Wednesday, 2016-12-21

« Tuesday, 2016-12-20 Index Thursday, 2016-12-22 »
*** ravelar has quit IRC00:24
openstackgerritTony Breeds proposed openstack/keystoneauth: Add Constraints support  https://review.openstack.org/41328700:26
openstackgerritTony Breeds proposed openstack/keystonemiddleware: Add Constraints support  https://review.openstack.org/41328800:28
rodrigodsstevemar, want to take a look at https://review.openstack.org/#/c/396752/35 before merging?00:34
*** guoshan has joined #openstack-keystone00:35
*** guoshan has quit IRC00:39
*** hoangcx has joined #openstack-keystone00:43
*** adrian_otto has joined #openstack-keystone00:44
openstackgerritTony Breeds proposed openstack/ldappool: Add Constraints support  https://review.openstack.org/41329500:46
*** adrian_otto1 has joined #openstack-keystone00:48
*** adrian_otto has quit IRC00:50
*** adrian_otto1 has quit IRC00:54
*** adrian_otto has joined #openstack-keystone00:54
*** adrian_otto has quit IRC00:55
openstackgerrithoward lee proposed openstack/keystoneauth: Add __ne__ built-in function  https://review.openstack.org/39829400:59
*** harlowja has joined #openstack-keystone01:06
*** tqtran has quit IRC01:16
*** liujiong has joined #openstack-keystone01:24
*** zhangjl has joined #openstack-keystone01:27
*** guoshan has joined #openstack-keystone01:35
*** namnh has joined #openstack-keystone01:36
*** haplo37_ has quit IRC01:38
*** haplo37 has joined #openstack-keystone01:40
*** harlowja has quit IRC01:44
*** stingaci has quit IRC01:47
*** zhangjl has quit IRC01:49
*** rha has quit IRC01:49
*** zhangjl has joined #openstack-keystone01:50
openstackgerritRon De Rose proposed openstack/keystone: WIP - PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391601:50
*** liujiong has quit IRC01:51
*** liujiong has joined #openstack-keystone01:51
openstackgerritTony Breeds proposed openstack/python-keystoneclient: Add Constraints support  https://review.openstack.org/41333702:01
*** adrian_otto has joined #openstack-keystone02:07
*** Zer0Byte__ has quit IRC02:20
*** adrian_otto has quit IRC02:21
*** ravelar has joined #openstack-keystone02:22
*** namnh_ has joined #openstack-keystone02:25
*** ravelar has quit IRC02:26
*** zhangjl1 has joined #openstack-keystone02:30
*** zhangjl has quit IRC02:32
openstackgerritShan Guo proposed openstack/keystone: [api] set `is_admin_project` on tokens for admin project  https://review.openstack.org/40967802:37
*** zhangjl1 has quit IRC02:43
*** namnh has quit IRC02:49
*** namnh_ has quit IRC02:49
*** namnh has joined #openstack-keystone02:50
openstackgerritShan Guo proposed openstack/keystone: Fix typo in the doc  https://review.openstack.org/41336302:50
*** iurygregory has quit IRC03:08
openstackgerritTony Breeds proposed openstack/python-keystoneclient-kerberos: Add Constraints support  https://review.openstack.org/41338303:12
*** tqtran has joined #openstack-keystone03:14
*** tqtran has quit IRC03:19
openstackgerritRon De Rose proposed openstack/keystone: Require domain_id when registering Identity Providers  https://review.openstack.org/39968403:33
*** links has joined #openstack-keystone03:36
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391604:05
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391604:07
*** stingaci has joined #openstack-keystone04:14
*** nicolasbock has quit IRC04:15
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391604:21
