Thursday, 2016-07-21

« Wednesday, 2016-07-20 Index Friday, 2016-07-22 »
*** ninag has joined #openstack-keystone00:00
*** ninag has quit IRC00:01
*** BjoernT has joined #openstack-keystone00:02
*** david-lyle has joined #openstack-keystone00:02
*** BjoernT is now known as Bjoern_zZzZzZzZ00:02
*** dan_nguyen has quit IRC00:03
*** Bjoern_zZzZzZzZ has quit IRC00:03
*** edmondsw has quit IRC00:06
openstackgerritGage Hugo proposed openstack/keystone: Removed duplicate parameter in v2-admin api-ref  https://review.openstack.org/34510700:06
*** 18VAA56T6 is now known as henrynash00:07
henrynashdd00:08
openstackgerritLance Bragstad proposed openstack/keystone: Only run KvsTokenCacheInvalidation against uuid  https://review.openstack.org/34510800:08
*** gyee has quit IRC00:09
henrynashtst\00:11
*** henrynash has left #openstack-keystone00:12
*** henrynash has joined #openstack-keystone00:13
*** ChanServ sets mode: +v henrynash00:13
stevemarhenrynash: sdoghdsfkjghdfsiughfskd\00:13
*** samueldmq has quit IRC00:13
henrynashtes00:13
*** jamielennox is now known as jamielennox|away00:16
*** david-lyle has quit IRC00:18
*** spzala has joined #openstack-keystone00:29
*** spzala has quit IRC00:29
*** spzala_ has joined #openstack-keystone00:29
openstackgerritMerged openstack/keystone: Fix the errors in params in api-ref for V3 user  https://review.openstack.org/34208900:32
*** jerrygb has joined #openstack-keystone00:36
*** jerrygb has quit IRC00:41
*** gagehugo has quit IRC00:43
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511300:43
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511300:47
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511300:51
*** tqtran has quit IRC00:52
*** ddieterly has joined #openstack-keystone00:57
*** ddieterly has quit IRC01:06
*** davechen has joined #openstack-keystone01:23
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511301:29
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511301:31
*** harlowja has joined #openstack-keystone01:35
*** harlowja has quit IRC01:35
*** harlowja has joined #openstack-keystone01:36
*** jerrygb has joined #openstack-keystone01:37
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511301:38
*** spzala_ has quit IRC01:40
*** spzala has joined #openstack-keystone01:41
*** jerrygb has quit IRC01:42
*** spzala has quit IRC01:45
*** woodster_ has quit IRC01:59
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511301:59
*** jed56 has quit IRC02:05
*** jerrygb has joined #openstack-keystone02:21
*** nk2527 has quit IRC02:23
*** david-lyle has joined #openstack-keystone02:24
*** EinstCra_ has joined #openstack-keystone02:25
*** EinstCrazy has quit IRC02:29
*** david-lyle has quit IRC02:29
*** hoonetorg has quit IRC02:40
*** harlowja has quit IRC02:46
*** hoonetorg has joined #openstack-keystone02:53
*** anushkrishnamurt has joined #openstack-keystone02:55
*** spzala has joined #openstack-keystone03:01
openstackgerritDave Chen proposed openstack/keystone: Clarify V2 API for enabling or disabling user  https://review.openstack.org/34513703:05
*** spzala has quit IRC03:06
*** TxGVNN has joined #openstack-keystone03:13
*** EinstCra_ has quit IRC03:18
*** anushkrishnamurt has quit IRC03:19
*** iurygregory_ has quit IRC03:23
*** itisha has joined #openstack-keystone03:24
*** EinstCrazy has joined #openstack-keystone03:24
*** anushkrishnamurt has joined #openstack-keystone03:25
openstackgerritDave Chen proposed openstack/keystone: `password` is not required for updating a user  https://review.openstack.org/34514303:25
*** ericksonsantos has quit IRC03:27
*** iurygregory has quit IRC03:27
*** dave-mccowan has quit IRC03:27
*** clenimar has quit IRC03:28
*** davechen has left #openstack-keystone03:28
*** iurygregory has joined #openstack-keystone03:29
*** anushkrishnamurt has quit IRC03:29
*** ericksonsantos has joined #openstack-keystone03:31
*** julim has quit IRC03:31
*** clenimar has joined #openstack-keystone03:32
*** julim has joined #openstack-keystone03:44
openstackgerritMerged openstack/keystone: Fix the errors in params in api-ref for V3 region  https://review.openstack.org/34325003:48
*** spzala has joined #openstack-keystone04:02
*** richm has quit IRC04:04
*** iurygregory has quit IRC04:04
*** clenimar has quit IRC04:04
*** ericksonsantos has quit IRC04:04
*** julim has quit IRC04:05
*** spzala has quit IRC04:07
*** iurygregory has joined #openstack-keystone04:09
*** ericksonsantos has joined #openstack-keystone04:10
*** clenimar has joined #openstack-keystone04:10
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create/update user  https://review.openstack.org/34502204:20
*** roxanaghe has joined #openstack-keystone04:24
*** d0ugal has quit IRC04:56
*** d0ugal has joined #openstack-keystone04:57
*** jaosorior has joined #openstack-keystone05:01
*** lamt has quit IRC05:01
*** spzala has joined #openstack-keystone05:01
*** michauds has joined #openstack-keystone05:05
*** spzala has quit IRC05:08
openstackgerrithenry-nash proposed openstack/keystone: Fix up the api-ref request/response parameters for projects  https://review.openstack.org/34334005:08
