Monday, 2016-12-12

*** markvoelker has quit IRC		00:02
*** hoangcx has joined #openstack-keystone		00:38
*** tovin07 has joined #openstack-keystone		00:48
*** hoangcx has quit IRC		00:49
*** hoangcx has joined #openstack-keystone		00:49
*** tovin07 has quit IRC		00:56
*** tovin07 has joined #openstack-keystone		00:57
*** Zer0Byte__ has joined #openstack-keystone		01:06
*** Zer0Byte__ has quit IRC		01:11
*** zhangjl has joined #openstack-keystone		01:33
*** liujiong has joined #openstack-keystone		01:41
*** adu has joined #openstack-keystone		02:24
stevemar	o/	02:26
*** spzala has joined #openstack-keystone		02:30
*** spzala has quit IRC		02:35
*** adu has quit IRC		02:45
*** markvoelker has joined #openstack-keystone		03:00
*** markvoelker has quit IRC		03:05
*** zhangjl has quit IRC		03:15
*** nicolasbock has joined #openstack-keystone		03:49
*** adu has joined #openstack-keystone		03:57
*** markvoelker has joined #openstack-keystone		04:01
*** markvoelker has quit IRC		04:05
*** nicolasbock has quit IRC		04:07
*** adu has quit IRC		04:12
*** udesale has joined #openstack-keystone		04:25
*** madhaviy has joined #openstack-keystone		04:36
*** madhaviy has quit IRC		04:41
*** markvoelker has joined #openstack-keystone		05:02
*** markvoelker has quit IRC		05:07
*** adriant has quit IRC		05:11
*** madhaviy has joined #openstack-keystone		05:37
*** markvoelker has joined #openstack-keystone		06:02
*** lifeless_ has quit IRC		06:02
*** lifeless has joined #openstack-keystone		06:03
*** markvoelker has quit IRC		06:07
*** openstackgerrit_ has joined #openstack-keystone		06:23
*** jaosorior has joined #openstack-keystone		06:23
*** zhangjl has joined #openstack-keystone		06:24
*** openstackgerrit_ has quit IRC		06:25
*** openstackgerrit_ has joined #openstack-keystone		06:26
*** openstackgerrit_ has quit IRC		06:27
*** spzala has joined #openstack-keystone		06:31
*** openstackgerrit_ has joined #openstack-keystone		06:34
*** openstackgerrit_ has quit IRC		06:35
*** spzala has quit IRC		06:36
*** Dinesh_Bhor has joined #openstack-keystone		06:37
*** richm has quit IRC		06:41
*** dikonoor has joined #openstack-keystone		06:53
*** jvarlamova___ has joined #openstack-keystone		06:58
*** openstackgerrit_ has joined #openstack-keystone		06:59
openstackgerrit	Julia Varlamova proposed openstack/keystone: Change DevStack plugin to setup multi-Keystone https://review.openstack.org/399472	07:00
*** openstackgerrit_ has quit IRC		07:00
*** jvarlamova has quit IRC		07:01
*** markvoelker has joined #openstack-keystone		07:03
*** markvoelker has quit IRC		07:08
*** tobberydberg has joined #openstack-keystone		07:08
*** kiran-r has joined #openstack-keystone		07:32
*** jaosorior has quit IRC		07:40
*** kiran-r has quit IRC		07:49
*** udesale has quit IRC		07:57
*** jaosorior has joined #openstack-keystone		08:00
*** BlackDex_ is now known as BlackDex		08:03
*** markvoelker has joined #openstack-keystone		08:04
*** liujiong has quit IRC		08:06
*** liujiong has joined #openstack-keystone		08:07
*** Zer0Byte__ has joined #openstack-keystone		08:07
*** markvoelker has quit IRC		08:09
*** Zer0Byte__ has quit IRC		08:11
*** pcaruana has joined #openstack-keystone		08:30
*** amoralej\|off is now known as amoralej		08:31
*** pcaruana has quit IRC		08:37
*** pcaruana has joined #openstack-keystone		08:38
*** pnavarro has joined #openstack-keystone		08:55
*** zzzeek has quit IRC		09:00
*** zzzeek has joined #openstack-keystone		09:00
*** zhangjl has quit IRC		09:06
*** d0ugal has quit IRC		09:09
openstackgerrit	Shan Guo proposed openstack/keystone: [api] set `is_admin_project` on tokens for admin project https://review.openstack.org/409678	09:10
