Tuesday, 2016-11-08

« Monday, 2016-11-07 Index Wednesday, 2016-11-09 »
*** LiYuenan has joined #openstack-keystone00:03
*** Viswanath has joined #openstack-keystone00:10
*** jamielennox is now known as jamielennox|away00:14
*** Viswanath has quit IRC00:16
*** Marcellin__ has quit IRC00:18
*** jefrite has joined #openstack-keystone00:19
*** _cjones_ has quit IRC00:22
*** _cjones_ has joined #openstack-keystone00:23
*** _cjones_ has quit IRC00:28
*** agrebennikov has quit IRC00:35
*** adrian_otto has joined #openstack-keystone00:36
openstackgerritKevin Benton proposed openstack/oslo.policy: Fix _cycle_check to ignore duplicate references  https://review.openstack.org/39468800:38
openstackgerritKevin Benton proposed openstack/oslo.policy: Fix _cycle_check to ignore duplicate references  https://review.openstack.org/39468800:38
*** adrian_otto has quit IRC00:39
*** markvoelker has quit IRC00:39
*** adrian_otto has joined #openstack-keystone00:41
*** adrian_otto has quit IRC00:42
*** adrian_otto has joined #openstack-keystone00:43
*** adrian_otto has quit IRC00:46
*** adrian_otto has joined #openstack-keystone00:46
*** esp has quit IRC00:52
*** woodster_ has quit IRC00:55
*** hoangcx has joined #openstack-keystone01:12
*** diazjf has joined #openstack-keystone01:13
*** abhishek_k has quit IRC01:13
*** diazjf has quit IRC01:14
*** abhishek_k has joined #openstack-keystone01:15
*** adrian_otto has quit IRC01:16
*** ayoung has joined #openstack-keystone01:20
*** ChanServ sets mode: +v ayoung01:20
*** trananhkma has quit IRC01:22
*** adrian_otto has joined #openstack-keystone01:27
*** oomichi has quit IRC01:28
*** oomichi has joined #openstack-keystone01:29
*** adrian_otto has quit IRC01:33
*** trananhkma has joined #openstack-keystone01:39
*** markvoelker has joined #openstack-keystone01:40
morgan_mordred: just saw the email re more languages (and your notes on keystoneauth). I wonder how to handle the cross-language support. I am worried that <new language> will lag because of a lack of interest in maintaining it. I don't know if there is a good x-lang thing we can use (like protobuf can compile to many languages) for something that has as much logic01:40
morgan_as keystoneauth does01:40
morgan_I shall respond to that email as well01:41
*** markvoelker has quit IRC01:45
morgan_mordred: email sent01:49
*** oomichi has quit IRC01:54
*** oomichi has joined #openstack-keystone01:55
*** ayoung has quit IRC02:02
openstackgerritXu Ao proposed openstack/oslo.policy: Fix a code logic while doing cyclical reference check to the policy  https://review.openstack.org/39137002:05
*** jascott1 has joined #openstack-keystone02:07
openstackgerritXu Ao proposed openstack/oslo.policy: Fix a code logic while doing cyclical reference check to the policy  https://review.openstack.org/39137002:20
*** ravelar has quit IRC02:34
*** esp has joined #openstack-keystone02:38
stevemarmorgan_: email eh02:43
morgan_stevemar: yesh02:43
stevemarmorgan_: intriguing02:44
stevemarmorgan_: can you punt https://review.openstack.org/#/c/392167/ through the uprights?03:01
morgan_done]03:01
*** esp has left #openstack-keystone03:01
*** adrian_otto has joined #openstack-keystone03:07
stevemar\o/03:19
*** adrian_otto has quit IRC03:26
*** ayoung has joined #openstack-keystone03:37
*** ChanServ sets mode: +v ayoung03:37
*** markvoelker has joined #openstack-keystone03:41
openstackgerritMerged openstack/keystonemiddleware: Mock log only after app creation  https://review.openstack.org/39216703:45
*** markvoelker has quit IRC03:46
*** ayoung has quit IRC03:54
*** ayoung has joined #openstack-keystone03:56
*** ChanServ sets mode: +v ayoung03:56
*** links has joined #openstack-keystone04:00
*** dikonoor has joined #openstack-keystone04:01
*** dave-mccowan has quit IRC04:01
*** spzala has quit IRC04:05
*** ayoung has quit IRC04:06
*** nicolasbock has quit IRC04:22
*** ravelar has joined #openstack-keystone05:00
*** ravelar has quit IRC05:05
*** odyssey4me has quit IRC05:17
*** odyssey4me has joined #openstack-keystone05:18
*** sc68cal has quit IRC05:19
*** sc68cal has joined #openstack-keystone05:19
*** jperry has joined #openstack-keystone05:42
*** rcernin has joined #openstack-keystone05:54
*** zhangjl has joined #openstack-keystone05:56
*** GB21 has joined #openstack-keystone06:01
*** spzala has joined #openstack-keystone06:06
*** spzala has quit IRC06:10
*** jaosorior has joined #openstack-keystone06:20
openstackgerritzhangyanxian proposed openstack/python-keystoneclient: Fix typo in httpclient.py  https://review.openstack.org/39477806:23
