Tuesday, 2016-05-17

« Monday, 2016-05-16 Index Wednesday, 2016-05-18 »
*** rdo has joined #openstack-keystone00:07
*** edtubill has joined #openstack-keystone00:08
*** lhcheng_ has joined #openstack-keystone00:17
*** lhcheng has quit IRC00:17
*** spandhe has quit IRC00:22
*** doug-fish has quit IRC00:23
openstackgerritSteve Martinelli proposed openstack/keystonemiddleware: Fix D202: No blank lines allowed after function docstring (PEP257)  https://review.openstack.org/31710200:23
openstackgerritSteve Martinelli proposed openstack/keystonemiddleware: Fix D200: One-line docstring should fit on one line with quotes (PEP257)  https://review.openstack.org/31710300:23
openstackgerritSteve Martinelli proposed openstack/keystonemiddleware: Fix D105: Missing docstring in magic method (PEP257)  https://review.openstack.org/31711000:23
openstackgerritSteve Martinelli proposed openstack/ldappool: make ldappool py3 compatible  https://review.openstack.org/31572800:25
*** rbridgeman has quit IRC00:27
openstackgerritSteve Martinelli proposed openstack/keystone: Port test_v2 unit test to Python 3  https://review.openstack.org/31206000:27
*** sdake_ has joined #openstack-keystone00:27
openstackgerritSteve Martinelli proposed openstack/keystone: Port test_v3_auth unit test to Python 3  https://review.openstack.org/31206100:27
notmorganstevemar: we'll be pyldap'd up sooooon00:28
stevemarnotmorgan: sorry i wasn't around today, i think i caught another cold (wtf)00:28
*** slberger has left #openstack-keystone00:28
notmorganstevemar: dude00:29
notmorganstevemar: how do you... no no i don't want to know00:29
notmorganstevemar: in all seriousness, the Flu going around is brutal. a friend of mine ended up in teh hospital cause of it00:29
notmorganstevemar: so take care of yourself.00:29
stevemarnotmorgan: just happened last night, randomly00:30
stevemarslept a bit today00:30
notmorganit seems people are "feeling better" then get hit with wave2 of the ick.00:30
* notmorgan *knock on wood* has not gotten the ick this time around.00:30
*** sdake has quit IRC00:30
stevemarnotmorgan: so, we going to go with the switch-to-pyldap and drop python-ldap route?00:31
stevemarand release a 2.0.0?00:31
*** spandhe has joined #openstack-keystone00:31
notmorganstevemar: yar00:34
notmorganstevemar: that is my plan00:34
stevemarnotmorgan: i just hope we don't end up busting other folks that use ldappool00:35
notmorganmajor version bump.00:35
notmorgani also am trying co-install to see what happens00:35
notmorganit may be "ok" if you already have python-ldap installed00:36
*** jamielennox|away is now known as jamielennox00:37
notmorganstevemar: it shouldn't break anyone00:38
notmorgani'm thinking if we can do some hackery in setuptools to make it even friendlier00:38
notmorganbasically if "ldap" is installed just let it be.00:38
notmorganbut tbh we just can't know which package is installed00:39
notmorganshore of a pip freeze00:39
stevemarlbragstad: look at https://review.openstack.org/#/c/312061/4 and it's previous patch00:40
patchbotstevemar: patch 312061 - keystone - Port test_v3_auth unit test to Python 300:40
*** lhcheng_ has quit IRC00:41
stevemarnotmorgan: i guess an existing non-openstack product is using ldappool with python-ldap now... they upgrade, but it doesn't matter, cause only openstack bits use requirements.txt?00:42
notmorganstevemar: uhm...00:42
notmorganstevemar: nope.00:42
notmorganstevemar: lots of things use requirements.txt00:42
notmorganit's become kindof a standard now00:42
stevemarhmm yeah, just cause it didn't use it before00:43
notmorgan09420500:43
notmorgancccccceviitgjdfbgjnbrfuccfnvcireitfkjecnfkin00:43
notmorgancccccceviitgdtkndrbicfetueelvdludkdegfujefhd00:43
notmorgancccccceviitgelgjchhbhibgigrllndbkvcvhkhunlec00:43
notmorgandamn it.00:43
notmorgantrying to remove this yubikey from the USB port :P00:43
notmorgangood thing this one isn't used for anything yet00:44
*** agrebennikov has quit IRC00:45
*** chrisshattuck has quit IRC00:45
*** raddaoui has quit IRC00:47
stevemarnotmorgan: so if folks upgrade to 2.0.0, then it'll try to install pyldap too00:48
notmorganstevemar: uhmm.. yes unless we do some magic00:48
notmorganstevemar: which i think we can.00:48
notmorgani'll work on that part soon00:48
notmorgan(soon[tm])00:48
stevemarnotmorgan: http://paste.openstack.org/show/497284/00:50
*** spandhe has quit IRC00:51
*** gyee has quit IRC00:52
*** EinstCrazy has joined #openstack-keystone00:54
*** rderose has joined #openstack-keystone01:04
*** lhcheng has joined #openstack-keystone01:05
*** ChanServ sets mode: +v lhcheng01:05
rderosestevemar: regarding password_change_limit_per_day01:06
rderosestevemar: so we want to limit how many times a user can change their password in a day?01:06
*** anush has joined #openstack-keystone01:07
*** lhcheng_ has joined #openstack-keystone01:08
*** lhcheng has quit IRC01:11
openstackgerritayoung proposed openstack/keystone: Replace revoke tree with linear search  https://review.openstack.org/31165201:20
ayoungstill a net reduction in code, but creeping up there01:20
*** tmcpeak has quit IRC01:25
stevemarrderose: yep, that was the intention01:25
stevemarrderose: also, side thought, i think a -1 value will make sense for most of the config options01:25
*** anush has quit IRC01:26
*** edtubill has quit IRC01:29
*** dan_nguyen has quit IRC01:40
openstackgerritMerged openstack/keystone: Separate protocol schema  https://review.openstack.org/30808801:42
*** rbridgeman has joined #openstack-keystone01:50
*** edtubill has joined #openstack-keystone01:52
*** rderose has quit IRC01:56
*** jamielennox is now known as jamielennox|away01:59
*** stevemar changes topic to "Keystone Midcycle Update: http://lists.openstack.org/pipermail/openstack-dev/2016-May/094574.html | Hosted By Cicso, July 20-22, 170 W Tasman Dr, San Jose, CA 95134"02:01
*** stevemar changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | Keystone Midcycle Update: http://lists.openstack.org/pipermail/openstack-dev/2016-May/094574.html | Hosted By Cicso, July 20-22, 170 W Tasman Dr, San Jose, CA 95134"02:01
*** richm has quit IRC02:12
*** stingaci has quit IRC02:28
*** rderose has joined #openstack-keystone02:35
*** fangxu has quit IRC02:36
openstackgerritwerner mendizabal proposed openstack/keystone: Support encryption of credentials in Keystone  https://review.openstack.org/31716902:38
*** spandhe has joined #openstack-keystone02:41
*** fawadkhaliq has joined #openstack-keystone02:46
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624602:50
*** stingaci has joined #openstack-keystone02:51
*** spandhe has quit IRC02:52
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/31617002:57
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/31718002:57
