Thursday, 2016-12-01

« Wednesday, 2016-11-30 Index Friday, 2016-12-02 »
*** tqtran has quit IRC00:04
*** ravelar has joined #openstack-keystone00:04
openstackgerritMerged openstack/python-keystoneclient: Fix missing service_catalog parameter in Client object  https://review.openstack.org/33915000:08
*** Zer0Byte__ has quit IRC00:10
*** browne has joined #openstack-keystone00:14
*** Zer0Byte__ has joined #openstack-keystone00:14
*** rdo has quit IRC00:16
*** Zer0Byte__ has quit IRC00:17
*** franza has quit IRC00:18
ayoungstevemar__, happens every time00:19
ayoungwiped out .tox00:19
ayoungsomething is wrong with the feedformatter code I think00:20
ayoungBut that looks like it has not been touched in about 7 years00:21
stevemar__:)00:21
stevemar__someone needs to punt brant's patch through: https://review.openstack.org/#/c/405006/ :P00:21
stevemar__err i meant https://review.openstack.org/#/c/404806/300:21
stevemar__well i guess dstanek already looked at it00:22
stevemar__he deserves another look00:22
ayoungI'll look00:22
ayoungstevemar__, +2a00:22
stevemar__:O00:23
morganstevemar__:00:23
morganneed your brain00:23
*** rdo has joined #openstack-keystone00:24
stevemar__morgan: okie doke00:24
morgansent you a dm00:24
*** hoangcx has joined #openstack-keystone00:28
*** spzala has quit IRC00:29
*** spzala has joined #openstack-keystone00:29
*** spzala has quit IRC00:30
*** spzala has joined #openstack-keystone00:30
ayoungwhen building a env I see this line00:30
ayoungCollecting feedformatter (from yasfb>=0.5.1->-r /opt/stack/keystone-specs/requirements.txt (line 9))00:30
ayoung  Using cached feedformatter-0.4.tar.bz200:30
ayoungwhat does it mean by cached?00:30
*** spzala has quit IRC00:36
*** spzala has joined #openstack-keystone00:36
*** spzala has quit IRC00:40
ayoungstevemar__, it is python00:46
ayoungstevemar__, it is python   ls .tox/docs/lib64/python3.5/00:46
ayoungmust be the new Fedora 25 install that triggers running tox in python300:47
*** Marcellin__ has quit IRC00:48
openstackgerritAndrey Grebennikov proposed openstack/keystone: Allow to specify ID on project creation  https://review.openstack.org/40386600:49
*** chris_hultin is now known as chris_hultin|AWA00:52
*** guoshan has joined #openstack-keystone00:52
*** catintheroof has joined #openstack-keystone01:05
*** ravelar has quit IRC01:05
*** catintheroof has quit IRC01:08
browneok, i'm new to federation and trying out some things.  one problematic thing i've found is that horizon redirects to keystone, thereby expecting a public keystone URL01:12
brownebut my keystone is behind an SSL terminator (haproxy) and horizon is also configured to use private addresses to the services01:12
brownenot sure how to resolve this since either federation doesn't work, or horizon doesn't work01:13
ayoungbrowne, you need a public Keystone.01:18
ayoungBut it does not have to be the full keystone server01:19
browneayoung: ugh, so public keystone is a requirement for federation?01:19
ayoungwhen you set up Federation, you set up URLs under the Apache server that the Horizon server is going to hit.  only those URLs need to be exposed to the outside world01:19
*** liujiong has joined #openstack-keystone01:19
ayoungbrowne, something needs to be outside the firewall to deal with Federation01:20
*** guoshan_ has joined #openstack-keystone01:20
*** guoshan has quit IRC01:20
ayoungDoes not need to be the full Apache server, just the Federation portion01:20
brownewell, technically, our keystone is open in haproxy to the public world, but the problem is that horizon forming the SSO url based on the region URL, which is also used for normal authentication01:21
browneand our controller node (keystone, apache, horizon, etc) does not have public network access01:21
*** donnalezyty_ has quit IRC01:21
ayoungthere is one config option that tells HA proxy to pass through the URL.  You can do that, too.01:22
ayoungBut, yeah, it would be nice to split the Federation URL from the internal.01:22
browneha proxy isn't involved because my web browser follows the redirect request, which has a private IP in it01:23
ayoungThat is a horizon thing, but we might be able to hack that into Django Openstack auth01:23
ayoungNo, I get it01:23
ayounglet me see...01:23
brownei think my issue is this: https://github.com/openstack/django_openstack_auth/blob/a40234be311eae11ca22497a82a82ab404d09a7c/openstack_auth/utils.py#L18101:26
browneforms the URL using the region URL set in horizon's local_settings.py01:26
ayoungbrowne, yep, and there is no reason you can't use a different URL there01:26
browneif i could override that specific for federation case, that would be ideal01:26
ayoungbrowne, are you OK living with custom code for this for a short while?01:27
browneayoung: you mean hack openstack_auth or is there an existing way to override that?  i can't change the values of region url or keystone url without breaking normal auth01:28
ayoungI think that the Horizon team would be willing to accept the change over time01:28
ayoungwe make the base URL for Federation a different config option in Horizon01:28
browneayoung: yeah custom code would be fine01:28
ayoungbrowne, OK,  so let me trace that call01:28
brownethank you!01:28
*** spzala has joined #openstack-keystone01:30
ayoungbrowne, OK  so see the line  idp_mapping = getattr(settings, 'WEBSSO_IDP_MAPPING', {})01:30
browneyep01:30
ayoungthat is pulling a value out of the config file.01:30
ayoungdjango does a config file as straight python01:30
ayoungso your horizon server has a file that is /etc/openstack_dashboard/local_settings01:31
ayoungit is a python file, despite the lack of extension, and the config options are in there.01:31
ayoungLets say we add a new one that is FEDERATION_AUTH_URL01:31
ayoungthen lower down in the utils file...01:31
browneah, i gotch ya.  i could easily hack this to accept a new config option01:32
ayoung federation_auth_url = getattr(settings, 'FEDEARTION_AUTH_URL', auth_url)01:32
ayoungand then01:32
ayoung (auth_url, idp_id, protocol_id, origin))  becomes  (federation_auth_url, idp_id, protocol_id, origin))01:32
browneyep that would do the trick01:32
ayoungcan you test it out?01:33
browneyep, i'll try it out tomorrow, but think that'll do the job.  i'll let know.  gotta go soon.  but thanks a million ayoung01:34
openstackgerritRodrigo Duarte proposed openstack/keystone: Minor fix in role_assignments api-ref  https://review.openstack.org/38177701:34
*** jamielennox is now known as jamielennox|away01:34
*** browne has quit IRC01:35
ayoungGAH!01:37
ayoungIf he does not submit that as a patch I'll be pissed01:37
*** davechen_afk is now known as davechen01:38
openstackgerritRodrigo Duarte proposed openstack/keystone: Include mapped in the default auth methods  https://review.openstack.org/40381601:42
*** adrian_otto has quit IRC01:45
openstackgerritRodrigo Duarte proposed openstack/python-keystoneclient: Refactor test_credentials  https://review.openstack.org/40504401:51
*** zhangjl has joined #openstack-keystone01:51
*** marekd has quit IRC01:56
*** adu has joined #openstack-keystone01:59
stevemar__ayoung: eric'll submit a patch02:03
stevemar__he usually comes through for things he says he'll do02:04
*** chrisplo has quit IRC02:10
davechenlbragstad: oh... i didn't aware it failed the Jenkins before. :)02:11
*** adu has quit IRC02:12
*** stevemar__ has quit IRC02:13
*** stevemar__ has joined #openstack-keystone02:13
davechenlbragstad: I thought the patch was in good shape, and seems no mistake in the code excepts the nits you said, hope it hasn't caused you too much trouble.02:13
*** stevemar__ has quit IRC02:17
*** wanghua has joined #openstack-keystone02:22
*** catintheroof has joined #openstack-keystone02:24
*** bjolo_ has joined #openstack-keystone02:39
*** topol has joined #openstack-keystone02:47
*** ChanServ sets mode: +v topol02:47
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247302:49
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247302:51
morgandstanek: ok D105 pep8 error is absurd02:51
*** agrebennikov has quit IRC02:51
morgandstanek: we have to have a docstring on magic methods?!02:51
morganreally absurd.02:51
*** jamielennox|away is now known as jamielennox02:54
ayoungmorgan, that is the most beautiful code I have seen02:56
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247302:57
morganit has an issue i need to revisit02:58
ayoungAh...02:58
morganit doesn't support the concept of really serializing stuff02:58
ayoungNo>02:58
ayoung?02:58
morganbecuase it on-demand instantiates the taskmanager02:58
morganit needs to be a pre-instantiated context_manager but is passed the method/etc on entry etc02:59
morgani need to figure out how to do that.02:59
ayoungah.got it02:59