openstackgerritzhangyanxian proposed openstack/python-keystoneclient: Fix typo in httpclient.py  https://review.openstack.org/39477806:25
*** jaosorior has quit IRC06:32
*** jaosorior has joined #openstack-keystone06:33
*** hoangcx has quit IRC06:39
*** richm has quit IRC06:41
*** markvoelker has joined #openstack-keystone06:43
*** markvoelker has quit IRC06:47
*** hoangcx has joined #openstack-keystone06:48
*** belmoreira has joined #openstack-keystone06:50
*** pcaruana has joined #openstack-keystone06:53
*** namnh has joined #openstack-keystone07:00
*** tesseract has joined #openstack-keystone07:03
*** tesseract is now known as Guest657007:03
*** david-lyle has quit IRC07:03
*** dikonoor has quit IRC07:11
*** adriant has quit IRC07:21
*** tobberydberg has joined #openstack-keystone07:35
*** aloga_ has joined #openstack-keystone07:37
*** tobbery__ has joined #openstack-keystone07:55
*** tobberydberg has quit IRC07:59
*** jperry has quit IRC08:21
*** links has quit IRC08:29
*** jpich has joined #openstack-keystone08:34
*** amoralej|off is now known as amoralej08:39
*** markvoelker has joined #openstack-keystone08:43
*** links has joined #openstack-keystone08:44
*** tobbery__ has quit IRC08:47
*** markvoelker has quit IRC08:48
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** spzala has joined #openstack-keystone09:06
*** khamtamtun has joined #openstack-keystone09:07
*** dikonoor has joined #openstack-keystone09:08
*** khamtamtun has quit IRC09:10
*** links has quit IRC09:10
*** spzala has quit IRC09:11
*** mvk has quit IRC09:20
*** links has joined #openstack-keystone09:24
*** asettle has joined #openstack-keystone09:40
*** aloga_ has quit IRC09:41
*** dikonoor has quit IRC09:47
*** mvk has joined #openstack-keystone09:49
*** pcaruana has quit IRC09:51
*** aloga_ has joined #openstack-keystone09:58
*** namnh has quit IRC10:02
*** hoangcx has quit IRC10:10
*** david_cu has quit IRC10:20
*** wasmum has quit IRC10:21
*** wasmum has joined #openstack-keystone10:24
*** jperry has joined #openstack-keystone10:32
*** maestropandy has joined #openstack-keystone10:38
*** maestropandy has left #openstack-keystone10:41
*** zhangjl has quit IRC10:58
*** richm has joined #openstack-keystone11:10
*** tobberydberg has joined #openstack-keystone11:17
*** aloga_ has quit IRC11:17
*** mvk has quit IRC11:33
*** nicolasbock has joined #openstack-keystone11:35
*** dikonoor has joined #openstack-keystone11:44
*** mvk has joined #openstack-keystone11:45
*** LiYuenan1 has joined #openstack-keystone11:53
*** LiYuenan has quit IRC11:56
*** LiYuenan1 is now known as LiYuenan11:56
*** khamtamtun has joined #openstack-keystone12:00
*** amoralej is now known as amoralej|lunch12:00
*** khamtamtun has quit IRC12:05
*** khamtamtun has joined #openstack-keystone12:05
*** khamtamtun has quit IRC12:07
*** khamtamtun has joined #openstack-keystone12:17
*** aloga_ has joined #openstack-keystone12:21
*** aloga_ has quit IRC12:21
*** aloga_ has joined #openstack-keystone12:21
*** aloga_ has quit IRC12:23
*** aloga_ has joined #openstack-keystone12:23
*** rodrigods has quit IRC12:25
*** rodrigods has joined #openstack-keystone12:25
*** LiYuenan has quit IRC12:34
*** david-lyle has joined #openstack-keystone12:37
*** GB21 has quit IRC12:38
dstanekgood morning keystone12:41
*** markvoelker has joined #openstack-keystone12:45
*** tobberydberg has quit IRC12:47
*** Kimmo__ has quit IRC12:48
*** markvoelker has quit IRC12:50
*** aloga_ has quit IRC12:58
*** trananhkma has quit IRC13:02
*** khamtamtun has quit IRC13:02
raildodstanek, morning :)13:05
*** spzala has joined #openstack-keystone13:06
*** jperry has quit IRC13:09
*** spzala has quit IRC13:11
*** markvoelker has joined #openstack-keystone13:14
*** lamt has joined #openstack-keystone13:21
openstackgerritMerged openstack/python-keystoneclient: Fix typo in httpclient.py  https://review.openstack.org/39477813:22
*** aloga_ has joined #openstack-keystone13:27
*** david-lyle has quit IRC13:29
*** links has quit IRC13:33
*** amoralej|lunch is now known as amoralej13:34
*** khamtamtun has joined #openstack-keystone13:42
*** khamtamtun has quit IRC13:43
*** edmondsw has joined #openstack-keystone13:47
*** openstackgerrit has quit IRC13:48
*** openstackgerrit has joined #openstack-keystone13:48
*** spzala has joined #openstack-keystone13:51
bknudsonstevemar: thanks for removing keystone from https://bugs.launchpad.net/neutron/+bug/108224813:51
