Wednesday, 2016-07-13

*** markvoelker has quit IRC		00:02
*** ddieterly has joined #openstack-keystone		00:04
*** adrian_otto has quit IRC		00:05
*** nk2527 has quit IRC		00:09
*** markvoelker has joined #openstack-keystone		00:11
*** ivasilevskaya has joined #openstack-keystone		00:14
*** markvoelker has quit IRC		00:14
*** markvoelker has joined #openstack-keystone		00:14
*** ravelar159 has joined #openstack-keystone		00:21
*** daemontool has quit IRC		00:21
*** roxanaghe has quit IRC		00:23
*** samueldmq has quit IRC		00:28
*** ddieterly is now known as ddieterly[away]		00:32
*** ddieterly[away] has quit IRC		00:36
*** code-R has joined #openstack-keystone		00:38
openstackgerrit	Merged openstack/oslo.policy: Add Python 3.5 classifier and venv https://review.openstack.org/340777	00:38
*** spzala has joined #openstack-keystone		00:38
*** browne has quit IRC		00:39
*** code-R_ has joined #openstack-keystone		00:40
*** spzala has quit IRC		00:43
*** code-R has quit IRC		00:43
*** ravelar159 has quit IRC		00:55
*** ddieterly has joined #openstack-keystone		00:55
*** code-R_ has quit IRC		01:03
*** code-R has joined #openstack-keystone		01:03
*** code-R_ has joined #openstack-keystone		01:04
*** code-R has quit IRC		01:04
*** ddieterly has quit IRC		01:08
openstackgerrit	werner mendizabal proposed openstack/keystone: Support encryption of credentials in Keystone https://review.openstack.org/317169	01:10
*** markvoelker has quit IRC		01:25
*** EinstCrazy has joined #openstack-keystone		01:28
*** clenimar_ has quit IRC		01:29
*** wangqun has joined #openstack-keystone		01:36
*** spzala has joined #openstack-keystone		01:39
*** clenimar_ has joined #openstack-keystone		01:41
*** spzala has quit IRC		01:43
openstackgerrit	Merged openstack/keystone: PCI-DSS Disable inactive users requirements https://review.openstack.org/328447	01:51
stevemar	raildo: rodrigods that one page (http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.8/accounts.html#) is better than all our docs	01:53
*** adrian_otto has joined #openstack-keystone		02:00
*** EinstCrazy has quit IRC		02:00
*** EinstCrazy has joined #openstack-keystone		02:01
*** adrian_otto has quit IRC		02:02
*** davechen has joined #openstack-keystone		02:04
*** adrian_otto has joined #openstack-keystone		02:05
*** EinstCrazy has quit IRC		02:10
*** EinstCrazy has joined #openstack-keystone		02:11
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password history requirements https://review.openstack.org/328339	02:14
*** adrian_otto has quit IRC		02:18
*** adrian_otto has joined #openstack-keystone		02:20
*** ddieterly has joined #openstack-keystone		02:23
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password expires validation https://review.openstack.org/333360	02:25
*** ddieterly has quit IRC		02:28
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password expires validation https://review.openstack.org/333360	02:28
*** adrian_otto has quit IRC		02:29
*** ddieterly has joined #openstack-keystone		02:32
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password expires validation https://review.openstack.org/333360	02:34
openstackgerrit	Jamie Lennox proposed openstack/keystone: Handle more auth information via context https://review.openstack.org/339390	02:37
openstackgerrit	Jamie Lennox proposed openstack/keystone: Require auth_context middleware in the pipeline https://review.openstack.org/339356	02:37
*** aastha has quit IRC		02:39
*** ddieterly is now known as ddieterly[away]		02:44
*** ddieterly[away] has quit IRC		02:45
*** amoralej\|off has quit IRC		02:46
*** amoralej has joined #openstack-keystone		02:47
*** gyee has quit IRC		02:49
stevemar	someone available to test a hangout? :)	02:51
stevemar	i posted the hangout link here: https://etherpad.openstack.org/p/keystone-api-sprint	02:52
jamielennox	stevemar: i'll look early tomorrow morning and see if people are still around	02:55
stevemar	jamielennox: anyway you can hop on the hangout for a sec?	02:55
stevemar	i just want to make sure the URL persists	02:55
stevemar	jamielennox: meh, i just disconnected and tried again, it works	02:57
jamielennox	apparnetly i know longer have a plugin installed and firefox is having a freak out	02:57
jamielennox	works now, just lonely :p	02:58
*** code-R_ has quit IRC		03:00
stevemar	jamielennox: haha	03:00
*** itisha has quit IRC		03:00
*** spzala has joined #openstack-keystone		03:00
*** spzala has quit IRC		03:05
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	03:07
*** aastha has joined #openstack-keystone		03:13
stevemar	jamielennox: anyway you can take a look at https://review.openstack.org/#/c/290464/ and https://review.openstack.org/#/c/290497/ ? i'm anxious to get them in asap	03:14
patchbot	stevemar: patch 290464 - python-cinderclient - WIP: switch to keystoneauth	03:14
patchbot	stevemar: patch 290497 - python-glanceclient - switch from keystoneclient to keystoneauth	03:14
stevemar	i don't want the teams to pull the "it's too late in newton" card	03:15
jamielennox	stevemar: yep, will do	03:15
jamielennox	stevemar: you should remove the WIP tag	03:15
stevemar	jamielennox: it's failing tests :(	03:16
*** woodster_ has quit IRC		03:19
jamielennox	stevemar: ok, refreshing envs then i'll take it for a coffee - should i just push if i fix the tests?	03:20
stevemar	jamielennox: fo sho	03:20
*** ravelar159 has joined #openstack-keystone		03:24
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password expires validation https://review.openstack.org/333360	03:24
*** ravelar159 has quit IRC		03:29
jamielennox	stevemar: i think the ideal here would be to switch them to os-client-config instead of to ksa directly	03:30
jamielennox	mordred and notmorgan dislike it when i get people to use the load_from_argparse_arguments stuff in ksa	03:30
stevemar	jamielennox: just about all clients are using it	03:31
jamielennox	the ksa.cli stuff?	03:32
stevemar	the 'load_from_argparse_arguments'	03:33
jamielennox	hmm, that means no OS_CLOUD suport	03:33
jamielennox	man cinderclient is in rough shape	03:34
*** iurygregory_ has quit IRC		03:41
stevemar	jamielennox: yes, yes it is :(	03:45
jamielennox	stevemar: i want to rip and replace this, but i'm not sure if that will make it too difficult to merge	03:45
jamielennox	stevemar: like they have all this test if v2 or v3 is available and do stuff, we have all that support in ksa	03:45
stevemar	yeah, i had the same thought	03:46
stevemar	jamielennox: is cinder the one with their own discovery code?	03:46
stevemar	jamielennox: ignore it for now and rip it out later?	03:46
jamielennox	stevemar: they seem to be import keystoneauth.discover, but they're still doing it manually	03:46
jamielennox	glance seems to be manually parsing the catalog	03:46
jamielennox	yea, fix fast then maybe fix properly later	03:47
jamielennox	i've always tried to ignore client shells they suck so muc h	03:47
stevemar	is the CFP still open?	03:48
stevemar	oh a whole day left	03:48
*** davechen has left #openstack-keystone		03:53
*** markvoelker has joined #openstack-keystone		03:55
*** KevinE has quit IRC		03:59
*** spzala has joined #openstack-keystone		04:01
*** fawadkhaliq has joined #openstack-keystone		04:01
*** michauds has joined #openstack-keystone		04:03
*** links has joined #openstack-keystone		04:03
*** rderose has quit IRC		04:05
*** spzala has quit IRC		04:06
*** tonytan4ever has joined #openstack-keystone		04:09
jamielennox	stevemar: fixed the failing test on cinderclient patch, removed WIP header (and gave myself co-author)	04:10
*** GB21 has joined #openstack-keystone		04:18
*** sdake has joined #openstack-keystone		04:22
*** julim has quit IRC		04:26
*** dikonoor has joined #openstack-keystone		04:26
*** richm has quit IRC		04:34
stevemar	jamielennox: cool with me	04:35
*** fawadkhaliq has quit IRC		04:37
stevemar	jamielennox: can you review the glanceclient one too, it's passing but could use your opinion on it	04:38
stevemar	(to double check i didn't do anything crazy)	04:38
jamielennox	stevemar: yep i have it open	04:38
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Add additional_headers to session and adapter https://review.openstack.org/341291	04:38
*** michauds has quit IRC		04:40
*** GB21 has quit IRC		04:40
jamielennox	stevemar: the glance one does a lot more messing around with the options in shell	04:41
*** sdake has quit IRC		04:50
jamielennox	stevemar: so i don't like how using default= there in the auth plugin stuff will interact with the auth plugin loader	04:52
jamielennox	although maybe it doesn't matter	04:52
stevemar	jamielennox: it's been a while, where is that?	04:53
jamielennox	https://review.openstack.org/#/c/290497/16/glanceclient/shell.py L110	04:53
patchbot	jamielennox: patch 290497 - python-glanceclient - switch from keystoneclient to keystoneauth	04:53
stevemar	jamielennox: i copied that over from the novaclient and neutronclient migration	04:54
jamielennox	stevemar: lol, ah this is all so broken	04:54
stevemar	jamielennox: oh yeah	04:55
stevemar	jamielennox: right now it's all about not using deprecated keystoneclient stuff	04:55
stevemar	we can rm -rf the rest of this later	04:55
jamielennox	stevemar: so for speed i would back that out, i'm not sure if glanceclient is even correctly handling the token auth	04:55
jamielennox	i left another comment	04:55
jamielennox	ah - well i will have if i press the button	04:56
jamielennox	stevemar: oh, i see, there's really no other way to register specific options without setting default-	04:58
*** spzala has joined #openstack-keystone		05:01
*** dikonoor has quit IRC		05:03
*** spzala has quit IRC		05:06
mordred	stevemar, jamielennox: heya! any way I can be useful or helpful?	05:11
mordred	I agree that at least getting things off of ksc in whatever way that makes sense is the best and most important thing	05:11
mordred	:)	05:11
stevemar	mordred: i think jamielennox figured it out, mostly?	05:12