morganit wont change a ton though02:59
ayoungcoo02:59
morganand it needs some tests added02:59
ayoungmorgan, I take it this is an outgrowth of the Zuul 2.X work?02:59
morganit;s a cleanup of shade and nodepool03:00
*** rkrum has joined #openstack-keystone03:00
morganwhich makes zuul 3 better03:00
ayoungright 303:00
morganbut yes, it is cleanup the code effort and make things more functional;03:00
morganless hack-y03:00
morganand pushing this down into ksa makes life waaaaay better03:00
ayoungthis could be a Very Useful Engine03:00
morganso i think... i can do instantiate and make __call__ do the work for __enter__03:01
morgani need to test how __enter__ gets called03:01
ayounghey, tox quesiont for you. I need to force the doc task in keystone-specs to use python2, as it pulls in a library no longer actively developed that is 2 only03:01
ayoungis there some way in tox.ini to say "for docs use python 2.7"03:02
morganyes. you can, let me look up the method to say "this venv uses pyXX"03:02
ayoungbasepython=python2.603:03
morganayoung: use    basepython = python3.403:03
morganwell basepython = python2.703:03
ayoungheh right03:04
morganin the venv definitioin03:04
ayoungok let me see if this works...03:04
morganshould do what you're looking for03:04
morganwe use it in the [testenv:debug-py34]03:04
morganenv in keystone's tox.ini03:04
ayoungnot sure that docs should require a separate venv in keystone-specs.03:05
morganif it's a concern/breaking, it should for now03:05
ayoungyeah, it is03:05
morganit's easy to change that down the line03:05
ayoungFedora 25 made a change, I think03:05
morgango with "not broken" over "better looking"03:05
morgan;)03:06
openstackgerritayoung proposed openstack/keystone-specs: Role Check Check from Middleware  https://review.openstack.org/39162403:09
openstackgerritayoung proposed openstack/keystone-specs: Fix python version i to 2.7 for docs  https://review.openstack.org/40507403:09
morganayoung: if you do re-review that code (added reno since your +2) let me know what you think about my in-line comment. if you think it is a non-issue, I'm happy to have it +2'd as is03:09
morgani'll refrain from another patch and addressing what might be a non-issue until some other folks weigh in03:10
ayoungso that is your final final...ok.  I'll rereview03:10
morganit's final until i get more feedback on it. i'm content with the general code itself.03:10
morganalso context_managers always make me feel like i'm invoking black magic ;)03:11
*** topol has quit IRC03:11
*** stevemar__ has joined #openstack-keystone03:11
ayoungmorgan, so yeah...now that I think about it, I don't like that aspect03:11
ayoungyou should be able to share a context manager03:11
ayoungI'd expect that to be the default...why not ...03:11
ayoungpass the context maanger as an object in the function, but create the class if the param is None?03:11
morganit just becomes impossible to pass anyting into __enter__03:12
morganthat isn't done on context manager instantiation03:12
morgan__enter__ is very limited, similar to __exit__03:12
morgannothing magic really can happy in them besides what is already there03:12
morganso either you instantiate the context manager before hand and just do "with self.manager as XX:"03:13
morganor you instantiate on demand like I am doing03:13
morgandoing an explicit __Call__() method would make things worse.03:13
morganand yes, i am fine with creating it in __init__ if we don't pass one in03:14
*** rodrigods_ is now known as rodrigods03:15
ayoungmorgan, I'll let you play.  I'm going to hold off on reviewing it until dstanek weighs in on the python mechanism.  My brain is full of RBAC03:17
*** jamielennox is now known as jamielennox|away03:17
openstackgerritayoung proposed openstack/keystone-specs: Fix python version to 2.7 for docs  https://review.openstack.org/40507403:18
morganayoung: did that work for tox.ini03:18
morgan?03:18
ayoungmorgan, it did work, thanks03:18
morgancool!03:18
ayoungmorgan, https://admiyo.fedorapeople.org/keystone-specs/specs/keystone/ongoing/role-check-from-middleware.html  much easier to read than a gerrit page03:22
ayoungThat might be our longest spec yet03:22
*** jamielennox|away is now known as jamielennox03:26
*** catintheroof has quit IRC03:28
*** catintheroof has joined #openstack-keystone03:28
*** catintheroof has quit IRC03:28
*** catintheroof has joined #openstack-keystone03:30
ayoungjamielennox, BTW, the RBAC spec and approach will let us get you your standard set of roles:03:30
*** catintheroof has quit IRC03:30
*** catintheroof has joined #openstack-keystone03:31
*** tqtran has joined #openstack-keystone03:31
*** catintheroof has quit IRC03:31
*** ravelar has joined #openstack-keystone03:37
*** ravelar has quit IRC03:37
*** tqtran has quit IRC03:37
morganayoung: nah, that spec is short just has a lot of "related links"03:43
morgan:P03:43
*** adriant has quit IRC03:44
*** nicolasbock has quit IRC03:45
*** jamielennox is now known as jamielennox|away03:47
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741003:53
openstackgerritayoung proposed openstack/keystone-specs: Role Check Check from Middleware  https://review.openstack.org/39162403:54
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741003:56
*** guoshan_ has quit IRC04:02
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741004:10
*** Ephur has quit IRC04:13
*** Ephur has joined #openstack-keystone04:13
*** Ephur has quit IRC04:14
*** PsionTheory has joined #openstack-keystone04:14
*** Ephur has joined #openstack-keystone04:14
*** Ephur has quit IRC04:14
*** Ephur has joined #openstack-keystone04:15
*** Ephur has quit IRC04:15
*** Ephur has joined #openstack-keystone04:16
*** Ephur has quit IRC04:16
*** Ephur has joined #openstack-keystone04:17
*** Ephur has quit IRC04:17
*** Ephur has joined #openstack-keystone04:18
*** Ephur has quit IRC04:18
*** Ephur has joined #openstack-keystone04:19
*** Ephur has quit IRC04:19
*** Ephur has joined #openstack-keystone04:19
*** Ephur has quit IRC04:20
*** Ephur has joined #openstack-keystone04:20
*** Ephur has quit IRC04:21
*** Ephur has joined #openstack-keystone04:21
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741004:22
*** Ephur has joined #openstack-keystone04:22
*** Ephur has quit IRC04:22
*** Ephur has joined #openstack-keystone04:23
*** Ephur has quit IRC04:23
*** Ephur has joined #openstack-keystone04:24
*** Ephur has quit IRC04:24
*** Ephur has joined #openstack-keystone04:25
*** stevemar__ has quit IRC04:25
*** Ephur has quit IRC04:25
*** stevemar__ has joined #openstack-keystone04:25
*** Ephur has joined #openstack-keystone04:26
*** Ephur has quit IRC04:26
*** ravelar has joined #openstack-keystone04:26
*** Ephur has joined #openstack-keystone04:27
*** Ephur has quit IRC04:27
*** Ephur has joined #openstack-keystone04:27
*** Ephur has quit IRC04:28
*** Ephur has joined #openstack-keystone04:28
*** Ephur has quit IRC04:29
*** Ephur has joined #openstack-keystone04:29
*** Ephur has quit IRC04:29
*** stevemar__ has quit IRC04:30
*** Ephur has joined #openstack-keystone04:30
*** Ephur has quit IRC04:30
*** Ephur has joined #openstack-keystone04:31
*** Ephur has quit IRC04:31
*** Ephur has joined #openstack-keystone04:32
*** Ephur has quit IRC04:32
*** Ephur has joined #openstack-keystone04:33
*** Ephur has quit IRC04:33
*** jamielennox|away is now known as jamielennox04:33
*** Ephur has joined #openstack-keystone04:34
*** Ephur has quit IRC04:34
*** Ephur has joined #openstack-keystone04:35
*** Ephur has quit IRC04:35
*** rkrum has quit IRC04:35
*** Ephur has joined #openstack-keystone04:36
*** Ephur has quit IRC04:36
*** Ephur has joined #openstack-keystone04:36
*** Ephur has quit IRC04:37
openstackgerritRichard Avelar proposed openstack/keystone: Print name with duplicate error on user creation  https://review.openstack.org/40510404:37