*** jaugustine has quit IRC04:33
*** oomichi has quit IRC04:52
*** oomichi has joined #openstack-keystone04:54
*** stingaci has quit IRC04:58
*** udesale has joined #openstack-keystone05:04
*** masber has quit IRC05:05
*** masber has joined #openstack-keystone05:05
*** guoshan has quit IRC05:20
*** yatin has joined #openstack-keystone05:32
*** zhangjl has joined #openstack-keystone05:44
*** guoshan has joined #openstack-keystone06:00
*** pooja_j has quit IRC06:02
*** pooja_j has joined #openstack-keystone06:14
*** GB21 has joined #openstack-keystone06:23
*** blake has joined #openstack-keystone06:42
*** tesseract has joined #openstack-keystone07:08
*** tesseract is now known as Guest2911407:09
*** tobberydberg has joined #openstack-keystone07:10
*** jaosorior has joined #openstack-keystone07:17
*** tqtran has joined #openstack-keystone07:18
*** tqtran has quit IRC07:22
*** pcaruana has joined #openstack-keystone07:34
*** stingaci has joined #openstack-keystone07:35
*** stingaci has quit IRC07:39
*** GB21 has quit IRC07:43
*** openstackgerrit has quit IRC07:48
*** namnh_ has joined #openstack-keystone07:57
blakeI'm looking to create a custom Keystone client authentication plugin, and would like to know the best way to install it. Do I simply place this in keystoneclient/auth/identity/v3/, or is there a way to dynamically register the plugin to make Keystone client aware of its existence?07:57
stevemarblake: you need to update setup.cfg too07:59
*** namnh has quit IRC07:59
stevemarblake: the [entry_points] section07:59
jamielennoxblake, stevemar: no you don't, they are entry points, so if you make your own package, register the entry point it will be available like every other plugin08:00
jamielennoxthere's no reason to hack it into keystoneauth unless you want to upstream it08:00
stevemarblake: trust jamielennox08:00
jamielennoxblake: also we've deprecated keystoneclient for keystoneauth, most things have moved over now and its an easy transition08:01
blakestevemar: I've been reading his blog. He's quite the Keystone expert :-)08:01
jamielennoxit just depends on what version you're targetting08:01
blakejamielennox: I'm looking up how to register the entry point. If you have an example, that would be much appreciated08:01
blakev308:01
jamielennox:) hey people read the blog~08:01
jamielennoxblake: so this isn't a keystoneclient/keystoneauth specific thing, python has setuptools entrypoints that let you basically iterate over all the entrypoints saved on the systemm08:02
jamielennoxin our case we register the entrypoint as https://github.com/openstack/keystoneauth/blob/master/setup.cfg#L4008:03
jamielennoxif you do the same thing in your package with yourpluginname = plugin.entry.point it'll work just like the others08:03
blakejamielennox: Ah, ok. I was just discussing this with a colleague & he mentioned I may have to use setuptools08:03
blakeGreat, I think this is exactly what I needed. Thank you :-)08:03
jamielennoxblake: np08:04
*** namnh_ has quit IRC08:05
*** rcernin has joined #openstack-keystone08:06
*** rha has joined #openstack-keystone08:12
*** rha has quit IRC08:13
*** rha has joined #openstack-keystone08:13
*** sileht has quit IRC08:16
*** dobson has quit IRC08:16
*** dobson has joined #openstack-keystone08:23
*** amoralej|off is now known as amoralej08:24
*** sileht has joined #openstack-keystone08:25
*** yatin is now known as yatin_away08:26
*** openstackgerrit has joined #openstack-keystone08:29
openstackgerritJohn Lin proposed openstack/keystone: Handle disk write failure when doing Fernet key rotation  https://review.openstack.org/41349508:29
*** blake has quit IRC08:36
*** dobson has quit IRC08:50
*** jaosorior has quit IRC08:58
*** zhangqiankun has quit IRC08:58
*** jaosorior has joined #openstack-keystone08:58
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** GB21 has joined #openstack-keystone09:02
