Monday, 2017-04-17

« Sunday, 2017-04-16 Index Tuesday, 2017-04-18 »
*** ngupta has joined #openstack-keystone00:25
*** dave-mccowan has quit IRC00:39
*** zhurong has joined #openstack-keystone00:42
*** stradling has joined #openstack-keystone00:59
*** ngupta has quit IRC01:00
*** ngupta has joined #openstack-keystone01:00
*** ngupta has quit IRC01:16
*** shuyingya has joined #openstack-keystone01:18
*** liujiong has joined #openstack-keystone01:24
*** zhurong has quit IRC01:30
*** shuyingy_ has joined #openstack-keystone01:37
*** shuyingya has quit IRC01:37
*** Shunli has joined #openstack-keystone01:42
*** thorst has joined #openstack-keystone01:59
*** tovin07 has joined #openstack-keystone01:59
*** thorst has quit IRC02:00
*** shuyingy_ has quit IRC02:02
*** shuyingya has joined #openstack-keystone02:02
*** zhurong has joined #openstack-keystone02:03
*** gongysh has joined #openstack-keystone02:04
*** ngupta has joined #openstack-keystone02:07
*** shuyingy_ has joined #openstack-keystone02:11
*** shuyingya has quit IRC02:11
*** ngupta has quit IRC02:11
*** ngupta has joined #openstack-keystone02:12
*** ngupta has quit IRC02:12
*** ngupta has joined #openstack-keystone02:22
*** ngupta has quit IRC02:22
*** ngupta has joined #openstack-keystone02:30
*** ngupta has quit IRC02:30
*** ngupta has joined #openstack-keystone02:31
*** thorst has joined #openstack-keystone02:31
*** ngupta has quit IRC02:35
*** guoshan has joined #openstack-keystone02:45
*** stradling has quit IRC02:47
*** thorst has quit IRC02:48
*** aojea has joined #openstack-keystone03:01
*** aojea has quit IRC03:05
*** ngupta has joined #openstack-keystone03:33
*** agrebennikov has joined #openstack-keystone03:40
*** david-lyle has quit IRC03:42
*** agrebennikov has quit IRC03:45
*** thorst has joined #openstack-keystone03:45
*** liujiong has quit IRC03:48
*** liujiong has joined #openstack-keystone03:49
*** tovin07 has quit IRC03:50
*** zhurong has quit IRC03:59
*** guoshan has quit IRC04:01
*** john5223_ has joined #openstack-keystone04:02
*** thorst has quit IRC04:04
*** lamt has joined #openstack-keystone04:05
openstackgerritTin Lam proposed openstack/keystonemiddleware master: Replace pycrypto with cryptography  https://review.openstack.org/45194104:15
*** zhurong has joined #openstack-keystone04:19
*** rocky has quit IRC04:21
*** lamt has quit IRC04:27
*** lamt has joined #openstack-keystone04:39
*** davechen has quit IRC04:43
*** lamt has quit IRC04:54
*** lamt has joined #openstack-keystone04:59
*** rcernin has joined #openstack-keystone05:12
*** links has joined #openstack-keystone05:12
gongyshhi05:28
gongyshwhat is useful for domain scoped token?05:28
gongyshis it possible for a token to be both project and domain scoped?05:29
*** lamt has quit IRC05:37
*** richm has quit IRC05:42
openstackgerritColleen Murphy proposed openstack/keystone master: Fix doc generation for python 3  https://review.openstack.org/45714205:47
*** rocky has joined #openstack-keystone05:58
*** thorst has joined #openstack-keystone06:02
*** links has quit IRC06:21
*** thorst has quit IRC06:21
*** gagehugo has quit IRC06:25
*** gagehugo has joined #openstack-keystone06:26
*** shuyingya has joined #openstack-keystone06:45
*** shuyingy_ has quit IRC06:45
*** davechen has joined #openstack-keystone06:55
*** tesseract has joined #openstack-keystone07:01
*** eandersson has quit IRC07:03
*** eandersson has joined #openstack-keystone07:04
*** rocky has quit IRC07:05
*** thorst has joined #openstack-keystone07:18
*** thorst has quit IRC07:23
*** nehap has joined #openstack-keystone07:33
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:01
