Friday, 2017-02-17

*** erlon has quit IRC00:05
*** lamt has joined #openstack-keystone00:11
*** lamt has quit IRC00:12
*** ngupta has joined #openstack-keystone00:33
*** hoangcx has joined #openstack-keystone00:38
*** tovin07 has joined #openstack-keystone00:39
Adobemanis there a... reference of v2 to v3 commands?00:44
Adobemanlike translator00:44
*** esp has quit IRC00:47
*** martinlopes has joined #openstack-keystone00:47
*** ayoung has quit IRC00:51
*** ngupta has quit IRC01:03
Adobemanok... so I'm  following keithtenzer's blog.. I am tempting to translate his v2 command into v3... already getting stuck with first one01:05
Adobemankeystone user-role-add --user-id  ospadmin --role admin --tenant admin  <should become> openstack role add --project admin --user ospadmin admin01:06
Adobemannow it just tell me no ospadmin user exist01:07
*** liujiong has joined #openstack-keystone01:08
*** aasthad has quit IRC01:12
*** catintheroof has quit IRC01:13
*** esp has joined #openstack-keystone01:16
*** thorst_afk has joined #openstack-keystone01:17
*** jamielennox is now known as jamielennox|away01:18
*** guoshan has joined #openstack-keystone01:19
*** martinlopes has quit IRC01:20
*** jamielennox|away is now known as jamielennox01:25
*** dave-mccowan has joined #openstack-keystone01:27
*** liuhaijie has joined #openstack-keystone01:35
lbragstadAdobeman as far as a reference that translates keystone client CLI to openstack client? I don't think there is one01:36
lbragstadcc stevemar01:36
lbragstador jamielennox ?01:36
*** liuhaijie has quit IRC01:38
*** liuhaijie has joined #openstack-keystone01:39
*** thorst_afk has quit IRC01:41
stevemarAdobeman: hmm, that should work01:44
stevemarAdobeman: does "openstack user show ospadmin" work?01:44
*** esp has quit IRC01:46
*** liuhaijie has quit IRC01:47
*** martinlopes has joined #openstack-keystone01:51
*** d-bark has joined #openstack-keystone01:53
*** thorst_afk has joined #openstack-keystone01:56
*** d-bark has quit IRC01:57
*** d-bark has joined #openstack-keystone01:58
*** slunkad has quit IRC02:08
*** esp has joined #openstack-keystone02:18
jamielennoxi mean if you're doing something cross domain you might be missing some flags, but otherwise it looks ok02:20
*** tqtran has quit IRC02:24
Adobemanstevemar: yes, it worked..02:24
Adobemanwhat doesnt work is..02:25
Adobemankind of wish ayoung here..02:25
Adobemanfree ipa is up and functional, as ldap server at least..02:25
Adobemanjust went through keith's blog on getting keystone to work with freeipa..02:26
AdobemanI believe I put in all the v3 command properly, "translated" from v2..02:26
Adobemanospadmin/ospuser..etc all created02:26
Adobemanit still throwing me a fit02:26
Adobemantrying to login as ospadmin into openstack, getting "You are not authorized for any projects or domains."02:27
Adobemanospuser I meant02:28
Adobemanodd, keystone said  authorization failed02:34
Adobemanipa said it returned something...02:34
Adobemanok, not sure I understand ipa's log02:36
*** ravelar has quit IRC02:36
*** ngupta has joined #openstack-keystone02:43
*** thorst_afk has quit IRC02:50
*** slunkad has joined #openstack-keystone03:00
*** esp has quit IRC03:00
*** thorst_afk has joined #openstack-keystone03:03
*** thorst_afk has quit IRC03:04
openstackgerritAnh Tran proposed openstack/keystonemiddleware master: Remove unused logging import
*** deepbook5broo has joined #openstack-keystone03:34
*** deepbook5broo has left #openstack-keystone03:34
*** thorst_afk has joined #openstack-keystone03:35
*** thorst_afk has quit IRC03:35
*** dave-mccowan has quit IRC03:47
*** zhugaoxiao has quit IRC03:49
*** david-lyle has quit IRC03:49
*** zhugaoxiao has joined #openstack-keystone03:50
*** david-lyle has joined #openstack-keystone03:50
morganAdobeman: you need to grant a role for that user on a project.03:51
morganAdobeman: in keystone, sounds like that is all that is missing03:51
morganthis is a keystone-specific thing now vs anything wrong with IPA.03:51
