Friday, 2016-07-29

« Thursday, 2016-07-28 Index Saturday, 2016-07-30 »
*** roxanaghe has quit IRC00:03
openstackgerritEric Brown proposed openstack/keystone: Improve domain configuration API docs  https://review.openstack.org/34859100:07
openstackgerritEric Brown proposed openstack/keystone: Improve domain configuration API docs  https://review.openstack.org/34859100:08
*** marekd2 has joined #openstack-keystone00:17
openstackgerritEric Brown proposed openstack/keystone: Improve domain configuration API docs  https://review.openstack.org/34859100:17
*** shaleh has quit IRC00:19
openstackgerritEric Brown proposed openstack/keystone: Improve domain configuration API docs  https://review.openstack.org/34859100:20
*** adu has joined #openstack-keystone00:21
*** marekd2 has quit IRC00:22
*** sdake has quit IRC00:23
*** hwcomcn has joined #openstack-keystone00:24
*** tqtran has quit IRC00:25
*** ddieterly has joined #openstack-keystone00:29
*** adu has quit IRC00:37
*** woodster_ has quit IRC00:39
*** ddieterly is now known as ddieterly[away]00:47
*** jamielennox is now known as jamielennox|away00:49
*** ddieterly[away] has quit IRC00:51
*** tonytan4ever has joined #openstack-keystone00:53
*** code-R has joined #openstack-keystone00:53
*** code-R_ has joined #openstack-keystone00:54
*** hwcomcn has quit IRC00:55
*** gyee has quit IRC00:57
*** tonytan4ever has quit IRC00:58
*** code-R has quit IRC00:58
*** Gorian_ has quit IRC01:01
*** browne has quit IRC01:01
*** roxanaghe has joined #openstack-keystone01:03
*** roxanaghe has quit IRC01:07
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833901:10
*** itisha has quit IRC01:10
*** sdake has joined #openstack-keystone01:13
*** sdake has quit IRC01:13
*** sdake has joined #openstack-keystone01:13
*** sdake_ has joined #openstack-keystone01:15
*** sdake has quit IRC01:18
*** timcline has quit IRC01:24
*** timcline has joined #openstack-keystone01:24
*** timcline has quit IRC01:29
*** tonytan4ever has joined #openstack-keystone01:34
*** jamielennox|away is now known as jamielennox01:34
*** gordc has quit IRC01:34
*** EinstCrazy has joined #openstack-keystone01:44
stevemaro/01:44
*** EinstCrazy has quit IRC01:45
*** davechen has joined #openstack-keystone01:45
*** EinstCrazy has joined #openstack-keystone01:45
*** adriant has quit IRC01:48
*** sdake_ has quit IRC02:19
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/34862802:29
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/34862902:29
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/34863002:29
*** jamielennox is now known as jamielennox|away02:32
*** gordc has joined #openstack-keystone02:33
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/34866102:33
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/34867402:34
openstackgerritSteve Martinelli proposed openstack/keystone: Remove the extensions repos  https://review.openstack.org/34852102:39
*** tonytan4ever has quit IRC02:41
*** richm has quit IRC02:43
*** TxGVNN has joined #openstack-keystone02:57
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to update user v2  https://review.openstack.org/34502203:05
stevemardolphm: dstanek lbragstad henrynash rderose davechen jamielennox|away bknudson i'm off tomorrow and monday for stat holidays - i'll be working a bit over the weekend as it'll be nice and quiet but likely not on tomorrow at all03:15
*** bill_az has quit IRC03:26
openstackgerritMerged openstack/keystone: TOTP auth not functional in python3  https://review.openstack.org/34808103:30
*** davechen has quit IRC03:35
*** iurygregory_ has quit IRC03:37
*** tonytan4ever has joined #openstack-keystone03:42
*** gordc has quit IRC03:45
*** tonytan4ever has quit IRC03:47
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create user v2  https://review.openstack.org/34853103:49
*** gordc has joined #openstack-keystone03:53
*** adriant has joined #openstack-keystone03:59
*** davechen has joined #openstack-keystone04:00
*** davechen has quit IRC04:01
*** browne has joined #openstack-keystone04:02
*** roxanaghe has joined #openstack-keystone04:04
*** gordc has quit IRC04:04
*** roxanaghe has quit IRC04:09
*** browne has quit IRC04:10
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create service in v2  https://review.openstack.org/34696204:12
rderosestevemar: alright, have a nice weekend04:13
*** links has joined #openstack-keystone04:13
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create user v2  https://review.openstack.org/34853104:17
*** gagehugo_ has quit IRC04:18
*** code-R_ has quit IRC04:22
*** code-R has joined #openstack-keystone04:22
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password expires validation  https://review.openstack.org/33336004:38