*** jerrygb has quit IRC05:09
*** michauds has quit IRC05:10
*** roxanaghe has quit IRC05:10
*** sharatss has joined #openstack-keystone05:17
sharatssHi everyone!05:18
*** gyee has joined #openstack-keystone05:20
*** ChanServ sets mode: +v gyee05:20
sharatssI have a question05:21
sharatssCan anyone pls help me finding answer for that?05:21
*** sharatss has left #openstack-keystone05:29
*** afazekas|dentist is now known as afazekas05:32
*** harlowja has joined #openstack-keystone05:39
*** EinstCrazy has quit IRC05:43
*** gyee has quit IRC05:49
*** code-R_ has quit IRC05:49
*** code-R has joined #openstack-keystone05:50
*** gyee has joined #openstack-keystone05:58
*** ChanServ sets mode: +v gyee05:58
openstackgerritMerged openstack/keystone: Removed duplicate parameter in v2-admin api-ref  https://review.openstack.org/34510706:00
*** spzala has joined #openstack-keystone06:03
*** harlowja has quit IRC06:04
*** ravelar159 has joined #openstack-keystone06:04
*** Murali_ has joined #openstack-keystone06:05
*** gyee has quit IRC06:05
*** Murali has quit IRC06:05
*** Murali_ is now known as Murali06:05
*** spzala has quit IRC06:08
*** ravelar159 has quit IRC06:09
*** dikonoor has joined #openstack-keystone06:15
*** Murali_ has joined #openstack-keystone06:18
*** Murali has quit IRC06:19
*** Murali_ is now known as Murali06:20
*** fifieldt has joined #openstack-keystone06:37
*** tesseract- has joined #openstack-keystone06:39
*** dikonoor has quit IRC06:53
*** pcaruana has joined #openstack-keystone07:03
*** spzala has joined #openstack-keystone07:04
*** davechen has joined #openstack-keystone07:05
openstackgerritSwapnil Kulkarni (coolsvap) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843507:07
*** rcernin has joined #openstack-keystone07:07
*** spzala has quit IRC07:09
*** rcernin has quit IRC07:10
*** rcernin has joined #openstack-keystone07:10
*** maestropandy has joined #openstack-keystone07:12
*** d0ugal has quit IRC07:37
*** TxGVNN has quit IRC07:40
*** TxGVNN has joined #openstack-keystone07:52
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** mvk has quit IRC08:02
*** sharatss has joined #openstack-keystone08:05
*** spzala has joined #openstack-keystone08:05
*** spzala has quit IRC08:10
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
*** davechen has quit IRC08:10
*** davechen has joined #openstack-keystone08:14
*** rdo has quit IRC08:21
*** rdo has joined #openstack-keystone08:24
*** rdo has quit IRC08:28
*** rdo has joined #openstack-keystone08:30
*** rdo has quit IRC08:34
*** rdo has joined #openstack-keystone08:35
*** jaosorior has quit IRC08:59
*** jaosorior has joined #openstack-keystone08:59
*** mvk has joined #openstack-keystone09:02
*** spzala has joined #openstack-keystone09:06
*** d0ugal has joined #openstack-keystone09:10
*** spzala has quit IRC09:10
*** jerrygb has joined #openstack-keystone09:13
*** jerrygb has quit IRC09:18
*** d0ugal has quit IRC09:22
*** d0ugal has joined #openstack-keystone09:28
*** daemontool has joined #openstack-keystone09:39
*** code-R_ has joined #openstack-keystone09:39
*** code-R has quit IRC09:40
*** daemontool_ has joined #openstack-keystone09:44
*** daemontool has quit IRC09:47
*** d0ugal has quit IRC09:56
*** d0ugal has joined #openstack-keystone10:02
*** d0ugal has quit IRC10:03
*** d0ugal has joined #openstack-keystone10:03
*** spzala has joined #openstack-keystone10:06
*** tsufiev has quit IRC10:09
*** rakhmerov has quit IRC10:09
openstackgerritDave Chen proposed openstack/keystone: Add schema for enabling a user  https://review.openstack.org/34405710:09
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
*** spzala has quit IRC10:11
openstackgerritDave Chen proposed openstack/keystone: Add schema for enabling a user  https://review.openstack.org/34405710:13
*** jerrygb has joined #openstack-keystone10:14
*** jerrygb has quit IRC10:20
*** davechen has left #openstack-keystone10:20
*** rakhmerov has joined #openstack-keystone10:27
*** maestropandy has quit IRC10:28
*** itisha has quit IRC10:30
*** d0ugal has quit IRC10:31
*** tsufiev has joined #openstack-keystone10:31
*** maestropandy has joined #openstack-keystone10:37
*** maestropandy1 has joined #openstack-keystone10:37
*** maestropandy has quit IRC10:41
*** rodrigods has quit IRC10:43
*** rodrigods has joined #openstack-keystone10:44
*** maestropandy1 has quit IRC10:52
*** code-R has joined #openstack-keystone10:54
*** code-R_ has quit IRC10:55
*** maestropandy has joined #openstack-keystone10:59
*** spzala has joined #openstack-keystone11:07
*** spzala has quit IRC11:12
*** jerrygb has joined #openstack-keystone11:16
*** jerrygb has quit IRC11:21
*** dave-mccowan has joined #openstack-keystone11:23
*** TxGVNN has quit IRC11:24
*** daemontool_ has quit IRC11:35
*** daemontool_ has joined #openstack-keystone11:38
*** pauloewerton has joined #openstack-keystone11:50
*** daemontool__ has joined #openstack-keystone12:06
*** spzala has joined #openstack-keystone12:08
*** daemontool_ has quit IRC12:09
*** d0ugal has joined #openstack-keystone12:11
*** spzala has quit IRC12:13
*** jerrygb has joined #openstack-keystone12:17
*** jerrygb has quit IRC12:21
*** edmondsw has joined #openstack-keystone12:28
*** maestropandy has left #openstack-keystone12:37
*** edmondsw has quit IRC12:44
*** edmondsw has joined #openstack-keystone12:45
*** jed56 has joined #openstack-keystone12:52
*** BjoernT has joined #openstack-keystone12:59
*** reauxmont has joined #openstack-keystone12:59
*** spzala has joined #openstack-keystone13:01
*** julim has joined #openstack-keystone13:01
*** gordc has joined #openstack-keystone13:02
*** TxGVNN has joined #openstack-keystone13:05
*** jsavak has joined #openstack-keystone13:10
*** jerrygb has joined #openstack-keystone13:18
*** jerrygb has quit IRC13:22
reauxmontis the identity endpoint actually relevant? I seem to be able to use the v3 API although I only have a v2 endpoint configured.13:23
*** nk2527 has joined #openstack-keystone13:29
*** edmondsw has quit IRC13:31
*** jerrygb has joined #openstack-keystone13:34
*** richm has joined #openstack-keystone13:35
*** sharatss has quit IRC13:37
*** BigWillie has joined #openstack-keystone13:47
*** ametts has joined #openstack-keystone13:47
*** krotscheck_dcm is now known as krotscheck13:50
*** ebalduf has joined #openstack-keystone13:52
*** itisha has joined #openstack-keystone13:57
*** haplo37_ has joined #openstack-keystone13:57
*** EinstCrazy has joined #openstack-keystone13:58
*** ddieterly has joined #openstack-keystone14:03
*** ericksonsantos has quit IRC14:06
*** ddieterly has quit IRC14:13
*** code-R_ has joined #openstack-keystone14:14
*** daemontool__ is now known as daemontool14:16
*** code-R has quit IRC14:17
*** ravelar159 has joined #openstack-keystone14:19
*** ddieterly has joined #openstack-keystone14:19
*** phalmos has joined #openstack-keystone14:22
*** EinstCrazy has quit IRC14:31
*** EinstCrazy has joined #openstack-keystone14:32
*** sonal has joined #openstack-keystone14:32
*** edmondsw has joined #openstack-keystone14:33
*** michauds has joined #openstack-keystone14:44
*** gagehugo has joined #openstack-keystone14:49
*** spresser has joined #openstack-keystone14:55
*** ebalduf has quit IRC14:57
*** michauds has quit IRC14:57
openstackgerritLance Bragstad proposed openstack/keystone: Use freezegun to increment clock in test_v3_assignment  https://review.openstack.org/34386014:59
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestAuthExternalDomain to not inherit tests  https://review.openstack.org/34388615:00
spresserHey, quick question from a relative noob:  I'm writing a service that interacts with nova.  I want to have it so the user can only interact with instances s/he is an admin for.  I think the approach I'm using is correct, but I also want to make sure I'm not violating any best practices.  In short, I want to use keystonemiddleware to authenticate the user first, then make a "combined auth" request to nova using novaclien15:00
openstackgerritLance Bragstad proposed openstack/keystone: Don't run TokenCacheInvalidation with Fernet  https://review.openstack.org/34393215:00
spresserAlso, it's worth noting that for "reasons", my employer has me working in Kilo.15:00
*** pece has joined #openstack-keystone15:01
openstackgerritLance Bragstad proposed openstack/keystone: Run AuthWithToken against all token providers  https://review.openstack.org/34393515:01
openstackgerritLance Bragstad proposed openstack/keystone: refactor: inherit AuthWithRemoteUser for other providers  https://review.openstack.org/34507515:01
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestAuthKerberos test pki/pkiz/uuid  https://review.openstack.org/34508915:02
*** d0ugal has quit IRC15:02
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz  https://review.openstack.org/34509015:02
*** KevinE has joined #openstack-keystone15:02
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestFetchRevocationList test uuid  https://review.openstack.org/34509915:02
*** haplo37_ has quit IRC15:02
*** pcaruana has quit IRC15:02
openstackgerritLance Bragstad proposed openstack/keystone: Use freezegun in OSRevokeTests  https://review.openstack.org/34510415:03
openstackgerritLance Bragstad proposed openstack/keystone: Only run KvsTokenCacheInvalidation against uuid  https://review.openstack.org/34510815:03
*** david-lyle has joined #openstack-keystone15:04
*** d0ugal has joined #openstack-keystone15:05
*** jed56 has quit IRC15:05
*** ebalduf has joined #openstack-keystone15:09
*** slberger has joined #openstack-keystone15:12
*** sdake has joined #openstack-keystone15:13
*** haplo37_ has joined #openstack-keystone15:14
*** arunkant_ has joined #openstack-keystone15:16
*** sdake_ has joined #openstack-keystone15:17
*** sdake has quit IRC15:19
*** EinstCrazy has quit IRC15:20
*** KevinE has quit IRC15:33
*** code-R_ has quit IRC15:34
*** jed56 has joined #openstack-keystone15:35
*** michauds has joined #openstack-keystone15:35
*** slberger has quit IRC15:38
*** michauds has quit IRC15:40
*** slberger has joined #openstack-keystone15:42
*** code-R has joined #openstack-keystone15:53
*** woodster_ has joined #openstack-keystone15:53
*** amakarov has joined #openstack-keystone15:54
*** dan_nguyen has joined #openstack-keystone15:55
*** jamielennox|away is now known as jamielennox15:59
jamielennoxstevemar: https://review.openstack.org/#/c/338614/ is the one i need merged for ksa in next release15:59