*** Ephur has joined #openstack-keystone04:37
*** Ephur has quit IRC04:37
*** ravelar has quit IRC04:38
*** Ephur has joined #openstack-keystone04:38
*** Ephur has quit IRC04:38
*** Ephur has joined #openstack-keystone04:39
*** Ephur has quit IRC04:39
*** Ephur has joined #openstack-keystone04:40
*** Ephur has quit IRC04:40
*** Ephur has joined #openstack-keystone04:41
*** Ephur has quit IRC04:41
*** Ephur has joined #openstack-keystone04:42
*** Ephur has quit IRC04:42
*** Ephur has joined #openstack-keystone04:43
*** Ephur has joined #openstack-keystone04:43
*** Ephur has quit IRC04:44
*** Ephur has joined #openstack-keystone04:44
*** Ephur has quit IRC04:45
*** guoshan has joined #openstack-keystone04:45
*** Ephur has joined #openstack-keystone04:45
*** Ephur has joined #openstack-keystone04:46
*** Ephur has quit IRC04:46
*** Ephur has joined #openstack-keystone04:47
*** Ephur has quit IRC04:47
*** Ephur has joined #openstack-keystone04:48
*** Ephur has quit IRC04:48
*** Ephur has joined #openstack-keystone04:49
*** Ephur has quit IRC04:49
*** guoshan has quit IRC04:49
*** Ephur has joined #openstack-keystone04:49
*** browne has joined #openstack-keystone04:49
*** PsionTheory has quit IRC04:49
*** Ephur has quit IRC04:50
*** Ephur has joined #openstack-keystone04:51
*** Ephur has joined #openstack-keystone04:51
*** Ephur has quit IRC04:52
*** Ephur has joined #openstack-keystone04:52
*** Ephur has quit IRC04:52
*** Ephur has joined #openstack-keystone04:53
*** Ephur has quit IRC04:53
*** Ephur has joined #openstack-keystone04:54
*** Ephur has quit IRC04:54
*** Ephur has joined #openstack-keystone04:55
*** Ephur has quit IRC04:55
*** Ephur has joined #openstack-keystone04:56
*** Ephur has quit IRC04:56
*** Ephur has joined #openstack-keystone04:57
*** Ephur has quit IRC04:57
*** Ephur has joined #openstack-keystone04:58
*** Ephur has joined #openstack-keystone04:58
*** browne has quit IRC04:58
*** Ephur has quit IRC04:59
*** Ephur has joined #openstack-keystone04:59
*** Ephur has quit IRC05:00
*** links has joined #openstack-keystone05:00
*** Ephur has joined #openstack-keystone05:00
*** Ephur has quit IRC05:00
*** Ephur has joined #openstack-keystone05:01
*** Ephur has quit IRC05:01
*** Ephur has joined #openstack-keystone05:02
*** Ephur has quit IRC05:02
*** Ephur has joined #openstack-keystone05:03
*** bjolo_ has quit IRC05:03
*** Ephur has joined #openstack-keystone05:04
*** Ephur has quit IRC05:04
*** Ephur has joined #openstack-keystone05:05
*** Ephur has quit IRC05:05
*** Ephur has joined #openstack-keystone05:05
*** Ephur has quit IRC05:06
*** Ephur has joined #openstack-keystone05:06
*** Ephur has quit IRC05:07
*** Ephur has joined #openstack-keystone05:07
*** Ephur has quit IRC05:07
*** Ephur has joined #openstack-keystone05:08
*** Ephur has joined #openstack-keystone05:09
*** Ephur has quit IRC05:09
*** Ephur has joined #openstack-keystone05:10
*** udesale has joined #openstack-keystone05:10
*** Ephur has quit IRC05:10
*** Ephur has joined #openstack-keystone05:11
*** Ephur has quit IRC05:11
*** Ephur has joined #openstack-keystone05:12
*** Ephur has quit IRC05:12
*** Ephur has joined #openstack-keystone05:13
*** Ephur has quit IRC05:13
*** Ephur has joined #openstack-keystone05:13
*** Ephur has quit IRC05:14
*** Ephur has joined #openstack-keystone05:14
*** Ephur has quit IRC05:15
*** Ephur has joined #openstack-keystone05:15
*** Ephur has quit IRC05:15
*** Ephur has joined #openstack-keystone05:16
*** Ephur has joined #openstack-keystone05:17
*** Ephur has quit IRC05:17
*** Ephur has joined #openstack-keystone05:18
*** Ephur has quit IRC05:18
*** Ephur has joined #openstack-keystone05:19
*** Ephur has quit IRC05:19
*** Ephur has joined #openstack-keystone05:20
*** Ephur has quit IRC05:20
*** Ephur has joined #openstack-keystone05:20
*** Ephur has quit IRC05:21
*** spzala has quit IRC05:21
*** spzala has joined #openstack-keystone05:21
*** Ephur has joined #openstack-keystone05:21
*** spzala has quit IRC05:22
*** spzala has joined #openstack-keystone05:22
*** spzala has quit IRC05:22
*** Ephur has joined #openstack-keystone05:22
*** Ephur has quit IRC05:22
*** spzala has joined #openstack-keystone05:23
*** spzala has quit IRC05:23
*** Ephur has joined #openstack-keystone05:23
*** spzala has joined #openstack-keystone05:23
*** Ephur has quit IRC05:23
*** spzala has quit IRC05:23
*** spzala has joined #openstack-keystone05:24
*** Ephur has joined #openstack-keystone05:24
*** spzala has quit IRC05:24
*** Ephur has quit IRC05:24
*** spzala has joined #openstack-keystone05:25
*** Ephur has joined #openstack-keystone05:25
*** spzala has quit IRC05:25
*** Ephur has quit IRC05:25
*** Ephur has joined #openstack-keystone05:26
*** spzala has joined #openstack-keystone05:26
*** Ephur has quit IRC05:26
*** spzala has quit IRC05:26
*** spzala has joined #openstack-keystone05:27
*** Ephur has joined #openstack-keystone05:27
*** spzala has quit IRC05:27
*** Ephur has quit IRC05:27
*** spzala has joined #openstack-keystone05:27
*** Ephur has joined #openstack-keystone05:28
*** spzala has quit IRC05:28
*** Ephur has quit IRC05:28
*** spzala has joined #openstack-keystone05:28
*** spzala has quit IRC05:28
*** Ephur has joined #openstack-keystone05:28
*** mahatic_ has left #openstack-keystone05:28
*** Ephur has quit IRC05:29
*** spzala has joined #openstack-keystone05:29
*** spzala has quit IRC05:29
*** Ephur has joined #openstack-keystone05:29
*** Ephur has quit IRC05:30
*** spzala has joined #openstack-keystone05:30
*** spzala has quit IRC05:30
*** Ephur has joined #openstack-keystone05:30
*** spzala has joined #openstack-keystone05:30
*** Ephur has quit IRC05:30
*** spzala has quit IRC05:31
*** Ephur has joined #openstack-keystone05:31
*** Ephur has quit IRC05:31
*** spzala has joined #openstack-keystone05:31
*** spzala has quit IRC05:32
*** Ephur has joined #openstack-keystone05:32
*** spzala has joined #openstack-keystone05:32
*** Ephur has quit IRC05:32
*** spzala has quit IRC05:32
*** Ephur has joined #openstack-keystone05:33
*** Ephur has quit IRC05:33
*** spzala has joined #openstack-keystone05:33
*** spzala has quit IRC05:33
*** Ephur has joined #openstack-keystone05:34
*** spzala has joined #openstack-keystone05:34
*** spzala has quit IRC05:34
*** Ephur has quit IRC05:34
*** tqtran has joined #openstack-keystone05:34
*** spzala has joined #openstack-keystone05:35
*** Ephur has joined #openstack-keystone05:35
*** spzala has quit IRC05:35
*** Ephur has quit IRC05:35
*** spzala has joined #openstack-keystone05:35
*** Ephur has joined #openstack-keystone05:35
*** spzala has quit IRC05:35
*** Ephur has quit IRC05:36
*** spzala has joined #openstack-keystone05:36
*** spzala has quit IRC05:36
*** Ephur has joined #openstack-keystone05:36
*** Ephur has quit IRC05:37
*** spzala has joined #openstack-keystone05:37
*** spzala has quit IRC05:37
*** Ephur has joined #openstack-keystone05:37
*** spzala has joined #openstack-keystone05:37
*** Ephur has quit IRC05:38
*** spzala has quit IRC05:38
*** Ephur has joined #openstack-keystone05:38
*** qwertyco has joined #openstack-keystone05:38
*** spzala has joined #openstack-keystone05:38
*** spzala has quit IRC05:38
*** Ephur has quit IRC05:38
*** qwertyco has quit IRC05:38
*** qwertyco has joined #openstack-keystone05:39
*** spzala has joined #openstack-keystone05:39
*** Ephur has joined #openstack-keystone05:39
*** spzala has quit IRC05:39
*** tqtran has quit IRC05:39
*** Ephur has quit IRC05:39
*** spzala has joined #openstack-keystone05:40
*** Ephur has joined #openstack-keystone05:40
*** spzala has quit IRC05:40
*** Ephur has quit IRC05:40
*** spzala has joined #openstack-keystone05:40
*** spzala has quit IRC05:41
*** Ephur has joined #openstack-keystone05:41
*** Ephur has quit IRC05:41
*** spzala has joined #openstack-keystone05:41
*** spzala has quit IRC05:41
*** Ephur has joined #openstack-keystone05:42
*** Ephur has quit IRC05:42
*** spzala has joined #openstack-keystone05:42
*** spzala has quit IRC05:42
*** Ephur has joined #openstack-keystone05:42
*** Ephur has quit IRC05:43
*** spzala has joined #openstack-keystone05:43
*** spzala has quit IRC05:43
*** Ephur has joined #openstack-keystone05:43
*** Ephur has quit IRC05:44
*** spzala has joined #openstack-keystone05:44
*** spzala has quit IRC05:44
*** Ephur has joined #openstack-keystone05:44
*** Ephur has quit IRC05:45
*** spzala has joined #openstack-keystone05:45
*** spzala has quit IRC05:45
*** Ephur has joined #openstack-keystone05:45
*** Ephur has quit IRC05:45
*** spzala has joined #openstack-keystone05:46
*** spzala has quit IRC05:46
*** Ephur has joined #openstack-keystone05:46
*** Ephur has quit IRC05:46
*** spzala has joined #openstack-keystone05:47
*** oomichi has quit IRC05:47
*** spzala has quit IRC05:47
*** Ephur has joined #openstack-keystone05:47
*** Ephur has quit IRC05:47
*** spzala has joined #openstack-keystone05:47
*** spzala has quit IRC05:48
*** Ephur has joined #openstack-keystone05:48
*** oomichi has joined #openstack-keystone05:48
*** Ephur has quit IRC05:48
*** spzala has joined #openstack-keystone05:48
*** spzala has quit IRC05:48
*** Ephur has joined #openstack-keystone05:49
*** spzala has joined #openstack-keystone05:49
*** Ephur has quit IRC05:49
*** spzala has quit IRC05:49
*** Ephur has joined #openstack-keystone05:50
*** spzala has joined #openstack-keystone05:50
*** spzala has quit IRC05:50
*** Ephur has quit IRC05:50
*** spzala has joined #openstack-keystone05:51
*** Ephur has joined #openstack-keystone05:51
*** spzala has quit IRC05:51
*** Ephur has quit IRC05:51
*** spzala has joined #openstack-keystone05:51
*** spzala has quit