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007404:44
*** tonytan4ever has joined #openstack-keystone04:47
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/34863004:52
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007404:58
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/34862905:09
*** songjian has joined #openstack-keystone05:19
*** songjian has left #openstack-keystone05:19
*** amitkqed has quit IRC05:19
*** amitkqed has joined #openstack-keystone05:20
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331405:20
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331405:22
*** GB21 has joined #openstack-keystone05:22
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331405:25
openstackgerrithenry-nash proposed openstack/keystone: Remove the extensions repos  https://review.openstack.org/34852105:25
openstackgerritMerged openstack/keystone: Add schema for enabling a user  https://review.openstack.org/34405705:26
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331405:34
*** GB21 has quit IRC05:36
*** GB21 has joined #openstack-keystone05:37
openstackgerrithenry-nash proposed openstack/keystone-specs: Add rolling upgrade steps to keystone-manage  https://review.openstack.org/33768005:37
openstackgerritMerged openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/34867405:44
openstackgerritTin Lam proposed openstack/keystone: Add schema validation to v2 update tenant  https://review.openstack.org/34873805:45
openstackgerritSwapnil Kulkarni (coolsvap) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843505:49
*** davechen has joined #openstack-keystone05:50
openstackgerritMerged openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/34866105:56
davechenstevemar: enjoy the holidays.05:57
*** davechen has quit IRC06:06
*** david-lyle has joined #openstack-keystone06:07
*** davechen has joined #openstack-keystone06:10
*** code-R has quit IRC06:12
*** code-R has joined #openstack-keystone06:13
openstackgerritMerged openstack/keystone: Document the domain config API as stable  https://review.openstack.org/34856006:23
*** tonytan4ever has quit IRC06:30
*** GB21 has quit IRC06:36
*** tesseract- has joined #openstack-keystone06:37
*** TxGVNN has quit IRC06:40
*** maestropandy has joined #openstack-keystone06:40
*** david-lyle has quit IRC06:45
*** pcaruana has joined #openstack-keystone06:45
*** avvdemarchis has joined #openstack-keystone06:49
*** GB21 has joined #openstack-keystone06:49
openstackgerritKevin Benton proposed openstack/keystone: [DO NOT MERGE]: test for neutron short life tokens  https://review.openstack.org/34875506:50
*** itisha has joined #openstack-keystone06:53
*** roxanaghe has joined #openstack-keystone06:53
*** GB21 has quit IRC06:57
*** roxanaghe has quit IRC06:58
*** GB21 has joined #openstack-keystone07:02
*** GB21 has quit IRC07:07
*** adriant has quit IRC07:09
openstackgerritSwapnil Kulkarni (coolsvap) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843507:12
*** GB21 has joined #openstack-keystone07:18
bretonnotmyname: probably no good endpoints in the catalog07:28
*** tonytan4ever has joined #openstack-keystone07:31
*** sheel has joined #openstack-keystone07:32
*** pnavarro has quit IRC07:32
*** GB21 has quit IRC07:33
*** tonytan4ever has quit IRC07:36
*** code-R has quit IRC07:40
*** code-R has joined #openstack-keystone07:40
*** TxGVNN has joined #openstack-keystone07:41
*** afred312_ has joined #openstack-keystone07:42
*** marekd2 has joined #openstack-keystone07:44
*** afred312 has quit IRC07:45
*** dkehn has quit IRC07:45
*** dkehn_ has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** code-R has quit IRC08:06
*** brancal has joined #openstack-keystone08:06
*** GB21 has joined #openstack-keystone08:34
*** marekd has quit IRC08:39
*** roxanaghe has joined #openstack-keystone08:41
*** daemontool has joined #openstack-keystone08:44
*** roxanaghe has quit IRC08:46
*** pnavarro has joined #openstack-keystone08:51
*** marekd has joined #openstack-keystone08:53
*** ChanServ sets mode: +v marekd08:53
*** marekd has quit IRC08:57
*** marekd has joined #openstack-keystone09:01
*** ChanServ sets mode: +v marekd09:01
*** maestropandy has quit IRC09:25
openstackgerritJinxing Fang proposed openstack/keystone: Remove fatal_deprecations config  https://review.openstack.org/34879909:27