mordred	woot	05:12
stevemar	mordred: a review of https://review.openstack.org/#/c/290497/ is always helpful :P	05:12
patchbot	stevemar: patch 290497 - python-glanceclient - switch from keystoneclient to keystoneauth	05:12
jamielennox	mordred: basically we need to move glance and cinder shells to os-client-config instead of fixing the crap they do now	05:12
jamielennox	but i have long stopped trying to fix the individual client shells, there's too many	05:13
jamielennox	and they're all broken in different way s	05:13
mordred	yah - I mostly wanted to get nova/neutron/cinder/glance fixed	05:13
mordred	and wanted to get them on occ purely to ease transition to osc	05:13
mordred	because yeah .. WOW they're all bad	05:13
jamielennox	so maybe osc-lib can fix some of this, but again it's going to be a slightly different way of doing things that they won't adopt correctly	05:14
*** GB21 has joined #openstack-keystone		05:14
mordred	yah - the roadblock I hit with full occ support in python-novaclient was that it was _really_ hard to support all of the weird things they do in a backwards compat manner	05:16
mordred	so I gave up	05:16
jamielennox	and novaclient would be kind of a goal because they're a long way off full OSC support. for glance and cinder - meh?	05:18
*** maestropandy has joined #openstack-keystone		05:19
mordred	yah. turns out a LOT of people use nova cli and it's the hardest	05:20
mordred	I think very few people use glance cli	05:20
jamielennox	possibly the best thing to do now would be just go through nova cli and deprecate all the stupid old things they do that no one uses any more	05:22
mordred	jamielennox: btw - on the conversation we had a week or two ago about inferring plugin type from options, I believe I have come around to agreeing with you and I _think_ I've got some thoughts in my head on how to maybe get there	05:22
jamielennox	then worry about it in a year when you can just yank stuff out	05:22
mordred	yah. I _think_ I may have even done that a little bit already	05:22
jamielennox	mordred: oh nice - i think from a ksa perspective it's fairly pure on that but its been widely abused	05:23
jamielennox	mordred: my position was always that people don't write their own clouds.yaml anyway so specifying an auth_type was not a big deal	05:23
jamielennox	but yea whatever we can do to get there	05:24
jamielennox	gah, i need to move my blog off the ruby base - every time i touch it there's something wrong again	05:24
mordred	exactly. well, that and 'password' turns out to be a fairly sane default - if your cloud is not doing password, your cloud has likely actively communicated that	05:25
jamielennox	++	05:25
jamielennox	for a while there i had a plugin proposed that was called CLIDefault or something, which was essentially a merge of password and admin_token	05:26
notmorgan	or your cloud is insane	05:26
notmorgan	i mean...	05:26
mordred	notmorgan: yah	05:26
notmorgan	that is also possible	05:26
jamielennox	turns out that anyone using auth_token already knew what they were doing and so again setting --os-auth-type is not a big deal	05:26
mordred	jamielennox: right - but now that we don't use admin_token for bootstrapping, the main case that was driving the desire to automagically figure out token has gone away	05:26
mordred	jamielennox: yah	05:26
jamielennox	mordred: so that's pretty easy to accomplish, i'm not sure about os-c-c but from ksa i've supported default= in register_argparse_arguments	05:28
mordred	yah - we have defaults for auth_type in occ too	05:28
jamielennox	which would just default --os-auth-type to <default> and so register the correct options for help and then load the correct plugin	05:29
*** dikonoor has joined #openstack-keystone		05:30
*** fawadkhaliq has joined #openstack-keystone		05:32
*** fawadkhaliq has quit IRC		05:32
*** fawadkhaliq has joined #openstack-keystone		05:32
*** fawadkhaliq has quit IRC		05:33
*** fawadkhaliq has joined #openstack-keystone		05:33
*** fawadkhaliq has quit IRC		05:36
*** fawadkhaliq has joined #openstack-keystone		05:36
*** jamielennox is now known as jamielennox\|away		05:43
*** jamielennox\|away is now known as jamielennox		05:56
*** GB21 has quit IRC		05:59
*** spzala has joined #openstack-keystone		06:02
*** abhishekk has joined #openstack-keystone		06:05
*** spzala has quit IRC		06:06
abhishekk	jamielennox: hi you around?	06:06
jamielennox	abhishekk: yep	06:06
abhishekk	jamielennox: is it possible to create specs for keystoneauth in keystone-specs or I should write detail blueprint instead?	06:07
jamielennox	abhishekk: so there is a folder in keystone-specs that i've used in the past, however it's fairly rare, mostly we just do a bug and maybe a blueprint	06:08
jamielennox	abhishekk: what do you have in mind?	06:08
abhishekk	jamielennox: I want to log request-id mappings in keystoneauth session.py	06:09
jamielennox	abhishekk: mappings?	06:09
abhishekk	jamielennox: caller and caller request-id similar to https://blueprints.launchpad.net/python-cinderclient/+spec/log-request-id	06:10
abhishekk	*callee	06:10
abhishekk	most of the python-clients are using keystoneauth Session client so it will be centralized place for logging these request-ids	06:11
jamielennox	abhishekk: so you want to log it?	06:11
abhishekk	jamielennox: yes	06:11
*** GB21 has joined #openstack-keystone		06:11
abhishekk	jamielennox: it will be logged as a debug log	06:12
jamielennox	abhishekk: cool, i don't know if i'd worry about a blueprint for that	06:12
jamielennox	abhishekk: currently the debug log logs the curl syntax	06:12
jamielennox	isn't the request-id included in that/	06:12
abhishekk	jamielennox: IMO not	06:12
abhishekk	jamielennox: and we want both request-ids, caller and callee i.e. nova nad keystone request-ids at one line	06:13
abhishekk	it will be like: DEBUG keystoneauth.session [req-a654ff07-c540-4cb0-84e3-437855ad9f0e demo demo]	06:13
abhishekk	GET call to identity	06:13
abhishekk	for http://172.26.88.20/identity_v2_admin/v3/auth/tokens	06:13
abhishekk	used request id req-c139aef9-6abd-4ed5-ba78-3ab5b0d0b12d	06:14
abhishekk	so the first request-id is of nova and second one is of identity	06:14
jamielennox	abhishekk: ok, i'd be fine with that being in the logs and i really don't think you need a blueprint, maybe just file it as a bug	06:14
jamielennox	caller and callee?	06:15
abhishekk	jamielennox: ok thank you for your time	06:15
jamielennox	gah - i always disliked that a single request id wasn't just used for the entire call chain, i never understood the concern about that	06:15
jamielennox	my only concern there is by the time we have 2+ request ids in the debug log line is there going to be room on the screen to read the rest	06:16
abhishekk	jamielennox: nova is calling keystone then nova is caller and keystone is callee	06:16
abhishekk	jamielennox: hmm	06:17
jamielennox	how does ksa know caller and callee?	06:17
abhishekk	jamielennox: I will add this detail information in bug	06:17
jamielennox	abhishekk: sounds good, ping me with it when you have it up	06:18
abhishekk	jamielennox: sure, thank you	06:18
*** maestropandy has quit IRC		06:24
*** maestropandy has joined #openstack-keystone		06:35
*** pcaruana has joined #openstack-keystone		06:35
*** aastha has quit IRC		06:39
*** agireud has quit IRC		06:40
*** agireud has joined #openstack-keystone		06:44
*** openstackgerrit has quit IRC		06:48
*** openstackgerrit has joined #openstack-keystone		06:48
*** sheel has joined #openstack-keystone		06:48
*** agireud has quit IRC		06:55
*** spzala has joined #openstack-keystone		07:02
*** clenimar__ has joined #openstack-keystone		07:03
*** henrynash has joined #openstack-keystone		07:05
*** ChanServ sets mode: +v henrynash		07:05
*** clenimar_ has quit IRC		07:06
henrynash	raildo: indeed, interesting	07:06
*** spzala has quit IRC		07:07
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Add additional_headers to session and adapter https://review.openstack.org/341291	07:10
*** tesseract- has joined #openstack-keystone		07:10
*** jaosorior has joined #openstack-keystone		07:11
*** rcernin has joined #openstack-keystone		07:13
openstackgerrit	Jamie Lennox proposed openstack/keystone: Handle more auth information via context https://review.openstack.org/339390	07:15
openstackgerrit	Jamie Lennox proposed openstack/keystone: Require auth_context middleware in the pipeline https://review.openstack.org/339356	07:15
*** davechen has joined #openstack-keystone		07:16
*** GB21 has quit IRC		07:16
*** jed56 has joined #openstack-keystone		07:16
*** daemontool has joined #openstack-keystone		07:17
*** markvoelker has quit IRC		07:19
*** agireud has joined #openstack-keystone		07:20
*** markvoelker has joined #openstack-keystone		07:21
*** david-lyle has quit IRC		07:27
*** EinstCrazy has quit IRC		07:30
*** EinstCrazy has joined #openstack-keystone		07:31
*** daemontool_ has joined #openstack-keystone		07:31
*** david-lyle has joined #openstack-keystone		07:32
*** fawadkhaliq has quit IRC		07:33
*** daemontool has quit IRC		07:34
*** jojden has joined #openstack-keystone		07:37
*** markvoelker has quit IRC		07:39
*** tonytan4ever has quit IRC		07:47
*** tonytan4ever has joined #openstack-keystone		07:47
*** jamiec has joined #openstack-keystone		07:49
*** tonytan_brb has joined #openstack-keystone		07:51
*** tonytan4ever has quit IRC		07:54
*** david-lyle has quit IRC		07:58
*** zzzeek has quit IRC		08:00
*** pcaruana has quit IRC		08:00
*** zzzeek has joined #openstack-keystone		08:01
*** d0ugal has joined #openstack-keystone		08:01
*** spzala has joined #openstack-keystone		08:03
*** spzala has quit IRC		08:08
*** pnavarro has joined #openstack-keystone		08:09
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	08:10
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	08:10
*** pcaruana has joined #openstack-keystone		08:14
*** jrist_ has joined #openstack-keystone		08:14
jojden	https://bugs.launchpad.net/oslo.policy/+bug/1602206	08:16