openstackLaunchpad bug 1082248 in tacker "Use uuidutils instead of uuid.uuid4()" [Undecided,In progress] - Assigned to bailin.zhang (bailin-zhang)13:51
stevemarbknudson: yeah, that wasn't gonna happen13:52
*** aloga_ has quit IRC14:05
*** dave-mccowan has joined #openstack-keystone14:14
*** Marcellin__ has joined #openstack-keystone14:16
*** tobberydberg has joined #openstack-keystone14:18
*** agrebennikov has joined #openstack-keystone14:22
*** tobberydberg has quit IRC14:23
*** ravelar has joined #openstack-keystone14:23
*** jperry has joined #openstack-keystone14:23
*** jaosorior has quit IRC14:27
*** dikonoor has quit IRC14:38
*** agrebennikov has quit IRC14:46
*** Kimmo__ has joined #openstack-keystone14:46
*** catintheroof has joined #openstack-keystone14:57
knikollao/14:58
rodrigodshey knikolla15:00
rodrigodswhat do you think about writing a spec detailing the steps to be taken for the devstack plugins + tests?15:00
*** adrian_otto has joined #openstack-keystone15:01
*** adrian_otto has quit IRC15:01
rodrigodsstevemar, ^15:01
knikollarodrigods: was going to do that today :)15:01
rodrigodsknikolla, awesome :)15:01
*** adrian_otto has joined #openstack-keystone15:01
stevemari thought we already had one?15:02
knikollarodrigods: also, do you mind giving the devstack plugin a spin? it needs a few minor tweaks to completely work, but you're more experienced on setting up federation so i'd appreciate the help.15:03
rodrigodsstevemar, to detail the steps taken... like: first introduce a plugin that talks with testshib.org, then .... and so on15:04
openstackgerritColleen Murphy proposed openstack/ldappool: Expose SERVER_DOWN if connection fails  https://review.openstack.org/39501315:04
rodrigodsknikolla, sure15:04
rodrigodsknikolla, the testshib one?15:04
*** edtubill has joined #openstack-keystone15:04
knikollarodrigods: yes.15:05
knikollarodrigods: save for updating the shibollet2.xml to have the host_ip, and uploading the metadata to testshib, i'm unsure on what's missing to get it to work.15:06
knikollarodrigods: i go to v3/os-federation/identity_providers/testshib/protocol/mapped/auth and i get redirected to testshib, but when testshib sends me back i get a 40415:07
knikollashibboleth*15:07
*** tobberyd_ has joined #openstack-keystone15:11
rodrigodsknikolla, hmm what is the address it is sending you back?15:11
knikollathe same v3/os-federation/identity_providers/testshib/protocol/mapped/auth15:12
openstackgerritRichard Avelar proposed openstack/keystone: Validate consumer_id exists directly  https://review.openstack.org/38884215:12
knikolla(uppercase where needed, i was lazy when writing the message)15:12
knikollaprotocols*15:12
*** tobberyd_ has quit IRC15:15
*** agrebennikov has joined #openstack-keystone15:15
rodrigodsknikolla, hmm is the keystone port on the URL?15:18
*** david-lyle has joined #openstack-keystone15:29
*** jaugustine has joined #openstack-keystone15:32
*** adrian_otto has quit IRC15:32
*** david-lyle has quit IRC15:34
openstackgerritayoung proposed openstack/keystone: Support AD Nested groups  https://review.openstack.org/38931615:40
*** phalmos has joined #openstack-keystone15:41
*** chris_hultin|AWA is now known as chris_hultin15:43
*** phalmos_ has joined #openstack-keystone15:44
*** chris_hultin is now known as chris_hultin|AWA15:44
*** phalmos has quit IRC15:46
*** chris_hultin|AWA is now known as chris_hultin15:46
*** adrian_otto has joined #openstack-keystone15:46
*** adrian_otto has quit IRC15:47
*** ayoung has joined #openstack-keystone15:52
*** ChanServ sets mode: +v ayoung15:52
*** adrian_otto has joined #openstack-keystone15:57
*** belmoreira has quit IRC15:58
*** Guest6570 has quit IRC16:01
*** diazjf has joined #openstack-keystone16:05
*** henrynash has left #openstack-keystone16:05
*** henrynash_ has joined #openstack-keystone16:06
*** ChanServ sets mode: +v henrynash_16:06
*** henrynash_ has quit IRC16:06
*** rcernin has quit IRC16:20
*** edtubill has quit IRC16:21
*** edtubill has joined #openstack-keystone16:28
openstackgerritRichard Avelar proposed openstack/keystone: Doc warning for keystone db migration  https://review.openstack.org/39460316:35
*** iurygregory has left #openstack-keystone16:35
*** iurygregory has joined #openstack-keystone16:35
openstackgerritBoris Bobrov proposed openstack/keystone-specs: [wip] Quota limits  https://review.openstack.org/36376516:48