patchbotjamielennox: patch 338614 - keystoneauth - Add prompt parameter to Opt15:59
*** jsavak has quit IRC16:03
*** d0ugal has quit IRC16:04
*** reauxmont has quit IRC16:09
*** lamt has joined #openstack-keystone16:10
*** tesseract- has quit IRC16:15
*** rcernin has quit IRC16:19
*** bknudson_ is now known as bknudson16:22
*** raildo has joined #openstack-keystone16:23
*** browne has joined #openstack-keystone16:24
*** roxanaghe has joined #openstack-keystone16:24
*** ayoung has joined #openstack-keystone16:24
*** ChanServ sets mode: +v ayoung16:24
*** ddieterly is now known as ddieterly[away]16:25
*** ayoung has quit IRC16:25
*** ayoung has joined #openstack-keystone16:25
*** ChanServ sets mode: +v ayoung16:25
ayounghttp://adam.younglogic.com/2016/07/merge-freeipa-undercloud-apache/ jamielennox16:25
ayoungroxanaghe, http://adam.younglogic.com/2016/06/saml-federated-auth-plugin/16:25
*** julim has quit IRC16:28
*** jsavak has joined #openstack-keystone16:31
*** mvk has quit IRC16:32
*** david-lyle has quit IRC16:41
*** d0ugal has joined #openstack-keystone16:44
*** shaleh has joined #openstack-keystone16:45
*** sdake_ has quit IRC16:46
*** sdake has joined #openstack-keystone16:49
*** sonal has quit IRC16:53
*** jaosorior has quit IRC16:59
*** jaosorior has joined #openstack-keystone16:59
*** ddieterly[away] is now known as ddieterly17:01
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs  https://review.openstack.org/33631817:02
*** jsavak has quit IRC17:02
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs  https://review.openstack.org/33631817:03
*** ericksonsantos has joined #openstack-keystone17:04
*** KevinE has joined #openstack-keystone17:07
*** jsavak has joined #openstack-keystone17:15
openstackgerritDolph Mathews proposed openstack/keystone: Add performance tuning documentation  https://review.openstack.org/34556617:18
dolphmstevemar: bknudson: henrynash: ^17:19
openstackgerritSteve Martinelli proposed openstack/keystone-specs: move old APIs to the attic  https://review.openstack.org/34239917:21
stevemarrderose: can you add https://review.openstack.org/#/c/340964/ to the api-ref too? :(17:21
patchbotstevemar: patch 340964 - keystone-specs - PCI-DSS Adds password_expires_at to API specs (MERGED)17:21
*** ddieterly is now known as ddieterly[away]17:22
rderosestevemar: it already is, here: https://review.openstack.org/#/c/336318/17:23
patchbotrderose: patch 336318 - keystone - PCI-DSS Adds password_expires_at to API docs17:23
stevemarrderose: <317:23
rderosestevemar: v3 only, did you want to add to v2 as well?17:24
*** Gorian_ has joined #openstack-keystone17:24
*** julim has joined #openstack-keystone17:34
stevemarrderose: i hope it's not returned for v217:42
stevemarmmm17:42
rderosestevemar: I think it would be17:42
stevemarhence the mmm17:42
rderose:)17:43
stevemarwhy did we need to return it?17:43
*** TxGVNN has quit IRC17:43
stevemaruser show, i can see details about myself, and see when my password expires?17:43
stevemarthats not usual-ish17:43
*** harlowja has joined #openstack-keystone17:44
*** spzala has quit IRC17:44
*** spzala has joined #openstack-keystone17:45
*** ericksonsantos has quit IRC17:45
*** mvk has joined #openstack-keystone17:45
*** ebalduf has quit IRC17:45
*** raildo has quit IRC17:45
*** clenimar has quit IRC17:45
*** iurygregory has quit IRC17:46
*** pauloewerton has quit IRC17:46
openstackgerritMerged openstack/keystone: `password` is not required for updating a user  https://review.openstack.org/34514317:48
openstackgerritMerged openstack/keystone: Clarify V2 API for enabling or disabling user  https://review.openstack.org/34513717:49
openstackgerritMerged openstack/keystone: Fix up the api-ref request/response parameters for projects  https://review.openstack.org/34334017:49
*** spzala has quit IRC17:49
*** tmcm has joined #openstack-keystone17:51
tmcmis anyone here using X.509 Tokenless Authorization?17:51
rderosestevemar: yeah, user show would should password_expires_at17:54
rderosestevemar: we could pull it out of v2 here if we wanted: https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L30217:54
rderose* would show password_expires_at17:58
*** spzala has joined #openstack-keystone17:59
*** julim_ has joined #openstack-keystone18:01
*** daemontool has quit IRC18:01
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs  https://review.openstack.org/33631818:01