*** permalac has joined #openstack-keystone09:33
*** GB21 has quit IRC09:46
*** tlbr has quit IRC09:52
*** tlbr has joined #openstack-keystone09:53
*** tlbr has quit IRC09:53
*** tlbr has joined #openstack-keystone09:54
*** tlbr has quit IRC09:54
*** tlbr has joined #openstack-keystone09:56
*** tlbr is now known as Guest4546609:56
*** GB21 has joined #openstack-keystone09:58
*** Guest45466 has quit IRC10:00
*** tlbr_ has joined #openstack-keystone10:13
*** sheel has quit IRC10:16
*** tlbr_ has quit IRC10:17
*** maestropandy has joined #openstack-keystone10:18
*** EinstCrazy has quit IRC10:19
*** davechen has left #openstack-keystone10:23
*** sdake has joined #openstack-keystone10:25
*** kswiatek_ has quit IRC10:27
*** roxanaghe has joined #openstack-keystone10:30
*** roxanaghe has quit IRC10:34
*** marekd2 has quit IRC10:56
*** marekd2 has joined #openstack-keystone10:57
*** TxGVNN has quit IRC10:59
*** GB21 has quit IRC11:00
*** marekd2 has quit IRC11:01
*** marekd2 has joined #openstack-keystone11:01
*** andreykurilin has joined #openstack-keystone11:07
andreykurilinhi all!11:08
andreykurilinCan anybody help me? it looks like Rally started fail with latest keystoneauth11:08
andreykurilinmy fault. root cause is not in keystoneauth, it is keystone-api change. https://github.com/openstack/keystone/commit/529ff14940ebd15849e74acab47b29715c1debb611:17
andreykurilincatched exception: http://logs.openstack.org/88/348788/1/check/gate-rally-dsvm-keystone-v2api-rally/992e7ee/rally-plot/results.html.gz#/KeystoneBasic.create_user_set_enabled_and_delete/failures11:18
andreykurilinfailed rally code - https://github.com/openstack/rally/blob/master/rally/plugins/openstack/scenarios/keystone/utils.py#L43-L5011:18
andreykurilinand it looks like everything is ok at rally and keystoneclient sides - https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/users.py#L60-L6211:19
*** rodrigods has quit IRC11:19
*** rodrigods has joined #openstack-keystone11:19
bretonandreykurilin: file a bugreport please11:20
bretonandreykurilin: rally passes `id` in the dict. The new code doesn't want it :)11:21
stevemarbreton: i'm so glad you are here to guard the keystone castle during the EU times :P11:21
bretonoh11:21
bretonandreykurilin: so it's in keystoneclient?11:21
andreykurilin__Yes11:21
bretonoh well.11:21
stevemarwe did just release a new version...11:22
bretonstevemar: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/users.py#L60-L62 -- master ksc sends "id", but https://review.openstack.org/#/c/344057/ forbids it (merged 6 hours ago)11:23
patchbotbreton: patch 344057 - keystone - Add schema for enabling a user (MERGED)11:23
bretoni think we need to revert 34405711:23
andreykurilin+111:23
andreykurilin:)11:23
andreykurilincan propose a change:)11:23
bretonfix the client, release it, re-revert11:24
bretonandreykurilin: file a bugreport please11:24
bretonandreykurilin: will you? If no, i'll do it11:24
andreykurilinbreton: unfortunately, my internet provider has a problem with access to launchpad:( so I have no ability to file a bug :(11:25
bretonandreykurilin: ok, will file it now11:25
andreykurilinthx11:25
*** sdake has quit IRC11:27
*** maestropandy has quit IRC11:27
*** aastha has quit IRC11:29
*** lamt_ has quit IRC11:31
*** tonytan4ever has joined #openstack-keystone11:32
stevemarbreton: maybe fix the client?11:33
stevemarbreton: there's no need to send the id in the payload, it's in the URL path11:33
stevemarsame with "update_password"11:34
bretonstevemar: can we fix and release it quickly enough?11:34
stevemarbreton: i can file for a release, but whats the rush? won't rally code pick it up from master ksc?11:34
bretonthere is no need to send the id, but what if people do it?11:34
bretonandreykurilin: will rally pick the fix up from master keystonclient?11:35
stevemarhmm, we could always change https://review.openstack.org/#/c/344057/4/keystone/identity/schema.py line 74 to True11:35
patchbotstevemar: patch 344057 - keystone - Add schema for enabling a user (MERGED)11:35
*** Guest5363 has joined #openstack-keystone11:36
*** Guest5363 has quit IRC11:36
andreykurilinbreton, stevemar: no. rally will not pick up master ksc. but we can use latest ksc release(without waiting g-r)11:36
andreykurilinor we can turn off failed scenarios. I do not like this idea, but we can temporary do it11:37
stevemarbreton: want to fix the client? i'll file the bug and create a new release11:37
*** tonytan4ever has quit IRC11:37
stevemarhmm.. but older clients will fail now11:38
stevemarbah, damn inconsistent APIs11:38
stevemarbreton: changing the schema to accept additional properties should work11:38
bretonstevemar: lets fix keystone by setting line 74 to True11:38
breton++11:38
stevemarbreton: i'll file the bug and grumble11:39
stevemarbreton: meh, just use existing one ... "Related-Bug: #1603905"11:39