*** udesale has joined #openstack-keystone		09:10
*** udesale has quit IRC		09:11
*** udesale has joined #openstack-keystone		09:12
*** d0ugal has joined #openstack-keystone		09:14
*** d0ugal has quit IRC		09:14
*** d0ugal has joined #openstack-keystone		09:14
*** d0ugal has quit IRC		09:17
*** d0ugal has joined #openstack-keystone		09:19
*** namnh has joined #openstack-keystone		09:28
*** spzala has joined #openstack-keystone		09:31
*** asettle has joined #openstack-keystone		09:33
*** spzala has quit IRC		09:36
*** markvoelker has joined #openstack-keystone		10:06
*** markvoelker has quit IRC		10:10
*** daemontool has joined #openstack-keystone		10:14
*** daemontool has quit IRC		10:15
*** liujiong has quit IRC		10:18
*** hoangcx has quit IRC		10:24
*** madhaviy has quit IRC		10:29
*** madhaviy has joined #openstack-keystone		11:01
*** david_cu has quit IRC		11:06
*** markvoelker has joined #openstack-keystone		11:07
*** markvoelker has quit IRC		11:11
*** richm has joined #openstack-keystone		11:13
*** udesale has quit IRC		11:15
*** udesale has joined #openstack-keystone		11:19
*** nicolasbock has joined #openstack-keystone		11:35
*** masuberu has quit IRC		11:45
*** masber has joined #openstack-keystone		11:46
*** AlexOughton has quit IRC		12:00
*** AlexOughton has joined #openstack-keystone		12:00
*** dikonoor has quit IRC		12:02
*** dave-mccowan has joined #openstack-keystone		12:04
*** markvoelker has joined #openstack-keystone		12:07
*** namnh has quit IRC		12:11
*** markvoelker has quit IRC		12:12
*** iurygregory has joined #openstack-keystone		12:33
stevemar	o/	12:35
*** udesale has quit IRC		12:47
*** markvoelker has joined #openstack-keystone		13:15
*** agrebennikov_ has joined #openstack-keystone		13:37
*** briancurtin has quit IRC		13:42
*** briancurtin has joined #openstack-keystone		13:42
*** amoralej is now known as amoralej\|lunch		13:45
openstackgerrit	Merged openstack/keystone: Remove exception from v2 validation path https://review.openstack.org/404977	13:45
openstackgerrit	Merged openstack/keystone: Move V2TokenDataHelper to the v2.0 controller https://review.openstack.org/389383	13:46
*** clenimar has joined #openstack-keystone		13:51
*** eduardo has joined #openstack-keystone		13:55
*** dikonoor has joined #openstack-keystone		14:00
*** arunkant has quit IRC		14:09
*** zzzeek has quit IRC		14:13
*** madhaviy has quit IRC		14:14
*** zzzeek has joined #openstack-keystone		14:14
*** madhaviy has joined #openstack-keystone		14:15
samueldmq	morning keystone	14:17
samueldmq	stevemar: o/	14:17
*** Tahvok has quit IRC		14:18
knikolla	morning o/	14:18
*** Matias has quit IRC		14:18
*** Matias has joined #openstack-keystone		14:23
*** Tahvok has joined #openstack-keystone		14:24
*** amoralej\|lunch is now known as amoralej		14:25
*** ayoung has joined #openstack-keystone		14:32
*** ChanServ sets mode: +v ayoung		14:32
*** jamielennox is now known as jamielennox\|away		14:38
lbragstad	o/	14:39
*** udesale has joined #openstack-keystone		14:41
eduardo	Morning	14:42
*** Ephur has joined #openstack-keystone		14:44
eduardo	I m having trouble with keystone and oauth2, to change the token duration. I am trying to change kestone.conf - [token] - "expiration", but no success. Does someone knows how do I change the default token durations of 3600 seconds?	14:44
ayoung	eduardo, that should do it	14:45