*** david-lyle has joined #openstack-keystone18:04
*** julim has quit IRC18:04
*** david-lyle_ has joined #openstack-keystone18:05
*** david-lyle has quit IRC18:05
amakarovjamielennox, ayoung: when RBAC support discussion is planned?18:09
*** pauloewerton has joined #openstack-keystone18:11
*** raildo has joined #openstack-keystone18:12
*** clenimar has joined #openstack-keystone18:12
*** ericksonsantos has joined #openstack-keystone18:12
*** iurygregory has joined #openstack-keystone18:13
ayoungamakarov, about to hit lunch.18:16
ayoungamakarov, is after that too late?18:16
amakarovayoung: it's 9pm here now, no problem18:18
openstackgerritJamie Lennox proposed openstack/keystoneauth: Lazy load oauthlib for plugin loading  https://review.openstack.org/34560018:19
*** david-lyle_ has quit IRC18:22
*** ddieterly[away] has quit IRC18:22
*** iurygregory has quit IRC18:22
*** zzzeek is now known as zzzeek_afk_but_r18:22
*** ericksonsantos has quit IRC18:22
*** zzzeek_afk_but_r is now known as zzzeek_afk18:23
*** iurygregory has joined #openstack-keystone18:23
*** ericksonsantos has joined #openstack-keystone18:23
*** catintheroof has quit IRC18:25
*** jaosorior has quit IRC18:27
*** eggmaster has quit IRC18:28
*** samueldmq has joined #openstack-keystone18:29
samueldmqhi all18:29
*** ddieterly has joined #openstack-keystone18:32
*** harlowja has quit IRC18:35
*** tmcm has left #openstack-keystone18:37
*** harlowja has joined #openstack-keystone18:38
*** ddieterly is now known as ddieterly[away]18:42
*** tqtran has joined #openstack-keystone18:49
*** michauds has joined #openstack-keystone18:51
*** markvoelker has quit IRC18:53
*** ddieterly[away] is now known as ddieterly18:55
*** spzala has quit IRC18:58
*** harlowja has quit IRC18:59
*** r-daneel has joined #openstack-keystone18:59
*** spzala has joined #openstack-keystone19:00
*** jsavak has quit IRC19:04
*** spzala has quit IRC19:05
*** roxanaghe has quit IRC19:05
*** jsavak has joined #openstack-keystone19:06
*** gagehugo has quit IRC19:06
*** fifieldt has quit IRC19:07
*** tqtran has quit IRC19:11
*** gordc has quit IRC19:11
jamielennoxstevemar: replied to comment on https://review.openstack.org/#/c/338614/19:12
patchbotjamielennox: patch 338614 - keystoneauth - Add prompt parameter to Opt19:12
*** fifieldt has joined #openstack-keystone19:18
*** ddieterly is now known as ddieterly[away]19:21
*** ddieterly[away] is now known as ddieterly19:23
*** ddieterly is now known as ddieterly[away]19:27
*** jsavak has quit IRC19:27
*** spzala has joined #openstack-keystone19:30
*** KevinE has quit IRC19:31
*** jerrygb has quit IRC19:32
*** jed56 has quit IRC19:35
*** sdake_ has joined #openstack-keystone19:39
*** sdake has quit IRC19:40
*** jerrygb has joined #openstack-keystone19:40
dstanekdolphm: solved https://backchannel.org/blog/friendfeed-schemaless-mysql https://eng.uber.com/schemaless-part-one/19:45
*** ddieterly[away] is now known as ddieterly19:50
*** gagehugo has joined #openstack-keystone19:52
ayoungamakarov, ready to go?19:53
stevemardolphm: fallout from your keystone.conf.ldap review: https://review.openstack.org/#/c/344210/20:01
patchbotstevemar: patch 344210 - keystone - deprecate a few more LDAP config options20:01
stevemars/fallout/cleanup20:01
mfischdstanek: ping20:02
*** roxanaghe has joined #openstack-keystone20:05
*** jsavak has joined #openstack-keystone20:09
dstanekmfisch: pong20:13
mfischdstanek: ive read your email but I dont follow20:13
mfischwrt memcache20:13
dstanekmfisch: do you have a link to that bug?20:13
mfischyeah 1 sec20:14
dstanekmfisch: i was also just looking at the other bug too...and i have a question20:14
mfischhttps://bugs.launchpad.net/bugs/157015820:14
openstackLaunchpad bug 1570158 in OpenStack Identity (keystone) liberty "memcache pool reap issue" [Medium,In progress] - Assigned to David Stanek (dstanek)20:14
mfischdstanek: you wnat to just do a quick google call?20:14
mfischas soon as this one im on ends20:14
dstanekmfisch: can't at the moment - mid cycling too20:15
mfischah20:15
mfisch ok20:15
dstanekmfisch: oh, the reap issue right?20:16
mfischyeah20:16
mfischthe leaving cruft around20:16
mfischyou told me to try the oslo version or something?20:16
dstanekmfisch: that bug was fixed in oslo.cache20:16
dstanekin mitaka we punted the code over there and fixed it there20:16
mfischdstanek: thats fine with me20:17
mfischwe've got mitaka in the pipeline20:17
mfischonce we get cinder upgraded it will roll out20:17
dstanekmfisch: cool, then that bug should fix itself for you.20:17
mfischperfect20:18
dstanekmfisch: i did post a patch for it if you needed it, but it sounds like you don't20:18
mfischyeah probably not20:18
mfischI could confirm its fixed in M20:18
mfischwhen did the M fix land?20:18
mfischwe're probably a month old now20:18
dstanekmfisch: i think it would have been in the original release20:21
mfischdstanek: ok20:21
mfischlet me go look in our dev environment20:21
mfischgive me 30 min20:21
*** SamYaple has quit IRC20:23
dstanekmfisch: sure20:23