*** faizy has joined #openstack-keystone08:22
nehapHi All, In horizon, I have created a new project and user with admin role for the same project. I am able to log in with the created username and password via horizon but while doing source from command line I am getting HTTP 401 for the same credentials. What could be the possible error?08:39
*** rocky has joined #openstack-keystone08:44
*** rcernin has quit IRC08:45
*** rcernin has joined #openstack-keystone08:48
*** aojea has joined #openstack-keystone08:48
*** lamt has joined #openstack-keystone08:48
*** zhurong has quit IRC08:54
*** aojea has quit IRC08:55
bretonnehap: can you check keystone logs?08:55
bretonnehap: have you specified domains for user and project?08:56
bretongongysh: no, token can be either project or domain scoped, not both08:56
gongyshbreton, I got a concept domain project, what is domain project for?08:57
bretongongysh: i don't understand what you mean by domain project08:58
*** lamt has quit IRC08:59
*** rcernin has quit IRC08:59
*** rcernin has joined #openstack-keystone08:59
gongyshbreton, project has a attr: is_domain09:02
gongyshbreton, so I say domain project.09:02
nehapbreton, I have checked keystone logs and my domain is default for both user and project.09:02
*** bhagyashris has joined #openstack-keystone09:06
*** aojea has joined #openstack-keystone09:07
bretongongysh: internally domains are stored as projects09:15
bretongongysh: domains are just projects with special capabilities09:16
bretonnehap: and what do the logs say?09:16
nehapbreton: Nothing in the logs09:18
nehapbreton: I have installed openstack using devstack and created a new project with new user having admin role09:20
*** thorst has joined #openstack-keystone09:20
gongyshbreton, got it. I think we should separate them into their own backend represent.09:21
*** thorst has quit IRC09:24
nehapbreton: any idea?09:27
bretongongysh: they were separated some time ago and we merged them together09:29
bretonnehap: i am surprised that logs don't say anything. So, have you specified domain in your openrc? (you use openrc, right?)09:31
*** Shunli has quit IRC09:31
nehapbreton: I have downloaded openrc.sh from horizon and using the same09:34
nehapbreton: another way is I am using "source devstack/openrc <new_user> <new_tenant>"09:36
*** aojea has quit IRC09:39
*** aojea has joined #openstack-keystone09:40
*** aojea has quit IRC09:44
nehapbreton: found the issue, thank you for your time09:51
*** nicolasbock has joined #openstack-keystone10:05
*** liujiong has quit IRC10:13
*** richm has joined #openstack-keystone10:14
bretonnehap: good :)10:18
*** aojea has joined #openstack-keystone10:31
*** Aqsa has joined #openstack-keystone10:50
*** zhurong has joined #openstack-keystone10:51
*** thorst has joined #openstack-keystone10:53
*** thorst has quit IRC10:57
*** faizy_ has joined #openstack-keystone11:04
*** zhurong has quit IRC11:05
*** gongysh has quit IRC11:05
*** faizy has quit IRC11:08
*** zhurong has joined #openstack-keystone11:10
*** dave-mccowan has joined #openstack-keystone11:10
*** rcernin has quit IRC11:14
*** rocky has quit IRC11:14
*** hoonetorg has joined #openstack-keystone11:17
*** aojea has quit IRC11:18
*** aojea has joined #openstack-keystone11:18
*** hoonetorg has quit IRC11:19
*** hoonetorg has joined #openstack-keystone11:19
*** aojea has quit IRC11:23
*** rcernin has joined #openstack-keystone11:29
*** thorst has joined #openstack-keystone11:55
*** edmondsw has joined #openstack-keystone12:14
*** zhurong has quit IRC12:24
*** rocky has joined #openstack-keystone12:27
*** lamt has joined #openstack-keystone12:36
*** shuyingya has quit IRC12:45
*** shuyingya has joined #openstack-keystone12:45
*** shuyingya has quit IRC12:50