openstackbug 1603905 in OpenStack Identity (keystone) "V2 API: enable a user doesn't work" [Medium,Fix released] https://launchpad.net/bugs/1603905 - Assigned to Dave Chen (wei-d-chen)11:39
stevemarbreton: gonna toss up a fix, i can quickly approve11:39
stevemarbreton: (that was meant to be a question to you)11:40
*** tangchen has quit IRC11:40
*** itisha has quit IRC11:40
bretonstevemar: https://bugs.launchpad.net/keystone/+bug/160775111:40
openstackLaunchpad bug 1607751 in OpenStack Identity (keystone) "Schema for enabling users breaks keystoneclient and other projects" [Undecided,New]11:40
bretonstevemar: will submit to review in a couple of minutes11:41
stevemarbreton: cool11:41
stevemarwe could remove it from the client too. it's not needed there at all11:41
*** tangchen has joined #openstack-keystone11:42
*** maestropandy has joined #openstack-keystone11:43
*** maestropandy has left #openstack-keystone11:43
openstackgerritBoris Bobrov proposed openstack/keystone: Allow attributes other than `enabled` in schema  https://review.openstack.org/34885111:45
dstanekmorning11:46
stevemarbreton: thank you11:46
stevemardstanek: howdy partner11:46
dstanekstevemar: what's up with that xenial job?11:49
bretonwill fix ksc after lunch11:49
stevemardstanek: what about it?11:49
stevemarbreton: thank you sir11:49
stevemardstanek: they're all xenial-y now111:50
*** marekd2 has quit IRC11:50
stevemardstanek: infra is/was moving to xenial for stuff, so it isn't a complete surprise11:50
dstanekstevemar: one of them keeps choking on reviews11:50
stevemaroh?11:50
stevemardstanek: which?11:50
dstanekstevemar: i'll have to look to see if it's the same one each time..11:51
dstanekstevemar: maybe it's just neutron full as i've seen that mail a couple of times. xenial was a red herring11:52
*** tangchen has quit IRC11:58
*** gordc has joined #openstack-keystone12:02
*** marekd2 has joined #openstack-keystone12:03
*** marekd2_ has joined #openstack-keystone12:04
*** marekd2 has quit IRC12:04
*** tlbr_ has joined #openstack-keystone12:05
*** hwcomcn has joined #openstack-keystone12:05
stevemardstanek: possiprobably12:06
*** hwcomcn has quit IRC12:07
*** hwcomcn has joined #openstack-keystone12:07
*** hwcomcn has quit IRC12:09
*** tlbr_ has quit IRC12:09
*** hwcomcn has joined #openstack-keystone12:10
*** hwcomcn has quit IRC12:11
*** hwcomcn has joined #openstack-keystone12:12
*** hwcomcn has quit IRC12:13
*** hwcomcn has joined #openstack-keystone12:14
*** itisha has joined #openstack-keystone12:16
*** pauloewerton has joined #openstack-keystone12:23
*** mhu has quit IRC12:27
*** mhu has joined #openstack-keystone12:34
*** Guest41883 has joined #openstack-keystone12:35
*** Guest41883 has quit IRC12:40
*** tlbr_ has joined #openstack-keystone12:48
*** maestropandy1 has joined #openstack-keystone12:52
*** bill_az has joined #openstack-keystone12:52
*** tlbr_ has quit IRC12:52
*** edmondsw has joined #openstack-keystone12:54
*** maestropandy1 has left #openstack-keystone12:56
*** maestropandy has joined #openstack-keystone13:00
*** tonytan4ever has joined #openstack-keystone13:04
*** maestropandy has left #openstack-keystone13:04
*** links has quit IRC13:07
*** tonytan4ever has quit IRC13:08
*** samueldmq has joined #openstack-keystone13:09
*** ChanServ sets mode: +v samueldmq13:09
*** ianw has quit IRC13:10
*** ianw has joined #openstack-keystone13:10
*** jsavak has joined #openstack-keystone13:14
*** samueldmq has quit IRC13:16
*** nkinder has joined #openstack-keystone13:16
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient: Do not send user ids as payload  https://review.openstack.org/34888113:19
*** tlbr has joined #openstack-keystone13:19
*** tlbr is now known as Guest2865813:20
openstackgerritTin Lam proposed openstack/keystone: Add schema validation to v2 update tenant  https://review.openstack.org/34873813:23
*** Guest28658 has quit IRC13:24
openstackgerritTin Lam proposed openstack/keystone: Add schema validation to v2 update tenant  https://review.openstack.org/34873813:28
*** samueldmq has joined #openstack-keystone13:32
*** ChanServ sets mode: +v samueldmq13:32
lbragstadsamueldmq i created a bug for the revocation caching stuff - https://bugs.launchpad.net/keystone/+bug/160755313:35
openstackLaunchpad bug 1607553 in OpenStack Identity (keystone) "Revocation event caching is broken" [Undecided,New]13:35
*** ddieterly has joined #openstack-keystone13:35
lbragstadsamueldmq I started putting some of my findings in there13:35
samueldmqlbragstad: nice13:35
samueldmqlbragstad: I just saw your comment on https://review.openstack.org/#/c/343875/13:36