*** ravelar has quit IRC16:52
*** rcernin has joined #openstack-keystone16:55
*** _cjones_ has joined #openstack-keystone16:58
*** jaugustine has quit IRC17:01
*** mvk has quit IRC17:07
stevemarjust a heads up for folks in regions that observe day light savings, the keystone meeting will be in 50 minutes17:09
lbragstadstevemar ++ it gets me everytime17:09
stevemarajayaa, amakarov, ayoung, breton, browne, crinkle, claudiub, davechen, david8hu, dolphm, dstanek, edmondsw, gagehugo, gyee, henrynash, hogepodge, htruta, jamielennox, jaugustine, jgrassler, joesavak, jorge_munoz, knikolla, lbragstad, MaxPC, morgan, nishaYadav, nkinder, notmorgan, raildo, ravelar, rodrigods, rderose, roxanaghe, samleon, samueldmq, shaleh, stevemar, tsymanczyk, topol, vivekd, wanghong, xek, StefanPae17:09
stevemartowJisc  ^ heads up the keystone meeting is in 50 minutes this week if you do daylight savings17:09
gagehugooh17:10
gagehugoyeah that is right17:10
samueldmqstevemar: I thought the call was about it happening right now :)17:10
gagehugo:( 12 PM meeting17:10
lbragstadgagehugo yup - lunch meetings until spring17:11
knikollastevemar: there goes my lunch :P17:11
stevemarknikolla: yep, same17:11
stevemarknikolla: i gotta scarf down some food now17:12
ayoungDaylight savings time!17:14
*** ravelar has joined #openstack-keystone17:18
raildoo/17:22
*** rcernin has quit IRC17:29
*** edtubill has quit IRC17:30
*** jamielennox|away is now known as jamielennox17:30
*** edtubill has joined #openstack-keystone17:31
*** Zer0Byte__ has joined #openstack-keystone17:33
*** jpich has quit IRC17:34
stevemarayoung: more like ruiner of children sleep schedule time17:34
*** jamielennox is now known as jamielennox|away17:39
*** ravelar has quit IRC17:44
*** david-lyle has joined #openstack-keystone17:46
openstackgerritEric Brown proposed openstack/keystonemiddleware: Deprecate PKI token format options  https://review.openstack.org/39140517:46
knikollasubway almost charged me 14000$ for a sandwich o.O17:46
openstackgerritEric Brown proposed openstack/keystonemiddleware: Deprecate PKI token format options  https://review.openstack.org/39140517:47
lbragstadknikolla those sandwiches aren't nearly that good17:48
lbragstadSubway - $14,000 footlongs, everyday!17:49
knikollalbragstad: it wasn't even a footlong one!17:49
lbragstadknikolla ouch17:49
*** diazjf has quit IRC17:52
lbragstadnevermind - figured it out17:53
*** nk2527 has joined #openstack-keystone17:56
stevemarmeeting time! ajayaa, amakarov, ayoung, breton, browne, crinkle, claudiub, davechen, david8hu, dolphm, dstanek, edmondsw, gagehugo, gyee, henrynash, hogepodge, htruta, jamielennox, jaugustine, jgrassler, joesavak, jorge_munoz, knikolla, lbragstad, MaxPC, morgan, nishaYadav, nkinder, notmorgan, raildo, ravelar, rodrigods, rderose, roxanaghe, samleon, samueldmq, shaleh, stevemar, tsymanczyk, topol, vivekd, wanghong,17:58
stevemarxek, StefanPaetowJisc17:58
*** mvk has joined #openstack-keystone17:59
*** spilla has joined #openstack-keystone17:59
raildohere we go again \o/17:59
*** browne has joined #openstack-keystone17:59
*** henrynash has joined #openstack-keystone18:00
*** ChanServ sets mode: +v henrynash18:00
*** henrynash has left #openstack-keystone18:00
*** henrynash_ has joined #openstack-keystone18:00
*** ChanServ sets mode: +v henrynash_18:00
*** jperry has quit IRC18:00
*** asettle has quit IRC18:06
*** jperry has joined #openstack-keystone18:10
*** ravelar has joined #openstack-keystone18:14
*** adrian_otto has quit IRC18:15
openstackgerritMerged openstack/keystone-specs: Add reason to notifications for PCI-DSS events  https://review.openstack.org/38130218:25
*** ravelar has quit IRC18:36
openstackgerritMerged openstack/keystone-specs: PCI-DSS Expired Password Users  https://review.openstack.org/38383218:37
*** agrebennikov has quit IRC18:44
*** david-lyle_ has joined #openstack-keystone18:47
*** david-lyle_ has quit IRC18:53
openstackgerritMatt Fischer proposed openstack/keystone: cache_on_issue default to true  https://review.openstack.org/38333318:55
*** jaugustine has joined #openstack-keystone18:57
lbragstadare the properties in the user case things we should make official to the project?19:00
dstanekstevemar: in your mind what is the usecase? a formal api for extras?19:00
ayoungdstanek, care to add a -2 to mine to reinforce the statement?19:00
dstanekayoung: i haven't yet because you are did that, but i can19:01
stevemarayoung: i have 100,000 projects, how in the word do i list the 500 i have deemed are "development"19:02
stevemardstanek: ^19:02
ayoungstevemar, deemed develpoment by whom?19:02