*** woodster_ has quit IRC02:58
*** anush has joined #openstack-keystone03:00
*** stingaci has quit IRC03:01
*** stingaci has joined #openstack-keystone03:02
*** anush has quit IRC03:09
*** fawadkhaliq has quit IRC03:09
*** itlinux has quit IRC03:09
*** EinstCra_ has joined #openstack-keystone03:10
*** rderose has quit IRC03:10
*** EinstCrazy has quit IRC03:14
*** TxGVNN has joined #openstack-keystone03:20
*** wxy has joined #openstack-keystone03:21
*** links has joined #openstack-keystone03:31
*** sdake has joined #openstack-keystone03:36
*** itlinux has joined #openstack-keystone03:38
*** sdake_ has quit IRC03:38
*** itlinux has quit IRC03:39
*** stingaci has quit IRC03:39
openstackgerritjaveme proposed openstack/keystone: Move validate_non_persistent_token() method from base to fernet  https://review.openstack.org/31721103:45
*** darren-wang has quit IRC03:45
stevemardolphm: notmorgan bknudson releasing new stable versions of all things keystone this week03:54
notmorganstevemar: hm ok03:54
stevemarnotmorgan: against it?03:54
notmorgannope03:54
*** jamielennox|away is now known as jamielennox03:55
*** fawadkhaliq has joined #openstack-keystone03:56
openstackgerritElvin Tubillara proposed openstack/keystone: Config changes to support PCI-DSS  https://review.openstack.org/31467904:02
*** sheel has joined #openstack-keystone04:06
*** dan_nguyen has joined #openstack-keystone04:06
notmorganstevemar: now if only we could easily add u2f to Keystone :P it would be awesom.04:07
notmorganstevemar: >.>04:07
notmorganstevemar: mostly cause i am totally digging having my SSH key built into this hardware token (until it breaks)04:08
stevemarthat FIFO spec, neat stuff eh04:08
notmorganstevemar: yeah04:09
notmorganit's kindof damn awesome04:10
notmorganwaaaaay slicker than the standard 2fa stuff.04:10
*** sdake_ has joined #openstack-keystone04:19
*** sdake has quit IRC04:20
openstackgerritvenkatamahesh proposed openstack/python-keystoneclient: Update the home-page with developer documentation  https://review.openstack.org/31723704:34
*** dave-mccowan has quit IRC04:37
*** GB21 has joined #openstack-keystone04:56
*** sdake_ has quit IRC04:56
*** dan_nguyen has quit IRC04:59
*** rbridgeman_ has joined #openstack-keystone05:02
*** GB21 has quit IRC05:04
*** rbridgeman has quit IRC05:06
*** GB21 has joined #openstack-keystone05:09
*** GB21 has quit IRC05:31
*** roxanaghe has joined #openstack-keystone05:34
*** rbridgeman_ has quit IRC05:35
*** fangxu has joined #openstack-keystone05:37
*** roxanaghe has quit IRC05:39
*** fangxu has quit IRC05:41
*** fangxu has joined #openstack-keystone05:42
*** jaosorior has joined #openstack-keystone05:43
*** ramishra has quit IRC05:49
*** ramishra has joined #openstack-keystone05:50
*** josecastroleon has joined #openstack-keystone05:55
*** rcernin has joined #openstack-keystone06:03
*** henrynash has joined #openstack-keystone06:17
*** ChanServ sets mode: +v henrynash06:17
*** rcernin has quit IRC06:18
openstackgerritJamie Lennox proposed openstack/keystone-specs: Service user permissions  https://review.openstack.org/31726606:20
*** rcernin has joined #openstack-keystone06:21
openstackgerritUpama proposed openstack/keystone: Update requirements.txt to remove duplicate entry  https://review.openstack.org/31726706:21
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624606:28
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/31718006:34
*** jamielennox is now known as jamielennox|away06:41
*** belmoreira has joined #openstack-keystone06:53
*** jaosorior has quit IRC06:56
*** jaosorior has joined #openstack-keystone06:57
*** josecastroleon has quit IRC07:01
*** josecastroleon has joined #openstack-keystone07:04
*** ozialien10 has quit IRC07:07
*** spandhe has joined #openstack-keystone07:11
*** fawadkhaliq has quit IRC07:22
*** fawadkhaliq has joined #openstack-keystone07:23
*** spandhe has quit IRC07:27
openstackgerritPallavi proposed openstack/keystone: Added missed step to configure HTTPD  https://review.openstack.org/31728407:27
*** lhcheng_ has quit IRC07:33
*** henrynash has quit IRC07:38
*** ninag has joined #openstack-keystone07:40
*** ninag has quit IRC07:44
*** ozialien10 has joined #openstack-keystone07:52
*** cloudpuppy has joined #openstack-keystone07:54
*** ozialien10 has quit IRC07:57
*** ozialien10 has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
openstackgerritPallavi proposed openstack/keystone: Added missed step to configure HTTPD  https://review.openstack.org/31728408:05
*** dmk0202 has joined #openstack-keystone08:12
openstackgerritMerged openstack/keystonemiddleware: Fix D202: No blank lines allowed after function docstring (PEP257)  https://review.openstack.org/31710208:16
*** Naresht has joined #openstack-keystone08:16
openstackgerritMerged openstack/keystonemiddleware: Fix D200: One-line docstring should fit on one line with quotes (PEP257)  https://review.openstack.org/31710308:17
openstackgerritJack Ning proposed openstack/keystone: Added Cache to public id mapping  https://review.openstack.org/31730708:18
*** jistr has joined #openstack-keystone08:19
NareshtHi all08:23
NareshtI am trying to do Keystone Google Federation08:24
NareshtI am following this link https://gist.github.com/stevemart/4b41bd5437048a7fdfab08:24
NareshtWe struck at here http://paste.openstack.org/show/497292/08:25
Nareshthelp me If any one tried before08:26
openstackgerritMerged openstack/keystonemiddleware: Fix D105: Missing docstring in magic method (PEP257)  https://review.openstack.org/31711008:29
*** pnavarro has joined #openstack-keystone08:30
*** mvk has joined #openstack-keystone08:33
*** fawadkhaliq has quit IRC08:41
*** fawadkhaliq has joined #openstack-keystone08:42
openstackgerritJack Ning proposed openstack/keystone: Added cache to public id mapping  https://review.openstack.org/31730708:42
*** josecastroleon has quit IRC09:00
openstackgerritMerged openstack/python-keystoneclient: Update the home-page with developer documentation  https://review.openstack.org/31723709:07
*** josecastroleon has joined #openstack-keystone09:08
*** dmk0202 has quit IRC09:31
*** cloudpuppy has quit IRC09:32
*** cloudpuppy has joined #openstack-keystone09:32
*** zqfan has quit IRC09:33
*** cloudpuppy has quit IRC09:33
*** cloudpuppy has joined #openstack-keystone09:33
*** cloudpuppy has quit IRC09:34
*** cloudpuppy has joined #openstack-keystone09:34
*** dave-mccowan has joined #openstack-keystone09:35
*** mvk has quit IRC09:35
*** mvk has joined #openstack-keystone09:37
*** dobson has quit IRC09:56
openstackgerritMerged openstack/keystone: Updated from global requirements  https://review.openstack.org/31617010:09
*** jed56 has quit IRC10:09
*** EinstCra_ has quit IRC10:25
*** dobson has joined #openstack-keystone10:26
samueldmqmorning keystone10:40
*** daemontool has quit IRC10:41
*** dobson has quit IRC10:43
*** daemontool has joined #openstack-keystone10:45
*** josecastroleon has quit IRC10:48
*** jamielennox|away is now known as jamielennox10:53
*** dobson has joined #openstack-keystone10:55
jamielennoxhey all, i just added the spec https://review.openstack.org/#/c/317266/ to the meeting agenda for anyone who wants a head start10:56
patchbotjamielennox: patch 317266 - keystone-specs - Service user permissions10:56
jamielennoxnight10:57