openstack	Launchpad bug 1602206 in oslo.policy "sample code to implement oslo policy " [Undecided,New]	08:16
*** GB21 has joined #openstack-keystone		08:17
*** markvoelker has joined #openstack-keystone		08:20
*** markvoelker has quit IRC		08:25
*** pnavarro has quit IRC		08:26
*** GB21 has quit IRC		08:31
*** GB21 has joined #openstack-keystone		08:33
*** TxGVNN has joined #openstack-keystone		08:39
*** chlong has joined #openstack-keystone		08:48
*** code-R has joined #openstack-keystone		08:48
*** code-R has quit IRC		08:49
*** code-R has joined #openstack-keystone		08:49
*** code-R has quit IRC		08:51
*** code-R_ has joined #openstack-keystone		08:51
*** spzala has joined #openstack-keystone		09:04
*** spzala has quit IRC		09:09
*** henrynash has quit IRC		09:11
*** tonytan_brb has quit IRC		09:13
*** markvoelker has joined #openstack-keystone		09:15
*** pcaruana has quit IRC		09:18
*** markvoelker has quit IRC		09:20
*** code-R_ has quit IRC		09:23
*** ivasilevskaya has left #openstack-keystone		09:23
*** code-R has joined #openstack-keystone		09:24
*** TxGVNN has quit IRC		09:25
*** pcaruana has joined #openstack-keystone		09:31
*** TxGVNN has joined #openstack-keystone		09:32
*** nisha has joined #openstack-keystone		09:35
*** nisha is now known as Guest6572		09:35
*** GB21 has quit IRC		09:40
*** TxGVNN has quit IRC		09:43
*** pcaruana has quit IRC		09:48
*** pcaruana has joined #openstack-keystone		09:48
*** akscram has quit IRC		09:49
*** jaosorior has quit IRC		09:49
*** pcaruana has quit IRC		09:50
*** akscram has joined #openstack-keystone		09:50
*** jaosorior has joined #openstack-keystone		09:50
*** pcaruana has joined #openstack-keystone		09:50
*** pcaruana has quit IRC		09:51
*** davechen has left #openstack-keystone		09:54
*** code-R has quit IRC		09:57
*** pcaruana has joined #openstack-keystone		09:57
*** code-R has joined #openstack-keystone		09:57
*** mnikolaenko1 has left #openstack-keystone		09:58
*** mnikolaenko1 has joined #openstack-keystone		09:59
*** kashyap has joined #openstack-keystone		10:00
*** jrist_ has quit IRC		10:01
*** TxGVNN has joined #openstack-keystone		10:02
*** mnikolaenko1 has quit IRC		10:02
kashyap	Hi folks, this is with this morning's DevStack & Keystone current Git:	10:03
kashyap	2016-07-13 09:10:27.566 \| Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.	10:03
kashyap	2016-07-13 09:10:27.566 \| Could not determine a suitable URL for the plugin	10:03
kashyap	2016-07-13 09:10:27.601 \| Error on exit	10:03
*** spzala has joined #openstack-keystone		10:05
openstackgerrit	Alexander Ignatyev proposed openstack/keystone: Support new osprofiler API https://review.openstack.org/341401	10:05
*** mnikolaenko_ has joined #openstack-keystone		10:06
openstackgerrit	Thomas Goirand proposed openstack/python-keystoneclient: Fix other-requirements.txt for deb based distros https://review.openstack.org/341007	10:07
*** mnikolaenko_ is now known as MikhailNikolaenk		10:09
*** nisha_ has joined #openstack-keystone		10:09
*** markvoelker has joined #openstack-keystone		10:09
*** spzala has quit IRC		10:09
*** Guest6572 has quit IRC		10:12
*** MikhailNikolaenk is now known as mnikolaenko_		10:12
*** markvoelker has quit IRC		10:13
*** tonytan4ever has joined #openstack-keystone		10:14
*** wangqun has quit IRC		10:14
*** GB21 has joined #openstack-keystone		10:15
*** daemontool_ has quit IRC		10:16
kashyap	Oh, disregard me, I think it's the result of a wrong env variable (SERVICE_HOST) accidentally slipped in!	10:16
*** kashyap has left #openstack-keystone		10:18
*** tonytan4ever has quit IRC		10:19
*** daemontool_ has joined #openstack-keystone		10:21
*** jamiec has quit IRC		10:24
*** jamiec has joined #openstack-keystone		10:25
*** jed56 has quit IRC		10:25
*** jaosorior is now known as jaosorior_brb		10:45
*** jrist has joined #openstack-keystone		10:49
*** jrist has quit IRC		10:49
*** jrist has joined #openstack-keystone		10:49
*** EinstCrazy has quit IRC		11:01
*** markvoelker has joined #openstack-keystone		11:03
rodrigods	stevemar, yeah, good doc! Looks almost like how specs describes the problems	11:03
*** spzala has joined #openstack-keystone		11:05
*** markvoelker has quit IRC		11:07
*** spzala has quit IRC		11:10
*** lamt has joined #openstack-keystone		11:11
nisha_	hi rodrigods	11:13
rodrigods	nisha_, hey :)	11:14
*** dikonoor has quit IRC		11:26
*** nisha_ has quit IRC		11:29
*** nisha has joined #openstack-keystone		11:29
*** nisha is now known as Guest81842		11:30
*** bjolo has joined #openstack-keystone		11:31
*** gordc has joined #openstack-keystone		11:31
*** nisha_ has joined #openstack-keystone		11:35
*** Guest81842 has quit IRC		11:36
nisha_	rodrigods, I am trying to fix the issue we had for projects/roles because of test_implied_roles	11:36
nisha_	rodrigods, https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/functional/v3/test_implied_roles.py	11:36
nisha_	rodrigods, as per your suggestion, I am trying to use client_fixtures.py to create roles	11:37
rodrigods	nisha_, sure, any issues so far?	11:38
nisha_	rodrigods, particularly, I replaced self.client.roles.create(role_def) by	11:38
nisha_	role = fixtures.Role(self.client)	11:38
nisha_	self.useFixture(role)	11:38
*** nk2527 has joined #openstack-keystone		11:38
nisha_	rodrigods, above replacement in the def create_roles(self):	11:39
nisha_	rodrigods, but I get different key errors, and the test fails	11:40
rodrigods	nisha_, you need to remove the "delete_roles"	11:41
rodrigods	and also create a fixture for "create_rules"	11:41
nisha_	rodrigods, Oh, because the fixtures clean themselves up. thanks	11:42
nisha_	rodrigods, I will write one for rules then and let you know	11:43
nisha_	rodrigods, thanks :)	11:43
openstackgerrit	Kseniya Tychkova proposed openstack/oslo.policy: Adds debug logging for policy file validation https://review.openstack.org/341446	11:44
*** samueldmq has joined #openstack-keystone		11:44
*** ChanServ sets mode: +v samueldmq		11:44
rodrigods	nisha_, np	11:44
samueldmq	morning keystone	11:44
*** sdake has joined #openstack-keystone		11:48
*** sdake_ has joined #openstack-keystone		11:50
*** jrist has quit IRC		11:51
*** jrist has joined #openstack-keystone		11:51
*** jrist has quit IRC		11:51
*** jrist has joined #openstack-keystone		11:51
dstanek	samueldmq: o/	11:52
samueldmq	dstanek: o/	11:53
samueldmq	I heard today is api-ref day	11:53
*** sdake has quit IRC		11:54
dstanek	yerp	11:58
*** tonytan4ever has joined #openstack-keystone		12:00
*** pece has joined #openstack-keystone		12:01
*** tonytan4ever has quit IRC		12:05
nisha_	samueldmq, morning	12:05
samueldmq	nisha_: o/	12:06
*** sheel has quit IRC		12:06
*** spzala has joined #openstack-keystone		12:06
*** jaosorior_brb is now known as jaosorior		12:06
*** rvasilets_ has joined #openstack-keystone		12:09
openstackgerrit	Ron De Rose proposed openstack/keystone-specs: PCI-DSS Adds password_expires_at to API specs https://review.openstack.org/340964	12:09
rvasilets_	Hello. I have deployed devstack? enter `screen -r` and saw those line INFO keystone.common.wsgi [req-ce49a91f-d285-43de-877a-ebc47405e419 b7bf6a80a812445e9454505a0fcfdd6b ceb79313e7dd4301bdb9a09a6fa83d6b - default default] GET http://192.168.122.78/identity_v2_admin/v3/auth/tokens	12:09
rvasilets_	How can I understand what version of identity I have?	12:10
rvasilets_	In one url I've got v2 and v3 at the same time)	12:10
rvasilets_	Is it normal?)	12:10
*** spzala has quit IRC		12:11
samueldmq	rvasilets_: it's using v3	12:16
samueldmq	rvasilets_: the /identity_v2_admin there means it is using the admin port 35357	12:17
samueldmq	rvasilets_: the v2 api had different behavior on the public and admin ports, that's why htis is called /identity_v2_admin	12:17
samueldmq	rvasilets_: but maybe this is just a bad naming	12:18
*** dikonoor has joined #openstack-keystone		12:19
*** kean has quit IRC		12:21
*** kean has joined #openstack-keystone		12:21
rvasilets_	samueldmq, I think its bad naming)	12:22
rvasilets_	definitely	12:23
dstanek	i wonder why anything is using v3 on identity_v2_admin	12:25
nisha_	samueldmq, rodrigods, I am still not able to run the test_implied_roles successfully	12:29
rvasilets_	dstanek, I'm wonder too? what is going on on my devstack with default options)	12:29
*** jed56 has joined #openstack-keystone		12:30
nisha_	samueldmq, rodrigods, the client fixtures file, http://paste.openstack.org/show/531657/	12:30
nisha_	samueldmq, rodrigods modified test_implied_roles file and errors, http://paste.openstack.org/show/531663/	12:30
rvasilets_	okey I have typed 'curl publicURL' and got http://ideone.com/eDIrra its mean that I got two versions of keystone. But what version I will use if I type for example 'optimize action list'	12:31
rvasilets_	?	12:31
rvasilets_	or other openstack servise	12:31
openstackgerrit	Ron De Rose proposed openstack/keystone-specs: PCI-DSS Adds password_expires_at to API specs https://review.openstack.org/340964	12:31
*** clenimar__ has quit IRC		12:32
rvasilets_	and if I want to use for now proper keystone version how to specify it?	12:33
rodrigods	nisha_, can you check the content of the "roles" dict? seems like that's the problem	12:33
dstanek	rvasilets_: the identity version is likely controlled by identity_api_version in your clouds.yaml	12:35
nisha_	rodrigods, I tried print roles inside def role_dict	12:37
*** markvoelker has joined #openstack-keystone		12:38
nisha_	rodrigods, that didn't work though	12:38
rodrigods	nisha_, you can use pdb, the Python's debug tool	12:38
nisha_	rodrigods, I used self.assertEqual(roles, "check here") and got this http://paste.openstack.org/show/531665/	12:39
*** belmoreira has joined #openstack-keystone		12:39
nisha_	rodrigods, I will try that too, can you check if above is fine?	12:39
rodrigods	nisha_, ok, the issue is the following:	12:40