*** adrian_otto has joined #openstack-keystone03:57
*** links has joined #openstack-keystone04:03
*** adu has joined #openstack-keystone04:04
*** adu has left #openstack-keystone04:04
*** guoshan has quit IRC04:06
*** prashkre has joined #openstack-keystone04:13
*** adrian_otto has quit IRC04:14
*** nicolasbock has quit IRC04:17
*** adrian_otto has joined #openstack-keystone04:34
*** v1k0d3n has quit IRC04:40
*** adriant has quit IRC04:48
*** ngupta has quit IRC04:51
*** tqtran has joined #openstack-keystone04:51
*** ngupta has joined #openstack-keystone04:52
*** v1k0d3n has joined #openstack-keystone04:52
*** adrian_otto has quit IRC04:54
*** tqtran has quit IRC04:55
*** ngupta has quit IRC04:56
*** thorst_afk has joined #openstack-keystone04:57
*** thorst_afk has quit IRC05:02
*** slunkad has quit IRC05:02
*** v1k0d3n has quit IRC05:05
*** guoshan has joined #openstack-keystone05:06
*** slunkad has joined #openstack-keystone05:07
*** rcernin has joined #openstack-keystone05:08
*** guoshan has quit IRC05:10
*** esp has joined #openstack-keystone05:17
*** dikonoor has joined #openstack-keystone05:17
*** maestropandy has joined #openstack-keystone05:17
*** v1k0d3n has joined #openstack-keystone05:18
*** tqtran has joined #openstack-keystone05:53
*** tqtran has quit IRC05:58
*** esp has quit IRC06:06
*** guoshan has joined #openstack-keystone06:07
*** guoshan has quit IRC06:12
*** guoshan has joined #openstack-keystone06:19
*** martinlopes has quit IRC06:20
*** rcernin has quit IRC06:21
*** jerrygb has joined #openstack-keystone06:41
*** richm has quit IRC06:42
*** jerrygb has quit IRC06:46
*** hoangcx_ has joined #openstack-keystone06:57
*** thorst_afk has joined #openstack-keystone06:59
*** hoangcx has quit IRC06:59
*** jerrygb has joined #openstack-keystone07:00
*** rcernin has joined #openstack-keystone07:01
*** thorst_afk has quit IRC07:03
*** jerrygb has quit IRC07:05
*** d-bark has quit IRC07:08
*** tesseract has joined #openstack-keystone07:11
*** maestropandy has quit IRC07:45
*** tqtran has joined #openstack-keystone07:55
*** lamt has joined #openstack-keystone07:55
*** hoangcx has joined #openstack-keystone07:59
*** tqtran has quit IRC07:59
*** hoangcx_ has quit IRC08:00
*** prashkre_ has joined #openstack-keystone08:04
*** prashkre has quit IRC08:04
*** lamt has quit IRC08:21
*** pcaruana has joined #openstack-keystone08:22
*** prashkre has joined #openstack-keystone08:47
*** prashkre_ has quit IRC08:50
*** pramodrj07 has joined #openstack-keystone08:58
*** thorst_afk has joined #openstack-keystone08:59
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** MasterOfBugs has quit IRC09:01
*** thorst_afk has quit IRC09:04
*** prashkre_ has joined #openstack-keystone09:13
*** prashkre has quit IRC09:15
*** prashkre__ has joined #openstack-keystone09:18
*** prashkre_ has quit IRC09:22
*** tovin07 has quit IRC09:26
*** jaosorior has joined #openstack-keystone09:27
*** maestropandy has joined #openstack-keystone09:30
*** maestropandy has left #openstack-keystone09:30
*** slunkad has quit IRC09:30
*** slunkad has joined #openstack-keystone09:35
*** guoshan has quit IRC09:53
*** edmondsw has joined #openstack-keystone09:54
*** tqtran has joined #openstack-keystone09:56
*** edmondsw has quit IRC09:58
*** tqtran has quit IRC10:00
*** hoangcx has quit IRC10:02
*** haplo37_ has quit IRC10:03
*** haplo37_ has joined #openstack-keystone10:03
*** prashkre_ has joined #openstack-keystone10:03
*** prashkre__ has quit IRC10:05
*** liujiong has quit IRC10:15
*** jaosorior has quit IRC10:29
*** jaosorior has joined #openstack-keystone10:30
*** jerrygb has joined #openstack-keystone10:46
*** jerrygb has quit IRC10:50
*** jerrygb has joined #openstack-keystone10:51
*** jaosorior has quit IRC10:52
*** jaosorior has joined #openstack-keystone10:53
*** jerrygb_ has joined #openstack-keystone10:54
*** jerrygb has quit IRC10:55
*** thorst_afk has joined #openstack-keystone11:01
*** prashkre_ has quit IRC11:01
*** thorst_afk has quit IRC11:05
*** richm has joined #openstack-keystone11:11
*** nicolasbock has joined #openstack-keystone11:19
*** ayoung has joined #openstack-keystone11:28
*** ChanServ sets mode: +v ayoung11:28
*** jerrygb_ has quit IRC12:10
*** dave-mccowan has joined #openstack-keystone12:14
*** jaosorior has quit IRC12:16
*** catintheroof has joined #openstack-keystone12:23
*** jerrygb has joined #openstack-keystone12:29
*** jaosorior has joined #openstack-keystone12:30
*** raildo has quit IRC12:40
*** raildo has joined #openstack-keystone12:41
*** thorst_afk has joined #openstack-keystone12:43
*** jerrygb_ has joined #openstack-keystone12:45
robcresswellWhats the deployment % between v2 and v3 nowadays? Is v3-only going to happen anytime soon?12:45