*** fawadkhaliq has quit IRC10:59
*** josecastroleon has joined #openstack-keystone11:15
*** jistr has quit IRC11:24
*** fawadkhaliq has joined #openstack-keystone11:30
*** fawadkhaliq has quit IRC11:30
*** gordc has joined #openstack-keystone11:36
*** jed56 has joined #openstack-keystone11:42
*** dave-mccowan has quit IRC11:47
*** vnogin has quit IRC11:47
*** amrith has joined #openstack-keystone11:49
*** dmk0202 has joined #openstack-keystone11:52
*** jistr has joined #openstack-keystone12:00
openstackgerritChangBo Guo(gcb) proposed openstack/oslo.policy: doc: Fix wrong import statement in usage  https://review.openstack.org/31741312:01
*** julim has joined #openstack-keystone12:05
*** rodrigods has quit IRC12:11
*** rodrigods has joined #openstack-keystone12:11
*** dave-mccowan has joined #openstack-keystone12:13
*** raildo-afk is now known as raildo12:15
*** ayoung has quit IRC12:23
*** EinstCrazy has joined #openstack-keystone12:45
*** sheel has quit IRC12:45
*** edmondsw has joined #openstack-keystone12:48
*** amrith is now known as _amrith_13:00
*** pauloewerton has joined #openstack-keystone13:04
*** richm has joined #openstack-keystone13:04
*** doug-fish has joined #openstack-keystone13:06
*** ninag has joined #openstack-keystone13:06
*** pwgravel has joined #openstack-keystone13:14
*** lightshadow has joined #openstack-keystone13:21
*** rderose has joined #openstack-keystone13:23
*** BjoernT has joined #openstack-keystone13:27
*** BjoernT is now known as Bjoern_zZzZzZzZ13:27
knikollao/13:29
*** agrebennikov has joined #openstack-keystone13:32
*** openstackgerrit has quit IRC13:32
*** openstackgerrit has joined #openstack-keystone13:33
*** doug-fish has quit IRC13:33
*** links has quit IRC13:36
*** martinus__ has quit IRC13:39
*** phalmos has joined #openstack-keystone13:41
*** phalmos_ has joined #openstack-keystone13:42
*** Bjoern_zZzZzZzZ is now known as BjoernT13:44
*** sdake has joined #openstack-keystone13:44
*** phalmos has quit IRC13:46
*** martinus__ has joined #openstack-keystone13:46
*** sdake_ has joined #openstack-keystone13:48
*** sdake has quit IRC13:49
*** jaosorior has quit IRC13:52
*** phalmos_ has quit IRC13:53
*** sigmavirus24_awa is now known as sigmavirus2413:54
*** doug-fish has joined #openstack-keystone13:54
*** pnavarro has quit IRC13:56
*** doug-fis_ has joined #openstack-keystone13:56
*** pushkaru has joined #openstack-keystone13:57
tristanC'/win 913:58
tristanCoups :)13:58
*** ametts has joined #openstack-keystone13:58
*** doug-fish has quit IRC13:59
*** ninag has quit IRC14:00
*** doug-fis_ has quit IRC14:01
*** ninag_ has joined #openstack-keystone14:03
*** med_ has joined #openstack-keystone14:04
*** med_ has quit IRC14:04
*** med_ has joined #openstack-keystone14:04
*** doug-fis_ has joined #openstack-keystone14:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/31748314:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/31748414:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/31748514:04
*** ninag_ has quit IRC14:06
*** ninag_ has joined #openstack-keystone14:06
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/31749514:09
*** daemontool has quit IRC14:09
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/31750114:09
*** ninag_ has quit IRC14:10
*** Naresht has quit IRC14:10
*** ninag has joined #openstack-keystone14:11
*** lightshadow has quit IRC14:14
*** tonytan4ever has joined #openstack-keystone14:14
*** ninag has quit IRC14:15
*** mou has joined #openstack-keystone14:24
*** edtubill has joined #openstack-keystone14:25
amakarovjamielennox, hi! Are you here?14:27
stevemarthanks for the spec jamielennox14:28
rderosestevemar: check out my latest comments on this and lets chat when you have time #link https://review.openstack.org/#/c/317007/114:29
patchbotrderose: patch 317007 - keystone - WIP - PCI-DSS 8.2.4: User must change their passwo...14:29
notmorgantristanC: hehe14:30
notmorgantristanC: almost as good as my OTP failing14:30
*** _amrith_ is now known as amrith14:32
*** markvoelker has joined #openstack-keystone14:35
*** markvoelker has quit IRC14:35
*** markvoelker has joined #openstack-keystone14:36
*** gagehugo has joined #openstack-keystone14:37
edtubillrderose: I made a small comment on your patch.14:38
*** markvoelker has quit IRC14:39
*** markvoelker has joined #openstack-keystone14:39
rderoseedtubill: yeah, looking at it now14:40
rderoseedtubill: btw I don't think your function belongs here: keystone.common.utils14:41
edtubillrderose: is it because it's for mysql backends only?14:42
rderoseedtubill: I think you should perhaps create a new PasswordValidator class or something14:42
rderoseedtubill: exactly14:42
stevemarrderose: i jotted my thoughts down here: https://etherpad.openstack.org/p/keystone-newton-pci-dss line 11514:43
edtubillrderose: would this class do only password strength validation or would it do more?14:43
*** raddaoui has joined #openstack-keystone14:44
edtubillstevemar: where would you picture this interface to be located?14:46
*** chrisshattuck has joined #openstack-keystone14:47
rderoseedtubill: it could validate the password strength (regex) and also validate new passwords, e.g. validate(new_password1, new_password2)14:49
rderoseedtubill: also validate password history rules e.g. validate(old_password, new_password)14:49
rderoseedtubill, stevemar: reading your notes now, I'm not sure bundling everything into a single interface makes sense, but let me give it some thought14:50
*** markvoelker has quit IRC14:51
stevemaredtubill: it'll be in it's own package. the sql backend + interface + manager, just like the rest of our packages14:51
stevemarthis will also allow folks to have their own implementation14:52
stevemarrather than helper functions everywhere14:52
*** markvoelker has joined #openstack-keystone14:53
*** timcline has joined #openstack-keystone14:53
*** ninag has joined #openstack-keystone14:54
*** tmcpeak has joined #openstack-keystone14:55
*** tmcpeak has left #openstack-keystone14:55
*** dan_nguyen has joined #openstack-keystone14:57
rderosestevemar, edtubill: added my comments to the etherpad. mostly agree...14:57
*** markvoelker has quit IRC14:57
*** markvoelker has joined #openstack-keystone14:58
*** ninag has quit IRC15:02
*** ninag has joined #openstack-keystone15:03
*** markvoelker has quit IRC15:04
*** ninag has quit IRC15:05
*** ninag has joined #openstack-keystone15:05
*** tonytan4ever has quit IRC15:05
*** BjoernT has quit IRC15:05
*** sdake_ is now known as sdake15:06
*** ninag has quit IRC15:06
*** ninag has joined #openstack-keystone15:07
*** sheel has joined #openstack-keystone15:09
*** ninag has quit IRC15:11
*** diazjf has joined #openstack-keystone15:14
*** diazjf has quit IRC15:24
*** spandhe has joined #openstack-keystone15:25
*** diazjf has joined #openstack-keystone15:27
*** ayoung has joined #openstack-keystone15:28
*** ChanServ sets mode: +v ayoung15:28
*** belmoreira has quit IRC15:28
*** dmk0202 has quit IRC15:33
*** gyee has joined #openstack-keystone15:36
*** ChanServ sets mode: +v gyee15:36
*** jistr has quit IRC15:38
*** mvk has quit IRC15:39
*** fangxu has quit IRC15:39
*** anush has joined #openstack-keystone15:39
*** phalmos has joined #openstack-keystone15:49
*** lhcheng has joined #openstack-keystone15:50
*** ChanServ sets mode: +v lhcheng15:50
*** diazjf has quit IRC15:52
*** ninag has joined #openstack-keystone15:53
*** ninag has quit IRC15:55
*** ninag has joined #openstack-keystone15:55
*** rbridgeman has joined #openstack-keystone15:56
*** gokrokve has joined #openstack-keystone15:59
*** spandhe has quit IRC16:00
*** ChanServ sets mode: +o notmorgan16:08
*** notmorgan changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | Keystone Midcycle RSVP: http://goo.gl/forms/NfFMpJe6MSCXSNhr2 (Hosted By Cicso, July 20-22, 170 W Tasman Dr, San Jose, CA 95134)"16:10
*** notmorgan sets mode: -o notmorgan16:10
*** diazjf has joined #openstack-keystone16:11
notmorganstevemar, dolphm: shared the spreadsheet response for the RSVP with you16:14