*** jamielennox\|away is now known as jamielennox		14:45
*** spzala has joined #openstack-keystone		14:46
*** nkinder has joined #openstack-keystone		14:47
*** arunkant has joined #openstack-keystone		14:48
*** spzala has quit IRC		14:48
eduardo	I imagined it should work, but it is nothing. Maybe because of the plugin oauth2. Is there a separate configuration for it?	14:49
stevemar	eduardo: the kestone.conf - [token] - "expiration" section changes the expiry of tokens issued by keystone	14:50
stevemar	eduardo: those are different than oauth2 tokens	14:50
stevemar	oauth2 tokens will be returned by some identity provider that speaks oauth2, we don't control the expiration of those	14:50
stevemar	we only consume what is in a oauth2 assertion, what goes in it is up to the identity provider	14:51
*** arunkant has quit IRC		14:53
*** diazjf has joined #openstack-keystone		14:54
openstackgerrit	ayoung proposed openstack/keystone: Fernet token formatter with explicit role https://review.openstack.org/310074	14:55
-openstackstatus- NOTICE: The Gerrit service on review.openstack.org is restarting now to address acute performance issues, and will be back online momentarily.		15:06
*** asettle__ has joined #openstack-keystone		15:08
*** david_cu has joined #openstack-keystone		15:09
*** asettle has quit IRC		15:10
*** ayoung is now known as ayoung_afk		15:11
stevemar	are there any blueprints that are close to landing this week?	15:18
stevemar	we've got 11 approved for ocata, 1 complete, 6 in progress and 4 not started =\	15:19
stevemar	cutting ocata-2 this week	15:19
*** jaugustine has joined #openstack-keystone		15:24
stevemar	progress here: https://docs.google.com/spreadsheets/d/156q820cXcEc8Y9YWQgoc_hyOm3AZ2jtMQM3zdDhwGFU/edit?usp=sharing	15:27
stevemar	jamielennox: is there any server side work left to do for token expiration?	15:31
*** dave-mccowan has quit IRC		15:31
*** samueldmq has quit IRC		15:37
*** samueldmq has joined #openstack-keystone		15:37
*** ChanServ sets mode: +v samueldmq		15:37
*** diazjf has quit IRC		15:38
*** phalmos has joined #openstack-keystone		15:43
*** ravelar has joined #openstack-keystone		15:45
*** dave-mccowan has joined #openstack-keystone		15:47
*** dikonoor has quit IRC		15:47
*** tobberyd_ has joined #openstack-keystone		15:47
*** ravelar1 has joined #openstack-keystone		15:50
*** tobberydberg has quit IRC		15:51
*** diazjf has joined #openstack-keystone		15:51
*** tobberyd_ has quit IRC		15:52
*** ravelar has quit IRC		15:53
eduardo	thank you +ayoung and @stevemar. The plugin I have is within contrib, so I guess it is not part of openstack keystone	15:55
eduardo	I am using a version used in the project FIWARE	15:55
dstanek	eduardo: and putting it in keystone?	15:57
eduardo	putting what in keystone?	16:03
dstanek	eduardo: you mentioned something in contributing from a different project	16:04
*** jaosorior has quit IRC		16:10
*** jaosorior has joined #openstack-keystone		16:10
eduardo	I am not shure if there is alread a relation with this project. The version I am using, that is part of a bigger project, is: https://github.com/ging/keystone/	16:12
*** spzala has joined #openstack-keystone		16:15
*** ravelar1 has quit IRC		16:22
*** chris_hultin\|AWA is now known as chris_hultin		16:29
openstackgerrit	Samuel Pilla proposed openstack/keystone: Add password expiration queries for PCI-DSS https://review.openstack.org/403898	16:31