*** rcernin has quit IRC09:11
*** dobson has joined #openstack-keystone09:16
*** chlong has quit IRC09:34
*** GB21 has quit IRC09:48
*** GB21 has joined #openstack-keystone09:48
*** hoangcx has quit IRC10:17
*** mvk has quit IRC10:18
*** liujiong has quit IRC10:23
*** guoshan has quit IRC10:45
*** mvk has joined #openstack-keystone10:50
*** zhangjl has left #openstack-keystone11:00
*** udesale has quit IRC11:06
*** tobberyd_ has joined #openstack-keystone11:08
*** tobberydberg has quit IRC11:12
*** tobberyd_ has quit IRC11:12
*** tobberydberg has joined #openstack-keystone11:45
*** guoshan has joined #openstack-keystone11:45
*** guoshan has quit IRC11:50
*** nicolasbock has joined #openstack-keystone11:50
*** GB21 has quit IRC11:55
*** GB21 has joined #openstack-keystone11:56
*** stingaci has joined #openstack-keystone11:59
*** stingaci has quit IRC12:04
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391612:11
*** GB21 has quit IRC12:17
*** Zer0Byte__ has joined #openstack-keystone12:21
*** rcernin has joined #openstack-keystone12:26
*** guoshan has joined #openstack-keystone12:46
*** iurygregory has joined #openstack-keystone12:49
*** pcaruana has quit IRC12:49
*** guoshan has quit IRC12:51
openstackgerritMerged openstack/keystone: [api] set `is_admin_project` on tokens for admin project  https://review.openstack.org/40967813:12
*** nklenke has quit IRC13:13
*** nklenke has joined #openstack-keystone13:20
*** dave-mccowan has joined #openstack-keystone13:25
stevemaro/13:29
*** pcaruana has joined #openstack-keystone13:32
openstackgerritMerged openstack/keystoneauth: Add Constraints support  https://review.openstack.org/41328713:40
openstackgerritSteve Martinelli proposed openstack/keystone: [doc] point release note docs to project team guide  https://review.openstack.org/41314213:46
openstackgerritMerged openstack/python-keystoneclient: Add Constraints support  https://review.openstack.org/41333713:47
*** guoshan has joined #openstack-keystone13:47
*** guoshan has quit IRC13:52
*** stingaci has joined #openstack-keystone14:01
*** udesale has joined #openstack-keystone14:02
*** Zer0Byte__ has quit IRC14:02
*** stingaci has quit IRC14:05
*** pooja_j has quit IRC14:08
*** lamt has joined #openstack-keystone14:10
*** jaosorior has quit IRC14:21
*** jaosorior has joined #openstack-keystone14:21
*** pooja_j has joined #openstack-keystone14:22
lbragstado/14:23
*** Zer0Byte__ has joined #openstack-keystone14:24
openstackgerritMerged openstack/python-keystoneclient: re-work inference rule bindings  https://review.openstack.org/41223614:24
*** pcaruana has quit IRC14:38
*** guoshan has joined #openstack-keystone14:48
*** links has quit IRC14:49
*** pcaruana has joined #openstack-keystone14:51
*** guoshan has quit IRC14:52
*** jaugustine has joined #openstack-keystone14:52
*** masterjcool has joined #openstack-keystone14:54
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use  https://review.openstack.org/40391615:00
*** ravelar has joined #openstack-keystone15:01
*** GB21 has joined #openstack-keystone15:08
*** markvoelker has quit IRC15:29
*** markvoelker has joined #openstack-keystone15:31
knikollamorning keystone o/15:38
stevemarhowdy knikolla15:43
*** jamielennox is now known as jamielennox|away15:46
knikollastevemar: good morning!15:47
*** openstackgerrit_ has joined #openstack-keystone15:47
openstackgerritMerged openstack/oslo.policy: Add Constraints support  https://review.openstack.org/41002415:47
*** guoshan has joined #openstack-keystone15:49
*** openstackgerrit_ has quit IRC15:49
openstackgerritMerged openstack/pycadf: Add Constraints support  https://review.openstack.org/41003615:49
*** chlong has joined #openstack-keystone15:52
*** guoshan has quit IRC15:54
*** jamielennox|away is now known as jamielennox15:54
lbragstadreminder that the policy meeting is in #openstack-meeting-cp for those who can make it16:02