notmorganvvtletuvnjejhrbnhbcnbcefthvnngfenbbckvciciec16:14
notmorganGDI. i need to fix that.16:14
*** henrynash has joined #openstack-keystone16:14
*** ChanServ sets mode: +v henrynash16:14
henrynashstevemar: ping16:14
*** spandhe has joined #openstack-keystone16:16
notmorganstevemar: added info to the wiki for midcycle16:27
*** doug-fis_ has quit IRC16:28
*** ninag has quit IRC16:28
*** ninag has joined #openstack-keystone16:29
*** ninag has quit IRC16:32
*** ninag has joined #openstack-keystone16:32
*** ninag has quit IRC16:32
openstackgerritMerged openstack/oslo.policy: doc: Fix wrong import statement in usage  https://review.openstack.org/31741316:33
*** ninag has joined #openstack-keystone16:33
*** jbell8 has joined #openstack-keystone16:36
*** ninag has quit IRC16:37
*** doug-fish has joined #openstack-keystone16:41
*** fangxu has joined #openstack-keystone16:41
stevemarhenrynash: pong16:41
*** phalmos has quit IRC16:41
*** roxanaghe has joined #openstack-keystone16:41
henrynashstevemar: hi….wanted to get your view on my comment on https://review.openstack.org/#/c/311460/16:42
patchbothenrynash: patch 311460 - python-openstackclient - Add assignment list to v2 identity and deprecate a...16:42
henrynashstevemar: this was in respone to your comment….as to whether we auto-extract the auth user/project from an token, or whether it has to be explict16:42
*** diazjf has quit IRC16:43
stevemarhenrynash: ah, i like comment #2 you make16:43
henrynashstevemar: ok, to have a param option to cuase the extraction (e.g. —authuser or something)….16:44
stevemarhenrynash: let's see what dtroyer says... it's our chance to fix things up before we 3.0.016:44
henrynashstevemar: and we should then also support this for the v3 version of the call as well16:44
stevemarhenrynash: listing things is awful right now for non-admin users16:44
henrynashstevemar: abso-bloody-lutely (as Helen Miren woudl say)16:45
*** diazjf has joined #openstack-keystone16:46
openstackgerritMerged openstack/keystone: Drop the (unused) domain table  https://review.openstack.org/31611916:51
*** diazjf has quit IRC16:52
*** fangxu has quit IRC16:53
*** fangxu has joined #openstack-keystone16:54
*** BjoernT has joined #openstack-keystone16:54
*** stingaci has joined #openstack-keystone16:56
*** stingaci has quit IRC16:56
*** stingaci has joined #openstack-keystone16:57
*** stingaci_ has joined #openstack-keystone16:59
*** spandhe has left #openstack-keystone16:59
*** gyee has quit IRC17:00
henrynashayoung, stevemar, dstanek, samueldmq: There’s another “driver version increase” patch that has been waiting a while, if you get a chance somtime to send it on it’s way (or comment) that would be great…at least one fix is dependant on it...17:01
ayounghenrynash, link?17:01
henrynashayoung, stevemar, dstanek, samueldmq: https://review.openstack.org/#/c/305315/17:01
patchbothenrynash: patch 305315 - keystone - Create V9 driver for identity backend17:01
*** stingac__ has joined #openstack-keystone17:01
stevemarhenrynash: do we have this automated yet? :P17:01
ayounghenrynash, +602 -12...each line technical debt...17:02
henrynashstevemar: I don’t belive so….(and this one was a little different, due to the fact that we load it from multiple places)….17:02
henrynashayoung: yep!17:02
*** stingaci has quit IRC17:03
henrynashayoung: well most of it is actually a copy of teh sql driver purely so we can test it, it isn’t part of the funcitonal code17:03
stevemarnotmorgan: reqeuested access from my gmail accnt17:03
*** doug-fish has quit IRC17:03
henrynashayoung (403 lines of it is the copy of the sql driver)17:03
*** ninag has joined #openstack-keystone17:03
ayounghenrynash, I saw that, an I really would like to burn it.  With kerosene17:04
*** stingaci_ has quit IRC17:04
*** doug-fish has joined #openstack-keystone17:04
ayounghenrynash, does that really need to be there?  What is the justification again?17:04
*** ninag has quit IRC17:05
notmorganstevemar:  ok17:05
notmorgansec17:05
*** ninag has joined #openstack-keystone17:06
notmorganstevemar: hmm.17:06
notmorganstevemar: done17:06
*** doug-fis_ has joined #openstack-keystone17:07
*** doug-fish has quit IRC17:08
*** gyee has joined #openstack-keystone17:08
*** ChanServ sets mode: +v gyee17:08
*** ninag_ has joined #openstack-keystone17:09
*** ninag has quit IRC17:10
*** ninag has joined #openstack-keystone17:10
*** doug-fis_ has quit IRC17:12
*** stingac__ has quit IRC17:12
*** doug-fish has joined #openstack-keystone17:13
*** ninag_ has quit IRC17:14
*** lhcheng_ has joined #openstack-keystone17:15
*** lhcheng_ has quit IRC17:15
*** stingaci has joined #openstack-keystone17:15
*** lhcheng_ has joined #openstack-keystone17:16
*** stingaci has quit IRC17:16
*** lhcheng_ has quit IRC17:16
*** stingaci has joined #openstack-keystone17:17
*** lhcheng_ has joined #openstack-keystone17:17
*** lhcheng has quit IRC17:18
*** phalmos has joined #openstack-keystone17:20
*** phalmos has quit IRC17:21
*** stingaci has quit IRC17:22
*** phalmos has joined #openstack-keystone17:22
*** stingaci has joined #openstack-keystone17:25
notmorganstevemar, crinkle: ldappool merging py3 compat, we need to run tests again now. (pyldap is merged)17:26
stevemarnotmorgan: nice17:29
notmorganstevemar: proposing a change for keystone too now, with a reno for moving to pyldap17:29
*** jbell8 has quit IRC17:30
*** agrebennikov has quit IRC17:31
openstackgerritMorgan Fainberg proposed openstack/keystone: Use PyLDAP instead of python-ldap  https://review.openstack.org/31763817:32
stevemarnotmorgan: you could re-use https://review.openstack.org/#/c/311827/ if you want17:32
patchbotstevemar: patch 311827 - keystone - WIP: review at own risk: switch to pyldap17:32
notmorgantoo late :P17:32
notmorgani can swap to the old if if you'd prefer17:32
stevemarno no17:33
notmorgani went with a *very* simple change17:33
notmorganto show it was drop in17:33
notmorganwe should rebase that on the one i proposed and do the py3 fixes17:33
notmorganonce ldappool is released17:33
*** stingaci_ has joined #openstack-keystone17:34
stevemarnotmorgan: i see, you want to do the swap first, then make things py3 compat17:34
notmorganor17:34
notmorganyeah17:34
stevemarnotmorgan: also, white space at https://review.openstack.org/#/c/317638/1/setup.cfg17:35