*** aojea has joined #openstack-keystone12:54
*** hoonetorg has quit IRC12:58
*** ngupta has quit IRC13:03
*** faizy_ has quit IRC13:08
*** faizy_ has joined #openstack-keystone13:09
*** shuyingya has joined #openstack-keystone13:10
*** hoonetorg has joined #openstack-keystone13:14
*** stradling has joined #openstack-keystone13:15
*** lamt has joined #openstack-keystone13:23
*** shuyingy_ has joined #openstack-keystone13:24
*** shuyingya has quit IRC13:27
*** lamt has quit IRC13:43
*** dave-mccowan has quit IRC13:46
*** dave-mccowan has joined #openstack-keystone13:47
*** catintheroof has joined #openstack-keystone13:47
*** faizy_ has quit IRC14:01
*** faizy_ has joined #openstack-keystone14:02
*** ngupta has joined #openstack-keystone14:15
*** sharat has joined #openstack-keystone14:24
*** rcernin has quit IRC14:36
*** lamt has joined #openstack-keystone14:37
*** rcernin has joined #openstack-keystone14:44
*** aojea has quit IRC14:44
*** aojea has joined #openstack-keystone14:45
*** aojea has quit IRC14:49
*** catinthe_ has joined #openstack-keystone15:01
*** catintheroof has quit IRC15:05
*** chris_hultin|AWA is now known as chris_hultin15:08
openstackgerritayoung proposed openstack/keystone master: Route based RBAC Management Interface  https://review.openstack.org/40180815:09
gagehugolbragstad: Do you know what the next steps for https://review.openstack.org/#/c/447139/ should be?15:16
ayoungknikolla, OK, I think the server piece has sufficient functionality.  We need to knock out a couple more things15:16
lbragstadgagehugo i think we need to go push for some reviews in #openstack-security15:16
gagehugolbragstad: ok, the arch page should be mostly ok, probably still needs some fine tuning but I think it may be ok to get security eyes on it15:17
openstackgerritMerged openstack/keystone master: Fix doc generation for python 3  https://review.openstack.org/45714215:20
*** shuyingy_ has quit IRC15:30
*** shuyingya has joined #openstack-keystone15:30
*** sharat has quit IRC15:34
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Added "warning-is-error" sphinx check for docs  https://review.openstack.org/43981915:35
*** rcernin has quit IRC15:37
*** phalmos has joined #openstack-keystone15:44
*** shuyingya has quit IRC15:49
openstackgerritGage Hugo proposed openstack/python-keystoneclient master: Remove pbr warnerrors in favor of sphinx check  https://review.openstack.org/44146815:49
*** shuyingy_ has joined #openstack-keystone15:50
*** gyee has joined #openstack-keystone15:51
*** toddnni has quit IRC15:56
*** toddnni has joined #openstack-keystone16:00
*** arunkant has joined #openstack-keystone16:03
*** shuyingy_ has quit IRC16:06
*** Aqsa has quit IRC16:10
*** aojea has joined #openstack-keystone16:18
*** rcernin has joined #openstack-keystone16:21
*** chris_hultin is now known as chris_hultin|AWA16:25
*** voelzmo has joined #openstack-keystone16:26
bretoncan i get a federated project-scoped token skipping the unscoped one?16:30
lbragstadbreton if you know the project ID/name + domain ahead of time.16:31
bretonlbragstad: is there a unit test for that?16:35
lbragstadbreton not that i know of16:35
*** aojea has quit IRC16:37
*** SamYaple is now known as puppet-master16:37
*** puppet-master is now known as SamYaple16:38
*** aojea has joined #openstack-keystone16:38
*** voelzmo has quit IRC16:40
*** aojea has quit IRC16:42
*** voelzmo has joined #openstack-keystone16:46
*** harlowja has quit IRC16:49
*** rderose has joined #openstack-keystone16:50
*** harlowja has joined #openstack-keystone16:52
*** voelzmo has quit IRC16:55
*** voelzmo has joined #openstack-keystone16:59
*** voelzmo has quit IRC17:04
bretonno, it's impossible17:13