*** dikonoor has joined #openstack-keystone		16:40
*** asettle__ is now known as asettle		16:45
*** evrardjp has quit IRC		16:46
*** evrardjp has joined #openstack-keystone		16:47
*** raildo has joined #openstack-keystone		16:59
*** pcaruana has quit IRC		16:59
*** gagehugo has quit IRC		17:08
*** Zer0Byte__ has joined #openstack-keystone		17:17
*** diazjf has quit IRC		17:17
*** ravelar has joined #openstack-keystone		17:19
stevemar	eduardo: first i've heard about FIWARE -- the wiki is really outdated: http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/OpenStack_Keystone	17:22
*** ravelar has quit IRC		17:24
*** ravelar has joined #openstack-keystone		17:24
*** ravelar has quit IRC		17:28
eduardo	yes @stevemar, it is not easy to get information	17:29
*** ravelar has joined #openstack-keystone		17:31
*** dikonoor has quit IRC		17:31
*** udesale has quit IRC		17:37
*** arunkant has joined #openstack-keystone		17:44
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Add domain_id to the user table https://review.openstack.org/409874	17:49
*** openstack has joined #openstack-keystone		17:57
*** jaosorior has quit IRC		18:03
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Add domain_id to the user table https://review.openstack.org/409874	18:04
*** eduardo has quit IRC		18:06
*** madhaviy has quit IRC		18:10
*** martinus__ has quit IRC		18:10
*** tqtran has joined #openstack-keystone		18:11
*** martinus__ has joined #openstack-keystone		18:13
*** harlowja has joined #openstack-keystone		18:20
*** ayoung_afk is now known as ayoung		18:32
ayoung	stevemar, https://review.openstack.org/#/c/395760/4 can you kick it on through?	18:38
stevemar	ayoung: done	18:44
*** gagehugo has joined #openstack-keystone		18:45
*** pnavarro has quit IRC		18:52
*** asettle has quit IRC		19:14
*** asettle has joined #openstack-keystone		19:32
*** jamielennox is now known as jamielennox\|away		19:46
*** edmondsw has joined #openstack-keystone		19:50
*** amoralej is now known as amoralej\|off		19:51
*** edmondsw has quit IRC		19:52
*** jamielennox\|away is now known as jamielennox		19:53
*** woodster_ has joined #openstack-keystone		20:01
*** phalmos_ has joined #openstack-keystone		20:07
*** phalmos has quit IRC		20:10
openstackgerrit	Samuel Pilla proposed openstack/keystone: Add password expiration queries for PCI-DSS https://review.openstack.org/403898	20:39
*** spzala has quit IRC		20:40
*** spzala has joined #openstack-keystone		20:41
*** spzala_ has joined #openstack-keystone		20:43
*** spzala has quit IRC		20:45
*** spzala_ has quit IRC		20:48
*** chlong has joined #openstack-keystone		21:01
stevemar	rodrigods: samueldmq can either of you talk me out of reverting https://review.openstack.org/#/c/405574/16 ? :)	21:02
rodrigods	stevemar, hmm let check the comments	21:02
*** raildo has quit IRC		21:03
rodrigods	stevemar, yeah... think you have made pretty good comments there	21:03
stevemar	rodrigods: also, we should never be merging the docs before the impl is complete :P	21:03
stevemar	or maybe not, i'm not so harsh on that rule	21:04
openstackgerrit	Steve Martinelli proposed openstack/keystone: Revert "API Documentation for user password expires" https://review.openstack.org/409923	21:04
rodrigods	stevemar, this is the chicken/egg problem, i remember we used to only approve specs with the correspondent API changes	21:06
*** asettle has quit IRC		21:06
rodrigods	stevemar, about https://review.openstack.org/#/c/409010/	21:06
rodrigods	i mean to add a new log entry	21:06
rodrigods	do not reuse the "name" one	21:06
stevemar	rodrigods: doesn't seem to be an issue here: https://review.openstack.org/#/q/topic:bp/pci-dss-notifications	21:06
stevemar	rodrigods: they are properly dependent	21:06