*** stingaci has joined #openstack-keystone16:02
*** jaosorior has quit IRC16:03
*** GB21 has quit IRC16:03
lbragstadayoung ^16:04
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Revert "add CONTRIBUTING.rst"  https://review.openstack.org/41369916:04
*** tobberydberg has quit IRC16:05
*** tobberydberg has joined #openstack-keystone16:05
*** tobberydberg has quit IRC16:06
*** tobberydberg has joined #openstack-keystone16:06
*** tobberydberg has quit IRC16:06
*** tobberydberg has joined #openstack-keystone16:07
*** udesale has quit IRC16:07
*** tobberydberg has quit IRC16:07
*** tobberydberg has joined #openstack-keystone16:08
*** tobberydberg has quit IRC16:08
*** tobberydberg has joined #openstack-keystone16:09
*** mvk has quit IRC16:09
*** pcaruana has quit IRC16:13
*** tobberydberg has quit IRC16:13
openstackgerritMerged openstack/keystone-specs: Revert "add CONTRIBUTING.rst"  https://review.openstack.org/41369916:14
*** Guest29114 has quit IRC16:15
*** Zer0Byt__ has joined #openstack-keystone16:17
*** Zer0Byt__ has quit IRC16:18
*** Zer0Byte__ has quit IRC16:19
*** brad[] has quit IRC16:34
*** frontrunner has joined #openstack-keystone16:38
rderosestevemar: around?16:45
*** guoshan has joined #openstack-keystone16:49
*** tobberydberg has joined #openstack-keystone16:50
*** guoshan has quit IRC16:54
*** tobberydberg has quit IRC16:55
*** brad[] has joined #openstack-keystone16:59
*** openstackstatus has joined #openstack-keystone17:00
*** ChanServ sets mode: +v openstackstatus17:00
lbragstadayoung does that make sense?17:00
ayounglbragstad, yes17:01
*** openstackstatus has quit IRC17:02
*** openstack has quit IRC17:02
*** openstack has joined #openstack-keystone17:03
*** openstackstatus has joined #openstack-keystone17:04
*** ChanServ sets mode: +v openstackstatus17:04
lbragstadayoung jotted down the items in the bottom of https://etherpad.openstack.org/p/keystone-policy-usecases17:05
stevemarrderose: somewhat17:06
rderosestevemar: no worries, last week before vacation :)17:06
rderosestevemar: sent you an email, want to know if you can take a second look at: https://review.openstack.org/#/c/403916/17:06
stevemarrderose: aye, i will.17:07
rderosestevemar: when you have time (no rush)17:07
rderosestevemar: cool, thx17:07
*** Zer0Byte__ has joined #openstack-keystone17:10
*** rcernin has quit IRC17:10
*** ravelar has quit IRC17:14
*** stingaci has joined #openstack-keystone17:15
*** stingaci has quit IRC17:20
*** masterjcool has quit IRC17:23
*** masterjcool has joined #openstack-keystone17:35
stevemardstanek: morgan as a reminder, at the summit we decided that end of year is the feature proposal freeze: https://etherpad.openstack.org/p/ocata-keystone-priorities -- if you don't have code up for new features, it will be bumped17:38
stevemardstanek: morgan i'm referring to native SAML and per-user-auth17:39
stevemarit's also written here: https://releases.openstack.org/ocata/schedule.html17:39
morganstevemar: and yesterday I said it is likely to slip (per user auth)17:39
stevemarmorgan: womp womp :(17:39
stevemarmorgan: busy with zuul stuff?17:40
morganwe will see what I can crank out, but it was an expected risk with a short cycle and holidays.17:40
stevemaryep17:40
morganbusy with shade stuff.17:40
stevemardo what you gotta do17:40
morganand moving to Seattle.17:40
stevemari think moving takes priority17:41
morganI mean, it isn't a ton of code.17:41
morganbut it requires some sit-down time.17:41
morganI expected a chunk of work over the holidays to take place.17:42
morganmight not be reviewed, but likely posted to ferrite.17:42
morgangerrit*17:42
morganstupid autocorrect17:42
stevemarno no, ferrite is awesome17:42
stevemar:)17:42
morganright!?17:42