*** jerrygb has quit IRC12:46
*** erlon has joined #openstack-keystone12:51
*** dikonoor has quit IRC12:55
*** dikonoor has joined #openstack-keystone12:55
*** jerrygb_ has quit IRC13:02
*** jerrygb has joined #openstack-keystone13:02
*** edmondsw has joined #openstack-keystone13:07
*** Dinesh_Bhor has quit IRC13:14
*** links has quit IRC13:36
*** spilla has joined #openstack-keystone13:45
*** wllabs has quit IRC13:46
*** jaosorior has quit IRC13:50
*** jaosorior has joined #openstack-keystone13:51
*** slunkad has quit IRC13:52
*** jaosorior has quit IRC13:56
*** jaosorior has joined #openstack-keystone13:56
*** thorst_afk is now known as thorst_13:56
dstanekrobcresswell: i'd love to hear numbers as well. i'm assuming that v2 will be gone as soon as we are able to13:57
robcresswelldstanek: Would Keystone consider pushing it themselves? As in, announcing deprecation in P/removal in R13:58
openstackgerritRodrigo Duarte proposed openstack/keystone master: Rename protocol cascade delete migration file
*** chlong has joined #openstack-keystone14:15
dstanekrobcresswell: i'm sure we would. i deprecated it serveral releases ago and we had to roll it back because there were complaints14:16
robcresswelldstanek: Ah okay. I'll bring it up at the PTG if there's an appropriate time. Perhaps with the new CP work going on too, we can make sure we're at good point to move forward.14:18
lbragstadrobcresswell we're anxiously awaiting the day we can remove v2.0 stuff14:19
robcresswelllbragstad: I believe thats your call now boss :)14:19
dstanekrobcresswell: sounds good to me14:19
robcresswelllbragstad: Any appropriate sessions at the PTG to raise this?14:20
lbragstadrobcresswell :)14:20
lbragstadrobcresswell I was just about to check14:20
lbragstadrobcresswell we have a dedicated session for deprecations/removals schedule for 3:40 on Thursday in the keystone room14:21
lbragstadrobcresswell would that work? you can add your context here if you'd like -
*** jaosorior has quit IRC14:22
*** jaosorior has joined #openstack-keystone14:30
*** agarner_away has quit IRC14:42
lbragstadbug day!14:42
*** aleph1 has joined #openstack-keystone14:43
lbragstadalright - fwiw, i'm going to be going through bugs today and dropping links here in case anyone feels like picking them up14:44
lbragstadi'll be doing the same for reviews that close bugs14:44
*** spzala has joined #openstack-keystone14:45
*** ravelar has joined #openstack-keystone14:49
*** aasthad has joined #openstack-keystone14:50
*** dikonoor has quit IRC14:51
*** jerrygb has quit IRC14:59
*** jerrygb has joined #openstack-keystone15:00
*** edtubill has joined #openstack-keystone15:04
*** jerrygb has quit IRC15:04
*** nkinder has joined #openstack-keystone15:05
*** iljal has joined #openstack-keystone15:08
*** rderose has joined #openstack-keystone15:11
*** lucasxu has joined #openstack-keystone15:13
*** lamt has joined #openstack-keystone15:14
*** ngupta has joined #openstack-keystone15:14
*** h5t4 has joined #openstack-keystone15:18
*** gabarmas has joined #openstack-keystone15:26
lbragstadthis one is looking good in case anyone want to review something -
lbragstadand it closes a bug15:26
*** iljal has quit IRC15:28
gabarmasHi guys. What's the best place to get help about keystone? Is there a mail list or some sort of forum somewhere?15:28
lbragstadgabarmas o/15:29
lbragstadgabarmas what are you interested in helping with?15:29
lbragstader - sorry15:29
rodrigodslbragstad, looks good, but i don't see we assigning too much functions in our code, have the same opinion as you15:30