patchbotsamueldmq: patch 343875 - keystone - Remove cache from revoke subsystem13:36
lbragstadsamueldmq feel free to do the same if you have things that I've missed13:36
samueldmqlbragstad: does it still apply ? or was it that test you did and it worked later ?13:36
lbragstadI'm not sure - that was a couple days ago13:38
lbragstadbut those were just issues with the unit tests - which seemed strange to me?13:38
*** richm has joined #openstack-keystone13:40
*** catintheroof has quit IRC13:42
*** krypto has joined #openstack-keystone13:47
*** code-R has joined #openstack-keystone13:49
kryptohello all;any idea on this error with LDAP backend :TRACE keystone.common.wsgi BackendError: {'desc': 'Connect error'}13:50
kryptoldap commands are working13:50
kryptoi have tls enabled in keystone.conf13:50
samueldmqlbragstad: yeah, those are strange if they're happening in unittests13:53
dstanekkrypto: ldap commands from the comand line or through keystone?13:54
dstanekkrypto: it looks to me like it can't connect so i would check your connection settings13:55
kryptodstanek ldap commands triedl ldapwhoami and its working13:55
*** code-R_ has joined #openstack-keystone13:55
dstanekkrypto: i would make sure your keystone ldap connection information is correct then. do you have debug logging on?13:56
*** edmondsw has quit IRC13:56
*** lamt_ has joined #openstack-keystone13:57
*** thiagolib has quit IRC13:58
*** code-R has quit IRC13:58
*** code-R has joined #openstack-keystone14:01
kryptodstanek yes debug is on for keystone and ldap but it shows connected to port 389 not sure what i am missing here... can you have a look at the ldap-keystone error log http://paste.ubuntu.com/21403045/14:02
*** nishaYadav has joined #openstack-keystone14:02
* nishaYadav waves hello o/14:03
nishaYadavsamueldmq, morning14:03
*** code-R_ has quit IRC14:04
*** roxanaghe has joined #openstack-keystone14:05
dstanekkrypto: i think that means that it can't connect14:08
*** code-R_ has joined #openstack-keystone14:08
*** roxanaghe has quit IRC14:10
dstanekkrypto: did you restart keystone after you changed your ldap creds?14:10
*** code-R has quit IRC14:11
kryptoyes dstanek14:11
samueldmqnishaYadav: morning14:13
*** nishaYadav has quit IRC14:13
*** hwcomcn has quit IRC14:16
*** nishaYadav has joined #openstack-keystone14:18
*** nishaYadav is now known as Guest7896814:18
*** Guest78968 is now known as nisha_14:20
*** thiagolib has joined #openstack-keystone14:24
*** tlbr_ has joined #openstack-keystone14:33
*** edmondsw has joined #openstack-keystone14:34
*** tlbr_ has quit IRC14:34
*** tonytan4ever has joined #openstack-keystone14:35
*** david-lyle has joined #openstack-keystone14:42
*** david-lyle_ has joined #openstack-keystone14:46
*** david-lyle has quit IRC14:47
*** david-lyle__ has joined #openstack-keystone14:48
*** tlbr_ has joined #openstack-keystone14:50
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 roles  https://review.openstack.org/33454614:50
*** david-lyle_ has quit IRC14:52
*** tlbr_ has quit IRC14:53
bretonwhy can't we validate trust-scoped tokens against the v2.0 API?15:00
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891515:02
bretoni think we can get a token from trust in 2.0, so why can't we validate it againts v2.0 API?15:02
*** jistr is now known as jistr|call15:10
*** aastha has joined #openstack-keystone15:17
*** jistr|call is now known as jistr15:17
*** slberger has joined #openstack-keystone15:19
*** ayoung has joined #openstack-keystone15:22
*** ChanServ sets mode: +v ayoung15:22
*** david-lyle has joined #openstack-keystone15:23
*** code-R_ has quit IRC15:23
*** david-lyle__ has quit IRC15:23
lbragstadnotmorgan ping - do you know how https://github.com/openstack/oslo.cache/blob/8b8a718507b30a4a2fd36e6c14d1071bd6cca878/oslo_cache/core.py#L65 is suppose to work?15:24
lbragstadI have conf.cache.debug_cache_backend = True in my keystone.conf - but I'm not seeing any sort of CACHE values in my logs15:25
bretonit worked for me some time ago15:28
*** Guest79767 has joined #openstack-keystone15:29
lbragstadbreton you didn't do anything fancy to get it to work did you?15:29
lbragstadbreton technically you should just set conf.cache.debug_cache_backend = True in your keystone.conf and you should see the additional logging in your keystone logs, right?15:29
bretonlbragstad: right15:31
lbragstadbreton thanks for the info - i'll drop in the oslo channel and see if they have any advice15:31
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add role functional tests  https://review.openstack.org/33511815:33