stevemarmorgan: yeah, i feel the same way about some of the bugs on the ocata list17:43
stevemari want to fix some of them over the holidays, but just depends if I get around to it17:43
*** tobberydberg has joined #openstack-keystone17:45
*** tobberydberg has quit IRC17:49
*** tobberydberg has joined #openstack-keystone17:50
*** guoshan has joined #openstack-keystone17:50
*** tobberydberg has quit IRC17:53
*** tobberydberg has joined #openstack-keystone17:54
*** guoshan has quit IRC17:54
-openstackstatus- NOTICE: Gerrit is being restarted to update its OpenID SSO configuration17:58
*** tobberydberg has quit IRC17:59
*** guoshan has joined #openstack-keystone18:00
*** guoshan has quit IRC18:06
*** pcaruana has joined #openstack-keystone18:34
*** tobberydberg has joined #openstack-keystone18:39
openstackgerritMerged openstack/keystone: Add reason to notifications for PCI-DSS  https://review.openstack.org/39675218:45
*** hogepodge has quit IRC18:46
*** tobberydberg has quit IRC18:51
*** amoralej is now known as amoralej|off18:56
*** guoshan has joined #openstack-keystone19:02
*** tqtran has joined #openstack-keystone19:02
morgandolphm: o/ non-keystone question for you when you have a few. curious on your thoughts about alexa, google home, etc :)19:06
*** guoshan has quit IRC19:06
*** stingaci has joined #openstack-keystone19:11
*** hogepodge has joined #openstack-keystone19:12
*** tobberydberg has joined #openstack-keystone19:27
openstackgerritGage Hugo proposed openstack/keystone: Add reason to CADF notifications in docs  https://review.openstack.org/40088219:28
stevemarmorgan: btw, should I mark the MFA spec as superseded by the per-user-auth ?19:28
morganstevemar: hm. possibly19:29
morganstevemar: let me look19:29
stevemarmorgan: https://launchpad.net/keystone/+milestone/ocata-319:29
stevemartheres "combined password and totp auth plugin for MFA" and "Per User MFA"19:29
morganoh yeah the combined one should be supersceded by per-user-mfa19:30
morganimo19:30
stevemargagehugo: one spelling mistake: truse / trust19:30
morganwe may need to update the specs repo too19:30
stevemarmorgan: i'll put it in the superseded repo19:30
stevemarerr directory19:30
openstackgerritSteve Martinelli proposed openstack/keystone: Add reason to CADF notifications in docs  https://review.openstack.org/40088219:30
gagehugo:(19:31
gagehugostevemar: thanks19:31
stevemargagehugo: fixed!19:31
stevemargagehugo: np dude19:31
morganstevemar: ++19:31
crinkleI'm confused about the relationship between domain role assignments and user domains, I would have expected a user to have an implicit role in the domain it was created in, but I guess it doesn't work like that?19:52
morgancrinkle: so, domains own a user19:55
morgandoesn't mean a user can act on resources in the domain19:55
morganit's not implicit, all grants must be explicit19:55
morganthis is (or was especially important) in Federation, where the user shouldn't be able to create/use resources (e.g. VMs) in the "federated" domain19:57
morganit allows for separation of concerns.19:58
morganthe issue is it is not always intuative19:58
morgan:(19:58
morganpersonally I'd be open to a feature to make an implicit role for the domain to work (also doable via groups, create the user and add the user to the group which has the explicit role)19:59
crinklehmm okay20:03
crinklewhat I'm looking at is basically this todo in horizon: http://git.openstack.org/cgit/openstack/horizon/tree/openstack_dashboard/templatetags/context_selection.py#n7120:04
crinklewhat should be in that list20:04
*** stingaci has quit IRC20:10
*** stingaci has joined #openstack-keystone20:11
*** pcaruana has quit IRC20:11
morgancrinkle: not sure what "domain switching" is in that context20:17