bretonat least in Mitaka17:14
*** melwitt has quit IRC17:17
*** melwitt has joined #openstack-keystone17:17
*** melwitt is now known as Guest5593117:17
*** chlong has joined #openstack-keystone17:29
*** Aqsa has joined #openstack-keystone17:31
*** Guest55931 is now known as melwitt17:32
*** stradling has quit IRC17:37
*** lamt has quit IRC17:43
*** lamt has joined #openstack-keystone17:43
*** breakingmatter has joined #openstack-keystone17:45
openstackgerritOctave Orgeron proposed openstack/keystone master: Enables MySQL Cluster support for Keystone  https://review.openstack.org/43122917:47
ayoungbreton, really?  I thought we allowed for explicitaly adding the projectname+projectdomainname into the token request and getting a scoped token via the federated protocol17:49
breakingmatterHello everyone, looking for some assistance. Let's say I have a user attempting to authenticate, and I need to verify the authentication successful. If the user is disabled and attempts to authenticate, I get a generic 401 Unauthorized error. Is there a way to determine if the password is correct regardless of the user's enabled status?17:57
*** stradling has joined #openstack-keystone18:00
breakingmatterI was incorrectly assuming that an invalid password would return a 401 error whereas a disabled user would return a 403 error, but I would still like to be able to differentiate between the two errors.18:03
*** chlong has quit IRC18:03
ayoungbreakingmatter, look at the code18:09
ayoungI really never trust anything but what the python actually says it will do.  Maybe not even then18:09
*** tesseract has quit IRC18:10
*** MasterOfBugs has joined #openstack-keystone18:15
*** david-lyle has joined #openstack-keystone18:16
*** catintheroof has joined #openstack-keystone18:21
*** catinthe_ has quit IRC18:25
*** chlong has joined #openstack-keystone18:26
*** rcernin has quit IRC18:27
ayoungknikolla, et alles, I need help with naming an API18:39
bretonayoung: maybe, but that's not the case in Mitaka18:39
ayoungThe bulk upload of Routes (RBAC in middleware) has its own businesslogic18:39
bretonayoung: i haven't checked newton and later though18:39
ayoungbreton, would predate18:39
*** breakingmatter has left #openstack-keystone18:39
ayoungbreton, it was not something we added later.  What did you try/lookat?18:39
ayoungknikolla, I have it in the18:40
ayoung path='/access/service/{service_name}',18:40
ayoungroute right now, but that seems wrong18:40
bretonayoung: https://github.com/openstack/keystone/blob/stable/mitaka/keystone/auth/plugins/mapped.py#L4218:40
ayoungI could try to make it work with the /routes mapping, but the fact that a Put needs to put all the rules (wiping out non-matching) makes it harder18:41
bretonayoung: if 'id' in auth_payload: handle_scoped(); else: handle_unscoped()18:41
ayoungbreton, what a wonderfully named parameter18:42
* ayoung hopes I didn't do that18:42
ayoungbreton, what Id is that supposed to be?  TOken?18:42
bretonayoung: i guess so, it is later used as token id18:44
ayoungbreton, that seems strange18:44
ayoungbreton, why would a call with a token be passed back to the mapped handler?18:45
bretonayoung: i guess because the method is still 'federated'18:46
ayoungbreton, should not be.  That should be "token"18:46
ayoungmaybe because of groups?18:46
bretonayoung: i don't have the trace in front of me now, i can tell tomorrow18:46
ayoungbreton, its ok.  I think someone broke it.  When this was first done, the token request body was processed by the mapped plugin, with the project_iod etc being handled later on18:47
ayoungfile it as a bug18:47