IRC05:51
*** Ephur has joined #openstack-keystone05:51
*** Ephur has quit IRC05:52
*** spzala has joined #openstack-keystone05:52
*** spzala has quit IRC05:52
*** Ephur has joined #openstack-keystone05:52
*** Ephur has quit IRC05:53
*** spzala has joined #openstack-keystone05:53
*** spzala has quit IRC05:53
*** Ephur has joined #openstack-keystone05:53
*** Ephur has quit IRC05:53
*** spzala has joined #openstack-keystone05:53
*** spzala has quit IRC05:54
*** Ephur has joined #openstack-keystone05:54
*** spzala has joined #openstack-keystone05:54
*** Ephur has quit IRC05:54
*** spzala has quit IRC05:54
*** Ephur has joined #openstack-keystone05:55
*** spzala has joined #openstack-keystone05:55
*** spzala has quit IRC05:55
*** Ephur has quit IRC05:55
*** spzala has joined #openstack-keystone05:56
*** spzala has quit IRC05:56
*** Ephur has joined #openstack-keystone05:56
*** Ephur has quit IRC05:56
*** spzala has joined #openstack-keystone05:56
*** Ephur has joined #openstack-keystone05:57
*** spzala has quit IRC05:57
*** Ephur has quit IRC05:57
*** spzala has joined #openstack-keystone05:57
*** spzala has quit IRC05:57
*** Ephur has joined #openstack-keystone05:58
*** Ephur has quit IRC05:58
*** spzala has joined #openstack-keystone05:58
*** spzala has quit IRC05:58
*** Ephur has joined #openstack-keystone05:58
*** spzala has joined #openstack-keystone05:59
*** Ephur has quit IRC05:59
*** spzala has quit IRC05:59
*** spzala has joined #openstack-keystone05:59
*** Ephur has joined #openstack-keystone05:59
*** spzala has quit IRC06:00
*** Ephur has quit IRC06:00
*** spzala has joined #openstack-keystone06:00
*** spzala has quit IRC06:00
*** Ephur has joined #openstack-keystone06:00
*** spzala has joined #openstack-keystone06:01
*** spzala has quit IRC06:01
*** Ephur has joined #openstack-keystone06:01
*** Ephur has quit IRC06:01
*** spzala has joined #openstack-keystone06:02
*** spzala has quit IRC06:02
*** Ephur has joined #openstack-keystone06:02
*** Ephur has quit IRC06:02
*** spzala has joined #openstack-keystone06:03
*** spzala has quit IRC06:03
*** Ephur has joined #openstack-keystone06:03
*** Ephur has quit IRC06:03
*** spzala has joined #openstack-keystone06:03
*** spzala has quit IRC06:03
*** Ephur has joined #openstack-keystone06:04
*** Ephur has quit IRC06:04
*** spzala has joined #openstack-keystone06:04
*** spzala has quit IRC06:04
*** Ephur has joined #openstack-keystone06:05
*** spzala has joined #openstack-keystone06:05
*** Ephur has quit IRC06:05
*** spzala has quit IRC06:05
*** spzala has joined #openstack-keystone06:06
*** Ephur has joined #openstack-keystone06:06
*** spzala has quit IRC06:06
*** Ephur has quit IRC06:06
*** spzala has joined #openstack-keystone06:06
*** Ephur has joined #openstack-keystone06:06
*** spzala has quit IRC06:06
*** Ephur has quit IRC06:07
*** spzala has joined #openstack-keystone06:07
*** spzala has quit IRC06:07
*** Ephur has joined #openstack-keystone06:07
*** Ephur has joined #openstack-keystone06:08
*** Ephur has quit IRC06:08
*** Ephur has joined #openstack-keystone06:09
*** Ephur has quit IRC06:09
*** Ephur has joined #openstack-keystone06:10
*** Ephur has quit IRC06:10
*** Ephur has joined #openstack-keystone06:11
*** Ephur has quit IRC06:11
*** Ephur has joined #openstack-keystone06:12
*** Ephur has quit IRC06:12
*** Ephur has joined #openstack-keystone06:13
*** Ephur has quit IRC06:13
*** Ephur has joined #openstack-keystone06:14
*** Ephur has quit IRC06:14
*** Ephur has joined #openstack-keystone06:14
*** guoshan has joined #openstack-keystone06:15
*** jaosorior has joined #openstack-keystone06:19
*** duonghq has joined #openstack-keystone06:33
*** tqtran has joined #openstack-keystone06:36
*** richm has quit IRC06:40
*** tqtran has quit IRC06:41
*** stevemar__ has joined #openstack-keystone06:56
*** stevemar__ has quit IRC07:01
*** spzala has joined #openstack-keystone07:08
*** jaosorior has quit IRC07:09
*** jaosorior has joined #openstack-keystone07:09
*** spzala has quit IRC07:12
*** zhangjl1 has joined #openstack-keystone07:13
*** zhangjl has quit IRC07:15
*** masuberu has joined #openstack-keystone07:28
*** guoshan has quit IRC07:28
*** guoshan has joined #openstack-keystone07:29
*** masber has quit IRC07:30
*** zhangjl1 has quit IRC07:33
*** zhangjl has joined #openstack-keystone07:33
*** josecastroleon has quit IRC07:50
*** josecastroleon has joined #openstack-keystone07:59
*** spzala has joined #openstack-keystone08:08
*** spzala has quit IRC08:13
*** code-R_ has quit IRC08:17
*** xiaoyang has joined #openstack-keystone08:21
*** liujiong has quit IRC08:24
*** liujiong has joined #openstack-keystone08:24
*** dobson has quit IRC08:24
*** josecastroleon1 has joined #openstack-keystone08:24
*** bigjools has quit IRC08:25
*** dobson has joined #openstack-keystone08:25
*** bigjools has joined #openstack-keystone08:26
*** bigjools has quit IRC08:26
*** bigjools has joined #openstack-keystone08:26
*** josecastroleon has quit IRC08:26
*** rcernin has joined #openstack-keystone08:34
*** mfisch has quit IRC08:36
*** Guest66666 has quit IRC08:36
*** pnavarro has joined #openstack-keystone08:37
*** rcernin has quit IRC08:37
*** rcernin has joined #openstack-keystone08:37
*** Guest66666 has joined #openstack-keystone08:38
*** mfisch has joined #openstack-keystone08:39
*** mfisch has quit IRC08:40
*** mfisch has joined #openstack-keystone08:40
*** amoralej|off is now known as amoralej08:44
*** jpich has joined #openstack-keystone08:46
*** asettle has joined #openstack-keystone08:55
*** stevemar__ has joined #openstack-keystone08:57
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** stevemar__ has quit IRC09:02
*** code-R has joined #openstack-keystone09:05
*** spzala has joined #openstack-keystone09:10
*** hogepodge has quit IRC09:11
*** hogepodge has joined #openstack-keystone09:12
*** spzala has quit IRC09:15
*** woodster_ has quit IRC09:16
*** code-R_ has joined #openstack-keystone09:17
*** code-R has quit IRC09:20
*** ccard_ has quit IRC09:22
*** rcernin has quit IRC09:29
*** rcernin has joined #openstack-keystone09:30
*** hogepodge has quit IRC09:31
*** hogepodge has joined #openstack-keystone09:32
*** ccard_ has joined #openstack-keystone09:33
*** guoshan has quit IRC09:35
*** wanghua has quit IRC09:38
*** openstack has joined #openstack-keystone10:02
*** rcernin has quit IRC10:06
*** rcernin has joined #openstack-keystone10:07
*** voelzmo has joined #openstack-keystone10:08
*** hoangcx has quit IRC10:11
*** ma9 has joined #openstack-keystone10:15
*** Ephur has joined #openstack-keystone10:16
ma9Hi, is there any plan to improve the Keystone Trusts concept and limit the scope of the trust delegation? By this I mean that I could delegate a third party to access only some of the things I can usually do with my identity in Openstack, like only access the Object storage but not my VM instances for instance.10:17
*** liujiong has quit IRC10:20
*** Ephur has quit IRC10:21
ma9oh maybe the role assignments do this already.10:22
bretonyey, we broke people again with v310:24
bretonma9: talk to ayoung10:24
bretonma9: he drives this10:24
ma9ok thanks10:26
*** zhangjl1 has joined #openstack-keystone10:27
*** zhangjl has quit IRC10:29
*** zhangjl1 has quit IRC10:31
*** sirushti has quit IRC10:31
*** mvk has quit IRC10:33
*** sirushti has joined #openstack-keystone10:34
*** jdennis1 has quit IRC10:39
*** tonyb has quit IRC10:39
*** lbragstad has quit IRC10:39
*** jdennis1 has joined #openstack-keystone10:43
*** tonyb has joined #openstack-keystone10:43
*** lbragstad has joined #openstack-keystone10:43
*** mvk has joined #openstack-keystone11:09
*** bapalm has quit IRC11:10
*** spzala has joined #openstack-keystone11:12
*** richm has joined #openstack-keystone11:12
*** bapalm has joined #openstack-keystone11:15
*** spzala has quit IRC11:16
*** jaosorior_lunch is now known as jaosorior11:25
*** ma9 has left #openstack-keystone11:30
*** udesale has quit IRC11:33
*** topol has joined #openstack-keystone11:39
*** ChanServ sets mode: +v topol11:39
*** udesale has joined #openstack-keystone11:46
*** topol has quit IRC11:56
*** nicolasbock has joined #openstack-keystone11:59
*** topol has joined #openstack-keystone12:05
*** ChanServ sets mode: +v topol12:05
*** topol has quit IRC12:05
*** rodrigods is now known as rodrigods_12:09
*** spzala has joined #openstack-keystone12:13
*** raildo has joined #openstack-keystone12:16
*** spzala has quit IRC12:18
*** catintheroof has joined #openstack-keystone12:25
*** udesale has quit IRC12:26
*** topol has joined #openstack-keystone12:41
*** ChanServ sets mode: +v topol12:41
*** topol has quit IRC12:41
*** stevemar__ has joined #openstack-keystone12:46
*** catintheroof has quit IRC12:48
*** stevemar__ has quit IRC12:50
*** rodrigods_ has quit IRC12:58
*** rodrigods has joined #openstack-keystone12:58
*** jamielennox is now known as jamielennox|away13:00
openstackgerritRodrigo Duarte proposed openstack/python-keystoneclient: Refactor test_projects  https://review.openstack.org/40535913:01