morgandomain scoping?20:17
morganif so, it should simply be a list of domains the user can scope to20:18
morganwhich shouldn't really be impacted by implicit/explicit roles (works semantically the same as project rescoping)20:18
crinkle"list of domains the user can scope to" == "list of domains the user has a role in" ?20:20
*** stingaci has quit IRC20:21
morganyeh20:23
morgancorrect20:23
crinkleokay20:25
crinklethanks morgan20:25
morgan:)20:26
morganhappy to help120:26
*** stingaci has joined #openstack-keystone20:29
*** frontrunner has quit IRC20:34
*** chlong has quit IRC20:36
*** tobberydberg has quit IRC20:41
*** frontrunner has joined #openstack-keystone20:45
*** frontrunner has quit IRC20:50
*** chlong has joined #openstack-keystone20:52
*** SamYaple is now known as kollabot20:54
*** kollabot is now known as SamYaple20:54
*** guoshan has joined #openstack-keystone21:03
*** guoshan has quit IRC21:08
*** adrian_otto has joined #openstack-keystone21:13
lbragstadstevemar do you know where we keep our api documentation for federated things?21:16
*** adrian_otto has quit IRC21:17
lbragstadstevemar I would expect it to be in here - http://developer.openstack.org/api-ref/identity/v3/index.html but that doesn't seem to be the case21:17
openstackgerritRon De Rose proposed openstack/keystone: WIP - Add domain_id to the user table  https://review.openstack.org/40987421:19
*** adrian_otto has joined #openstack-keystone21:21
*** Zer0Byte__ has quit IRC21:22
*** Zer0Byte__ has joined #openstack-keystone21:24
*** iurygregory has quit IRC21:27
stevemarlbragstad: just slightly wrong21:29
stevemarlbragstad: go back a folder and look for federation.inc21:29
stevemarlbragstad: http://developer.openstack.org/api-ref/identity/v3-ext/index.html21:29
stevemarlbragstad: the source is all here; https://github.com/openstack/keystone/tree/master/api-ref/source/v3-ext21:30
stevemarlbragstad: i'm totally not opposed to dumping it all under /v321:30
lbragstadstevemar interesting - it looks like the format differs a little bit too21:31
stevemarlbragstad: shouldn't too much21:31
*** adrian_otto has quit IRC21:31
lbragstaddstanek I don't suppose you're going to be around tomorrow are you?21:46
Zer0Byte__hey someone know if jenkins have some problems?21:54
*** diazjf has joined #openstack-keystone22:00
openstackgerritRon De Rose proposed openstack/keystone: WIP - Add domain_id to the user table  https://review.openstack.org/40987422:03
*** chlong has quit IRC22:04
lbragstadZer0Byte__ dhellmann did send a note about a new version of reno that might be impacting - http://lists.openstack.org/pipermail/openstack-dev/2016-December/109326.html22:09
lbragstadZer0Byte__ sounds like they are working on getting that straightened out though22:09
Zer0Byte__i do some commits22:10
Zer0Byte__and fails because got timed out22:10
Zer0Byte__or the tests fails because the expected date and time is not the same22:10
lbragstadZer0Byte__ oh - that might be related then22:10
lbragstadmight not*22:10
*** dave-mccowan has quit IRC22:14
*** SamYaple has quit IRC22:18
*** SamYaple has joined #openstack-keystone22:25
openstackgerritMerged openstack/keystone: Add reason to CADF notifications in docs  https://review.openstack.org/40088222:29
*** stingaci has quit IRC22:37
*** diazjf has quit IRC22:38
*** frontrunner has joined #openstack-keystone22:57
*** stingaci has joined #openstack-keystone23:01
*** mvk has joined #openstack-keystone23:03
*** guoshan has joined #openstack-keystone23:04
*** guoshan has quit IRC23:08
*** lamt has quit IRC23:32
*** stingaci has quit IRC23:43
*** catintheroof has joined #openstack-keystone23:48
« Tuesday, 2016-12-20 Index Thursday, 2016-12-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!