rodrigods	you are creating several roles with random names	12:41
nisha_	rodrigods, hmm yes and ?	12:41
rodrigods	but, in the create_rules() method, it expects to have the names defined above	12:41
rodrigods	the exact error is that it is trying to get the key in the "roles" dict using the names defined by "role_defs"	12:42
rodrigods	nisha_, in the Roles fixture, you need to pass the custom name so they can be reused in the "inference_rules" dict	12:43
nisha_	rodrigods, oh okay thanks	12:44
rvasilets_	dstanek, thank you!	12:44
nisha_	rodrigods, I will try doing that	12:44
*** maestropandy has quit IRC		12:46
dstanek	rvasilets_: if you have a currect/recent devstack you should be using v3 already	12:46
*** sdake_ has quit IRC		12:47
*** daemontool_ has quit IRC		12:49
*** sdake has joined #openstack-keystone		12:49
*** ddieterly has joined #openstack-keystone		12:50
*** daemontool_ has joined #openstack-keystone		12:50
rvasilets_	dstanek, yes. But now I have the case when I need to test watcher project and he is unable to work with v3) So it took me to switch to v2 temporary	12:50
*** pauloewerton has joined #openstack-keystone		12:50
*** itisha has joined #openstack-keystone		12:51
*** GB21 has quit IRC		12:51
*** jistr is now known as jistr\|cowork		12:53
*** woodster_ has joined #openstack-keystone		12:58
stevemar	o/	13:02
stevemar	so who is sprinting?!	13:02
stevemar	samueldmq: o/	13:05
dstanek	stevemar: i'm more of a distance guy	13:05
samueldmq	stevemar: hey, let's start it o/	13:05
stevemar	dstanek: :)	13:06
*** spzala has joined #openstack-keystone		13:07
*** jaugustine has joined #openstack-keystone		13:07
samueldmq	#notice Keystone api-ref sprint is open!	13:07
samueldmq	:)	13:07
dstanek	#link ?	13:08
dstanek	i can't find my etherpad link anymore	13:08
stevemar	dstanek: it's in the topic	13:08
samueldmq	#link https://etherpad.openstack.org/p/keystone-api-sprint	13:08
stevemar	https://etherpad.openstack.org/p/keystone-api-sprint	13:08
samueldmq	oh, nice to be in the topic	13:08
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [saml] documentation https://review.openstack.org/340566	13:08
openstackgerrit	Dolph Mathews proposed openstack/keystone: Use URIOpt instead of StrOpt https://review.openstack.org/341514	13:08
stevemar	link for hangout: https://hangouts.google.com/call/3vtkgpv32jabjjcwepweafjf2ee	13:08
nisha_	rodrigods, thanks a lot for help, the tests are running now :)	13:08
rodrigods	nikhil, awesome :)	13:09
rodrigods	yw	13:09
stevemar	nisha_: isn't rodrigods the best?!	13:09
rodrigods	stevemar, you are the best	13:09
*** richm has joined #openstack-keystone		13:10
stevemar	rodrigods: not by a long shot :(	13:10
*** links has quit IRC		13:11
stevemar	samueldmq: dstanek logging on? i am going to stumble my way through making a change to the API :)	13:11
samueldmq	stevemar: yes, I am going to start migrating OS-FEDERATION	13:13
nisha_	stevemar, indeed	13:14
nisha_	stevemar, samueldmq rodrigods I feel so lucky in your company. Everyone is so helpful :D	13:14
stevemar	samueldmq: great, i'm going to start on os-revoke :)	13:14
nisha_	dstanek, too. You saved me so much time yesterday, otherwise I had to reinstall vm	13:15
*** sdake has quit IRC		13:16
*** adu has joined #openstack-keystone		13:16
* stevemar pokes dstanek to go on the hangout		13:17
* stevemar is feeling lonely		13:17
lamt	I can start working on OS-TRUST	13:18
*** ddieterly has quit IRC		13:18
*** chlong has quit IRC		13:20
dstanek	stevemar: lol	13:20
*** ametts has joined #openstack-keystone		13:21
*** samueldmq has quit IRC		13:23
*** webmichael has joined #openstack-keystone		13:25
nisha_	rodrigods, you left a comment on project functional tests patch, when we run the tests in parallel using "testr run --parallel" (that is the default for tox venv):	13:25
rodrigods	nisha_, right	13:25
nisha_	rodrigods, how can I check if all the tests are running successfully now, i.e. Jenkins problem would be solve	13:25
nisha_	"testr run --parallel" ?	13:26
*** julim has joined #openstack-keystone		13:26
rodrigods	nisha_, you can run with tox	13:26
rodrigods	running with and without --parallel was just to confirm the issue	13:26
rodrigods	nisha_, run the tests a couple of times to make sure the issue is not happening, since if both tests ends in the same worker it would pass	13:27
nisha_	rodrigods, alright, I will try that	13:28
*** tonytan4ever has joined #openstack-keystone		13:30
*** julim has quit IRC		13:32
*** julim has joined #openstack-keystone		13:33
*** julim has quit IRC		13:34
*** julim has joined #openstack-keystone		13:34
*** tonytan4ever has quit IRC		13:34
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [saml] documentation https://review.openstack.org/340566	13:35
openstackgerrit	Dolph Mathews proposed openstack/keystone: Validate SAML keyfile & certfile options https://review.openstack.org/341525	13:35
*** ddieterly has joined #openstack-keystone		13:35
*** tonytan4ever has joined #openstack-keystone		13:36
*** michauds has joined #openstack-keystone		13:39
*** ddieterly has quit IRC		13:39
openstackgerrit	Dolph Mathews proposed openstack/keystone: Use URIOpt instead of StrOpt https://review.openstack.org/341514	13:39
*** tonytan_brb has joined #openstack-keystone		13:41
*** tonytan_brb is now known as tonytan4ever_		13:41
openstackgerrit	Merged openstack/keystone: Move logic for catalog driver differences to manager https://review.openstack.org/340132	13:42
*** tonytan4ever has quit IRC		13:43
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [tokenless_auth] documentation https://review.openstack.org/340591	13:44
lbragstad	morning!	13:44
*** jaugustine_ has joined #openstack-keystone		13:44
*** jaugustine has quit IRC		13:44
*** tonytan4ever_ has quit IRC		13:44
*** jaugustine_ is now known as jaugustine		13:44
*** tonytan4ever has joined #openstack-keystone		13:45
*** KevinE has joined #openstack-keystone		13:47
*** rderose has joined #openstack-keystone		13:48
*** samueldmq has joined #openstack-keystone		13:52
*** ChanServ sets mode: +v samueldmq		13:52
*** michauds has quit IRC		13:55
bjolo	kolla 2.0.1 when launching vms they get more than one IP from DHCP?	13:55
*** samueldmq has quit IRC		13:55
bjolo	ive tried to google but i dont find any info. is that a known issue?	13:56
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Add project functional tests https://review.openstack.org/332871	13:57
*** rderose_ has joined #openstack-keystone		13:57
rodrigods	bjolo, maybe you can ask in #openstack-kolla? think there will have more ppl able to help you out	13:57
rodrigods	nisha_, ^ the tests passed? :)	13:58
bjolo	ouch sorry	13:58
bjolo	wrong channel :)	13:58
nisha_	rodrigods, yeah, I ran than many times. Let's wait for Jenkins now :D	13:58
rodrigods	nisha_, awesome!	13:58
*** samueldmq has joined #openstack-keystone		13:58
*** ChanServ sets mode: +v samueldmq		13:58
nisha_	them*	13:58
* samueldmq 's back		13:59
*** rderose has quit IRC		14:01
*** gagehugo has joined #openstack-keystone		14:01
*** raildo has quit IRC		14:03
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	14:06
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	14:07
*** nisha_ has quit IRC		14:08
*** raildo has joined #openstack-keystone		14:09
*** code-R has quit IRC		14:10
openstackgerrit	Steve Martinelli proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	14:10
stevemar	dstanek: ^	14:10
*** alex_xu has quit IRC		14:11
*** sdake has joined #openstack-keystone		14:11
*** TxGVNN has quit IRC		14:12
*** alex_xu has joined #openstack-keystone		14:12
*** samueldmq has quit IRC		14:14
*** jaugustine has quit IRC		14:15
*** jaugustine has joined #openstack-keystone		14:16
*** pnavarro has joined #openstack-keystone		14:17
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	14:19
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	14:20
*** ddieterly has joined #openstack-keystone		14:24
*** samueldmq has joined #openstack-keystone		14:25
*** ChanServ sets mode: +v samueldmq		14:25
samueldmq	stevemar: there is a "definitions" section in the federation docs	14:25
samueldmq	stevemar: I think those should go in the api-guide docs	14:26
samueldmq	stevemar: it's kind of a glossary	14:26
*** markvoelker has quit IRC		14:26
samueldmq	anyways that's a next step :)	14:27
*** gagehugo_ has joined #openstack-keystone		14:27
*** gagehugo has quit IRC		14:30
*** gagehugo_ has quit IRC		14:31
*** sdake has quit IRC		14:31
*** gagehugo has joined #openstack-keystone		14:31
*** sdake has joined #openstack-keystone		14:31
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	14:33
lbragstad	is anyone else having issues with keystone-coverage-db?	14:34
lbragstad	er the keystone-coverage-db job?	14:34
lbragstad	I noticed it was failing on one of rderose_'s patches	14:35
openstackgerrit	Tin Lam proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	14:35
lbragstad	cc stevemar ^	14:37
*** bjolo has quit IRC		14:37
*** ravelar159 has joined #openstack-keystone		14:38
*** nisha_ has joined #openstack-keystone		14:41
stevemar	samueldmq: we can put those into the api-ref for now i guess	14:41
stevemar	then move them over	14:41
samueldmq	stevemar: ++	14:41
stevemar	samueldmq: https://review.openstack.org/#/c/341554/1	14:41
openstackgerrit	Ron De Rose proposed openstack/keystone-specs: PCI-DSS Adds password_expires_at to API specs https://review.openstack.org/340964	14:41
patchbot	stevemar: patch 341554 - keystone - Create APIs for OS-REVOKE	14:41
samueldmq	stevemar: nice, that was quick!	14:42
samueldmq	stevemar: I am putting federation in the v3 dir	14:42
samueldmq	stevemar: rather than v3-ext. can you confirm that is correct ?	14:43
openstackgerrit	Ron De Rose proposed openstack/keystone-specs: PCI-DSS Adds password_expires_at to API specs https://review.openstack.org/340964	14:43
stevemar	samueldmq: i would put it in v3-ext for now, we can shuffle things around later	14:43