dstanekstevemar: who controls the tag that says it's in development?19:02
stevemarayoung: my cloud admin19:02
ayoungstevemar, then the cloud admin organizes they way she wants them19:02
dstanekextras can be change by non-cloud admins19:02
gagehugodstanek, something we want to move from19:03
ayoungwhat does that mean that they are "development"?19:03
ayoungdo they get billed differently?19:03
ayoungdifferent QoS?19:03
ayoungnot allowed to connect to the live network?19:03
stevemarsure, any one of those are a good reason19:03
dstanekgagehugo: that's my point. this isn't an api for extras19:03
dstanekit's different and more complex19:03
ayoungstevemar, none of those are Keystone concerns19:03
edtubillstevemar: when is the horizon/keystone meeting again? Is it happening today?19:04
*** adrian_otto has joined #openstack-keystone19:04
stevemarbut they are keystone resources19:04
lbragstadedtubill https://review.openstack.org/#/c/395106/19:04
robcresswelledtubill: In an hour19:04
gagehugodstanek: its not, it's a way to move away from extras for projects19:04
stevemaredtubill: today it's in 1 hour i believe, the rest of the weeks it'll be now19:04
*** asettle has joined #openstack-keystone19:04
lbragstadstevemar what channel?19:04
gagehugobecause throwing stuff in extras sucks19:04
stevemarlbragstad: #openstack-meeting-cp19:04
lbragstadrobcresswell edtubill stevemar i proposed the meeting to take place in #openstack-meeting-cp19:04
lbragstadok19:04
stevemarlbragstad: thats fine19:04
lbragstadi proposed the time to be right after the keystone meeting19:05
dstanekgagehugo: exactly. i said "this isn't an api for extras"19:05
edtubillstevemar: oh okay so it's different for just today thx19:05
robcresswellWhy is it an hour later today? Just curious19:05
stevemaredtubill: yeah19:05
ayounggagehugo, then throw things in the right database for the problem you are going to solve.  Project ID should be a field on those databases19:05
stevemarrobcresswell: cause we dont want future meetings to conflict with the tc meeting19:05
bretonayoung: you are suggesting to implement logic that is expected from openstack outside of openstack19:05
dstaneklbragstad: is it now?19:05
lbragstadrobcresswell edtubill stevemar the 1 hour difference is my fault... i can switch the official time if needed19:05
ayoungbuilding a generic schema into Keystone for Billing, or VM policy belong in those projects19:06
ayoungbreton, last I checked those were projects within OpenStack19:06
ayoungPolicy is congress, Billing is cloud Kitty19:06
stevemarlbragstad: no, david-lyle brought up a good point, let's keep it for now, and see if r1chardj0n3s can still make it if we bump it by an hour19:06
lbragstadstevemar so keep it at 1900 in #openstack-meeting-cp?19:06
robcresswellstevemar: Right, I meant why was this one specifically later, since it collides. But I guess it was just a collision that nobody noticed at the time19:06
stevemarayoung: https://www.openstack.org/software/project-navigator/19:07
stevemarayoung: congress 1%19:07
stevemarcloudkitty...19:07
lbragstadrobcresswell edtubill stevemar dstanek 2000 and 1900 UTC are both open times in #openstack-meeting-cp according the irc-meeting repository tests19:07
bretonayoung: this is a feature that deployers want out of the box. They don't want to code storing things in swift or anywhere else19:07
stevemaroperators everywhere: we want this19:08
ayoungbreton, they want magic.  THere is no magic19:08
stevemarayoung: no you're wrong19:08
stevemarthats how they see it19:08
ayoungstevemar, frequently, but not about this19:08
stevemarayoung: i mean that's what you are telling our operators19:08
bretoni don't know any person in mirantis who worked with cloudkitty or congress19:08
stevemarthey are telling you exactly what they want19:08
stevemarand you are insisting they are wrong19:09
ayoungstevemar, say we have tags.  1:  who gets to define what the standard tags are and 2: who gets to add a tag to a projects19:09
ayoungcuz 1 is going to cause Havoc19:09
stevemarcloud admin and project owner19:09
dstanekstevemar: they want a generic way to add arbitrary data to resources?19:09
ayoungstevemar, so wrong on 219:09
stevemarlet people change their policy19:09
ayoungproject owner cannot say "ah, I am going to say my project is in the low-billing category"19:09
ayoungan admin manages inside their project19:09
stevemardstanek: yes, read http://lists.openstack.org/pipermail/openstack-dev/2016-November/106839.html19:09