*** Guest79767 has quit IRC15:34
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891515:37
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891515:37
*** diazjf has joined #openstack-keystone15:38
bretonlbragstad: as far as i understand something is wrong with actual logging15:39
*** sdake has joined #openstack-keystone15:39
*** tlbr_ has joined #openstack-keystone15:40
*** code-R has joined #openstack-keystone15:44
*** bill_az has quit IRC15:44
*** marekd2_ has quit IRC15:44
*** marekd2 has joined #openstack-keystone15:45
*** tlbr_ has quit IRC15:45
lbragstadbreton really?15:45
lbragstadbreton like, logging in keystone?15:45
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891515:46
*** marekd2 has quit IRC15:46
*** marekd2 has joined #openstack-keystone15:47
bretonlbragstad: i don't know. But get() of the debug proxy gets called, and debug logging is disabled for _LOG at that point for some reason.15:48
bretonbut i see all other debug messages in the log15:48
lbragstadbreton strange15:50
*** roxanaghe has joined #openstack-keystone15:52
*** roxanaghe has quit IRC15:56
*** GB21 has joined #openstack-keystone15:56
bretonlbragstad: i asked someone16:00
bretonlbragstad: logging level of all libraries (including oslo libs) is controlled by parameter default_log_levels16:00
*** pcaruana has quit IRC16:01
bretonlbragstad: default_log_levels=oslo_cache=DEBUG16:01
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891516:02
lbragstadbreton awesome, trying that quick16:02
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891516:04
lbragstadbreton interesting - that worked!16:04
lbragstadthanks!16:04
bretonlbragstad: i have a question for you too16:05
lbragstadbreton go for it16:05
bretonlbragstad: after reading your note on https://review.openstack.org/#/c/345686/4/keystone/tests/unit/test_auth.py i started to figure out why trust-scoped tokens cannot be validated on v2.0.16:05
patchbotbreton: patch 345686 - keystone - Make AuthWithTrust testable against uuid and fernet16:05
bretonlbragstad: Why can we issue a trust-scoped token on v2.0 and cannot validate it?16:05
lbragstadbreton that was the byproduct of a time-crunched refactor I believe16:06
lbragstadbreton at the time - we were trying to consolidate all the fernet token provider stuff into keystone/token/providers/common.py16:06
lbragstadso that uuid and fernet would take more of the same code path when creating and authenticating tokens16:06
lbragstadso - I did two things16:06
lbragstader... I proposed two patches16:06
lbragstadone to get v2.0 trust auth working with fernet and v2.0 and one to migrate fernet validation into keystone/token/providers/common.py as is (without being able to validate trusts on v2.0 because that's how fernet was originally implemented)16:07
lbragstadbreton here is the other patch that I had up https://review.openstack.org/#/c/278693/16:08
patchbotlbragstad: patch 278693 - keystone - Make fernet support trust auth against v2.016:08
lbragstadbut - I haven't had a chance to dust it off and get it rebased16:08
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 credentials  https://review.openstack.org/34850616:09
bretonlbragstad: so uuid stopped supporting v2.0 validation too?16:09
lbragstadbreton I don't think so - I believe uuid tokens  still support trust scoped token validation like they always have16:09
bretonlbragstad: keystone.tests.unit.test_v3_trust.TestTrustOperations.test_validate_trust_scoped_token_against_v2_returns_unauthorized says no16:10
lbragstadbreton ah - you're right16:11
lbragstadi was looking at a separate test that was specific to trust scoped tokens being removed from the token backend when a trust is deleted16:11
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add credential functional tests  https://review.openstack.org/34855716:11
bretoni don't understand why16:12
lbragstadbreton we were probably shooting to keep both providers consistent16:12
*** jed56 has quit IRC16:15
bretoni'll probably bring it up at the meeting16:16
lbragstadbreton sure16:16
lbragstadbreton we can finish up the patch that I have to include trust-scoped token validation on v2.016:17
lbragstadas long as we get consensus16:17
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891516:18
openstackgerritMerged openstack/keystone: Remove the extensions repos  https://review.openstack.org/34852116:19
*** nisha_ has quit IRC16:21
*** jed56 has joined #openstack-keystone16:26
*** Guest30197 has joined #openstack-keystone16:28
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331416:29