*** ngupta has quit IRC15:30
lbragstadi misread your question - I totally thought you were about to volunteer to help with something ;)15:30
lbragstadrodrigods i think that one could also use a release note15:30
gabarmashaha, I don't think I'm prepared for that.15:30
lbragstadgabarmas depending on what your question is - you can usually find a lot of help in the channel15:30
*** ngupta has joined #openstack-keystone15:30
lbragstadgabarmas this channel specifically*15:31
lbragstadgabarmas feel free to ask away - chances are someone here will be able to help you out - or at least point you in the right direction15:31
*** esp has joined #openstack-keystone15:31
gabarmasThanks. So I'm trying to leverage it for connecting a kubernetes deployment (in bare metal) to the enterprise LDAP, inspired by this:
gabarmasI think I have made it through most. SSL setup, creating an ldap domain actually, I know that ldap conf file is being read and configuration there looks ok. But I just can't seem to make any of my tests work, so I'm stuck.15:33
openstackgerritRodrigo Duarte proposed openstack/python-keystoneclient master: do not merge: test ksc gate
gabarmasI was hoping to at least get some logging output from python-ldap (I have set debug_level 4095), but no luck. I'm probably missing something.15:36
dstanekgabarmas: what are you doing with keystone?15:36
dstanekjust trying to use the same LDAP?15:37
gabarmasKubernetes auth options are not too complex, but it does support keystone:
gabarmasThe link I sent above mentions a way to make kubernetes connect to an AD, using keystone ldap config in the process. I'm trying to do the same, but with my company's openldap.15:39
*** h5t4 has quit IRC15:39
dstanekgabarmas: are you getting an error trying to use keystone?15:42
gabarmasEverything seems to be OK starting it, but when I do a test by curling something like: auth":{"passwordCredentials":{"username": "gabarmas", "password": "xxxxx"}}}, all I get is, in keystone.log: "2017-02-17 14:55:51.719 6127 WARNING keystone.common.wsgi [req-1dbe9023-867c-4b51-b5be-d1dbe2f26165 - - - - -] Authorization failed. The request you have made requires authentication. from"15:44
*** ngupta has quit IRC15:44
*** ngupta has joined #openstack-keystone15:44
gabarmasthe curl comes back with 401, which is kind of expected. But no sign that ldap is being used (or tried) at all. I have enabled debug output.15:45
dstanekgabarmas: do you have debugging enabled?15:45
gabarmasYes, debug = true under [DEFAULT] in keystone.conf,  and debug_level = 4095 under [ldap] in domains/keystone.ldap.conf15:47
gabarmasI might be missing something important of keystone, so I apologize in advance. I don't have any experience with it prior to this.15:50
lbragstadgabarmas no worries - i'm still parsing the how-to15:51
dstanekgabarmas: so the config they show looks correct at first glance. are the settings like user_tree_dn all correct? are you able to auth from the command line?15:57
*** tqtran has joined #openstack-keystone16:00
*** spzala has quit IRC16:00
gabarmasYou mean ldap settings? Yes, I believe so. But even if they weren't, wouldn't keystone output specific ldap logging?16:01
gabarmasHopefully is just a case of me messing up the ldap config, but I can't see any trace at all that keystone is trying to connect to ldap, so I assumed it wasn't.16:02
*** tqtran has quit IRC16:04
*** rderose has quit IRC16:07
dstanekgabarmas: it's odd that you are not getting and debug log statements16:08
lbragstadgabarmas are you accessing keystone via kubectl?16:08
*** chris_hultin|AWA is now known as chris_hultin16:08
lbragstadgabarmas or are you interacting with keystone directly?16:09
dstaneklbragstad: one of the failed attempts was a curl16:09
gabarmasI'm interacting with it directly, either through keystone client (which works alright) or through curl (which doesn't)16:09
dstanekgabarmas: oh, so the keystone client actually works for you?16:09
*** rderose has joined #openstack-keystone16:10
gabarmasWait, using admin_token for auth.16:10
lbragstadfwiw - the pike schedule has been released!