robcresswelllbragstad: Yes, but the TC meeting is Tuesday at 2000. So we dont want to collide, regardless of the actual meeting room availability :)19:10
*** ravelar has joined #openstack-keystone19:10
lbragstadrobcresswell oh - right... good point19:10
bretondstanek: not arbitrary. (string)key: (string)value. No one is going to put json or stuff like that.19:10
stevemari'll say this as simply as i can. every operator wants this, and we as a team are telling them they are wrong. it's so ass backwards i can't believe i have to explain this19:11
*** agrebennikov has joined #openstack-keystone19:11
lbragstadrobcresswell makse sense.. i'll keep it at 1900 in #openstack-meeting-cp19:11
dstanekayoung: exactly. there would have to be a defined schema. these keys (billing_code, etc) are editable by cloud admin, these keys (something,whatever,etc) are for the domain admin, yet others for project owner19:11
stevemari'm done, see people in an hour19:11
*** amoralej is now known as amoralej|off19:11
dstanekstevemar: i think we need to really think about what that spec means19:11
bretoni want this because i had to review implementration it downstream. In our case properties were editable the same way project's description is editable.19:13
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Optional MFA via password + TOTP auth plugin  https://review.openstack.org/34511319:13
dstaneki'm not saying a flat out no, but that spec is definitely lacking19:13
gagehugodstanek: please comment on it19:14
dstanekgagehugo: i did a few times. how do you address my questions above? has that been thought about?19:15
*** ayoung has quit IRC19:16
dstanekbreton: not having a list of keys in advance is arbitrary...i'm not talking about the specific values19:16
*** ayoung has joined #openstack-keystone19:17
*** ChanServ sets mode: +v ayoung19:17
gagehugodstanek: do you mean a defined schema for keys?19:19
openstackgerritMerged openstack/keystone-specs: Optional MFA via password + TOTP auth plugin  https://review.openstack.org/34511319:19
dstanekgagehugo: yes19:19
bretondstanek: what's the problem with having lowercase alphabetic arbitrary keys?19:20
gagehugodstanek: we would be ok with something like having a list of keys in the config so that other systems cant just dump arbitrary data into properties19:20
gagehugosetting up a schema for keys that way19:20
bretonconfig would work too19:21
dstanekif we are saying that only a cloud admin can edit keys and you can never delegate down then probably nothing is wrong19:22
gagehugofor us, if we just limited it to cloud admin defining keys, then that is fine for us19:24
dstanekgagehugo: but what about the rest of the openstack uses?19:25
gagehugodstanek: that is a good question19:25
gagehugowhich probably warrents more discussion19:25
dstanekgagehugo: right. that's why i keep raising the issues19:25
*** diazjf has joined #openstack-keystone19:26
*** ravelar has quit IRC19:26
gagehugobut I would think that people using extras would most likely prefer properties with defined keys than to keep using extras19:26
dstanekgagehugo: so let's take both of the usecases tagging environment type and billing code, but instead of environment we'll use application19:27
dstanekfor example, lots of organizations manage their apache servers with one group and their switches/routers/whatever with another19:27
dstanekso in that case you'd want the cloud admin to be able to tag billing code and domain admin to be able to tag the application type19:28
dstanekas a cloud admin i centainy don't want to be involved as you organize your enterprise applications19:28
gagehugoyeah19:30
*** diazjf has quit IRC19:30
gagehugoI would say a project admin should be able to change their own project, but not allow them to define their own keys without going through the cloud admin19:34
gagehugowe do not want cloud admins to have to be involved with organizing everything, yes19:34
gagehugobut cloud admins should be the ones defining the keys, but downstream admins should be able to change the values of their respective projects19:35
*** diazjf has joined #openstack-keystone19:40
gagehugos/downstream/project19:41
dstanekso you've added complexity that isn't currently reflected in the spec.19:44
dstanekthat's my point about this needing more thought. maybe we just want to say there are 4 keys and only cloud admins can change them and be done with it.19:45
*** david-lyle has quit IRC19:45
ayounggagehugo, ok...I think I have a path forward19:47
ayoungdstanek, you too, for the properties thing19:47