*** tesseract- has quit IRC16:30
*** bill_az has joined #openstack-keystone16:30
*** permalac has quit IRC16:31
*** jamielennox|away is now known as jamielennox16:32
*** pnavarro has quit IRC16:32
*** Guest30197 has quit IRC16:33
*** roxanaghe has joined #openstack-keystone16:34
*** tqtran has joined #openstack-keystone16:34
*** samueldmq has quit IRC16:35
*** tqtran_ has joined #openstack-keystone16:35
*** diazjf has quit IRC16:36
*** nishaYadav has joined #openstack-keystone16:38
*** tqtran has quit IRC16:38
*** tlbr_ has joined #openstack-keystone16:40
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891516:41
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891516:42
*** tlbr_ has quit IRC16:44
*** nishaYadav has quit IRC16:45
*** marekd2 has quit IRC16:46
*** tonytan_brb has joined #openstack-keystone16:48
*** tonytan4ever has quit IRC16:51
*** tangchen has joined #openstack-keystone16:56
*** roxanaghe has quit IRC16:58
*** tangchen has quit IRC17:01
*** brancal has quit IRC17:10
*** samueldmq has joined #openstack-keystone17:11
*** ChanServ sets mode: +v samueldmq17:11
*** adrian_otto has joined #openstack-keystone17:19
*** roxanaghe has joined #openstack-keystone17:20
*** tlbr_ has joined #openstack-keystone17:25
*** Gorian_ has joined #openstack-keystone17:28
*** ddieterly is now known as ddieterly[away]17:29
*** tlbr_ has quit IRC17:30
*** TxGVNN has joined #openstack-keystone17:34
*** itlinux has quit IRC17:35
*** jamielennox is now known as jamielennox|away17:35
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Limit password changes per day  https://review.openstack.org/34891517:38
openstackgerritMerged openstack/keystone: Allow attributes other than `enabled` in schema  https://review.openstack.org/34885117:41
*** krypto has quit IRC17:51
*** spzala has joined #openstack-keystone17:52
*** links has joined #openstack-keystone17:54
*** jsavak has quit IRC18:02
*** jsavak has joined #openstack-keystone18:02
*** avvdemarchis has quit IRC18:07
*** slberger1 has joined #openstack-keystone18:09
*** slberger has quit IRC18:09
*** jdennis has quit IRC18:10
openstackgerritColleen Murphy proposed openstack/keystone: Add dummy domain_id column to cached role  https://review.openstack.org/34754318:16
*** TxGVNN has quit IRC18:17
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007418:26
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Identity Provider API to its own file  https://review.openstack.org/34900918:28
samueldmqstevemar: lbragstad: ^18:28
*** GB21 has quit IRC18:32
*** jsavak has quit IRC18:33
*** jsavak has joined #openstack-keystone18:33
samueldmqstevemar: lbragstad: I will do the same for the other TODO notes in the federation docs ... but I want to get some feedback on that first, and I'd like to rename the index.inc to index.rst, but I am unable to make the relative imports (when using .rst)18:35
samueldmq:/18:35
*** dkehn_ has quit IRC18:40
samueldmqI left a comment in the review, .rst expertise is welcome :)18:40
*** samueldmq has quit IRC18:40
*** jed56 has quit IRC18:45
*** sdake has quit IRC18:47
*** diazjf has joined #openstack-keystone18:48
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833918:49
*** ddieterly[away] is now known as ddieterly18:50
*** dkehn_ has joined #openstack-keystone18:52
*** hoonetorg has quit IRC18:56
*** adrian_otto has quit IRC18:59
*** tlbr has joined #openstack-keystone19:00
*** tlbr is now known as Guest8412419:00
*** Guest84124 has quit IRC19:04
*** fifieldt has quit IRC19:07
*** roxanaghe has quit IRC19:10
*** fifieldt has joined #openstack-keystone19:18
*** dkehn_ has quit IRC19:19
*** links has quit IRC19:20
*** raildo has quit IRC19:23
*** dkehn_ has joined #openstack-keystone19:32
*** sdake has joined #openstack-keystone19:35
*** edmondsw has quit IRC19:35
openstackgerritMerged openstack/keystone: Make AuthWithTrust testable against uuid and fernet  https://review.openstack.org/34568619:36
*** diazjf has quit IRC19:37
openstackgerritMerged openstack/keystone: Allow V2TestCase to be tested against fernet and uuid  https://review.openstack.org/34568719:37
*** tlbr has joined #openstack-keystone19:42
*** tlbr is now known as Guest7910019:42
*** diazjf has joined #openstack-keystone19:45
*** brancal has joined #openstack-keystone19:48
*** Guest79100 has quit IRC19:51
*** raildo has joined #openstack-keystone19:52
*** slberger1 has quit IRC19:55
*** gordc has quit IRC19:56
openstackgerritKam Nasim proposed openstack/keystone: Add default project_id to user ref on role grant  https://review.openstack.org/34905919:58