gabarmasCan I test ldap credentials using the client?16:10
*** rderose_ has joined #openstack-keystone16:11
dstanekgabarmas: yes, unset that as the token and provide --os-username and --os-password? i've been using os-client-config so long that i don't remember16:12
gabarmasok, 1 sec16:12
dstanekgabarmas: actually i would suggest that you stick with the curl command to reduce the number of variables16:12
gabarmasok :). Maybe there is a step I am missing, regarding read-only LDAP integration.16:16
gabarmasDo I need to provision users beforehand? If it is required, I'm not doing any of that.16:17
dstanekgabarmas: you don't have any users in your AD?16:18
gabarmasI have hundreds. I meant, in keystone, before a user can login.16:18
dstanekgabarmas: if you are using ldap as the identity backend then you don't need to have have users in keystone. can you paste curl command you are using to
*** pcaruana has quit IRC16:21
lbragstaddstanek morgan either of you interested in doing a pycadf review - ?16:26
lbragstad is dependent on it16:26
dstaneklbragstad: sure16:27
lbragstaddstanek thanks!16:27
*** rderose_ has quit IRC16:27
gabarmasdstanek: here it is:
gabarmasI copied the relevant logging output.16:29
*** jaosorior has quit IRC16:30
openstackgerritTravis Tripp proposed openstack/keystone master: Fix example response formatting
dstanekgabarmas: that's strange. did you restart keystone after you edited the config to use ldap?16:34
dstanekgabarmas: also somehow earlier i got the impression that you were using a domain specific config for ldap. is that not true?16:34
*** rcernin has quit IRC16:35
dstanekgabarmas: ah right you have a keystone.ldap.conf -- is that for a specific domain or did you just name the config like that?16:36
gabarmasWait, maybe that's it. Early this week I run into issues so I tried domains since then.16:37
gabarmasI created an ldap domain using the API, named ldap. Before that, keystone would fail saying ldap is not a valid domain name.16:38
dstanekgabarmas: domains don't work in v2. you hae to use v3 and specify the domain in the auth request16:38
dstanekgabarmas: see for examples16:38
gabarmasI set: "default_domain_id = ldap" in keystone.conf, but now I realize that it is an id, not name. So it might be the issue?16:39
gabarmasAh right, let me give it a go.16:39
*** tesseract has quit IRC16:41
gabarmasdstanek: Yes that was it. Either setting the domain via using v3 or setting "default_domain_id = <the actual ID>" worked16:44
dstanekgabarmas: nice16:45
gabarmasSorry for that, I knew it had to be a stupid thing. Thanks so much for the help!16:45
*** pramodrj07 has quit IRC16:46
*** MasterOfBugs has joined #openstack-keystone16:46
*** gabarmas has quit IRC16:48
*** nishaYadav_ has joined #openstack-keystone16:51
*** rderose_ has joined #openstack-keystone16:55
*** spzala has joined #openstack-keystone17:00
lbragstadthis should be an easy review once the next iteration comes up -
lbragstad*and* it closes a bug :)17:01
openstackLaunchpad bug 1665706 in OpenStack Identity (keystone) "devref api curl examples are hard to read - not formatted" [Undecided,In progress] - Assigned to Travis Tripp (travis-tripp)17:01
openstackgerritTravis Tripp proposed openstack/keystone master: Fix example response formatting
dstanekheya nishaYadav_17:20
nishaYadav_dstanek: hey :)17:20
*** lamt has quit IRC17:24
*** nishaYadav_ has quit IRC17:29
openstackgerritRichard Avelar proposed openstack/keystone master: WIP
*** lamt has joined #openstack-keystone17:33
*** lucasxu has quit IRC17:33
*** iljal has joined #openstack-keystone17:45
*** jerrygb_ has joined #openstack-keystone17:46
*** jerrygb has joined #openstack-keystone17:50
*** jerrygb_ has quit IRC17:51
*** spzala has quit IRC17:53
*** ravelar1 has joined #openstack-keystone17:55
*** ravelar1 has quit IRC18:01
openstackgerritMerged openstack/pycadf master: Make `is_valid` more flexible with uuid validation