stevemar	but if you're already doing it, then no worries	14:43
*** michauds has joined #openstack-keystone		14:44
*** markvoelker has joined #openstack-keystone		14:44
samueldmq	stevemar: gotcha	14:45
*** michauds has quit IRC		14:45
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Password expires validation https://review.openstack.org/333360	14:46
dstanek	samueldmq: is there any reason why the 'Get effective policy associated with endpoint' and 'Check if a policy is associated with endpoint' were left out of the enpoint policy docs?	14:49
dstanek	samueldmq: i'm currently fixing that one up now	14:49
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	14:50
samueldmq	dstanek: not that I remember of	14:51
samueldmq	dstanek: great thanks	14:51
*** code-R has joined #openstack-keystone		14:51
dstanek	samueldmq: cool, i thought maybe because they are logically endpoint operations	14:52
*** adrian_otto has joined #openstack-keystone		14:54
*** code-R_ has joined #openstack-keystone		14:55
*** adrian_otto has quit IRC		14:56
*** adrian_otto has joined #openstack-keystone		14:57
*** code-R has quit IRC		14:58
*** roxanaghe has joined #openstack-keystone		14:59
*** jistr\|cowork is now known as jistr\|mtg		15:00
*** links has joined #openstack-keystone		15:01
*** roxanaghe has quit IRC		15:02
*** roxanaghe has joined #openstack-keystone		15:02
*** slberger has joined #openstack-keystone		15:03
*** KevinE has quit IRC		15:03
*** KevinE has joined #openstack-keystone		15:04
*** phalmos has joined #openstack-keystone		15:08
*** timcline has joined #openstack-keystone		15:09
*** phalmos_ has joined #openstack-keystone		15:10
*** ametts has quit IRC		15:10
*** adrian_otto has quit IRC		15:11
*** slberger has quit IRC		15:13
*** phalmos has quit IRC		15:13
*** adrian_otto has joined #openstack-keystone		15:13
*** slberger has joined #openstack-keystone		15:15
dstanek	http://developer.openstack.org/api-ref/identity/v3-ext/index.html?expanded=associate-policy-and-service-type-endpoint-detail,show-policy-for-endpoint-detail#show-policy-for-endpoint	15:18
dstanek	samueldmq: stevemar: ^ the response params list 'policy' and also things that are in policy. how will a user know that they are not top level?	15:18
*** KevinE has quit IRC		15:19
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	15:21
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Improve implied-role functional tests https://review.openstack.org/341612	15:22
samueldmq	dstanek: not sure I get your question..	15:22
*** ametts has joined #openstack-keystone		15:23
dstanek	samueldmq: policy is listed as a return param and so it type, but type is actually inside policy	15:23
dstanek	samueldmq: stevemar just checked and that seems to be what nova is doing...not idea, but a battle for a different day	15:24
samueldmq	dstanek: that'd odd	15:25
samueldmq	that's	15:25
samueldmq	dstanek: because policy already owns those attrs	15:26
samueldmq	ack, let's circle back on it another day	15:26
samueldmq	:)	15:26
*** lucas___ has joined #openstack-keystone		15:26
*** jistr\|mtg is now known as jistr		15:27
*** phalmos_ has quit IRC		15:27
*** pcaruana has quit IRC		15:28
*** phalmos has joined #openstack-keystone		15:28
*** thumpba has joined #openstack-keystone		15:28
*** aastha has joined #openstack-keystone		15:31
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Add project functional tests https://review.openstack.org/332871	15:32
*** rcernin has quit IRC		15:33
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Add project functional tests https://review.openstack.org/332871	15:34
*** agireud has quit IRC		15:34
*** adu has quit IRC		15:34
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Add role functional tests https://review.openstack.org/335118	15:35
*** mordred has quit IRC		15:35
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 roles https://review.openstack.org/334546	15:35
openstackgerrit	Ron De Rose proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	15:41
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	15:41
openstackgerrit	Ron De Rose proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	15:42
*** adrian_otto has quit IRC		15:43
*** lucas___ has quit IRC		15:43
*** edtubill has joined #openstack-keystone		15:44
*** adrian_otto has joined #openstack-keystone		15:44
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	15:44
openstackgerrit	Ron De Rose proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	15:45
*** david-lyle has joined #openstack-keystone		15:45
*** jrist has quit IRC		15:46
*** d0ugal has quit IRC		15:46
*** lucas___ has joined #openstack-keystone		15:47
*** jojden has quit IRC		15:48
*** lucas___ has quit IRC		15:48
*** lucas____ has joined #openstack-keystone		15:48
*** ametts has quit IRC		15:50
*** timcline has quit IRC		15:50
*** timcline has joined #openstack-keystone		15:51
*** belmoreira has quit IRC		15:51
openstackgerrit	Ron De Rose proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	15:52
*** david-lyle has quit IRC		15:54
*** agireud has joined #openstack-keystone		15:54
*** david-lyle_ has joined #openstack-keystone		15:55
*** timcline has quit IRC		15:56
*** ddieterly is now known as ddieterly[away]		15:56
*** julim_ has joined #openstack-keystone		15:57
*** catintheroof has joined #openstack-keystone		15:58
*** browne has joined #openstack-keystone		15:59
openstackgerrit	Tin Lam proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	15:59
*** julim has quit IRC		16:00
*** rcernin has joined #openstack-keystone		16:00
catintheroof	hi guys, quick question. does the openstack cli supports to handle domain-specific configuration ? how do i change those configs after i run keystone-manage domain_config_upload ??	16:02
*** ddieterly[away] is now known as ddieterly		16:02
*** openstackgerrit has quit IRC		16:03
*** openstackgerrit has joined #openstack-keystone		16:03
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	16:05
*** tesseract- has quit IRC		16:06
samueldmq	stevemar: I propose we have a parameters.yml per.inc file	16:08
samueldmq	stevemar: sharing the same parameters.yml across files causes inconsistencies when different entities have the same attribute	16:09
samueldmq	stevemar: e.g http://developer.openstack.org/api-ref/identity/v3/?expanded=list-projects-detail#projects	16:09
samueldmq	see the enabled parameter, it's actually a description for domain's enabled attr	16:10
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [token] documentation https://review.openstack.org/341646	16:10
samueldmq	:/	16:10
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Improve implied-role functional tests https://review.openstack.org/341612	16:11
*** chrisshattuck has joined #openstack-keystone		16:12
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	16:12
breton	i have a question about parameters.yaml. I see keys like description, description_1, description_N. How do they work?	16:12
*** david-lyle has joined #openstack-keystone		16:14
*** adrian_otto has quit IRC		16:14
breton	or X-Subject-Token. There are 9 uses of X-Subject-Token in the contents of the stanza, bug in parameters.yaml there is only X-Subject-Token and X-Subject-Token_1	16:15
*** adrian_otto has joined #openstack-keystone		16:16
openstackgerrit	Ron De Rose proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	16:16
*** adrian_otto has quit IRC		16:17
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Improve implied-role functional tests https://review.openstack.org/341612	16:17
openstackgerrit	David Stanek proposed openstack/keystone: Reorders API calls to match precedence rules https://review.openstack.org/341648	16:17
openstackgerrit	David Stanek proposed openstack/keystone: Adds missing docs to endpoint policy api-ref https://review.openstack.org/341649	16:17
openstackgerrit	David Stanek proposed openstack/keystone: Adds missing parameter to endpoint policy api-ref https://review.openstack.org/341650	16:17
openstackgerrit	David Stanek proposed openstack/keystone: Reorder request params in endpoint policy api-ref https://review.openstack.org/341651	16:17
*** Gio has joined #openstack-keystone		16:18
*** Gio has left #openstack-keystone		16:18
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Improve implied-role functional tests https://review.openstack.org/341612	16:23
*** sdake has quit IRC		16:24
*** adu has joined #openstack-keystone		16:25
openstackgerrit	Dolph Mathews proposed openstack/keystone: Clean up token binding validation code https://review.openstack.org/341662	16:27
nisha_	rodrigods, I need some help if you have some time?	16:30
*** timcline has joined #openstack-keystone		16:34
*** timcline has quit IRC		16:38
*** rderose_ has quit IRC		16:40
*** sheel has joined #openstack-keystone		16:41
breton	it seems	16:42
breton	that it does not work at all	16:42
breton	wow.	16:42
*** jaosorior has quit IRC		16:42
openstackgerrit	Tin Lam proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	16:45
*** edmondsw has quit IRC		16:45
openstackgerrit	Richard proposed openstack/keystone: Improve user experience involving token flush https://review.openstack.org/341165	16:47
*** adrian_otto has joined #openstack-keystone		16:47
*** agireud has quit IRC		16:49
*** roxanagh_ has joined #openstack-keystone		16:50
*** gyee has joined #openstack-keystone		16:50
*** ChanServ sets mode: +v gyee		16:50
stevemar	back!	16:51
stevemar	samueldmq: i think that is definitely useful	16:52
breton	samueldmq: stevemar: oh, i ran into it too. https://bugs.launchpad.net/keystone/+bug/1602772	16:53
openstack	Launchpad bug 1602772 in OpenStack Identity (keystone) ""_{n}" suffixes in parameters.yaml are not used" [Undecided,New]	16:53
breton	samueldmq: stevemar: it seems that parameters with suffixes were supposed to work... somehow	16:53
*** roxanaghe has quit IRC		16:54
dstanek	breton: you just use those entries in the inc files	16:54