*** sdake has quit IRC19:59
*** ddieterly is now known as ddieterly[away]20:01
*** ddieterly[away] is now known as ddieterly20:01
*** ddieterly is now known as ddieterly[away]20:01
*** ddieterly[away] is now known as ddieterly20:04
*** roxanaghe has joined #openstack-keystone20:05
*** slberger has joined #openstack-keystone20:07
*** adrian_otto has joined #openstack-keystone20:11
*** pnavarro has joined #openstack-keystone20:15
*** tonytan_brb has quit IRC20:31
* lbragstad if anyone is look to double check anything - i'd appreciate another pair of eyes on my approach to debugging this (just to see if it makes sense) https://bugs.launchpad.net/keystone/+bug/160755320:34
openstackLaunchpad bug 1607553 in OpenStack Identity (keystone) "Revocation event caching is broken" [Undecided,New]20:34
*** jsavak has quit IRC21:01
*** raildo has quit IRC21:01
*** jsavak has joined #openstack-keystone21:01
openstackgerritSteve Martinelli proposed openstack/keystone: [api] add blurb about experimental status  https://review.openstack.org/34794721:02
*** ddieterly is now known as ddieterly[away]21:02
*** ddieterly[away] is now known as ddieterly21:03
openstackgerritMerged openstack/keystonemiddleware: Remove oslo-incubator  https://review.openstack.org/33792821:12
*** diazjf has quit IRC21:14
*** slberger has quit IRC21:17
*** brancal has quit IRC21:18
openstackgerritMerged openstack/keystonemiddleware: Fix description of option `cache`  https://review.openstack.org/34723421:19
*** slberger has joined #openstack-keystone21:22
*** spzala has quit IRC21:23
lbragstadnotmorgan how come the hard_invalidated() logic is the same as the soft_invalidated() logic - https://github.com/openstack/keystone/blob/627eeeaef421867bf501f450cd207c3fb94d56ee/keystone/common/cache/core.py#L86-L90?21:28
*** tonytan4ever has joined #openstack-keystone21:31
*** pauloewerton has quit IRC21:32
*** Guest97891 has joined #openstack-keystone21:32
*** ddieterly is now known as ddieterly[away]21:32
*** tonytan4ever has quit IRC21:36
*** pnavarro has quit IRC21:36
*** Guest97891 has quit IRC21:39
*** daemontool has quit IRC21:41
*** dims_ has quit IRC21:44
*** ayoung has quit IRC21:44
*** dims has joined #openstack-keystone21:46
*** tlbr_ has joined #openstack-keystone21:46
*** diazjf has joined #openstack-keystone21:46
*** tlbr_ has quit IRC21:47
*** diazjf has quit IRC21:47
*** jsavak has quit IRC21:50
*** spzala has joined #openstack-keystone21:59
*** tlbr_ has joined #openstack-keystone22:00
bretonlbragstad: that part doesn't work at all22:04
*** tlbr_ has quit IRC22:04
*** spzala has quit IRC22:04
bretonlbragstad: see lines 126 and 127. _hard_invalidates and _soft_invalidated are set to a scalar value, once.22:05
bretonlbragstad: the logic is the same, because the order of assignment inside dogpile.cache matters22:06
*** Guest13477 has joined #openstack-keystone22:14
*** diazjf has joined #openstack-keystone22:17
*** Guest13477 has quit IRC22:19
*** diazjf has quit IRC22:23
*** ddieterly[away] is now known as ddieterly22:23
*** diazjf has joined #openstack-keystone22:24
*** tlbr_ has joined #openstack-keystone22:24
*** diazjf has quit IRC22:26
*** tlbr_ has quit IRC22:29
*** tlbr_ has joined #openstack-keystone22:35
*** dave-mccowan has quit IRC22:38
*** tlbr_ has quit IRC22:40
*** slberger has quit IRC22:53
*** Guest59655 has joined #openstack-keystone22:56
openstackgerritMerged openstack/keystoneauth: Fix arguments to _auth_required()  https://review.openstack.org/34852322:59
*** Guest59655 has quit IRC23:02
*** Gorian_ has quit IRC23:08
harlowjaqq, guys, whats the best little (somewhat up to date) view on keystone architecture, some folks internally wanted to know23:17
harlowjaif there is anything :-P23:17
harlowjai guess http://docs.openstack.org/developer/keystone/architecture.html23:19
*** woodster_ has joined #openstack-keystone23:21
*** pgbridge has quit IRC23:22
*** tlbr_ has joined #openstack-keystone23:22
*** ddieterly has quit IRC23:24
*** tonytan4ever has joined #openstack-keystone23:25
*** tlbr_ has quit IRC23:27
*** tlbr has joined #openstack-keystone23:34
*** tlbr is now known as Guest1620723:34
*** daemontool has joined #openstack-keystone23:34
notmorganlbragstad: uhm looking23:37
notmorganlbragstad: just got home fyi23:37
*** Guest16207 has quit IRC23:38
notmorganlbragstad: becasuse we don't do async refrshes.23:39
notmorganlbragstad: we want things actually invalidated *right now* when we invalidate them23:39
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007423:40
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007423:43
*** roxanaghe has quit IRC23:45
*** tlbr_ has joined #openstack-keystone23:58
« Thursday, 2016-07-28 Index Saturday, 2016-07-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!