openstackgerritRodrigo Duarte proposed openstack/keystone: Minor fix in role_assignments api-ref  https://review.openstack.org/38177713:03
*** ma9 has joined #openstack-keystone13:04
*** catintheroof has joined #openstack-keystone13:13
*** spzala has joined #openstack-keystone13:13
*** voelzmo has quit IRC13:16
*** voelzmo has joined #openstack-keystone13:16
*** catinthe_ has joined #openstack-keystone13:18
*** spzala has quit IRC13:19
*** catintheroof has quit IRC13:19
*** amoralej is now known as amoralej|lunch13:21
*** jrist has quit IRC13:25
*** edmondsw has joined #openstack-keystone13:25
*** edmondsw_ has joined #openstack-keystone13:28
*** edmondsw_ has quit IRC13:28
*** edmondsw_ has joined #openstack-keystone13:29
*** edmondsw_ has quit IRC13:29
*** voelzmo has quit IRC13:30
*** lamt has joined #openstack-keystone13:34
*** stevemar__ has joined #openstack-keystone13:36
*** agrebennikov has joined #openstack-keystone13:37
ayoungma9  we can discuss it here13:39
ma9ok13:39
ayoungyou said13:39
ayoungI'm interested in the possiblity to assign trust to a user, but in a way that the trust is limited only to a given and known set of actions… for example I'd give him only access Swift instead of Nova.13:39
ayoung<ma9> is this done with setting 'privileges'/roles to this user?13:39
ayoungma9  that is what I am working towards, but it is a hard problem to solve13:40
ayoungsetting aside issues of admin-ness,  even for the "user" role you need some better policy enforcement than comes with OpenStack by default13:40
ayoungI should say "Member" role...for the average, non admin user, the operations are usually not even checking the role in the policy files.  Instead, they just check that the token has a project that matches the project on the resource13:42
*** qwertyco has quit IRC13:47
ma9Mm ok I'm not sure if I understand. I'll try to be more clear myself… my use case is that I have some users who access a website. They can perform some actions while they are logged in, but the site should be able to perform some operations autonomously when the user is not logged in… for example monitoring some datasets or operations on his behalf… that the user will check once he logs in again.13:48
*** spzala has joined #openstack-keystone13:48
ma9So I would like that the user of this page could be able to allow this website to access some of the things he can usually access via Openstack13:48
ma9but I don't want this website to be able to do any harm to the other things the user can access13:49
ma9and also, I would like to be able to log who performed the actions, and it it's the website there should still be a pointer to the original user13:50
ma9so that if there are many users doing delegations at the same time, I know who did what at what time13:50
ma9does it make sense?13:50
ayoungma9 is makes sense, and that is what I am working towards13:54
ayoungthat is why I am pushing for this: https://review.openstack.org/#/c/391624/13:54
ma9what are the current limitations?13:55
ma9i'll check the links thanks13:55
*** lamt has quit IRC14:01
*** lamt has joined #openstack-keystone14:07
*** rcernin has quit IRC14:10
*** voelzmo has joined #openstack-keystone14:11
*** rcernin has joined #openstack-keystone14:11
*** voelzmo has quit IRC14:13
*** voelzmo has joined #openstack-keystone14:13
*** jperry has joined #openstack-keystone14:14
*** Ephur has joined #openstack-keystone14:18
*** amoralej|lunch is now known as amoralej14:21
*** jrist has joined #openstack-keystone14:21
*** jaugustine has quit IRC14:22
*** Ephur has quit IRC14:22
*** spzala has quit IRC14:28
*** spzala has joined #openstack-keystone14:29
*** spzala has quit IRC14:33
*** jaugustine has joined #openstack-keystone14:47
*** duonghq has quit IRC14:48
*** duonghq has joined #openstack-keystone14:49
*** duonghq has quit IRC14:49
*** guoshan has joined #openstack-keystone14:49
*** duonghq_ has joined #openstack-keystone14:50
*** guoshan_ has joined #openstack-keystone14:52
*** guoshan has quit IRC14:52
*** code-R_ has quit IRC14:53
*** code-R has joined #openstack-keystone14:53
*** Marcellin__ has joined #openstack-keystone14:59
*** daemontool has joined #openstack-keystone15:00
openstackgerritMerged openstack/pycadf: Show team and repo badges on README  https://review.openstack.org/40287115:00
*** links has quit IRC15:01
*** guoshan_ has quit IRC15:04
*** phalmos has joined #openstack-keystone15:04
lbragstadbreton it looks like magnum issues have been resolved15:06
lbragstadbreton i'm following up with them now15:06
*** jaosorior has quit IRC15:09
*** jaosorior has joined #openstack-keystone15:09
*** stevemar has joined #openstack-keystone15:12
*** ChanServ sets mode: +o stevemar15:12
*** code-R_ has joined #openstack-keystone15:12
stevemarget outta here stevemar__15:12
stevemar__stevemar: ok boss15:12
*** stevemar__ has quit IRC15:12
lbragstadlooks like stevemar figured out his irc bouncer15:13
*** code-R has quit IRC15:15
lbragstadstevemar not sure if you've seen http://lists.openstack.org/pipermail/openstack-dev/2016-December/108266.html yet this morning but i followed up with magnum and strigazi is working on their tests now15:15
stevemarah nice, i figured there was going to be fall out...15:15
lbragstadit looks like they are on the right track, and mitigating the issues15:15
lbragstadbut - i told them to come find me if they need reviews15:16
stevemarit broke novaclient?15:16
lbragstadthe email says it makes one of the novaclient jobs redundant, which i don't really consider a reason to revert15:16
lbragstadso me that sounds like cleanup15:16
stevemarlbragstad: i see dims came in right away and -1'ed the revert lol15:16
lbragstadbknudson did too15:17
dimsnot that i had any karma to do so!15:17
lbragstadbut it looks like rally is still having issues (cc: breton)15:17
lbragstadalthough I'm not sure what they are15:17
lbragstaddims o/15:18
*** spzala has joined #openstack-keystone15:18
*** edtubill has joined #openstack-keystone15:20
*** ravelar has joined #openstack-keystone15:23
*** dave-mccowan has joined #openstack-keystone15:25
*** stevemar_znc has joined #openstack-keystone15:29
lbragstadI'm seeing quite a bit of this in the rally failures - http://logs.openstack.org/76/405376/2/check/gate-rally-dsvm-neutron-existing-users-rally/a748b7e/console.html#_2016-12-01_14_02_44_80805515:30
lbragstadand http://logs.openstack.org/76/405376/2/check/gate-rally-dsvm-cli/7b4f770/console.html#_2016-12-01_14_21_27_84492515:30
*** jperry has quit IRC15:31
lbragstadsame thing with the rally-dsvm-pg-py27-cli job15:32
dimslbragstad : andreykurilin : breton : i see quite a few bugs in rally around keystone v3 support - https://bugs.launchpad.net/rally?field.searchtext=keystone+v315:37
andreykurilindims: it doesn't relate to the fact that the ability to setup devstack + keystone v2 is broken15:38
dimsandreykurilin : other than a revert, what can we do?15:39
openstackgerritRichard Avelar proposed openstack/keystone: Print name with duplicate error on user creation  https://review.openstack.org/40510415:39
*** code-R_ has quit IRC15:40
*** code-R has joined #openstack-keystone15:40
andreykurilindims: long debug to understand which devstack plugin overrides this variable or forgot about all customers who use keystone v2 and remove it from rally15:40
dimsbreton : do you have some time to help andreykurilin with this?15:41
andreykurilindims: at first stage- I will turn off testing keystone v2 checks. I do not want to have blocked gates... Then, as much as I have free time, I'll look experiment with enabling devstack plugins to find the core issue.15:43
*** dims has quit IRC15:46
*** adrian_otto has joined #openstack-keystone15:47
*** chris_hultin|AWA is now known as chris_hultin15:48
*** links has joined #openstack-keystone15:48
*** hrybacki is now known as hrybacki|IAmGE15:49
*** hrybacki|IAmGE is now known as hrybacki|lAmG315:49
lbragstadthis looks like the bug that I am seeing most in the latest rally failures - https://bugs.launchpad.net/rally/+bug/144137915:50
openstackLaunchpad bug 1441379 in Rally "Need Rally deployment create support on domain_id or domain_name in order to support keystone v3 test (which needs domain scoped token). The current project scoped token only works in service API but not keystone v3 API (DTUG domain, user, group...)." [Medium,In progress]15:50
*** hrybacki|lAmG3 is now known as hrybacki|l4mG315:51
lbragstadwe could probably reopen this, too https://bugs.launchpad.net/rally/+bug/158277715:52