rodrigods	stevemar, right - maybe ask to be always in the same topic branch	21:07
stevemar	rodrigods: oh i see what you mean, you don't want to write "duplicate name found `myidp`" when it's really an ID	21:08
stevemar	meh, it kinda serves as the name IMO	21:08
rodrigods	stevemar, it does	21:09
rodrigods	but if you give a slightly not accurate information	21:09
rodrigods	a person who is debugging something will have issues	21:09
stevemar	rodrigods: whats your proposed alternative?	21:09
rodrigods	stevemar, add a another conditional branch there	21:09
rodrigods	hehe	21:09
*** adriant has joined #openstack-keystone		21:09
rodrigods	if id...	21:09
rodrigods	elif id..	21:10
rodrigods	stevemar, or we can fill a dict with {'name': ..., 'id': ..., 'domain_id': ...} and create the message based on the parameters	21:11
rodrigods	don't know	21:11
stevemar	rodrigods: i commented on it	21:12
stevemar	rodrigods: your request was reasonable, just confused me initially, add more detail :)	21:13
rodrigods	stevemar, thx, it was exactly what i tried to say	21:13
openstackgerrit	Steve Martinelli proposed openstack/keystone: API Documentation for user password expires https://review.openstack.org/409936	21:32
stevemar	rodrigods: gagehugo samueldmq ^	21:32
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: API Documentation for user password expires https://review.openstack.org/409936	21:39
gagehugo	stevemar: thanks for fixing that!	21:47
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Make user to nonlocal_user a 1:1 relationship https://review.openstack.org/409946	21:48
*** Ephur has quit IRC		22:02
*** Ephur has joined #openstack-keystone		22:02
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Make user to nonlocal_user a 1:1 relationship https://review.openstack.org/409946	22:05
stevemar	gagehugo: np! just trying to set good habits ;)	22:06
*** asettle has joined #openstack-keystone		22:06
openstackgerrit	Steve Martinelli proposed openstack/keystone: API Documentation for user password expires https://review.openstack.org/409936	22:07
*** asettle has quit IRC		22:08
*** asettle has joined #openstack-keystone		22:09
openstackgerrit	Ron De Rose proposed openstack/keystone: Make user to nonlocal_user a 1:1 relationship https://review.openstack.org/409946	22:10
jamielennox	stevemar: so allow_expired is done from a server side, it needs: https://review.openstack.org/#/c/382100/	22:10
jamielennox	stevemar: which is a problem	22:11
jamielennox	we need to protect the service_token messages so that only the services should be allowed to extend operations	22:11
openstackgerrit	Richard Avelar proposed openstack/keystone: Add doctor checks for ldap symptoms https://review.openstack.org/409292	22:13
jamielennox	but so we need a policy check on the service token, but setting a reasonable default here is not backwards compatible	22:15
stevemar	jamielennox: oye	22:15
openstackgerrit	Richard Avelar proposed openstack/keystone: Add doctor checks for ldap symptoms https://review.openstack.org/409292	22:16
jamielennox	stevemar: writing this out i might have a solution, it'll just be a bit odd	22:17
jamielennox	stevemar: main question is do we want to use oslo.policy on that check or just a list of required roles	22:18
jamielennox	there's no other usages of oslo.policy in middleware	22:18
openstackgerrit	Ron De Rose proposed openstack/keystone: Make user to nonlocal_user a 1:1 relationship https://review.openstack.org/409946	22:22
*** asettle has quit IRC		22:26
stevemar	rderose: i feel like all those bugs that you're fixing for federation would have been better served as part of a spec or bp	22:28