*** SamYaple has joined #openstack-keystone20:23
dstanekmfisch: the other thing i was wondering is that we see the token entries not expiring....didn't you have another cache that looked like it had different behavior?20:24
mfischthe token validation cache that services like nova, glance etc use20:24
mfischI believe that was using the oslo implementation?20:25
dstanekmfisch: ah, from auth token?20:25
mfischyeah20:25
mfischif you've unified it then you can probably close my other bug20:25
mfischabout encrypting the tokens in cache20:25
*** ddieterly is now known as ddieterly[away]20:25
mfischI've got 9.0.2-9-ga4be339 in the lab now20:25
mfischlet me check keystone cache20:25
dstanekmfisch: i think the expiration date is by design. the crypto one is different20:26
dstaneki think we could just push our code into olso.cache20:26
mfischI thought thats what you said you had done in M?20:26
dstanekmfisch: we pushed our keystone memcache pool backend in there, not the keystonemiddleware stuff20:27
mfischah ok20:28
mfischdstanek: so I still see this issue in Mitaka20:28
mfischsame as we discussed on the phone20:28
mfischin fact I think the lab environment is what I shared stuff with you from20:29
dstanekmfisch: that issue won't change. i bug that i said is fix is the one that shows a traceback because the deque is empty20:29
*** jsavak has quit IRC20:29
dstanekmfisch: https://bugs.launchpad.net/keystone/+bug/1570158 is fixed in oslo.cache20:29
openstackLaunchpad bug 1570158 in OpenStack Identity (keystone) liberty "memcache pool reap issue" [Medium,In progress] - Assigned to David Stanek (dstanek)20:29
jamielennoxthe keystonemiddleware cache stuff is in oslo.cache20:29
mfischdstanek: ugh ok20:29
dstanekmfisch: https://bugs.launchpad.net/keystone/+bug/1578401 isn't a bug from what i can see20:30
openstackLaunchpad bug 1578401 in OpenStack Identity (keystone) "tokens in memcache have no/improper expiration" [Undecided,Incomplete] - Assigned to David Stanek (dstanek)20:30
mfischdstanek: sorry I read reap as in reap old stuff20:30
*** agireud has quit IRC20:30
dstanekjamielennox: i didn't see our crypto stuff in there20:30
mfischdstanek: I dont need a backport for the reap issue20:30
dstanekjamielennox: is that actally in there now?20:30
mfischthanks for the fix20:30
jamielennoxwe can't easily switch over to using the oslo.cache stuff because the formats are incompatible and we would essentially be dumping the whole cache on update20:30
jamielennoxah - i don't think the memcache security stuff is there20:30
mfischreally wish I could have come out :(20:31
dstanekjamielennox: i am going to put it in there to make it available to keystone20:31
shalehjamielennox: re: user_agent. In Adapter class the service_name is not "nova" it is something like "compute" correct?20:31
jamielennoxdstanek: this is my most recent attempt: https://review.openstack.org/#/c/337929/1/keystonemiddleware/auth_token/_cache.py20:31
patchbotjamielennox: patch 337929 - keystonemiddleware - WIP: Use dogpile.cache for caching20:31
jamielennoxdstanek: i've had a couple20:31
*** agireud has joined #openstack-keystone20:31
jamielennoxshaleh: service_name in adapter would be "glanceclient" service_name in session would be compute20:32
jamielennoxshaleh: we might need a better name for that20:32
dstanekjamielennox: i don't want to change keystone middleware at all. just move that crypto to oslo.cache to add this feature https://bugs.launchpad.net/keystone/+bug/157846620:32
openstackLaunchpad bug 1578466 in OpenStack Identity (keystone) "keystone token cache should offer encryption like the middleware cache does" [Medium,Triaged]20:32
jamielennoxshaleh: in get_endpoint we use service_name and service_type20:32
jamielennoxshaleh: actually no - we definetly want to use nova20:32
jamielennoxbecause compute is anything implementing the compute api20:33
shalehjamielennox: right. In Session is added "agent_name" because that better reflects the use. agent_name="CorpFrobble" or agent_name="nova" for instance20:33
jamielennoxand nova is the actual service we run20:33
shalehs/is/I/20:33
jamielennoxdstanek: this is like the only time i've heard of people using that memcahce encryption20:33
mfischdstanek: having an invalid/unset expiration time leads to memcache using more memory than it should I thought20:33
mfischdstanek: because it wont evict anything until its full20:33
jamielennoxshaleh: yea, that works for me20:34
dstanekmfisch: once you give it Xgb then it's safe to assume it will use Xgb20:34
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create/update user  https://review.openstack.org/34502220:34
mfischdstanek: but if you had valid expirations will it reap old stuff or no reaping at all until the limit?20:34
mfischif the latter then yeah, close it20:34
shalehI can use the Adapter object's service_name if it is set though. So on Adapter we use service_name and on Session agent_name?20:34
jamielennoxdstanek: ok, so i had an oslo.cache proxy in that review that i would have moved over to oslo.cache if i got it all working20:34