patchbotstevemar: patch 317638 - keystone - Use PyLDAP instead of python-ldap17:35
notmorgansee my comment on your patch :P17:35
stevemaror not...17:35
*** naresht has joined #openstack-keystone17:35
openstackgerritMorgan Fainberg proposed openstack/keystone: Use PyLDAP instead of python-ldap  https://review.openstack.org/31763817:35
*** tonytan4ever has joined #openstack-keystone17:35
notmorganwhitespace fixed17:35
*** timcline has quit IRC17:36
notmorganthere we go17:36
notmorganthis way we can show drop-in replacement works and then fix py3 things in a clear way17:36
notmorgan:)17:36
*** mdurrant has quit IRC17:37
*** ninag has quit IRC17:37
openstackgerritSteve Martinelli proposed openstack/keystone: WIP: review at own risk: switch to pyldap  https://review.openstack.org/31182717:37
*** ninag has joined #openstack-keystone17:37
*** stingaci has quit IRC17:38
dolphmstevemar: you're supposed to fill out the survey, not just type into the spreadsheet17:40
stevemardolphm: whoaaa there's a survey17:40
openstackgerritSteve Martinelli proposed openstack/keystone: enable ldap tests for py3  https://review.openstack.org/31764417:40
*** roxanaghe_ has joined #openstack-keystone17:41
*** roxanaghe has quit IRC17:41
stevemardolphm: done :)17:42
*** stingaci has joined #openstack-keystone17:43
*** stingaci_ has quit IRC17:44
*** stingaci_ has joined #openstack-keystone17:44
*** timcline has joined #openstack-keystone17:46
*** jbell8 has joined #openstack-keystone17:47
*** stingaci has quit IRC17:48
*** diazjf has joined #openstack-keystone17:48
notmorganstevemar, dolphm, lbragstad: https://bugs.launchpad.net/ossa/+bug/1577558 please review impact statement for me17:49
openstackLaunchpad bug 1577558 in OpenStack Security Advisory "v2.0 fernet tokens audit ids are inconsistent" [Undecided,Confirmed]17:49
*** Alexander has joined #openstack-keystone17:52
*** Alexander is now known as Guest4855017:52
*** jaugustine has joined #openstack-keystone17:53
*** amakarov has quit IRC17:53
*** Guest48550 is now known as amakarov17:54
*** alexander__ has joined #openstack-keystone17:54
lbragstadnotmorgan looks good to me17:56
*** BjoernT has quit IRC17:56
*** TxGVNN has quit IRC17:56
henrynashayoung: so I’d love to not have that part….but how else would we reliably test whether our legacy interface was still supported?17:59
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/31748318:00
*** BjoernT has joined #openstack-keystone18:01
*** stingaci_ has quit IRC18:04
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/31749518:05
*** pushkaru has quit IRC18:11
*** stevemar changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | Keystone Midcycle RSVP: http://goo.gl/forms/NfFMpJe6MSCXSNhr2 (Hosted By Cicso, July 20-22, 170 W Tasman Dr, San Jose, CA 95134) | Keystone Midcycle wiki https://wiki.openstack.org/wiki/Sprints/KeystoneNewtonSprint"18:13
*** doug-fis_ has joined #openstack-keystone18:15
*** doug-fish has quit IRC18:18
*** pushkaru has joined #openstack-keystone18:20
*** roxanaghe has joined #openstack-keystone18:26
*** jbell8 has quit IRC18:27
*** roxanaghe__ has joined #openstack-keystone18:28
*** roxanaghe_ has quit IRC18:30
*** rcernin has quit IRC18:31
*** roxanaghe has quit IRC18:31
*** jbell8 has joined #openstack-keystone18:31
*** stingaci has joined #openstack-keystone18:34
openstackgerritRon De Rose proposed openstack/keystone: Move identity.backends.sql model code to sql_model.py  https://review.openstack.org/29261118:44
*** kevinbenton has quit IRC18:49
*** kevinbenton has joined #openstack-keystone18:50
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/31748518:52
amakarovayoung: a PoC from breton's intern about enforcing policy in keystone: https://review.openstack.org/#/c/317529/18:53
patchbotamakarov: patch 317529 - keystone - Added app for policy enforcement18:53
*** roxanaghe_ has joined #openstack-keystone18:54
ayoungamakarov, nice18:54
*** roxanaghe has joined #openstack-keystone18:56
*** roxanaghe__ has quit IRC18:57
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/31748418:58
*** roxanaghe_ has quit IRC18:59
*** diazjf has quit IRC18:59
gyeejamielennox, can you please expend on certs can't be enforce globally?19:00
jamielennoxwe can get to the point that certs are the recommended deployment mechanism but people just won't set up the infrastructure19:00
jamielennoxs/enforce/required19:00
gyeecerts are a requirement in any production deployment19:00
samueldmqayoung: you on patch 311652 ?19:01
patchbotsamueldmq: https://review.openstack.org/#/c/311652/ - keystone - Replace revoke tree with linear search19:01
*** amakarov has quit IRC19:01
jamielennoxgyee: https certs are, doing client cert enforcement is not19:01
jamielennoxand the ca management that comes with it is a high bar for some people19:01
ayoungsamueldmq, yeah19:01
samueldmqlet's start a Certificate as a service then19:02
gyeewhy not, same mechanism for cert management19:02
*** spandhe_ has joined #openstack-keystone19:02
gyeeits no different than, say fernet key management19:02
samueldmqayoung: nice, wanted to get that in today so we can seee if it fixes the issue in the gates19:02
samueldmqayoung: or if we still need to keep debugging19:02
*** diazjf has joined #openstack-keystone19:03
samueldmqgyee: just a big broader because it's for every endpoint19:03
ayoungsamueldmq, hoping to keep that one as a new loss of lines...19:03
samueldmqgyee: while fernet is for keystone endpoints19:03
jamielennoxbarbican tried that and oh god the vendor extensions and crap to make a cert-aas19:04
samueldmqgyee: but I like the idea, just don't have xp with handling certs etc to say it's bad or not19:04
samueldmqgyee: but shouldn't be :/19:04
ayounganyone know a one liner to convert a python path into a file... change . to / in bash?19:05
jamielennoxi'm sure it's doable, but even i'm not sure without some testing how you set up a public facing https endpoint with a global ca, but then also do optional client cert enforcement on an internal ca19:05
ayoungah forget it19:05
ayoungnot worth it19:05
jamielennoxparticularly if the endpoint you expose it haproxy or eventlet19:06
gyeejamielennox, I have a demo for enforcing cert authorization19:07
*** doug-fis_ has quit IRC19:08
gyeewe can differentiate between SSL cert and certs used for authn/z19:08
jamielennoxgyee: in what - apache?19:08
gyeeboth apache and haproxy19:08
gyeeyou can terminate SSL at either haproxy or apache19:08
gyeeit works either way19:09
*** iurygregory_ has joined #openstack-keystone19:09
jamielennoxyep, well for the eventlet based apis haproxy would have to be available or it's a non-starter19:09
openstackgerritMerged openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/31750119:09
gyeeeventlet!?19:09
gyeeI thought we are not recommending eventlet19:10
jamielennoxgyee: n-api, g-api, c-api ...19:10
jamielennoxyou would need to do client cert enforcement at all those points to make certs work from service to service19:10
gyeesure, in production, they are fronted by haproxy or some 3rd party LB anyway19:11