stevemar	breton: i started to just prefix things cause they overlapped: https://review.openstack.org/#/c/341584/6/api-ref/source/v3-ext/parameters.yaml	16:54
patchbot	stevemar: patch 341584 - keystone - Complete OS-TRUST API documentation	16:54
*** thumpba has quit IRC		16:55
breton	dstanek: yep. But they are not used currently. For example, there are 19 "name" parameters in api-ref/source/v3/parameters.yaml, not used anywhere	16:55
*** GB21 has joined #openstack-keystone		16:56
*** lucas____ has quit IRC		16:56
*** sdake has joined #openstack-keystone		16:56
*** agireud has joined #openstack-keystone		16:58
*** julim_ has quit IRC		16:58
*** julim has joined #openstack-keystone		16:59
openstackgerrit	Steve Martinelli proposed openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	17:00
openstackgerrit	Nisha Yadav proposed openstack/python-keystoneclient: Add region functional tests https://review.openstack.org/339158	17:00
*** links has quit IRC		17:01
*** thumpba has joined #openstack-keystone		17:04
dstanek	breton: do that have the same definition as the non-suffices ones? i wonder if they should be used and aren't	17:04
lbragstad	dstanek https://review.openstack.org/#/c/341649/	17:07
patchbot	lbragstad: patch 341649 - keystone - Adds missing docs to endpoint policy api-ref	17:07
breton	dstanek: they are different. Some are "project name", some are "user name" etc. They should be used and aren't.	17:07
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	17:08
*** dikonoor has quit IRC		17:10
lbragstad	dstanek one comment on https://review.openstack.org/#/c/341650/1	17:11
patchbot	lbragstad: patch 341650 - keystone - Adds missing parameter to endpoint policy api-ref	17:11
*** GB21 has quit IRC		17:14
*** KevinE has joined #openstack-keystone		17:14
*** michauds has joined #openstack-keystone		17:14
dstanek	lbragstad: i think it has to be on since line since it's a sphinx directive. i can experiment a little though	17:16
lbragstad	dstanek no worries - i was just curious	17:16
*** ddieterly is now known as ddieterly[away]		17:17
*** lucas___ has joined #openstack-keystone		17:18
*** timcline has joined #openstack-keystone		17:18
*** lucas____ has joined #openstack-keystone		17:19
*** nisha_ has quit IRC		17:19
*** luca_____ has joined #openstack-keystone		17:20
*** luca_____ has quit IRC		17:21
*** luca_____ has joined #openstack-keystone		17:22
*** lucas___ has quit IRC		17:22
*** lucas____ has quit IRC		17:23
*** michauds has quit IRC		17:26
stevemar	samueldmq: do you know if the error response codes were generated?	17:29
openstackgerrit	Boris Bobrov proposed openstack/keystone: Add OS-KSCRUD api-ref https://review.openstack.org/341708	17:30
breton	samueldmq: are you going to work on splitting parameters.yaml?	17:30
breton	samueldmq: if not, i'll take it	17:30
openstackgerrit	Lance Bragstad proposed openstack/keystone: Improve the API documentation for groups https://review.openstack.org/341710	17:31
lbragstad	stevemar ^	17:32
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	17:34
*** michauds has joined #openstack-keystone		17:34
openstackgerrit	Lance Bragstad proposed openstack/keystone: List 20X status codes as Normal in domain docs https://review.openstack.org/341714	17:35
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for auth docs https://review.openstack.org/341715	17:39
breton	samueldmq: ok, i'm assuming that you don't work on it :)	17:40
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for credential docs https://review.openstack.org/341716	17:41
*** ddieterly[away] is now known as ddieterly		17:43
openstackgerrit	David Stanek proposed openstack/keystone: Fixes response codes in endpoint policy api-ref https://review.openstack.org/341718	17:43
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for policy docs https://review.openstack.org/341719	17:43
openstackgerrit	Steve Martinelli proposed openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	17:43
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for project docs https://review.openstack.org/341720	17:45
openstackgerrit	Merged openstack/keystone: Improve keystone.conf [resource] documentation https://review.openstack.org/336728	17:46
knikolla	breton: have you had time to work on the devstack plugin?	17:46
openstackgerrit	Merged openstack/keystone: Improve keystone.conf [role] documentation https://review.openstack.org/340351	17:46
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for region docs https://review.openstack.org/341723	17:47
*** phalmos has quit IRC		17:51
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for role docs https://review.openstack.org/341726	17:52
breton	knikolla: hi. A little. But i was not able to figure out what mapping to use for general case. And i am not sure that we should. IN my opinion, we should not create either idp or mapping, an should leave this to user.	17:54
breton	knikolla: all the plugin should do is create a configuration with pre-defined idp name, like idp_1	17:55
breton	knikolla: in future, we might add more names (idp_2 etc)	17:56
breton	knikolla: test writer should create mapping, idp etc	17:56
knikolla	breton: that's what rodrigo suggested too. i've prepared a patch for that, but wanted to sync up with you before pushing it.	17:57
breton	knikolla: i actually tried to write a test with federation set up	17:57
breton	knikolla: and figure out what would be more convenient for a test writer	17:57
breton	knikolla: i'd say it's better to do the thing i and rodrigods suggest	17:58
breton	knikolla: so yeah, if you want to push that, please do	17:58
knikolla	breton: cool, thanks.	17:59
*** gordc has quit IRC		17:59
rodrigods	knikolla, breton, ++ you cal also check a pretty general mapping rule being created here: https://review.openstack.org/#/c/324769/8/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py	17:59
patchbot	rodrigods: patch 324769 - keystone - WIP: Federated authentication via ECP functional t...	17:59
rodrigods	line 54	17:59
*** ddieterly is now known as ddieterly[away]		18:00
*** ametts has joined #openstack-keystone		18:00
stevemar	dstanek: http://developer.openstack.org/api-ref/identity/v2/index.html	18:01
breton	knikolla: i will be happy to review it right after the sprint	18:01
knikolla	rodrigods: breton: mapping is not the only issue though. I need to map attributes in shibboleth too.	18:02
*** agireud has quit IRC		18:02
rodrigods	knikolla, just another config?	18:02
knikolla	rodrigods: yes, however is it IdP specific?	18:04
rodrigods	knikolla, yes, what is the IdP that is installed by default?	18:05
rodrigods	knikolla, btw, can you point me again to the k2k testing code you have?	18:05
knikolla	rodrigods: i don't know which IdP will be used in the generic federation setting, if you provide me with the configuration you have used for mod_shib for your tests i could use that.	18:06
knikolla	rodrigods: sure, https://github.com/wjdan94/keystone/tree/liberty/tempest_plugin	18:06
*** agireud has joined #openstack-keystone		18:07
knikolla	rodrigods: it's a fork of your branch	18:07
rodrigods	knikolla, i used mod_auth_mellon + rhsoo	18:07
openstackgerrit	Andrew Laski proposed openstack/oslo.policy: Allow policy file to not exist https://review.openstack.org/341732	18:07
rodrigods	knikolla, but the remote attributes that is translated as a mapping_remote_type in the tests config, can be anything	18:07
rodrigods	check the patch above	18:08
breton	knikolla: lets live with default ones	18:09
openstackgerrit	Gage Hugo proposed openstack/keystone: Add OS-EP-FILTER to api-ref https://review.openstack.org/341734	18:09
gagehugo	^ Im having tox issues, couldn't get api-ref to build	18:09
*** pcaruana has joined #openstack-keystone		18:09
breton	knikolla: and maybe add a set of pre-defined ones for k2k	18:10
*** pnavarro has quit IRC		18:10
*** luca_____ has quit IRC		18:10
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add "v2 overview" docs to APIs https://review.openstack.org/341739	18:11
*** lucas___ has joined #openstack-keystone		18:12
*** lucas___ has quit IRC		18:13
*** lucas___ has joined #openstack-keystone		18:13
*** ravelar159 has quit IRC		18:13
stevemar	lbragstad: breton gagehugo dstanek: https://review.openstack.org/#/c/341739/1	18:13
patchbot	stevemar: patch 341739 - keystone - Add "v2 overview" docs to APIs	18:13
knikolla	rodrigods: breton: alright, i'll give it a test.	18:13
rodrigods	knikolla, breton, are we going to use the same keystone as idp/sp in k2k?	18:14
breton	rodrigods: for the first version yes	18:14
samueldmq	breton: go ahead	18:14
knikolla	breton: rodrigods: i hope only temporarily.	18:14
samueldmq	stevemar: not sure I got your question... how the error response are generated in the published docs?	18:15
samueldmq	stevemar: sorry the delay I was afk in a meeting	18:15
*** michauds has quit IRC		18:16
*** mordred has joined #openstack-keystone		18:19
*** ametts has quit IRC		18:24
*** lucas___ has quit IRC		18:24
*** ravelar159 has joined #openstack-keystone		18:26
*** browne has quit IRC		18:26
breton	samueldmq: in .inc files there are lists of error codes	18:26
*** timcline has quit IRC		18:26
*** timcline has joined #openstack-keystone		18:27
breton	samueldmq: in api-ref/source/v3/domains.inc for example, there is Error response codes:413,405,404,403,401,400,503,	18:27
breton	samueldmq: how were they generated?	18:28
*** ametts has joined #openstack-keystone		18:28
*** phalmos has joined #openstack-keystone		18:28
*** timcline has quit IRC		18:32
samueldmq	breton: that was from the initial conversion from WADL docs	18:32
samueldmq	breton: so I assume those were documented there already	18:32
*** lucas___ has joined #openstack-keystone		18:33
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add "v2 overview" docs to APIs https://review.openstack.org/341739	18:35
stevemar	breton: ^	18:35