openstackLaunchpad bug 1582777 in Rally "rally does not work with keystone v3" [Critical,Fix released] - Assigned to Sergey Skripnick (eyerediskin)15:52
andreykurilin@lbragstad: oh...the problem is not in particular scenarios! Yes, we have some scenarios for only keystone v2, but previously(before today's change) we were able to have two separate jobs. One for keystone v2, another for v315:56
andreykurilinI do not want to have only keystone v3 jobs15:57
andreykurilinI want to continue to test keystone v2 scenarios to be able to satisfy customers who have only keystone v215:58
lbragstadandreykurilin ah - that makes sense15:58
andreykurilinYes15:58
andreykurilinEven more, I had a patch which adds keystone v3 support for all rally scenarios15:59
lbragstadandreykurilin but all scenarios now are expected to work against v2.0, not v315:59
*** code-R_ has joined #openstack-keystone16:00
andreykurilin@lbragstad: yes. But those scenarios which doesn't support keystone v3 yet can be included in keystone v2 job16:00
*** dims has joined #openstack-keystone16:00
andreykurilinAs it who it worked before16:00
bretondims: yep16:01
*** adrian_otto has quit IRC16:01
*** code-R has quit IRC16:02
*** dave-mccowan has quit IRC16:02
*** ma9 has left #openstack-keystone16:03
dimsthank you breton !16:03
andreykurilin@lbragstad Even when my patch which finish keystone v3 support for all scenarios  will be merged, it will not help to setup job to test those scenarios with keystone v2. Please do not merge to separate issues: inability to setup keystone v2 job and keystone v2 only rally scenarios16:04
*** topol has joined #openstack-keystone16:04
*** ChanServ sets mode: +v topol16:04
*** voelzmo has quit IRC16:05
andreykurilin@dims ^ it relates to your message too16:06
dimsack andreykurilin16:06
*** spzala_ has joined #openstack-keystone16:07
*** spzala has quit IRC16:09
*** stevemar_znc is now known as topol_16:12
*** rcernin has quit IRC16:13
*** dave-mccowan has joined #openstack-keystone16:16
*** phalmos has quit IRC16:16
*** chrisplo has joined #openstack-keystone16:16
*** ChanServ sets mode: +v topol_16:18
*** topol has quit IRC16:20
*** topol_ is now known as topol16:20
stevemarnew keystone libraries are out: middleware at 4.11.0, auth at 2.16.0, client at 3.8.016:30
*** jaosorior has quit IRC16:30
*** adrian_otto has joined #openstack-keystone16:31
*** browne has joined #openstack-keystone16:40
*** adrian_otto has quit IRC16:44
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741016:46
*** dave-mccowan has quit IRC16:46
*** josecastroleon1 has quit IRC16:48
*** rcernin has joined #openstack-keystone16:50
*** adrian_otto has joined #openstack-keystone16:52
*** links has quit IRC16:53
*** links has joined #openstack-keystone16:53
*** dave-mccowan has joined #openstack-keystone16:56
*** edmondsw has quit IRC16:59
*** edmondsw has joined #openstack-keystone16:59
*** jpich has quit IRC17:07
bretondims: andreykurilin: lbragstad: how do you think, will https://review.openstack.org/405536 help?17:10
bretoni don't know how to check17:10
bretonadd depends-on in the patch with failing jobs?17:10
andreykurilinbreton: unfortunately,  depends-on is not work for infra patches :(17:11
openstackgerritSamuel Pilla proposed openstack/keystone: Add password expiration queries for PCI-DSS  https://review.openstack.org/40389817:13
*** asettle has quit IRC17:24
agrebennikovlbragstad, are you around by chance?17:30
lbragstadagrebennikov kind of17:30
lbragstadagrebennikov what's uo?17:30
agrebennikovqq17:30
lbragstadup*17:30
*** kukacz has joined #openstack-keystone17:31
*** spzala_ has quit IRC17:33
stevemarif rally is the only project that broke due to the devstack change i'm really impressed17:36
*** chris_hultin is now known as chris_hultin|AWA17:40
morganstevemar: agreed17:40
*** chris_hultin|AWA is now known as chris_hultin17:40
* morgan just responded to the thread as well.17:41
morganlbragstad: let me know if you need help with rally getting v3 working.17:41
morganstevemar: does this mean v2 is effectively dead (at long last)... I mean getting to the removal point ;) (obvs not this cycle)17:42
*** chlong has joined #openstack-keystone17:45
*** browne has quit IRC17:47
stevemarmorgan: it means our promise to remove it in Q isn't just a vague threat :)17:47
*** ayoung has quit IRC17:48
stevemarmorgan: when I spoke with a few ops at openstack day, everyone is pretty much OK removing the admin / CRUD v2 APIs17:48
lbragstadthat'd be awesome17:48
morganthis is damn good news.17:48
morganso good.17:48
morganso very good.17:48
stevemarwe should probably always keep the APIs around, we can't "remove" them i think...17:49
morganin q I think deleting the code is sane.17:50
stevemarmorgan: i thought we could never remove an API?17:50
morganv2 keystone is a special exception17:50
morganwe have approval for it to go away17:51
stevemarmorgan: we do?17:51
morganwhen the TC made the resolution a couple things that were long in progress were ok'd to be removed.17:51
morganglance v1 I think, keystone v2, and one more.17:52
*** code-R_ has quit IRC17:52
morgansince it was in works long. before that resolution was considered.17:52
stevemarah17:52
stevemarinteresting17:52
*** code-R has joined #openstack-keystone17:52
morganand because v2 has unfixable security flaws.17:52
morgane.g. simplistic rbac17:52
openstackgerritAndrey Grebennikov proposed openstack/keystone: Allow to specify ID on project creation  https://review.openstack.org/40386617:53
stevemarmorgan: lol "rbac"17:53
*** code-R has quit IRC17:53
stevemarif it only works with one role is it really rbac :)17:53
morganwe simply can't fix it without breaking the contract... and v2 lacks basic features we lean on in other projects.17:53
*** code-R has joined #openstack-keystone17:54
morganso v2 code is slated for removal as soon as we can (aka Q)17:54
morganbut v3 APIs may not ever be removed.17:54
morganstevemar: funny thing, the app I use to track my migraines ... asked me why I wasn't using it anymore... I had to send them an email saying I do use it, just nothing to report! :)17:56
stevemarmorgan: probably something to do with v2 going away :P17:59
stevemarmorgan: fernet tokens default, v3 default, encrypted credentials default, performance is pretty good. this has all been a long time coming18:01
morganGerber *cough*18:01
morganerm.18:01
morganscrew off autocorrect...18:02
stevemarfernet?18:02
morganfernet*18:02
morganyes.18:02
stevemarnot a fan of it by default?18:02
morganAndroid autocorrect is worse than iOS at this point.18:03
*** code-R has quit IRC18:04
morganstill not, but that is because of the added operational cost.18:11
morganbut I have said over and over I won't block making it default.18:11
mordredmorgan, stevemar: by the time you remove v2 I hope to have all of my client testing of v2 fully requests_mock driven anyway, so I won't scream too much18:11
*** ravelar has quit IRC18:12
morganideally uuid tokens would validate the same as fernet except in the db vs encoded... then we would drop uuid at the same time as v218:12
morganor mark deprecated that is.18:12
morganthe fact we validate uuid differently than fernet really bothers me, since it means we have multiple regression points we have to maintain.18:13
morganmordred: ++18:13
mordredhopefully over the next six months we'll have a bunch of public clouds actually roll out v318:13
andreykurilinmordred: I replied to you reply :)18:15
*** voelzmo has joined #openstack-keystone18:15
andreykurilinstevemar: rally job is broken since we want to check that our scenarios work with keystone v2 and that job was designed to work only with keystone v2. I think all other openstack jobs are not broken since they do not have restriction to check only keystone v2.18:17
*** mvk has quit IRC18:17
morganandreykurilin: please keep in mind the deprecation and removal plans of v2... Q cycle18:17
morganstevemar: related to migraines... i even did a 6-week caffeine detox... no migraine. clearly it is keystone being awesome :P18:19
mordredandreykurilin: I replied? OH - morgan ... yay tab complete :)18:19
andreykurilinmorgan: I'm ok about it:) as I mentioned in thread, I had a patch to port all remaining scenarios to work with keystone v3. It is tested and will be merged soon. But it doesn't change my wish to test our scenarios with keystone v2 as much as possible18:19
morganmordred: mor<tab> fail18:19
andreykurilinmordred: oh... sorry:)18:19
morganmordred: hehe hold on.18:20
*** morgan is now known as morgred18:20
morgredmordred: even better :P18:20
andreykurilinmordred: but you can read my reply too. I'm not against :D18:20
morgredmordred: right?18:20