lbragstadayoung question: how familiar are you with dogtag?19:13
*** sdake has quit IRC19:15
*** doug-fish has joined #openstack-keystone19:16
ayounglbragstad, I have many sets.19:16
ayoungName SSN Religeon Blood Type19:16
gyeehahahah19:16
ayounglbragstad, pretty familiar, and I know who to ask19:17
gyeeayoung, I enjoy your comics19:17
lbragstadayoung favorite/preferred ammunition?19:17
ayounglbragstad, we still talking dogtag, or Firearms?19:17
lbragstadayoung i was wondering it it would be possible to use it to store fernet keys?19:17
gyeelbragstad, you are talking to a military guy19:17
ayounglbragstad, ah...probably19:17
*** BjoernT has quit IRC19:18
ayounglbragstad, Barbican backs to dogtag, and we have provisions in it to store keys19:18
lbragstadi have a spec up (proposed to backlog) to add different backends for fernet keys19:18
ayounglbragstad, I don;t think that we need it, though.  Why would you want to put them in Dogtag?19:18
jamielennox:q19:18
ayoungOr anything off site, for that matter?19:18
jamielennoxbah19:18
lbragstadjamielennox :a!19:19
lbragstadjamielennox :qa!19:19
ayoungjamielennox, that should be :wq19:19
gyee:q!19:19
ayounghow do we failfast with tox run tests again?19:19
lbragstadayoung we had a guy at the summit come ask us about alternative storage methods19:19
lbragstadafter the fernet talk19:19
ayounglbragstad, the real question is how to transport them for multisite19:20
*** woodster_ has joined #openstack-keystone19:20
lbragstadthis specific user was interested in securing them19:20
*** sdake has joined #openstack-keystone19:20
ayoungthat seems like it should bea PKCS12 or something19:20
ayoungDogtag would not be proper  for that unless it was for archival19:21
lbragstadgotcha19:21
gyeelbragstad, why not let Barbican manage the keys?19:22
ayounglbragstad, the funny thing is, this is the one use case where Kite made sense19:22
ayounggyee, not in this case19:22
*** sdake has quit IRC19:22
gyeewhy not?19:22
ayounggyee, archival, yes19:22
ayoungrotation does not call for them being stored off site19:22
gyeenot just that, I mean active key rotation19:22
*** sdake has joined #openstack-keystone19:22
ayounggyee, I'll defer19:22
bknudsonsorry I missed the meeting. Traveling.19:23
ayoungIthink there is a chicken/egg issue with Barbican and Keystone Fernet keys19:23
gyeethere is, we need to figure out a bootstrap issue19:23
*** sdake has quit IRC19:23
gyeesame thing with Anchor and certmonger19:23
gyeewe need the initial seed/account19:23
lbragstadcould anchor be used to store keys?19:24
*** BjoernT has joined #openstack-keystone19:25
gyeeanchor does not store keys19:25
gyeeit only store public certs19:25
lbragstadah19:25
gyeenot even store, it was designed to discard the certs quickly19:25
gyeelbragstad, I think we need to look at Barbican19:25
*** sdake has joined #openstack-keystone19:26
diazjfgyee, hit me up if you need some info on storing the keys in barbican19:26
gyeeonce the initial key is provision, its just a matter of periodically polling barbican for new keys19:26
*** iurygregory_ has quit IRC19:26
gyeediazjf, thanks, I was think of a POC19:26
gyees/think/thinking/19:26
diazjfgyee, I'd be happy to help out I can bring it up in the next Barbican meeting on monday19:27
gyeediazjf, I think integrating with Barbican is the right solution19:27
gyeejust need to test it out19:27
diazjfayoung, gyee, etherpad? gyee, I agree is this for fernet tokens?19:27
gyeeyes, fernet signing and encryption keys19:28
gyeediazjf, I don't have it in writing yet, just some brain farts19:29
openstackgerritLance Bragstad proposed openstack/keystone-specs: Add spec for fernet key store backends  https://review.openstack.org/31126819:29
diazjfgyee, no worries. Lets setup an etherpad and well talk more about it19:29
*** comstud has joined #openstack-keystone19:31
*** sdake_ has joined #openstack-keystone19:32
*** sdake has quit IRC19:32
*** gyee has quit IRC19:33
*** rderose has quit IRC19:34
*** gokrokve has quit IRC19:36
lbragstadnotmorgan about the soft deletes19:36
lbragstadI was talking to a few people at the summit about that19:37
notmorganlbragstad: so, i dislike "soft delete" if you have a "hard delete" option- either we maintain the records (indefinitely[fine with me]) or we don't19:37
notmorgani don't like the "oh we'll let you 'prune19:37
notmorgan this later"19:37
notmorganthats all19:38
lbragstadnotmorgan I tried to capture some of the information here http://lbragstad.com/improving-auditing-in-keystone/19:38
notmorganfor things in keystone.. tbh we should just not elminiate the records for the most part ( on users, projects, etc)19:38
lbragstadat the time I guess we were talking about it from an auditing angle19:38
notmorgandomains.19:38
lbragstadnotmorgan so you believe in the soft delete option?19:38
notmorganso, i wouldn't call it "soft delete"19:39
notmorganit's not really a soft delete19:39
notmorganit's how we mark something deleted.19:39
notmorganis it "deleted" or "removed from the DB"19:39
notmorgandoesn't matter, it's semantics.19:39
lbragstadnotmorgan isn't that a soft delete?19:39
notmorgansoft delete is like what nova does... with a prune late imo19:39
notmorganlater*19:40
lbragstadwe just flip a bit in the db19:40
lbragstaddelete = true19:40
notmorgannope19:40
notmorganuse a timestamp19:40
notmorganfor PK reasons19:40
notmorgandeleted = 0, OR deleted="timestamp"19:40
notmorgan(unix time?)19:40
lbragstaddeleted = 0 means it's not deleted, right?19:40
notmorganright19:40
jamielennoxwhy is this primary key reasons?19:41
notmorganyou need to do that and unique columns need to be changed to be (deleted + unique column)19:41
notmorganpk/unique-keys19:41
notmorganotherwise you can only ever have 1 deleted 1 active column19:41
notmorganerm record with the duplicated unique column19:41
notmorgannot pk.19:42
jamielennoxeven unique, i agree with the timestamp for auditing but for most checks you want to say IS NOT NULL19:42
notmorganyou can't unique constrain on NULL in mysql19:42
notmorgan(NULL, ID) can be duplicated a ton of times19:42
jamielennoxwhy do you want to unique constraint the timestamp?19:42
notmorgan(0, ID) cannot be duplicated19:42
notmorganyou use the timestamp to make the unique constraints for deleted not collide with subsequented deleted records19:43
notmorganexample project-name19:43
notmorganotherwise you can't have multiple deleted records with the same project-name.19:44
notmorganif the column is "active" and True or Null19:44
notmorganthen the active = Null would be deleted. allowing duplicated keys - but that doesn't work in PGSQL.19:44
notmorgansooooo19:44
notmorganshort answer19:44
jamielennoxbut why have that unique constraint, your ids are unique and everything else is a query19:44
notmorganproject-names are unique with domain_id19:44
notmorganright now19:44
notmorganso if you make it "deleted" but don't change the unique constraint19:45
notmorganto be domain_id, project_name, deleted19:45
notmorganyou can't duplicate project-names even if deleted19:45
notmorganif deleted is "NULL" you aren't constraining project_name, domain_id anymore in mysql19:45