*** lamt has quit IRC18:28
*** iljal has quit IRC18:28
*** MasterOfBugs has quit IRC18:42
*** tqtran has joined #openstack-keystone18:51
*** spzala has joined #openstack-keystone18:58
*** spzala has quit IRC19:02
-openstackstatus- NOTICE: Restarting gerrit due to performance problems19:03
*** spzala has joined #openstack-keystone19:04
*** MasterOfBugs has joined #openstack-keystone19:06
*** spzala has quit IRC19:09
*** gyee has joined #openstack-keystone19:14
*** bjolo_ has joined #openstack-keystone19:15
*** spzala has joined #openstack-keystone19:15
*** spzala has quit IRC19:20
*** spzala has joined #openstack-keystone19:40
*** gagehugo has quit IRC19:44
*** spzala has quit IRC19:44
openstackgerritMerged openstack/keystone master: Fix multiple uuid warnings with pycadf
*** spzala has joined #openstack-keystone20:12
*** intlabs is now known as portdirect20:13
*** spzala has quit IRC20:16
*** lamt has joined #openstack-keystone20:17
*** portdirect is now known as portdirect_travl20:18
samueldmqravelar: o/20:24
rderosesamueldmq ravelar!!20:26
ravelarchat slowly coming back to life lol20:28
*** lamt has quit IRC20:33
antwashravelar : \o/20:35
openstackgerritOpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements
ravelarantwash rderose samueldmq now its a party20:37
rderoseoh yeah \o/20:37
antwashjust missing :beer:20:37
samueldmqoh my irc client supports beer20:38
ravelarsamueldmq link to the download?20:39
lbragstadwhat... do... we... got... going on in here?20:41
lbragstadvirtual tag?!20:41
samueldmqlbragstad: hey tou too joining the party20:43
*** jerrygb has quit IRC20:44
samueldmqit's been a crazy week for me20:44
samueldmqlooking forward to seeing you all next week20:44
lbragstadyeah - should be fun20:44
*** raildo has quit IRC20:48
*** gagehugo has joined #openstack-keystone20:53
ravelarsamueldmq ++ excited20:58
ravelarlbragstad ++20:58
openstackgerritRichard Avelar proposed openstack/python-keystoneclient master: do not merge: test ksc gate
openstackgerritMerged openstack/keystone master: Fix example response formatting
*** browne has joined #openstack-keystone21:05
*** gagehugo has quit IRC21:07
*** haplo37_ has quit IRC21:09
*** rderose_ has quit IRC21:09
*** spzala has joined #openstack-keystone21:12
*** haplo37_ has joined #openstack-keystone21:19
openstackgerritLance Bragstad proposed openstack/keystone master: Create a policies module
openstackgerritLance Bragstad proposed openstack/keystone master: Move default user policies in code
openstackgerritAnthony Washington proposed openstack/keystone master: WIP: Policy in code
*** ngupta_ has joined #openstack-keystone21:37
lbragstadantwash muahahah - noice!21:38
*** chris_hultin is now known as chris_hultin|AWA21:38
antwashlbragstad : hahaha, we'll get it done eventually21:39
lbragstadantwash might isn't passing tests locally21:40
lbragstadantwash reviewing yours now21:40
*** ngupta has quit IRC21:40
*** ngupta_ has quit IRC21:41
* morgan looks at some reviews before flying21:43
antwashlbragstad : forgot to do pep8 before pushing lol #Rookie21:43
lbragstadantwash no worries - i'm about done with my once over.21:43
antwashlbragstad : testing locally no21:48
lbragstadantwash posted my comments21:49
openstackgerritRichard Avelar proposed openstack/keystone master: Extend User API to support federated attributes
*** bjolo_ has quit IRC21:51
*** thorst_ has quit IRC21:53
*** jerrygb has joined #openstack-keystone21:57
*** spilla has quit IRC22:00
*** jerrygb has quit IRC22:03
*** ngupta has joined #openstack-keystone22:10
*** breton has quit IRC22:13
*** gagehugo has joined #openstack-keystone22:16
*** dave-mccowan has quit IRC22:17
antwashlbragstad : 1246 test fail ... that's not that bad lol22:17