*** diazjf has quit IRC19:47
ayoungthe issue I have is that the inclusion of  a tag or value for a project should be a decision outside the project19:48
ayoungquota falls into this category as well, but we'll table that for now19:48
*** bjolo has quit IRC19:48
ayoungso, say there are certain "development" projects that gets some special treatment in some other service19:49
ayoung"development" should be a project-group inside Keystone, and then projects get added to that group19:49
ayoungfrom a management and control standpoint, these tags are resources that are owned and managed separately from the projects19:50
ayoungif they are "meta" on a project  then they are "above" the project19:50
dstanekayoung: groups is an interesting concept because it solves the permission issues19:50
ayoungSo...just for grins, lets start with that concept, and see where it leads us19:50
lamtcan a project belong to multiple groups?19:51
ayoungfirst of all, there is HMT19:51
ayounglamt, yes19:51
ayoungmany to many19:51
lamtah, okay19:51
ayoungone prj-grp has man prj and one prj is in amny prj-grps19:51
ayoungI'm going to abbbrevite project-group to PG for now19:52
ayoungand if we start talking about user groups, those are UGs19:52
ayoungso, lets say we add the PG concept19:52
ayoungwe need a rule for HMT19:52
ayoungif I add a parent to agroup, do I automatically add all the children?19:52
ayoungif we say "maybe yes, maybe no" we have a complex mechanism on our hands19:53
ayoungcomparable to inherited-roles19:53
ayoungsuspect the right answer there is "always yes"19:53
ayoungnow, here is where things get funky19:54
ayounghow do we do permissions on PGs?19:54
ayoungdo we treat them as projects, are they resources owned by projects, or are they resources owned by domains?19:55
ayoungI'm tempted to say "resources owned by domains" much like projects themselves are19:55
knikollawould a user be able to have a role on a pg?19:55
ayoungknikolla, they would have to19:55
ayoungwhich leads to the weird sentance:19:56
ayounga Project group is a project.19:56
gagehugohmm19:56
ayoungcall them tags or any other name, the logic is the same19:56
knikollanp=p19:56
knikollanp = p19:56
*** ravelar has joined #openstack-keystone19:57
ayoungNot quite that bad19:57
gagehugopg = p19:57
ayoungpg = XXX?19:57
*** jamielennox|away is now known as jamielennox19:57
*** iurygregory has quit IRC19:58
dstanekI'm lost noe19:58
dstaneknow19:58
jamielennoxstevemar, ayoung: i was expecting to be able to make this horizon meeting, but i'm not19:58
jamielennoxr1chardj0n3s: ^19:58
jamielennoxi'll read the logs later, but lte me know of anything specific i need to do19:58
*** raildo has quit IRC19:58
r1chardj0n3shi19:58
ayoungdstanek, I'll take it back up again after the H-K meeting19:59
dstanekk19:59
gagehugook19:59
ayoungwhere are we meeting?19:59
stevemarjamielennox: thanks for the heads up19:59
stevemarin #openstack-meeting-cp19:59
*** raildo has joined #openstack-keystone20:05
*** jamielennox is now known as jamielennox|away20:09
openstackgerritMerged openstack/keystone: Doc warning for keystone db migration  https://review.openstack.org/39460320:16
*** iurygregory has joined #openstack-keystone20:22
*** raildo has quit IRC20:24
*** Zer0Byte__ has quit IRC20:28
*** Zer0Byte__ has joined #openstack-keystone20:29
*** jaugustine has quit IRC20:29
*** jaugustine has joined #openstack-keystone20:32
*** jaugustine has quit IRC20:33
*** ravelar has quit IRC20:34
*** tobberyd_ has joined #openstack-keystone20:35
*** diazjf has joined #openstack-keystone20:38
*** iurygregory has quit IRC20:41
*** ayoung has quit IRC20:44
*** Zer0Byte__ has quit IRC20:47
*** adriant has joined #openstack-keystone20:52
*** Zer0Byte__ has joined #openstack-keystone20:54
*** rcernin has joined #openstack-keystone20:58
*** browne has quit IRC20:59
lbragstadstevemar can i get your +1 on https://review.openstack.org/#/c/395106/ ?20:59
lbragstadI'll go to -infra and see if I can get it merged20:59
*** browne has joined #openstack-keystone21:02
*** agrebennikov has quit IRC21:03
lbragstadttx tonyb o/ We have a meeting we'd like to propose to the irc-meetings repository for collaboration between horizon and keystone. The ptls have agreed to the proposed time and place. Curious if either of you would be interested in reviewing when you have time. https://review.openstack.org/#/c/395106/21:06
lbragstadugh - wrong channel... sorry21:06