jamielennoxoh, hmm19:45
notmorganso if deleted = 0, it's active19:46
notmorganif deleted=<unix_time_not_0>19:46
notmorganyou can have only one active, "0", and many deleted19:46
notmorgansince deletion is a unixtime19:46
jamielennoxi see, that makes sense19:46
* notmorgan is unsure why keystone opted for "remove record from DB" for deletes19:48
jamielennoxprobably the same reason people flip out when we say there is no way to clean up shadow users - it really doesn't matter19:49
jamielennoxbut i'd be +2 on changing things like project and domain to never actually remove from db19:50
lbragstadso - if we were to do that we would add some bits to the keystone api to get all entities, including deleted ones19:50
*** sdake_ has quit IRC19:53
lbragstadnotmorgan jamielennox would adding that ability remove the need for something like this - https://review.openstack.org/#/c/288643/ ?19:56
patchbotlbragstad: patch 288643 - keystone - Send notifications with entity name in payload19:56
notmorganlbragstad: i think that helps, but it doesn't solve some fundamental issues with keystone and restoring things/better lifecycle management of resources19:57
jamielennoxlbragstad: i'd think that would still be useful19:57
*** agrebennikov has joined #openstack-keystone19:58
lbragstadjamielennox notmorgan you mean enriching the notifications sent by keystone?19:58
*** sdake has joined #openstack-keystone19:58
notmorganlbragstad: so we can enrich notificatons, but there is still real reasons to change what "deleting" means19:58
notmorganwe also don't create projects like nova creates vms :P19:58
*** rcernin has joined #openstack-keystone19:58
notmorganor if we do...19:58
notmorgandifferent issue19:58
lbragstadjamielennox i discussed this a bit at the summit with some folks and tried to document it here http://lbragstad.com/improving-auditing-in-keystone/19:59
lbragstadnotmorgan what are the other reasons to change what delete means?19:59
notmorganmostly for lifecycle management/restorability19:59
jamielennoxlbragstad: i think for auditing and readability it's fine to add that info to the notification, i think most people are only consuming those and any additional info is useful19:59
notmorgani don't have a good alternative19:59
*** doug-fis_ has joined #openstack-keystone20:00
*** ninag has quit IRC20:01
* jamielennox is going to try and sleep for another hour or two 20:01
lbragstadso - if we change our database model to not delete things then the current notification system works20:01
*** ninag has joined #openstack-keystone20:01
lbragstadjamielennox o/20:01
*** doug-fi__ has joined #openstack-keystone20:03
*** doug-fish has quit IRC20:03
*** doug-fis_ has quit IRC20:04
*** ninag_ has joined #openstack-keystone20:04
*** ninag has quit IRC20:06
*** diazjf has quit IRC20:08
*** ninag_ has quit IRC20:09
*** anush has quit IRC20:11
*** anush has joined #openstack-keystone20:12
*** sheel has quit IRC20:15
*** ninag has joined #openstack-keystone20:15
*** doug-fish has joined #openstack-keystone20:16
*** ninag has quit IRC20:16
*** ninag has joined #openstack-keystone20:17
openstackgerritayoung proposed openstack/keystone: Replace revoke tree with linear search  https://review.openstack.org/31165220:17
*** ninag has quit IRC20:17
*** ninag has joined #openstack-keystone20:17
*** ninag has quit IRC20:18
*** doug-fi__ has quit IRC20:18
*** pwgravel has quit IRC20:26
*** rderose has joined #openstack-keystone20:27
*** dmk0202 has joined #openstack-keystone20:29
*** gyee has joined #openstack-keystone20:40
*** ChanServ sets mode: +v gyee20:40
*** diazjf has joined #openstack-keystone20:40
*** rcernin has quit IRC20:41
*** diazjf has quit IRC20:45
*** tonytan_brb has joined #openstack-keystone20:46
*** raildo is now known as raildo-afk20:47
amrithstevemar, yt?20:49
stevemaramrith: o/20:49
*** tonytan4ever has quit IRC20:49
amrithI'm making a mess of the change you submitted to Trove https://review.openstack.org/#/c/290971/220:49
patchbotamrith: patch 290971 - python-troveclient - WIP: switch to keystoneauth20:49
amrithwanted to have your thoughts on the hack job I'm doing.20:49
amrith:)20:49
amrithI hope that's what you had in mind (someone from trove pick it up and run with it)20:51
amrithif not, sorry for squishing your toes ...20:51
*** ksatrimed has joined #openstack-keystone20:51
*** ksatrimed has quit IRC20:52
*** spandhe_ has quit IRC20:53
*** ninag has joined #openstack-keystone20:54
*** spandhe has joined #openstack-keystone20:54
*** chrisshattuck has quit IRC20:56
*** gagehugo has quit IRC20:56
*** ninag has quit IRC20:57
openstackgerritRon De Rose proposed openstack/keystone: Shadow LDAP and custom driver users  https://review.openstack.org/30548720:58
*** sdake_ has joined #openstack-keystone20:58
openstackgerritRon De Rose proposed openstack/keystone: Shadow LDAP and custom driver users  https://review.openstack.org/30548720:59
stevemaramrith: makes me job easier! :) i'll comment in the review20:59
*** diazjf has joined #openstack-keystone21:00
*** fangxu has quit IRC21:00
amriththx stevemar21:00
*** sdake has quit IRC21:00
openstackgerritRon De Rose proposed openstack/keystone: Shadow LDAP and custom driver users  https://review.openstack.org/30548721:01
*** julim has quit IRC21:01
*** pushkaru has quit IRC21:07
* notmorgan finishes meetings and sighs with relief21:07
*** ninag has joined #openstack-keystone21:09
*** ninag has quit IRC21:09
*** dmk0202 has quit IRC21:10
stevemarnotmorgan: hey you signed up for it21:14
* notmorgan signs stevemar up for meetings.21:14
stevemari got out of all my meetings21:14
*** pauloewerton has quit IRC21:17
*** mou has quit IRC21:19
*** daemontool has joined #openstack-keystone21:20
*** doug-fis_ has joined #openstack-keystone21:22
*** doug-fish has quit IRC21:23
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users  https://review.openstack.org/28494321:25
*** tonytan_brb has quit IRC21:26
*** jamielennox is now known as jamielennox|away21:30
stevemarmfisch: poke for https://review.openstack.org/#/c/315359/21:33
patchbotstevemar: patch 315359 - keystonemiddleware - generate sample config automatically21:33
*** ayoung has quit IRC21:33
*** haplo37 has joined #openstack-keystone21:37
notmorganstevemar: we have an issue with the requirements in ldapool21:38
notmorganrecheck wont solve it21:38
*** jamielennox|away is now known as jamielennox21:39
*** doug-fish has joined #openstack-keystone21:40
*** ametts has quit IRC21:41
mfischstevemar: yay!21:41
mfischgo ahead and disenfranchise me in the project ;)21:42
*** doug-fis_ has quit IRC21:42
*** edtubill has quit IRC21:44
openstackgerritwerner mendizabal proposed openstack/keystone: Support encryption of credentials in Keystone  https://review.openstack.org/31716921:44
*** edmondsw has quit IRC21:45
*** spandhe_ has joined #openstack-keystone21:47
*** spandhe has quit IRC21:49
*** spandhe_ is now known as spandhe21:49
*** jbell8 has quit IRC21:49
notmorganmfisch: huh?21:50
mfischnotmorgan: I had a commit to fix some of those by hand, commit gets me a vote21:51
mfischhence my poor joke21:51