rderose	stevemar: hmm... yeah, probably	22:29
stevemar	rderose: cause they could go in independent of the federated query APIs spec	22:29
rderose	stevemar: yeah, but I sort of feel we should fix things before starting that work	22:30
rderose	stevemar: and its seem everyone agrees that an IdP should be mapped to a domain	22:30
*** jaugustine has quit IRC		22:33
stevemar	rderose: totally	22:36
rderose	stevemar: before starting the federated query API, federated users need to belong to a domain and I want to fix a few issues with the data model	22:36
stevemar	rderose: i just wish there was a single reference instead of a set of bugs	22:36
stevemar	rderose: yep	22:36
rderose	stevemar: I see	22:36
stevemar	you can probably write 'bp whatever-the-name-was' in the commit message	22:36
rderose	stevemar: can we create a bp without a spec?	22:36
stevemar	nah, just link it back up to the federated query stuff	22:37
stevemar	it's foundation for it	22:37
rderose	stevemar: ah, right	22:37
rderose	okay	22:37
*** Ephur has quit IRC		22:37
*** Ephur has joined #openstack-keystone		22:38
*** Ephur has quit IRC		22:38
*** Ephur has joined #openstack-keystone		22:39
*** Ephur has quit IRC		22:39
*** Ephur has joined #openstack-keystone		22:40
*** Ephur has quit IRC		22:40
*** Ephur has joined #openstack-keystone		22:40
*** Ephur has quit IRC		22:41
*** Ephur has joined #openstack-keystone		22:41
*** ravelar has quit IRC		22:41
*** Ephur has quit IRC		22:42
*** Ephur has joined #openstack-keystone		22:42
*** Ephur has quit IRC		22:43
jamielennox	stevemar: so thoughts on auth_token depending on oslo.policy?	22:43
*** Ephur has joined #openstack-keystone		22:43
openstackgerrit	Ron De Rose proposed openstack/keystone: Require domain_id when registering Identity Providers https://review.openstack.org/399684	22:43
*** Ephur has quit IRC		22:43
stevemar	jamielennox: not crazy about it	22:44
*** Ephur has joined #openstack-keystone		22:44
jamielennox	neither	22:44
*** chris_hultin is now known as chris_hultin\|AWA		22:44
*** Ephur has quit IRC		22:44
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Set the domain for federated users https://review.openstack.org/408332	22:44
*** Ephur has joined #openstack-keystone		22:45
*** Ephur has quit IRC		22:45
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Add domain_id to the user table https://review.openstack.org/409874	22:46
*** Ephur has joined #openstack-keystone		22:46
*** asettle has joined #openstack-keystone		22:46
*** Ephur has quit IRC		22:46
*** Ephur has joined #openstack-keystone		22:47
openstackgerrit	Ron De Rose proposed openstack/keystone: Make user to nonlocal_user a 1:1 relationship https://review.openstack.org/409946	22:47
*** Ephur has joined #openstack-keystone		22:47
*** Ephur has quit IRC		22:48
*** Ephur has joined #openstack-keystone		22:49
*** asettle has quit IRC		22:49
*** Ephur has quit IRC		22:49
*** asettle has joined #openstack-keystone		22:49
*** Ephur has joined #openstack-keystone		22:49
*** Ephur has quit IRC		22:50
*** Ephur has joined #openstack-keystone		22:50
*** Ephur has quit IRC		22:50
*** spzala has joined #openstack-keystone		22:51
*** Ephur has joined #openstack-keystone		22:51
*** Ephur has quit IRC		22:51
*** Ephur has joined #openstack-keystone		22:52
*** Ephur has quit IRC		22:52
*** Ephur has joined #openstack-keystone		22:53
*** Ephur has quit IRC		22:53
*** asettle has quit IRC		22:53
*** Ephur has joined #openstack-keystone		22:54
*** Ephur has