*** rarora has joined #openstack-keystone21:11
*** diazjf has quit IRC21:13
crinklestevemar: morgan_ want to look at https://review.openstack.org/#/c/395013/ for me? you guys are the only cores on it21:14
crinklei'm not entirely sure if it's backwards compatible or if it matters21:14
*** Guest24494 is now known as melwitt21:18
*** mfisch has quit IRC21:21
*** mfisch has joined #openstack-keystone21:21
*** mfisch has quit IRC21:21
*** mfisch has joined #openstack-keystone21:21
*** diazjf has joined #openstack-keystone21:25
*** asettle has quit IRC21:25
adriantstevemar: thanks for the MFA spec merge :)21:35
kevinbentonhi, can i get some oslo.policy eyes on this patch: https://review.openstack.org/#/c/391370/21:52
kevinbentonthe bad cyclic reference warnings are filling up the neutron logs21:52
*** agrebennikov has joined #openstack-keystone21:53
*** spilla has quit IRC21:54
stevemarkevinbenton: it's on my queue21:55
stevemaradriant: np!21:55
mfischstevemar: docs question for you21:56
mfischwhy are none of the compliance options listed in the "new options" section?21:56
mfischhttp://docs.openstack.org/newton/config-reference/identity.html21:56
adriantstevemar: now to get people reviewing and testing our the patch ;)21:56
stevemarmfisch: cause we don't control that content :(21:56
mfischits not in the release notes either really21:57
adriants/our/out/21:57
mfischso this isnt built by some tooling?21:57
kevinbentonstevemar: thanks21:57
mfischhttp://docs.openstack.org/newton/config-reference/tables/conf-changes/keystone.html21:57
stevemarmfisch: i imagine it might be, lets go to #openstack-doc and find out?21:57
mfischyes please21:57
*** chris_hultin is now known as chris_hultin|AWA22:08
stevemarmfisch: i'm worried about https://review.openstack.org/#/c/383333/722:08
mfischthe CI fail?22:09
stevemarmfisch: yah22:10
stevemarmfisch: looks like we got an answer in doc22:10
mfischnot a good answer22:11
mfischas for CI I will look22:11
mfischI figured Adam put a hex on me though22:12
*** edtubill has quit IRC22:14
mfischstevemar: is this setting tested default enabled in the gate in any way?22:17
stevemarmfisch: doubtful22:18
*** tobberyd_ has quit IRC22:22
*** catintheroof has quit IRC22:22
*** catintheroof has joined #openstack-keystone22:22
openstackgerritSteve Martinelli proposed openstack/keystone: Support nested groups in Active Directory  https://review.openstack.org/38931622:24
*** adrian_otto has quit IRC22:24
morgan_crinkle: does that still need eyes? I am at an airport and can grab a laptop if so.22:25
*** david-lyle has joined #openstack-keystone22:26
*** catintheroof has quit IRC22:27
mfischstevemar: I had it enabled when I tested my upgrade22:28
mfischstevemar: that might be a real bug though from looking at it22:28
mfischthe initial cached token missing something?22:29
*** adrian_otto has joined #openstack-keystone22:30
crinklemorgan_: it's not urgent but i wanted to put it on your radar since i don't think a lot of people are watching that repo22:31
morgan_okie22:31
morgan_yeah not a lot of people track that one.22:32
stevemarcrinkle: which one?22:33
stevemarbbl22:34
crinklestevemar: ldappool https://review.openstack.org/#/c/395013/22:34
*** edmondsw has quit IRC22:38
*** darrenc is now known as darrenc_vpn22:39
*** agrebennikov has quit IRC22:43
*** adrian_otto has quit IRC22:46
*** adrian_otto has joined #openstack-keystone22:47
*** adrian_otto has quit IRC22:49
*** david-lyle_ has joined #openstack-keystone22:50
*** david-lyle_ has quit IRC22:54
*** diazjf has quit IRC22:56
*** jperry has quit IRC22:57
*** chris_hultin|AWA is now known as chris_hultin23:01
*** gyee has joined #openstack-keystone23:07
*** spzala has quit IRC23:14
*** lamt has quit IRC23:16
*** rcernin has quit IRC23:18
*** gagehugo has quit IRC23:24
*** chris_hultin is now known as chris_hultin|AWA23:25
*** Marcellin__ has quit IRC23:28
*** darrenc_vpn is now known as darrenc23:28
*** catintheroof has joined #openstack-keystone23:29
*** spzala has joined #openstack-keystone23:30
*** catintheroof has quit IRC23:31
*** catintheroof has joined #openstack-keystone23:31
*** spzala has quit IRC23:35
*** gyee has quit IRC23:38
*** gagehugo has joined #openstack-keystone23:38
*** david-lyle has quit IRC23:38
*** david-lyle has joined #openstack-keystone23:40
*** ayoung has joined #openstack-keystone23:53
*** ChanServ sets mode: +v ayoung23:53
*** oomichi has quit IRC23:57
*** oomichi has joined #openstack-keystone23:58
« Monday, 2016-11-07 Index Wednesday, 2016-11-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!