*** lucas___ has quit IRC		18:37
*** tonytan4ever has quit IRC		18:40
mgagne	dstanek: fyi, I applied https://review.openstack.org/#/c/327885/ to kilo and it fixed my caching issue with role assignments	18:40
patchbot	mgagne: patch 327885 - keystone - Fix cache invalidation	18:40
*** samueldmq has quit IRC		18:40
dstanek	mgagne: nice	18:41
mgagne	dstanek: furthermore, I think we should increase the priority on this bug as I feel it is a security issue too. I suspect (didn't test) that even if a role is removed from a user, that user could still get a token with this role assigned.	18:42
*** edtubill has quit IRC		18:43
breton	mgagne: that's true	18:44
breton	mgagne: it fails some tests, i will restore work on it right after the sprint	18:45
*** adrian_otto has quit IRC		18:47
dstanek	dogpile has caused so many bugs for us	18:49
*** rdo has joined #openstack-keystone		18:49
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add "v2 overview" docs to APIs https://review.openstack.org/341739	18:50
*** gordc has joined #openstack-keystone		18:51
*** david-lyle has quit IRC		18:53
*** sheel has quit IRC		18:56
*** edtubill has joined #openstack-keystone		18:57
*** sdake has quit IRC		18:58
*** browne has joined #openstack-keystone		18:58
stevemar	thanks everyone for joining the API sprint!!! :)	18:59
*** mordred has quit IRC		18:59
stevemar	https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:keystone-api-sprint	18:59
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [tokenless_auth] documentation https://review.openstack.org/340591	19:00
openstackgerrit	Merged openstack/keystone: Reorders API calls to match precedence rules https://review.openstack.org/341648	19:00
openstackgerrit	Merged openstack/keystone: Adds missing docs to endpoint policy api-ref https://review.openstack.org/341649	19:01
openstackgerrit	Merged openstack/keystone: Adds missing parameter to endpoint policy api-ref https://review.openstack.org/341650	19:01
*** michauds has joined #openstack-keystone		19:01
*** webmichael has quit IRC		19:02
*** michauds has quit IRC		19:06
*** phalmos has quit IRC		19:11
lbragstad	stevemar are we done?	19:11
stevemar	lbragstad: no, but i had to go to a meeting with the at&t folks	19:11
stevemar	lbragstad: i think it's just you and ron now :(	19:11
stevemar	breton logged off the call	19:11
lbragstad	stevemar ah	19:11
stevemar	so did dstanek	19:11
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for role docs https://review.openstack.org/341726	19:12
*** timcline has joined #openstack-keystone		19:13
*** edtubill has quit IRC		19:14
*** jed56 has quit IRC		19:15
*** pnavarro has joined #openstack-keystone		19:17
*** edtubill has joined #openstack-keystone		19:17
*** michauds has joined #openstack-keystone		19:17
*** timcline has quit IRC		19:18
lbragstad	dstanek what about times when we have Error response codes: but the list is empty?	19:18
lbragstad	dstanek should we just remove those?	19:18
lbragstad	and leave the Normal response codes: since its the only one that has a value in the list?	19:18
*** phalmos has joined #openstack-keystone		19:19
bknudson_	the error response codes are generally useless. It's just standard http	19:19
openstackgerrit	Ron De Rose proposed openstack/keystone: Remove unused parameters with underscore suffix in api-ref https://review.openstack.org/341757	19:20
openstackgerrit	Ron De Rose proposed openstack/keystone: Remove unused parameters with underscore suffix in api-ref https://review.openstack.org/341757	19:21
*** agireud has quit IRC		19:22
*** michauds has quit IRC		19:22
edtubill	Hi, I'm trying to figure out what the /v3/credential(s) endpoint does. Can someone help me? I'm also trying to figure out what the implications are for giving a user RBAC access to "create_credential".	19:22
*** sdake has joined #openstack-keystone		19:22
openstackgerrit	Merged openstack/keystone: Reorder request params in endpoint policy api-ref https://review.openstack.org/341651	19:24
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in service catalog doc https://review.openstack.org/341759	19:26
*** agireud has joined #openstack-keystone		19:27
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in trust documentation https://review.openstack.org/341760	19:27
openstackgerrit	Merged openstack/keystone: Create APIs for OS-REVOKE https://review.openstack.org/341554	19:28
*** pnavarro has quit IRC		19:28
openstackgerrit	Dolph Mathews proposed openstack/keystone: Validate SAML keyfile & certfile options https://review.openstack.org/341525	19:28
*** edtubill has quit IRC		19:28
*** ddieterly[away] is now known as ddieterly		19:29
*** michauds has joined #openstack-keystone		19:31
*** edtubill has joined #openstack-keystone		19:32
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in OS-INHERIT docs https://review.openstack.org/341762	19:32
openstackgerrit	Kristi Nikolla proposed openstack/keystone: WIP: Devstack plugin for Federation https://review.openstack.org/320623	19:33
*** edmondsw has joined #openstack-keystone		19:34
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in endpoint policy docs https://review.openstack.org/341765	19:34
*** pcaruana has quit IRC		19:35
*** michauds has quit IRC		19:37
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in oauth docs https://review.openstack.org/341767	19:38
*** lucas___ has joined #openstack-keystone		19:41
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in v2.0 token docs https://review.openstack.org/341768	19:42
*** michauds has joined #openstack-keystone		19:43
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [token] documentation https://review.openstack.org/341646	19:43
*** lucas___ has quit IRC		19:44
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in v2.0 admin user docs https://review.openstack.org/341770	19:45
*** can8dnSix has joined #openstack-keystone		19:47
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in oauth docs https://review.openstack.org/341767	19:47
*** edtubill has quit IRC		19:48
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in v2.0 token docs https://review.openstack.org/341768	19:48
*** michauds has quit IRC		19:48
*** ddieterly is now known as ddieterly[away]		19:49
*** michauds has joined #openstack-keystone		19:50
openstackgerrit	Steve Martinelli proposed openstack/keystone: Correct normal response codes in oauth docs https://review.openstack.org/341767	19:50
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in service catalog doc https://review.openstack.org/341759	19:50
openstackgerrit	Steve Martinelli proposed openstack/keystone: Correct normal response codes in v2.0 token docs https://review.openstack.org/341768	19:50
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in trust documentation https://review.openstack.org/341760	19:51
*** michauds has quit IRC		19:51
*** ddieterly[away] is now known as ddieterly		19:52
*** edtubill has joined #openstack-keystone		19:53
*** browne has quit IRC		19:53
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for role docs https://review.openstack.org/341726	19:53
*** michauds has joined #openstack-keystone		19:54
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in v2.0 tenant docs https://review.openstack.org/341781	19:55
openstackgerrit	Dolph Mathews proposed openstack/keystone: Use URIOpt instead of StrOpt for SAML config https://review.openstack.org/341514	19:56
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in v2.0 versions doc https://review.openstack.org/341782	19:56
*** sdake has quit IRC		19:57
openstackgerrit	Merged openstack/keystone: List 20X status codes as Normal in domain docs https://review.openstack.org/341714	19:58
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for v2.0 extensions https://review.openstack.org/341783	19:58
*** michauds has quit IRC		20:01
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for v2.0 versions doc https://review.openstack.org/341785	20:01
openstackgerrit	Gage Hugo proposed openstack/keystone: Add OS-EP-FILTER to api-ref https://review.openstack.org/341734	20:01
openstackgerrit	Gage Hugo proposed openstack/keystone: Add OS-EP-FILTER to api-ref https://review.openstack.org/341786	20:04
openstackgerrit	Gage Hugo proposed openstack/keystone: Add OS-EP-FILTER to api-ref https://review.openstack.org/341787	20:04
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for project docs https://review.openstack.org/341720	20:05
*** rderose has joined #openstack-keystone		20:06
openstackgerrit	Merged openstack/keystone: Improve the API documentation for groups https://review.openstack.org/341710	20:06
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for policy docs https://review.openstack.org/341719	20:06
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for project docs https://review.openstack.org/341720	20:07
*** catintheroof has quit IRC		20:07
*** timcline has joined #openstack-keystone		20:08
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for credential docs https://review.openstack.org/341716	20:08
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for auth docs https://review.openstack.org/341715	20:09
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes for region docs https://review.openstack.org/341723	20:10
*** adrian_otto has joined #openstack-keystone		20:10
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in OS-INHERIT docs https://review.openstack.org/341762	20:11
*** timcline has quit IRC		20:12
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [signing] documentation https://review.openstack.org/341790	20:12
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [shadow_users] documentation https://review.openstack.org/341791	20:14
*** gordc has quit IRC		20:15
*** browne has joined #openstack-keystone		20:16
*** tonytan4ever has joined #openstack-keystone		20:17
*** richm has quit IRC		20:18
*** edtubill has quit IRC		20:18
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal status codes for v2.0 admin docs https://review.openstack.org/341796	20:20