*** tqtran has joined #openstack-keystone21:52
openstackgerritMorgan Fainberg proposed openstack/ldappool: make ldappool py3 compatible  https://review.openstack.org/31572821:52
notmorganmfisch: oh21:52
*** ametts has joined #openstack-keystone21:54
*** sdake_ is now known as sdake21:54
*** diazjf has quit IRC21:57
*** jaugustine has quit IRC22:01
notmorganamrith: it's a hack job, but a required hack job ;)22:01
*** daemontool has quit IRC22:03
*** ozialien10 has quit IRC22:04
*** ozialien10 has joined #openstack-keystone22:04
*** doug-fish has quit IRC22:06
*** ametts has quit IRC22:07
*** phalmos has quit IRC22:08
*** stingaci_ has joined #openstack-keystone22:08
*** sigmavirus24 is now known as sigmavirus24_awa22:08
*** stingaci has quit IRC22:11
*** markvoelker has joined #openstack-keystone22:14
*** ninag has joined #openstack-keystone22:17
*** jbell8 has joined #openstack-keystone22:17
*** ninag has quit IRC22:17
*** henrynash has quit IRC22:19
*** ninag_ has joined #openstack-keystone22:21
*** markvoelker has quit IRC22:21
*** markvoelker has joined #openstack-keystone22:22
*** ninag_ has quit IRC22:25
openstackgerritMerged openstack/keystone: Port test_v2 unit test to Python 3  https://review.openstack.org/31206022:26
openstackgerritMerged openstack/keystone: Move the oauth1 abstract base class out of core  https://review.openstack.org/31704522:26
*** timcline has quit IRC22:27
*** doug-fish has joined #openstack-keystone22:32
*** BjoernT has quit IRC22:35
*** doug-fish has quit IRC22:36
*** doug-fish has joined #openstack-keystone22:39
*** rderose has quit IRC22:40
*** ninag has joined #openstack-keystone22:42
*** ayoung has joined #openstack-keystone22:42
*** ChanServ sets mode: +v ayoung22:42
*** doug-fish has quit IRC22:44
*** sdake_ has joined #openstack-keystone22:45
*** ninag has quit IRC22:46
*** sdake has quit IRC22:48
*** haplo37 has quit IRC22:49
*** jbell8 has quit IRC22:54
*** sdake_ has quit IRC22:54
*** jbell8 has joined #openstack-keystone22:56
*** doug-fish has joined #openstack-keystone22:59
*** lhcheng has joined #openstack-keystone23:00
*** ChanServ sets mode: +v lhcheng23:00
*** r-daneel has joined #openstack-keystone23:01
*** doug-fish has quit IRC23:03
*** lhcheng_ has quit IRC23:03
*** woodster_ has quit IRC23:08
*** gordc has quit IRC23:11
*** markvoelker has quit IRC23:12
stevemarnotmorgan: whats up with ldappool23:17
*** roxanaghe has quit IRC23:17
notmorgan?23:17
*** furface has joined #openstack-keystone23:19
stevemarnotmorgan: oh, i thought you meant something worse... nvm23:20
stevemari see it now, the comment mismatch23:21
notmorgannope23:21
notmorganyah23:21
*** sdake has joined #openstack-keystone23:24
notmorganstevemar: is there anything else we need for ldappool?23:30
notmorganstevemar: because i'd like to do a release soon23:30
stevemarnotmorgan: theres still: https://review.openstack.org/#/c/315728/23:30
patchbotstevemar: patch 315728 - ldappool - make ldappool py3 compatible23:30
notmorgancc crinkle ^23:30
stevemargah23:30
stevemari meant https://review.openstack.org/#/c/315840/23:30
patchbotstevemar: patch 315840 - ldappool - Raise an explicit BackendError on TLS failures23:30
openstackgerritMerged openstack/ldappool: make ldappool py3 compatible  https://review.openstack.org/31572823:30
notmorganbesides python3 tests.23:30
stevemarand wut: https://review.openstack.org/#/c/316985/23:31
patchbotstevemar: patch 316985 - ldappool - Updated from global requirements23:31
notmorganstevemar: welcome to G-R23:31
notmorganthat one will conflict23:31
notmorganhttps://review.openstack.org/#/c/317646/ needs to land too, but that is not us23:31
patchbotnotmorgan: patch 317646 - openstack-infra/project-config - Add python3-testing to ldappool23:31
* crinkle shrug23:32
notmorganstevemar: do we want to add tests? or just not really doable?23:33
notmorgancause... i'll let it go if it's not really doable to test.23:33
stevemarnotmorgan: not sure if it's all that do-able23:34
notmorganif we do a release of ldappool, update g-r, and land pyldap thing for keystone i think we're at the point where we are within minor fixes of being py3 compat in keystone23:34
stevemargerrit just slowed down23:34
stevemarnotmorgan: i'm still concerned about folks using python-ldap and ldappool, and then updating23:35
notmorganstevemar: it seemlessly upgrades23:35
notmorgani tried it23:35
notmorganzero issues23:35
openstackgerritSteve Martinelli proposed openstack/ldappool: Updated from global requirements  https://review.openstack.org/31698523:35
notmorganalso remember, major version *and* no code in 3 yrs23:35
notmorganon ldappool23:36
stevemarnotmorgan: yeah23:36
stevemarupgrade at own risk :P23:36
notmorganstevemar: i asked lifeless, there was no way to make them both work23:36
stevemarnotmorgan: you've convinced me23:36
stevemarnotmorgan: ah okay23:36
stevemarnotmorgan: i tweaked https://review.openstack.org/#/c/316985/ - it should be OK now23:36
patchbotstevemar: patch 316985 - ldappool - Updated from global requirements23:36
notmorganok23:36
lifelessin debian you can say foo|bar, but the python dependency language doesn't allow that yet23:37
notmorganand i'll +2 the TLS error thing23:37
notmorganlifeless: i expect most distros will package this just fine and not run into issues23:37
notmorganlifeless: and pip folks, it really "just works" from everything i tested23:37
lifelessnotmorgan: upgrades worked?23:37
notmorganlifeless: it's a fork and it just worked23:38
stevemarnotmorgan: sounds good to me (re: tls)23:38
notmorganstevemar: +2 on req updates *and* tls error23:38
notmorganlifeless: it upgraded fine, pyldap has extra code to make it work well.23:38
notmorganlifeless: it's a bit weird. but eh. couldn't break it23:39
lifelessnotmorgan: good enough for me23:39
openstackgerritMerged openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/31749523:39
stevemarnotmorgan: i think we're all good on the ldappool front23:39
notmorganayoung: https://review.openstack.org/#/c/317638/ (cc bknudson, dolphm, dstanek, lbragstad)23:39
patchbotnotmorgan: patch 317638 - keystone - Use PyLDAP instead of python-ldap23:39
notmorgangyee: ^ cc too23:39
notmorganneeds another +223:39
notmorganstevemar: ok once those land i'll do a 2.0.0 release.23:40
notmorganstevemar: and we'll update g-r.23:40
notmorganstevemar: please update ldappool setup.cfg to include py323:41
notmorganstevemar: before we release23:41
notmorganstevemar: and add py3423:41
notmorgan? to tox ini?23:42
notmorganstevemar: or do you want me to?23:42
*** jbell8 has quit IRC23:43
openstackgerritMerged openstack/ldappool: Raise an explicit BackendError on TLS failures  https://review.openstack.org/31584023:43
notmorganstevemar: can we also make uwsgi voting?23:44
*** dan_nguyen has quit IRC23:47
openstackgerritMorgan Fainberg proposed openstack/ldappool: Add py3 info to setup.cfg  https://review.openstack.org/31777423:52
*** EinstCrazy has quit IRC23:55
*** rderose has joined #openstack-keystone23:56
« Monday, 2016-05-16 Index Wednesday, 2016-05-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!