:18
*** fawadkhaliq has quit IRC22:20
*** fawadkhaliq has joined #openstack-keystone22:20
*** markvoelker has joined #openstack-keystone22:24
*** shaleh has joined #openstack-keystone22:26
shalehbknudson: you still around?22:27
bknudsonshaleh: yes22:27
*** sigmavirus24 is now known as sigmavirus24_awa22:27
shalehbknudson: re: needing 'links' on the output. http://paste.openstack.org/show/492510/ that is what the list command returns. You are saying the response is not correct?22:27
bknudsonshaleh: if the response doesn't have links then it's incorrect22:28
*** rmallah has joined #openstack-keystone22:28
bknudsonshaleh: try other resources, they have links22:28
bknudsontypically "next", "previous", and "next" in the case of a list22:28
bknudson"next", "previous", and "self"22:29
bknudsonif it's a single entity it's got "links": { "self": "<whatever>" }22:29
shalehbknudson: I see. So the implied roles code is incorrect then. Looks like we need another bug.22:29
shalehbknudson: the spec states exactly what keystone is returning currently.22:30
*** mylu has quit IRC22:30
shalehbknudson: you want the honors or should i open it?22:30
bknudsonshaleh: keystone is wrong22:30
bknudsonshaleh: either way. I typically don't open bugs unless I'm working on it and have a solution already22:31
shalehbknudson: k, on my way then....22:31
*** mylu has joined #openstack-keystone22:32
*** fawadkhaliq has quit IRC22:34
shalehbknudson: https://bugs.launchpad.net/keystone/+bug/156412922:35
openstackLaunchpad bug 1564129 in OpenStack Identity (keystone) "Implied Roles responses lack 'links' pointing back to the API call that generated them" [Undecided,New]22:35
*** jorge_munoz has quit IRC22:36
bknudsonhttp://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#list-implied-roles-for-role -- it's got "self": "self" ... how odd.22:36
*** fawadkhaliq has joined #openstack-keystone22:37
*** pushkaru has quit IRC22:38
*** gyee has joined #openstack-keystone22:40
*** ChanServ sets mode: +v gyee22:40
*** mylu has quit IRC22:41
*** mylu has joined #openstack-keystone22:43
*** spzala has joined #openstack-keystone22:44
*** sdake has quit IRC22:46
*** sdake has joined #openstack-keystone22:46
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609022:47
*** edmondsw has quit IRC22:48
*** knikolla has quit IRC22:49
rmallahi am able to get results via OS_TOKEN and curl but not through openstack python client , can anyone please help  https://gist.github.com/rmallah/18ff3bc16c08315afc78e438954103a622:52
rmallahi have also posted all the OS_*   env variables.22:55
*** stevemar has joined #openstack-keystone22:56
*** ChanServ sets mode: +o stevemar22:56
*** tqtran-afk is now known as tqtran22:57
*** markvoelker has quit IRC22:57
*** ametts has quit IRC22:57
shalehrmallah: try just running "openstack -v -v --debug token issue". This will simplify the debugging. Note your IDENTITY_API_VERSION is not set correctly (it says 2 not 2.0) so it is using IDENTITY_API_VERSION=323:00
*** stevemar has quit IRC23:01
*** mylu has quit IRC23:03
*** mylu has joined #openstack-keystone23:04
rmallahshaleh: my IDENTITY_API_VERSION is set to '3'23:04
*** agrebennikov_ has quit IRC23:05
rmallahmy service catalog was really empty now i have set it23:05
shalehrmallah: hmm, I was confused by the 3rd line where it had identity_api_version=2, looks like a red herring23:06
shalehrmallah: yeah, i have been caught by the empty catalog in the past myself23:06
rmallah:)23:07
*** knikolla has joined #openstack-keystone23:07
*** bjornar has quit IRC23:10
*** fawadkhaliq has quit IRC23:12
rmallah********* ok now it works ******************23:12
*** fawadkhaliq has joined #openstack-keystone23:14
*** nkinder has joined #openstack-keystone23:16
rmallahthanks shaleh for the attention.23:17
*** mylu has quit IRC23:17
shalehrmallah: no worries23:18
*** agrebennikov_ has joined #openstack-keystone23:18
*** timcline has quit IRC23:18
rmallahi am facing a steep learning curve and anyone sparing a few moments of help is invaluable :)23:19
*** furface has quit IRC23:19
*** mylu has joined #openstack-keystone23:20
*** mylu has quit IRC23:21
*** mylu has joined #openstack-keystone23:23
*** furface has joined #openstack-keystone23:23
*** knikolla has quit IRC23:25
*** mylu has quit IRC23:27
*** mylu has joined #openstack-keystone23:28
openstackgerritCristian Sava proposed openstack/keystone: Customize config file location when run as wsgi app.  https://review.openstack.org/28821623:30
*** nkinder has quit IRC23:32
*** timcline has joined #openstack-keystone23:35
*** timcline has quit IRC23:38
*** timcline has joined #openstack-keystone23:38
*** timcline has quit IRC23:43
*** inc0 has quit IRC23:44
*** inc0 has joined #openstack-keystone23:44
*** roxanaghe has quit IRC23:50
*** mylu has quit IRC23:52
*** inc0 has quit IRC23:55
*** tqtran has quit IRC23:55
*** stevemar has joined #openstack-keystone23:57
*** ChanServ sets mode: +o stevemar23:57
*** mylu has joined #openstack-keystone23:57
*** dan_nguyen has quit IRC23:58
*** mkrcmari__ has joined #openstack-keystone23:59
« Tuesday, 2016-03-29 Index Thursday, 2016-03-31 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!