quit IRC		22:54
*** Ephur has joined #openstack-keystone		22:55
*** Ephur has quit IRC		22:55
*** Ephur has joined #openstack-keystone		22:55
*** Ephur has quit IRC		22:56
*** Ephur has joined #openstack-keystone		22:56
*** Ephur has quit IRC		22:57
*** Ephur has joined #openstack-keystone		22:57
*** Ephur has quit IRC		22:58
*** Ephur has joined #openstack-keystone		22:58
*** Ephur has quit IRC		22:58
*** Ephur has joined #openstack-keystone		22:59
*** Ephur has quit IRC		22:59
*** Ephur has joined #openstack-keystone		23:00
*** Ephur has quit IRC		23:00
*** Ephur has joined #openstack-keystone		23:01
*** Ephur has quit IRC		23:01
*** Ephur has joined #openstack-keystone		23:02
*** Ephur has quit IRC		23:02
*** Ephur has joined #openstack-keystone		23:03
*** Ephur has quit IRC		23:03
openstackgerrit	Merged openstack/keystone-specs: clean up approved specs for ocata https://review.openstack.org/408931	23:03
*** Ephur has joined #openstack-keystone		23:04
*** Ephur has quit IRC		23:04
*** Ephur has joined #openstack-keystone		23:04
*** Ephur has quit IRC		23:05
*** Ephur has joined #openstack-keystone		23:05
*** Ephur has quit IRC		23:05
*** Ephur has joined #openstack-keystone		23:06
*** Ephur has quit IRC		23:06
*** Ephur has joined #openstack-keystone		23:07
*** Ephur has quit IRC		23:07
*** Ephur has joined #openstack-keystone		23:08
*** Ephur has quit IRC		23:08
*** Ephur has joined #openstack-keystone		23:09
*** Ephur has quit IRC		23:09
openstackgerrit	ayoung proposed openstack/keystone-specs: Role Check from Middleware https://review.openstack.org/391624	23:10
*** Ephur has joined #openstack-keystone		23:10
*** Ephur has quit IRC		23:10
*** Ephur has joined #openstack-keystone		23:10
*** Ephur has quit IRC		23:11
*** Ephur has joined #openstack-keystone		23:11
*** Ephur has quit IRC		23:12
*** Ephur has joined #openstack-keystone		23:12
*** Ephur has quit IRC		23:13
*** Ephur has joined #openstack-keystone		23:13
*** Ephur has quit IRC		23:13
*** Ephur has joined #openstack-keystone		23:14
*** Ephur has quit IRC		23:14
*** Ephur has joined #openstack-keystone		23:15
*** Ephur has quit IRC		23:15
*** Ephur has joined #openstack-keystone		23:16
*** Ephur has quit IRC		23:16
*** Ephur has joined #openstack-keystone		23:17
*** Ephur has quit IRC		23:17
*** Ephur has joined #openstack-keystone		23:17
*** Ephur has quit IRC		23:18
*** Ephur has joined #openstack-keystone		23:19
*** Ephur has quit IRC		23:19
*** Ephur has joined #openstack-keystone		23:19
*** Ephur has quit IRC		23:20
*** Ephur has joined #openstack-keystone		23:20
*** Ephur has quit IRC		23:20
*** Ephur has joined #openstack-keystone		23:21
*** Ephur has quit IRC		23:21
*** Ephur has joined #openstack-keystone		23:22
*** Ephur has quit IRC		23:22
*** Ephur has joined #openstack-keystone		23:23
*** Ephur has quit IRC		23:23
*** Ephur has joined #openstack-keystone		23:24
*** Ephur has quit IRC		23:24
*** Ephur has joined #openstack-keystone		23:25
*** Ephur has quit IRC		23:25
*** Ephur has joined #openstack-keystone		23:26
*** Ephur has quit IRC		23:26
*** Ephur has joined #openstack-keystone		23:26
*** Ephur has quit IRC		23:27
*** Ephur has joined #openstack-keystone		23:27
*** Ephur has quit IRC		23:28
*** Ephur has joined #openstack-keystone		23:28
*** Ephur has quit IRC		23:28
*** Ephur has joined #openstack-keystone		23:29
*** Ephur has quit IRC		23:29
*** Ephur has joined #openstack-keystone		23:30
*** Ephur has quit IRC		23:30
*** Ephur has joined #openstack-keystone		23:31
*** Ephur has quit IRC		23:31
*** Ephur has