shalehjamielennox: open to bikeshedding here20:34
mfischask jamielennox he knows cache20:35
mfischcache rules everything around him20:35
mfisch(how does a wu tang reference work with this crowd)20:35
dstanekmfisch: not sure. i think dogpile just assumes that since you explicitly give it a certain amount of memory that you assume it can and will use it20:35
dstanekjamielennox: do in that review you are moving from oslo.cache to dogpile? is that because oslo.cache limits the tweaking that can be done to dogpile?20:36
gagehugomfisch: I liked it20:36
mfischglad I could be of service20:39
*** harlowja has joined #openstack-keystone20:39
*** jsavak has joined #openstack-keystone20:40
jamielennoxmfisch: notmorgan is the oslo.cache person20:42
mfischwe'll call you guys Rza and Gza then20:43
dstanekmfisch: jamielennox: this isn't even an oslo.cache thing it's what dogpile does20:43
dstanekit appears to me that it just encodes the expiration data in the retrieved object and never tells memcached what it should be20:43
dstanekthat way it can make decisions about how stale can the data be20:43
*** tqtran has joined #openstack-keystone20:45
jamielennoxdstanek: oh? i was under the impression that the expiry was still handled my memcache20:45
jamielennoxthere is a dict backend that obviously must manage it itself, but for memcache i thought it was handled20:45
jamielennoxmfisch: is that another wu tang reference? i'm completely guessing20:46
mfischhaha yeah sorry20:47
mfischinteresting day here, i'll stop bugging you20:47
jamielennoxdstanek: now keystone/keystonemiddleware definetly includes the expiry in the token seperate to the memcache validation20:47
jamielennoxdstanek: your token can be valid for another few hours but its only cached for 15 minutes20:47
mfischjamielennox: confirmed20:48
mfischthats the behavior I saw20:49
mfischthat cache works differently20:49
mfischkeystone's cache doesnt set expiration times on cache entries but the authtoken stuff does20:49
dstanekfrom what i see dogpile doen't ever set the expiration date20:49
jamielennoxthat's at least intentional, particularly when we were dealing with revocations we only wanted to short term cache a response20:49
dstanekmfisch: how are you able to tell that?20:49
jamielennoxand then check revocation after the fact20:50
mfischdstanek: you can look at the entries and they have a timestamp20:50
mfischgive me 3 mins to show you20:50
dstanekjamielennox: dogpile won't give you the stale data by default20:50
jamielennoxdstanek: but it just doesn't set the memcache expiry? that's dumb20:51
mfischalso some examples in the bug20:51
mfischjamielennox: hence my bug ^20:51
dstanekjamielennox: agreed...after this meeting we can talk more verbally :-)20:51
mfischITEM tokens/uZ3A4NBmFcVWWsduoLstAg== [768 b; 1469124404 s]20:52
mfischthats a token from the authtoken cache20:52
mfischevery token in there has a different expiration time20:52
mfischKeystone's cache on the other hand, they all have the time set to the same value20:52
mfischthe 1469...s part20:52
mfischjamielennox: dstanek ping me if you have questions/etc20:52
jamielennoxmfisch: yea, i would want to run through and confirm  what dogpile is doing20:53
mfischjamielennox: cool let me know20:54
mfischthanks20:54
*** BigWillie has quit IRC20:55
*** raildo has quit IRC20:56
*** ddieterly[away] is now known as ddieterly20:57
*** gordc has joined #openstack-keystone20:58
*** ametts has quit IRC20:59
*** woodster_ has quit IRC20:59
*** haplo37_ has quit IRC21:00
*** tonytan4ever has quit IRC21:06
*** dan_nguyen has quit IRC21:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: WIP! Check revocation in database  https://review.openstack.org/34566821:06
*** jsavak has quit IRC21:07
dstanekjamielennox: mfisch: oh, crap... i have an idea...21:07
*** jsavak has joined #openstack-keystone21:08
*** tonytan4ever has joined #openstack-keystone21:08
*** ddieterly has quit IRC21:10
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs  https://review.openstack.org/33631821:12
jamielennoxdstanek: and...21:12
dstanekjamielennox: the obvious.... keystonemiddleware doesn't use oslo.cache or dogpile :-)21:14
dstaneksomething i know, but somehow forot21:14
*** julim_ has quit IRC21:14
*** ravelar159 has quit IRC21:20
*** phalmos has quit IRC21:32
dstanekdolphm: http://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/tree/defaults/main.yml#n5721:34
*** gagehugo has quit IRC21:37
*** dave-mccowan has quit IRC21:37
*** timcline has joined #openstack-keystone21:39
*** spzala has quit IRC21:41
*** harlowja has quit IRC21:41
*** slberger1 has joined #openstack-keystone21:42
*** slberger has quit IRC21:43
*** spzala has joined #openstack-keystone21:44
*** pece has quit IRC21:45
*** gordc has quit IRC21:45
*** jsavak has quit IRC21:46
*** clenimar has quit IRC21:47
*** pauloewerton has quit IRC21:47
openstackgerritMerged openstack/keystone: deprecate a few more LDAP config options  https://review.openstack.org/34421021:47