*** edtubill has joined #openstack-keystone		20:22
*** raildo has quit IRC		20:22
openstackgerrit	Lance Bragstad proposed openstack/keystone: Correct normal response codes in OS-INHERIT docs https://review.openstack.org/341762	20:22
openstackgerrit	Merged openstack/keystone: Complete OS-TRUST API documentation https://review.openstack.org/341584	20:23
*** neophy has joined #openstack-keystone		20:24
openstackgerrit	Thomas Goirand proposed openstack/keystone: Fix python{3,}-all-dev depends in deb based https://review.openstack.org/341010	20:24
*** julim has quit IRC		20:30
rderose	Jenkins giving me -1, but everything passes except: gate-keystone-python35-db-nv, which is non-voting	20:31
rderose	anyone know why this would happen? or is gate-keystone-python35-db-nv actually voting?	20:31
rderose	https://review.openstack.org/#/c/340074/	20:32
patchbot	rderose: patch 340074 - keystone - PCI-DSS Lockout requirements	20:32
*** ddieterly is now known as ddieterly[away]		20:35
*** clenimar__ has joined #openstack-keystone		20:35
*** chrisshattuck has quit IRC		20:35
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [security_compliance] documentation https://review.openstack.org/341797	20:39
edtubill	Hi, does anyone here know what would happen if I gave a non admin user access to "create_credential" on keystone? I'm trying to find documentation on what it's used for.	20:40
edtubill	stevemar:^	20:40
openstackgerrit	Ron De Rose proposed openstack/keystone: Remove unused parameters with underscore suffix in api-ref https://review.openstack.org/341757	20:41
*** richm has joined #openstack-keystone		20:41
*** richm has quit IRC		20:41
*** daemontool_ has quit IRC		20:41
*** clenimar__ has quit IRC		20:42
*** richm has joined #openstack-keystone		20:42
*** richm has quit IRC		20:42
*** clenimar_ has joined #openstack-keystone		20:42
*** tqtran has joined #openstack-keystone		20:42
tqtran	stevemar: quick question, is_admin_project mentioned in https://review.openstack.org/#/c/341317/ , is that just for V3 or does V2 also support it?	20:42
patchbot	tqtran: patch 341317 - django_openstack_auth - Add 'is_admin_project' attribute in token	20:42
*** david-lyle has joined #openstack-keystone		20:43
dstanek	edtubill: right now it really isn't used for much	20:43
dstanek	edtubill: one thing we plan on using it for is TOTP and that would require non-admins have access to create/update/delete their own data	20:43
edtubill	dstanek: That's cool I was looking into that TOTP too. I was also told it was used with an external heat engine? Is that right?	20:45
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [signing] documentation https://review.openstack.org/341790	20:45
*** chrisshattuck has joined #openstack-keystone		20:47
*** david-lyle has quit IRC		20:47
*** neophy has quit IRC		20:49
dstanek	edtubill: no idea. you'd have to ask heat folks about that	20:49
*** david-lyle has joined #openstack-keystone		20:49
dstanek	edtubill: we have a blueprint to encrypt the data we are storing in there. should be merged this cycle	20:50
*** phalmos has quit IRC		20:52
openstackgerrit	Dolph Mathews proposed openstack/keystone: Improve keystone.conf [security_compliance] documentation https://review.openstack.org/341797	20:54
*** roxanagh_ has quit IRC		20:56
*** pnavarro has joined #openstack-keystone		20:58
*** julim has joined #openstack-keystone		20:58
edtubill	dstanek: oh okay, so I guess I should ask the other projects for who uses the credential endpoint for keystone? I'm trying to figure out if anything bad would happen if I gave "create_credential" to a user of a different role (like if a cloud_admin role had access, could they get access to the admin user). I found the blue print, I'll take a look at it https://review.openstack.org/#/c/284950/8/specs/keystone/newton/credential-encryption.rst.	20:58
patchbot	edtubill: patch 284950 - keystone-specs - Credential Encryption (MERGED)	20:58
*** ddieterly[away] is now known as ddieterly		20:58
*** ddieterly has quit IRC		20:59
*** roxanaghe has joined #openstack-keystone		20:59
*** can8dnSix has quit IRC		20:59
*** ddieterly has joined #openstack-keystone		21:01
*** timcline has joined #openstack-keystone		21:02
*** david-lyle__ has joined #openstack-keystone		21:02
*** adu has quit IRC		21:04
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	21:05
*** timcline has quit IRC		21:06
*** samueldmq has joined #openstack-keystone		21:09
*** ChanServ sets mode: +v samueldmq		21:09
*** thumpba has quit IRC		21:10
*** ddieterly is now known as ddieterly[away]		21:12
*** adu has joined #openstack-keystone		21:13
stevemar	tqtran: that's a v3-isn	21:13
stevemar	ism*	21:13
openstackgerrit	Merged openstack/keystone: Fixes response codes in endpoint policy api-ref https://review.openstack.org/341718	21:14
tqtran	yeah i saw the patch for it	21:14
tqtran	seems like its blank if the condition isnt true, so it would be empty/missing for either version	21:15
*** richm has joined #openstack-keystone		21:17
*** gagehugo has quit IRC		21:20
*** ravelar159 has quit IRC		21:22
*** adrian_otto1 has joined #openstack-keystone		21:26
*** jlk has left #openstack-keystone		21:26
*** david-lyle__ has quit IRC		21:28
*** adrian_otto has quit IRC		21:29
*** jaugustine has quit IRC		21:31
*** ddieterly[away] has quit IRC		21:34
*** tonytan4ever has quit IRC		21:35
*** daemontool_ has joined #openstack-keystone		21:40
*** roxanaghe has quit IRC		21:41
*** ravelar159 has joined #openstack-keystone		21:43
*** ozialien10 has quit IRC		21:43
*** rcernin has quit IRC		21:43
openstackgerrit	Clenimar Filemon proposed openstack/keystone: Add is_domain to scope token response examples https://review.openstack.org/341815	21:43
*** ozialien10 has joined #openstack-keystone		21:44
*** edtubill has quit IRC		21:46
*** pnavarro has quit IRC		21:48
openstackgerrit	Richard proposed openstack/keystone: Improve user experience involving token flush https://review.openstack.org/341165	21:50
rderose	breton: re 341757, if we're not removing the parameters, then what's the fix for this bug?	21:50
openstackgerrit	Clenimar Filemon proposed openstack/keystone: Add is_domain to project example responses https://review.openstack.org/341820	21:52
*** ddieterly has joined #openstack-keystone		21:53
openstackgerrit	Richard proposed openstack/keystone: Improve user experience involving token flush https://review.openstack.org/341165	21:53
*** tqtran has quit IRC		21:54
*** roxanaghe has joined #openstack-keystone		21:57
*** ravelar159 has quit IRC		21:58
*** rderose has quit IRC		22:01
*** adrian_otto1 has quit IRC		22:01
*** pauloewerton has quit IRC		22:02
*** adrian_otto has joined #openstack-keystone		22:02
*** adu has quit IRC		22:02
*** timcline has joined #openstack-keystone		22:04
*** rderose has joined #openstack-keystone		22:08
*** timcline has quit IRC		22:08
*** ddieterly is now known as ddieterly[away]		22:10
*** roxanaghe has quit IRC		22:12
*** roxanaghe has joined #openstack-keystone		22:13
*** gagehugo has joined #openstack-keystone		22:17
*** ametts has quit IRC		22:20
*** KevinE has quit IRC		22:24
openstackgerrit	Clenimar Filemon proposed openstack/keystone: Update identity endpoint in v3 samples https://review.openstack.org/341829	22:25
*** samueldmq has quit IRC		22:27
*** jrist has joined #openstack-keystone		22:29
*** tonytan4ever has joined #openstack-keystone		22:35
*** tonytan4ever has quit IRC		22:41
*** ddieterly[away] is now known as ddieterly		22:42
*** jrist has quit IRC		22:46
*** mordred has joined #openstack-keystone		22:48
openstackgerrit	Merged openstack/keystone: Correct normal response codes in oauth docs https://review.openstack.org/341767	22:49
openstackgerrit	Merged openstack/keystone: Correct normal response codes in v2.0 token docs https://review.openstack.org/341768	22:50
*** slberger has left #openstack-keystone		22:51
jamielennox	stevemar: you feeling confident to push the button on	22:53
jamielennox	https://review.openstack.org/#/c/339356/	22:53
patchbot	jamielennox: patch 339356 - keystone - Require auth_context middleware in the pipeline	22:53
jamielennox	last sec ctrl+v fail	22:53
openstackgerrit	Sam Leong proposed openstack/keystone-specs: Document current behaviors for role_assignments?include_names and include_subree https://review.openstack.org/339812	22:56
openstackgerrit	Clenimar Filemon proposed openstack/keystone: Update identity endpoint in v2 samples https://review.openstack.org/341841	23:00
*** adu has joined #openstack-keystone		23:03
openstackgerrit	Sam Leong proposed openstack/keystone-specs: Document current behaviors for role_assignments?include_names and include_subree https://review.openstack.org/339812	23:04
*** bradjones has quit IRC		23:06
*** bradjones has joined #openstack-keystone		23:07
*** bradjones has quit IRC		23:07
*** bradjones has joined #openstack-keystone		23:07
*** tonytan4ever has joined #openstack-keystone		23:08
*** ddieterly is now known as ddieterly[away]		23:09
*** ddieterly[away] has quit IRC		23:11
*** chrisshattuck has quit IRC		23:14
*** tonytan4ever has quit IRC		23:15
*** tonytan4ever has joined #openstack-keystone		23:15
*** rderose has quit IRC		23:16
*** spzala has quit IRC		23:16
*** spzala has joined #openstack-keystone		23:17
*** spzala has quit IRC		23:21
*** adu has quit IRC		23:26
*** sdake has joined #openstack-keystone		23:26
*** edmondsw has quit IRC		23:26
*** sdake__ has joined #openstack-keystone		23:28
*** sdake has quit IRC		23:32
*** sdake__ has quit IRC		23:36
*** code-R_ has quit IRC		23:38
openstackgerrit	Gage Hugo proposed openstack/keystone: Add OS-EP-FILTER to api-ref https://review.openstack.org/341787	23:44
*** adu has joined #openstack-keystone		23:50
*** gagehugo has quit IRC		23:53
*** tonytan4ever has quit IRC		23:54
*** adu has quit IRC		23:55
*** rderose has joined #openstack-keystone		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!