mordredandreykurilin: yah - shade also has a keystone v2 functional test - I think when v2 gets removed in q we'll try to set that job to run on stable/p at least until p is removed18:20
*** amoralej is now known as amoralej|off18:20
mordredwe have a similar issue wanting to keep testing against nova-network for as long as possible after its removal because it still exists in the wild18:21
*** morgred is now known as morgan18:21
andreykurilinmordred: I think in near future(I hope before Ocata will be closed), I'll add jobs to check rally against openstack stable branches...and we continue to check keystone v2 for a long time :)18:23
andreykurilinnova-network...eh...18:23
mordredandreykurilin: ++ to stable branches - and yah, I know of at least one public cloud running nova network, and we want to make sure our users don't get screwed by that :)18:23
andreykurilinI understand that we need to continue to test it too, but I want to get rid of it...18:23
andreykurilinI do not like nova-net at all18:24
andreykurilin:)18:24
andreykurilinmordred: we have a statement that rally cleans up all created resources... but in case of nova-net this statement is not true. It is impossible to remove default security groups even for deleted networks...18:25
andreykurilinok, AJaeger put +2W to possible fix for our jobs. I hope it will help18:26
mordredandreykurilin: yah. nova-net is _terrible_18:26
*** pnavarro has quit IRC18:26
andreykurilinmordred: I like that I can complain about novanet here without any opponents... please, do not repost my messages to #openstack-nova channel :D18:28
mordredheheh18:29
*** browne has joined #openstack-keystone18:29
mordredandreykurilin: well, as an end-user, I can report that it is a terrible experience. I do not have  much opinion as an operator :)18:29
*** cheran has joined #openstack-keystone18:34
morganas a developer, neutron is a nightmare to setup consistently when testing a full cloud deployment18:35
morgannova-net "worked"18:35
morganout of the box... with basic functionality18:36
* morgan had to ask at least 10 people for a "how to get neutron working consistently in devstack" at one point18:36
morgans/is/was18:36
morgani haven't done it in a while.18:36
morganstevemar: going to ask for a release of ksa once we land the taskmanager interface. fwiw18:37
morganstevemar: also https://review.openstack.org/#/c/405007/ - mfa spec18:37
*** tqtran has joined #openstack-keystone18:39
*** voelzmo has quit IRC18:45
stevemarmorgan: totes willing to release new version once it's merged18:45
*** ravelar has joined #openstack-keystone18:47
*** diazjf has joined #openstack-keystone18:48
*** voelzmo has joined #openstack-keystone18:50
openstackgerritSamuel Pilla proposed openstack/keystone: API Documentation for user password expires  https://review.openstack.org/40557418:54
*** daemontool has quit IRC18:55
*** dave-mccowan has quit IRC18:59
*** ravelar has quit IRC19:13
*** mvk has joined #openstack-keystone19:14
*** voelzmo has quit IRC19:20
*** voelzmo has joined #openstack-keystone19:20
*** spzala has joined #openstack-keystone19:23
*** spzala has quit IRC19:26
*** spzala has joined #openstack-keystone19:27
*** voelzmo has quit IRC19:27
*** diazjf has quit IRC19:27
*** david-lyle_ has joined #openstack-keystone19:28
*** david-lyle has quit IRC19:31
*** openstackgerrit has quit IRC19:32
*** openstackgerrit has joined #openstack-keystone19:33
*** openstackgerrit has quit IRC19:36
*** voelzmo has joined #openstack-keystone19:37
*** ravelar has joined #openstack-keystone19:39
*** voelzmo has quit IRC19:39
*** voelzmo has joined #openstack-keystone19:40
*** dave-mccowan has joined #openstack-keystone19:41
*** diazjf has joined #openstack-keystone19:43
*** voelzmo has quit IRC19:44
*** bknudson has left #openstack-keystone19:46
*** josecastroleon has joined #openstack-keystone19:49
*** spzala has quit IRC19:50
*** openstackgerrit has joined #openstack-keystone19:50
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247319:50
morganmordred, stevemar, lbragstad, jamielennox|away, ^ new context manager version in ksa19:51
*** phalmos has joined #openstack-keystone19:52
morganplease let me know if there is anything else that is missing/required for it at this point19:52
*** jamielennox|away is now known as jamielennox19:53
*** josecastroleon has quit IRC19:53
*** phalmos has quit IRC19:56
*** spzala has joined #openstack-keystone19:56
*** spzala has quit IRC20:01
*** david-lyle_ is now known as david-lyle20:01
openstackgerritGage Hugo proposed openstack/keystone: Add reason to notifications for PCI-DSS  https://review.openstack.org/39675220:05
*** ravelar has quit IRC20:06
*** ravelar has joined #openstack-keystone20:06
*** spzala has joined #openstack-keystone20:08
*** links has quit IRC20:09
openstackgerritayoung proposed openstack/keystone: Refactor Authorization:  https://review.openstack.org/38716120:11
*** bknudson has joined #openstack-keystone20:12
*** ChanServ sets mode: +v bknudson20:12
*** spzala has quit IRC20:12
*** spzala has joined #openstack-keystone20:14
openstackgerritayoung proposed openstack/keystone: Refactor is_admin  https://review.openstack.org/38771020:16
openstackgerritayoung proposed openstack/keystone: Add is_admin_project check to policy.json  https://review.openstack.org/25763620:16
*** spzala has quit IRC20:18
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247320:21
morganjamielennox: ^ addressed comments20:22
morganjamielennox: I am of the opinon it is much easier to write the code encapsulated in a context manager like this than a custom requests.Session20:24
morganjamielennox: since there are a lot of other moving bits and this way (with the change to pass the ksa session in) the context manager can inspect/use ksa-session details as needed now20:25
jamielennoxmorgan: yea, i'm aware making people mess with sessions is daunting20:26
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247320:26
morganjamielennox: fixed a pep8 error there.20:27
morganwhoopse.20:27
morgan:)20:27
jamielennoxmorgan: so this is super pedantic, but how do feel about making TaskManager.request TaskManager.__call__20:28
morgani am not a fan of magic methods where we can avoid them20:29
morgani also think it is far more explicit to not make it look like task_context_managet(self, method, url **kwargs)20:29
jamielennoxfair enough20:29
openstackgerritayoung proposed openstack/keystone: URL pattern based RBAC Management Interface  https://review.openstack.org/40180820:29
jamielennoxwas just looking that the default implementation is basically20:30
morganif i didn't want to provide this as a "template" for an object manager, i would have made this a function.20:30
jamielennox@contextmanager20:30
morganusing context lib20:30
jamielennoxdef fun():20:30
jamielennox    yield self.session20:30
morganyep20:30
morganthis is just so we have a clear template for developers to work from.20:30
jamielennoxand i'm wondering if we define that context_manager has to be a context manager rather than a subclass of TaskContextManager is it easier20:31
jamielennoxbut yea, i see the template argument20:31
morgan:)20:31
*** spzala has joined #openstack-keystone20:31
morganmy first pass was as a function when i re-did it and i felt it was not providing enough guidance20:31
jamielennoxmorgan: ok, so my only thing then is can we s/Task// - ksa doesn't have the notion of tasks, so i don't care SessionContextManager, RequestContextManager?20:33
jamielennoxprobably Request20:33
jamielennoxand add a test just to validate behaviour and i'm good20:33
*** catinthe_ has quit IRC20:34
morganRequest.20:34
morgannot Session :P20:34
morganbecause... yo dawg, i heard you like sessions20:34
jamielennoxyea, it's a per requeest thing20:34
morganso i put a session in your session for your sessioning session session session session session20:35
jamielennoxoh, i'm very aware20:35
morganhehe20:35
jamielennoxshould init be request_context_manager= then?20:35
morgannah20:35
jamielennoxmake it explicit20:35
*** voelzmo has joined #openstack-keystone20:35
morganlets just leave it shorter20:35
jamielennoxok20:35
morganthe docstring identifies what it is20:35
*** spzala has quit IRC20:35
morganif there wasn't a docstring, yes20:36
jamielennoxjust no ctxt_mngr20:36
jamielennoxuse your vowels  :)20:36
morgansrry cnt n vwls lft20:36
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement TaskContextManager for Session  https://review.openstack.org/36247320:42
morganjamielennox: ^ there ya go20:42
morganrenamed20:42
morganbah. let me fix the commit message20:42
*** openstack has joined #openstack-keystone20:42
*** spzala has joined #openstack-keystone20:43
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Implement ReqContextManager for Session  https://review.openstack.org/36247320:43