joined #openstack-keystone		23:32
*** Ephur has quit IRC		23:32
*** Ephur has joined #openstack-keystone		23:32
*** Ephur has quit IRC		23:33
*** Ephur has joined #openstack-keystone		23:34
*** Ephur has quit IRC		23:34
*** Ephur has joined #openstack-keystone		23:34
*** Ephur has quit IRC		23:35
*** Ephur has joined #openstack-keystone		23:35
*** Ephur has quit IRC		23:36
*** gagehugo has quit IRC		23:36
*** Ephur has joined #openstack-keystone		23:36
*** Ephur has quit IRC		23:36
*** Ephur has joined #openstack-keystone		23:37
*** Ephur has quit IRC		23:37
*** Ephur has joined #openstack-keystone		23:38
*** Ephur has quit IRC		23:38
*** Ephur has joined #openstack-keystone		23:39
*** Ephur has quit IRC		23:39
*** Ephur has joined #openstack-keystone		23:40
*** adrian_otto has joined #openstack-keystone		23:40
*** Ephur has quit IRC		23:40
*** Ephur has joined #openstack-keystone		23:41
*** Ephur has quit IRC		23:41
*** Ephur has joined #openstack-keystone		23:41
*** Ephur has quit IRC		23:42
*** Ephur has joined #openstack-keystone		23:42
*** Ephur has quit IRC		23:43
*** Ephur has joined #openstack-keystone		23:43
*** Ephur has quit IRC		23:43
*** spzala has quit IRC		23:44
*** spzala has joined #openstack-keystone		23:44
*** Ephur has joined #openstack-keystone		23:44
*** Ephur has joined #openstack-keystone		23:45
*** Ephur has quit IRC		23:45
*** stingaci has joined #openstack-keystone		23:46
*** Ephur has joined #openstack-keystone		23:46
*** Ephur has quit IRC		23:46
stingaci	Hey guys. I have a question regarding the "admin_and_matching_domain_id" example rule defined here: http://docs.openstack.org/security-guide/identity/policies.html. Anyone around with a few short cycles to spare?	23:46
*** Ephur has joined #openstack-keystone		23:47
*** Ephur has quit IRC		23:47
*** Ephur has joined #openstack-keystone		23:48
*** Ephur has quit IRC		23:48
*** Ephur has joined #openstack-keystone		23:48
*** Ephur has quit IRC		23:49
*** asettle has joined #openstack-keystone		23:49
*** Ephur has joined #openstack-keystone		23:49
*** Ephur has quit IRC		23:50
*** Ephur has joined #openstack-keystone		23:50
*** Ephur has quit IRC		23:51
ayoung	stingaci, you don't take the easy path do you	23:51
ayoung	stevemar, can you ban Ephur?	23:51
*** Ephur has joined #openstack-keystone		23:51
*** Ephur has quit IRC		23:51
*** Ephur has joined #openstack-keystone		23:52
*** Ephur has quit IRC		23:52
*** dave-mccowan has quit IRC		23:53
*** Ephur has joined #openstack-keystone		23:53
*** Ephur has quit IRC		23:53
*** Ephur has joined #openstack-keystone		23:54
*** Ephur has quit IRC		23:54
*** asettle has quit IRC		23:54
stingaci	what do you mean? My goal is to restrict access (to users with the admin role) to the domain they're currently scoped to	23:54
stingaci	Is there an easier way?	23:54
*** Ephur has joined #openstack-keystone		23:55
*** Ephur has quit IRC		23:55
*** ravelar has joined #openstack-keystone		23:55
*** Ephur has joined #openstack-keystone		23:56
*** Ephur has quit IRC		23:56
*** Ephur has joined #openstack-keystone		23:57
stingaci	Also, with that rule in my keystone policy.json, I can't perform any of the regular admin operations. Conceptually, the rule makes sense to me, but I don't understand why it's not working..	23:57
*** Ephur has joined #openstack-keystone		23:57
*** Ephur has quit IRC		23:58
*** Ephur has joined #openstack-keystone		23:58
*** Ephur has quit IRC		23:58
*** Ephur has joined #openstack-keystone		23:59
*** Ephur has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!