lbragstadantwash all the failures are similar though - so it could be something simple that's just affecting a lot of tests.22:18
*** breton has joined #openstack-keystone22:19
*** edmondsw has quit IRC22:23
*** edtubill has quit IRC22:28
lbragstadantwash i reran your patch locally and I only have two failures22:30
antwashlbragstad : really! my env must be broke lol22:31
lbragstadantwash nope - i don't think it is22:31
lbragstadantwash I think we just need to register the rules when we *create* the _ENFORCER object, otherwise we are going to be attempting to register rules that are already registered22:32
lbragstadantwash that's why you're seeing issues like -
antwashlbragstad : yeah I agree, about moving the register rules22:36
*** edtubill has joined #openstack-keystone22:38
openstackgerritAnthony Washington proposed openstack/keystone master: Policy in code
lbragstadantwash lol the only failures i'm getting are because you removed checks and they aren't documented -
lbragstadantwash but as far as the API coverage is concerned, it looks like you change work great!22:49
antwashlbragstad : well that's good news :)22:49
antwashlbragstad : awe that test should be easy to fix, pull a list of the policy keys22:52
antwashneed to add method if one doesn't already exist22:52
lbragstadantwash this assertion is failing for me -
lbragstad^ that's one of the two failures I'm getting locally22:53
lbragstadahhh - that's because it's relying solely on the policy file and not the rules...22:54
antwashlbragstad: yeap Line 20522:55
*** edmondsw has joined #openstack-keystone22:55
antwashlooks like we have some unit test to decouple :)22:55
lbragstadantwash yeah - the unit tests are assuming all policy will come from a file22:55
lbragstadwe can clean that up later thoguh22:55
lbragstad fixes it for me locally22:56
antwashrunning test locally now -- *fingers crossed* it's the same two failing22:56
antwashthat same fix should fix the other one as well 'test_all_targets_documented`22:57
lbragstadantwash i'm not sure22:59
lbragstadantwash i think that test fails because it assumes that all the stuff will come from a file22:59
antwashwell looking at it now, not the exact same solution, but definitely calling policies.list_rules()22:59
lbragstadantwash we should refactor that test to use oslo.policy objects22:59
antwashyeah it opens the file and dumps in json into a set22:59
*** edmondsw has quit IRC22:59
antwashbut yeah we have an idea how to fix it, shouldn't be a big deal23:00
*** jerrygb has joined #openstack-keystone23:00
lbragstadyeah - it's just making sure we document things23:00
lbragstadso whatever we remove from policy.json should be in the policy_keys still23:01
*** edtubill has quit IRC23:01
lbragstadtest_all_targets_documented should eventually be a hacking check to make sure we define descriptions for policy objects23:01
antwashlbgradstad : only two!! ^____^23:13
lbragstadantwash awesome!23:13
*** spzala has quit IRC23:19
*** catintheroof has quit IRC23:21
*** catintheroof has joined #openstack-keystone23:22
lbragstadantwash fixes those two failures for me, but I'm open to more elegant solutions if you find any :)23:22
*** catintheroof has quit IRC23:26
*** thorst has joined #openstack-keystone23:27
lbragstadantwash just a couple last minute comments on (style nit picks)23:31
lbragstadantwash otherwise - great work!23:31
*** MasterOfBugs has quit IRC23:32
*** thorst has quit IRC23:32
*** chlong has quit IRC23:46
*** ngupta has quit IRC23:47
openstackgerritGage Hugo proposed openstack/keystone-specs master: Add User/Project resource tags
antwashlbragstad : just read them, thanks lance for the feedback -- looking forward to getting this pushed to source.23:54

Generated by 2.14.0 by Marius Gedminas - find it at!