morganthere we go20:44
*** ravelar has quit IRC20:44
*** ravelar1 has joined #openstack-keystone20:44
*** spzala has quit IRC20:47
*** adrian_otto has quit IRC20:48
*** spzala has joined #openstack-keystone20:49
*** spzala has quit IRC20:53
*** spzala has joined #openstack-keystone20:55
*** adriant has joined #openstack-keystone20:56
*** spzala has quit IRC20:59
openstackgerritGage Hugo proposed openstack/keystone: Add reason to notifications for PCI-DSS  https://review.openstack.org/39675221:05
*** voelzmo has quit IRC21:08
openstackgerritayoung proposed openstack/keystone: IAM Models  https://review.openstack.org/18465121:10
*** rcernin has quit IRC21:10
*** spzala has joined #openstack-keystone21:10
openstackgerritayoung proposed openstack/keystone-specs: Federated Query APIs  https://review.openstack.org/31360421:20
*** adrian_otto has joined #openstack-keystone21:30
openstackgerritSamuel Pilla proposed openstack/keystone: API Documentation for user password expires  https://review.openstack.org/40557421:31
openstackgerritBrant Knudson proposed openstack/keystone: More info in schema validation error  https://review.openstack.org/40500621:34
*** pnavarro has quit IRC21:37
*** Ephur has joined #openstack-keystone21:44
*** ravelar1 has quit IRC21:45
*** jrist has quit IRC21:49
*** spzala has quit IRC21:52
*** chris_hultin is now known as chris_hultin|AWA22:00
*** openstackgerrit has quit IRC22:03
*** edmondsw has quit IRC22:06
*** edmondsw has joined #openstack-keystone22:07
*** openstackgerrit has joined #openstack-keystone22:10
openstackgerritSamuel Pilla proposed openstack/keystone: API Documentation for user password expires  https://review.openstack.org/40557422:10
*** edmondsw_ has joined #openstack-keystone22:10
*** jaugustine has quit IRC22:11
*** edmondsw has quit IRC22:11
*** edmondsw_ has quit IRC22:14
*** diazjf has quit IRC22:16
stevemarandreykurilin: are you proposing we go with your spec over rderose's ? or just rebasing it?22:16
stevemarandreykurilin: sorry, that question is for ayoung, who is now offline22:17
andreykurilinstevemar: np)22:18
rderosestevemar: ayoung seemed agreeable to extending the user API; not use OS-FEDERATION22:20
rderosejust working out the kinks in that spec22:20
rderosetrying to understand how kerberos and federation play together22:20
rderoseshould have a new patch soon.22:20
*** diazjf has joined #openstack-keystone22:26
gagehugokeystone turtle looks pretty good22:43
*** diazjf has quit IRC22:44
*** chlong has quit IRC22:50
*** edtubill has quit IRC22:52
*** edtubill has joined #openstack-keystone22:53
*** adrian_otto has quit IRC22:55
*** edtubill has quit IRC22:58
*** diazjf has joined #openstack-keystone23:03
*** ebalduf_ has joined #openstack-keystone23:10
*** masuberu has quit IRC23:11
*** ebalduf_ has quit IRC23:11
*** masber has joined #openstack-keystone23:12
*** ayoung has joined #openstack-keystone23:12
*** ChanServ sets mode: +v ayoung23:12
ayoungstevemar, lbragstad are you guys OK with pushing https://review.openstack.org/#/c/405074/  through?  I can't run tox for specs without it.23:13
*** dave-mccowan has quit IRC23:15
lbragstadayoung hmm - that's weird23:16
lbragstadayoung any reason why that's happening?23:16
ayounglbragstad, its just cuzI upgraded to F2523:16
ayoungthe library that docs uses is py2 only23:16
ayoungwith F25, it tries to build docs using python3 as the default23:16
ayoungand the libary in question looks unmaintained since 200923:17
*** diazjf has quit IRC23:17
*** masber has quit IRC23:17
ayounglbragstad, until we can either fix the library and get another release, or replace it in our build system, we need to build docs with py2723:18
openstackgerritRon De Rose proposed openstack/keystone-specs: Extend user API to support federated attributes  https://review.openstack.org/39741023:26
jamielennoxayoung: can we remove the library?23:30
jamielennoxpy3 is a cross project goal and if the library can't be used then replace it with something that can23:31
openstackgerritayoung proposed openstack/keystone-specs: Service Catalog Subsets by ID  https://review.openstack.org/16090923:31
*** dave-mccowan has joined #openstack-keystone23:31
ayoungjamielennox, eventually, but for now it is only used in tox when building docs23:31
ayoungso, the right thing is probbly to fix the upstream library, but for now, obviously the docs building is being done with 27.  This is only an issue for people building specs on f25 ATM23:32
ayoungjamielennox, and we don't have a bug tracker for keystone-specs or I would have filed a bug23:32
jamielennoxyea, not saying to not fix it, but i'm guessing this is not a direct dependency of keystone-specs and so this will apply everywhere23:33
jamielennoxayoung: feedformatter is a dependency of yasfb, authored by mr dhellmann - and i wonder if he knows it's not python 3 compatible?23:34
ayoungjamielennox, I canbug him about it23:35
ayoungOooh it sa code.google.com page.  I hope someone else has a copy o the repo23:36
ayounglooks like SVN23:36
openstackgerritKen'ichi Ohmichi proposed openstack/keystone: Remove CONF.os_inherit.enabled  https://review.openstack.org/40567923:37
jamielennoxayoung: anyway, i agree with lbragstad and reviewed, just put a note there saying yasfb is not py3 compatible and i''ll +A23:37
ayoungjamielennox, ++23:37
jamielennoxayoung: oh, he knows: https://github.com/dhellmann/yasfb/issues/123:37
*** dave-mccowan has quit IRC23:37
jamielennox opened this Issue on 1 Sep 2015 - i wonder if it's maintained?23:38
openstackgerritayoung proposed openstack/keystone-specs: Fix python version to 2.7 for docs  https://review.openstack.org/40507423:40
jamielennoxayoung: lol, sorry, i meant in the tox.ini file23:41
ayoungjamielennox, ah23:41
lbragstadjamielennox ++23:41
jamielennoxso we can see when to remove it23:41
ayoungOK...I can do that23:42
ayoungjamielennox, let me see if I can get feedformatter source from svn23:42
jamielennoxyea, it's non-trivial23:42
jamielennoxi had a quick look23:42
jamielennoxthe replacement mentioned in the bug requires lxml :(23:44
ayoungjamielennox, I was just going to see if I could get feedformatter checked out and fix the error to build Py323:45
morganayoung, jamielennox: o/23:45
ayoungit looks like a syntax change23:45
morganhow goes the day?23:45
ayoungmorgan, status quo ante23:45
morganayoung: sounds about right23:45
jamielennoxayoung: you opting to take over ownership of a python package?23:45
morganayoung: planning on spending a chunk of time on the RBAC spec today23:45
ayoungjamielennox, meh.  probably not.  I'll make doug do it23:45
morgannow that I have the things I needed to propose up23:46
ayoungmorgan, ++23:46
jamielennoxif he hasn't moved it off code.google.com it probbaly hasn't been touched in a while23:46
morganjamielennox: likely23:46
ayoungjamielennox, about 7 years23:46
jamielennoxmorgan: howdy23:46
ayounghttps://github.com/lmaurits/feedformatter  might be that he just didn't update Pypi23:47
morganayoung: possibly23:48
ayoungthere is a py3 fix in there, and I think it is the same dev23:48
ayoungstill 4 years old23:48
jamielennoxno published release?23:48
morganancient libraries ftl23:49
ayoung lmaurits23:49
ayoungnope, but lets see if the dev is active and willing to make a new release23:49
ayoungits the same person23:49
jamielennoxso that commit seems to be in code.google.com as well: https://code.google.com/archive/p/feedformatter/source/default/commits23:49
jamielennoxit just needs a release23:50
jamielennoxwell- i haven't tested it23:50
jamielennoxModern versions of Python have ElementTree in the standard library23:50
ayoungjamielennox, dev is still active..and in your part of the world....  .au domain name23:50
jamielennoxit's old..23:50
jamielennoxayoung: i don't know him23:51
morganjamielennox: you mean you don't know everyone in .au?23:51
lbragstadjamielennox you mean to tell me you don't know another developer in au?23:51
jamielennoxi know another one, just not that one23:52
lbragstadc'mon *how* big au anyway23:52
jamielennoxthere's like 10+ of us23:52
lbragstadlol23:52
ayounghe's the guy that did prettytable.  We use that in the CLI23:54
openstackgerritKen'ichi Ohmichi proposed openstack/keystone: Remove CONF.os_inherit.enabled  https://review.openstack.org/40567923:56
ayoungjamielennox, BTW, the rollback to devstack setting  admin_project went through.  2 of the commits now pass: glance and cinder I think23:58
jamielennoxwhy?23:59
jamielennoxoh, right, something about tempest23:59
ayoungjamielennox, easier to fix the projects first, then tempest23:59
ayoungall will happen23:59
« Wednesday, 2016-11-30 Index Friday, 2016-12-02 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!