*** iurygregory has quit IRC21:47
*** ericksonsantos has quit IRC21:47
*** harlowja has joined #openstack-keystone21:48
*** harlowja has quit IRC21:48
*** timcline has quit IRC21:53
*** iurygregory has joined #openstack-keystone21:54
*** timcline has joined #openstack-keystone21:54
*** gagehugo has joined #openstack-keystone21:55
openstackgerritLance Bragstad proposed openstack/keystone: Run AuthWithToken against all token providers  https://review.openstack.org/34393521:55
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestFetchRevocationList test uuid  https://review.openstack.org/34509921:55
openstackgerritLance Bragstad proposed openstack/keystone: Refactor TestAuthExternalDomain to not inherit tests  https://review.openstack.org/34388621:55
openstackgerritLance Bragstad proposed openstack/keystone: Don't run TokenCacheInvalidation with Fernet  https://review.openstack.org/34393221:55
openstackgerritLance Bragstad proposed openstack/keystone: Use freezegun in OSRevokeTests  https://review.openstack.org/34510421:55
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestAuthKerberos test pki/pkiz/uuid  https://review.openstack.org/34508921:55
openstackgerritLance Bragstad proposed openstack/keystone: refactor: inherit AuthWithRemoteUser for other providers  https://review.openstack.org/34507521:55
openstackgerritLance Bragstad proposed openstack/keystone: refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz  https://review.openstack.org/34509021:55
openstackgerritLance Bragstad proposed openstack/keystone: Only run KvsTokenCacheInvalidation against uuid  https://review.openstack.org/34510821:55
openstackgerritLance Bragstad proposed openstack/keystone: Use freezegun to increment clock in test_v3_assignment  https://review.openstack.org/34386021:55
openstackgerritLance Bragstad proposed openstack/keystone: Use freezegun in AssignmentInheritanceTestCase  https://review.openstack.org/34568421:55
openstackgerritLance Bragstad proposed openstack/keystone: Make it so federated tokens are validated on v2.0  https://review.openstack.org/34568521:55
openstackgerritLance Bragstad proposed openstack/keystone: Make AuthWithToken testable against uuid and fernet  https://review.openstack.org/34568621:55
openstackgerritLance Bragstad proposed openstack/keystone: Allow V2TestCase to be tested against fernet and uuid  https://review.openstack.org/34568721:55
openstackgerritLance Bragstad proposed openstack/keystone: Switch fernet to be the default token provider.  https://review.openstack.org/34568821:55
lbragstadugh - my brain hurts...21:56
dstanekmy mac just complained about the volume of notifications for irc that it just got.21:56
*** amakarov has quit IRC21:57
*** timcline has quit IRC21:58
*** iurygregory_ has joined #openstack-keystone22:02
* lbragstad cracks a beer22:02
stevemarlbragstad: *frain burts*22:02
*** clenimar has joined #openstack-keystone22:02
notmorgandstanek: oh so what you're saying is I should write a bot that pings you continuously?22:02
lbragstadstevemar exactly22:02
stevemaroh wait...22:02
*** ericksonsantos has joined #openstack-keystone22:03
stevemar*frain bried*22:03
lbragstadstevemar that works too22:03
rderoseayoung henrynash: https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L88222:06
* notmorgan looks around and feels remarkably refreshed22:12
*** jsavak has joined #openstack-keystone22:17
*** dan_nguyen has joined #openstack-keystone22:17
* stevemar waves at notmorgan22:20
*** spzala has quit IRC22:23
*** sdake_ has quit IRC22:24
*** ntpttr- has quit IRC22:31
*** ntpttr- has joined #openstack-keystone22:36
*** ddieterly has joined #openstack-keystone22:43
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511322:43
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create role  https://review.openstack.org/34570022:46
*** sdake has joined #openstack-keystone22:49
*** spzala has joined #openstack-keystone22:50
openstackgerritAdrian Turjak proposed openstack/keystone-specs: Extended Password Auth with optional MFA  https://review.openstack.org/34511322:50
*** spzala has quit IRC22:51
*** spzala has joined #openstack-keystone22:51
*** spzala has quit IRC22:54
*** jerrygb has quit IRC22:55
*** zzzeek_afk is now known as zzzeek23:00
*** slberger1 has quit IRC23:01
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create/update user  https://review.openstack.org/34502223:03
*** browne has quit IRC23:05
*** edmondsw has quit IRC23:06
*** jsavak has quit IRC23:07
*** slberger has joined #openstack-keystone23:13
*** tqtran has quit IRC23:16
openstackgerritMerged openstack/oslo.policy: Add note about not all APIs support policy enforcement by user_id  https://review.openstack.org/32564523:18
*** ddieterly has quit IRC23:20
*** r-daneel has quit IRC23:23
*** BjoernT has quit IRC23:25
*** Gorian_ has quit IRC23:31
*** BjoernT has joined #openstack-keystone23:43
*** BjoernT has quit IRC23:47
*** code-R has quit IRC23:49
« Wednesday, 2016-07-20 Index Friday, 2016-07-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!