*** lamt has quit IRC18:50
*** voelzmo has joined #openstack-keystone18:51
*** lamt has joined #openstack-keystone18:52
*** stradling has quit IRC18:58
*** rajpatel has joined #openstack-keystone19:05
*** ngupta has quit IRC19:06
*** ngupta has joined #openstack-keystone19:06
*** ngupta has quit IRC19:08
*** ngupta has joined #openstack-keystone19:08
*** aojea has joined #openstack-keystone19:10
*** stradling has joined #openstack-keystone19:16
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Added "warning-is-error" sphinx check for docs  https://review.openstack.org/43981919:20
*** voelzmo has quit IRC19:22
*** eandersson has quit IRC19:26
*** lamt has quit IRC19:29
*** ngupta has quit IRC19:31
*** ngupta has joined #openstack-keystone19:32
*** ngupta has quit IRC19:35
*** ngupta has joined #openstack-keystone19:36
gagehugoIs there a slides template for Boston talks?19:48
lbragstadgagehugo yeah19:49
gagehugolbragstad do you know where I can find those?19:49
lbragstadgagehugo https://docs.google.com/presentation/d/1s9BNHI4aHs_fEcCYuekDCFwMg1VTsKCHMkSko92Gqco/edit?usp=sharing19:50
lbragstadgagehugo does that link allow you to download a copy?19:50
lbragstadgagehugo or make a copy that you can edit?19:50
gagehugolbragstad: ah I meant more openstack overall slides19:51
gagehugobut I will save that slide deck19:51
lbragstadgagehugo oh - i'm not sure if there are openstack ones in general19:51
gagehugoor if people just throw something together for these19:52
lbragstadgagehugo that's all i've ever done19:53
* gagehugo doesn't like making powerpoint slides19:53
gagehugoah ok19:54
*** lamt has joined #openstack-keystone19:56
*** comstud has quit IRC19:59
*** comstud has joined #openstack-keystone19:59
*** lamt has quit IRC20:06
*** david-lyle has quit IRC20:08
*** ngupta_ has joined #openstack-keystone20:15
*** ngupta has quit IRC20:18
*** stingaci has joined #openstack-keystone20:21
*** rcernin has joined #openstack-keystone20:24
*** catinthe_ has joined #openstack-keystone20:25
*** catintheroof has quit IRC20:27
*** ngupta_ has quit IRC20:39
*** ngupta has joined #openstack-keystone20:40
*** ngupta has quit IRC20:44
*** Aqsa has quit IRC20:46
*** rcernin has quit IRC20:56
*** thorst has quit IRC21:02
*** rajpatel has left #openstack-keystone21:03
*** chlong has quit IRC21:07
*** jose-phillips has quit IRC21:07
*** catintheroof has joined #openstack-keystone21:09
*** edmondsw has quit IRC21:10
*** catinth__ has joined #openstack-keystone21:11
*** catinthe_ has quit IRC21:11
*** catintheroof has quit IRC21:15
*** stradling has quit IRC21:15
*** phalmos has quit IRC21:18
*** ngupta has joined #openstack-keystone21:33
*** aojea has quit IRC21:37
openstackgerritAnthony Washington proposed openstack/keystone master: Move endpoint group to DocumentedRuleDefault  https://review.openstack.org/44927321:40
*** antwash has joined #openstack-keystone21:42
*** dave-mcc_ has joined #openstack-keystone21:43
*** dave-mccowan has quit IRC21:44
antwashping lbragstad21:44
*** dave-mccowan has joined #openstack-keystone21:48
*** dave-mcc_ has quit IRC21:50
openstackgerritAnthony Washington proposed openstack/keystone master: Move token revocation to DocumentedRuleDefault  https://review.openstack.org/44925521:50
*** lamt has joined #openstack-keystone21:51
openstackgerritAnthony Washington proposed openstack/keystone master: Move domain config to DocumentedRuleDefault  https://review.openstack.org/44933721:55
openstackgerritAnthony Washington proposed openstack/keystone master: Move user policies to DocumentedRuleDefault  https://review.openstack.org/44924022:01
*** catinth__ has quit IRC22:05
openstackgerritAnthony Washington proposed openstack/keystone master: Move user policies to DocumentedRuleDefault  https://review.openstack.org/44924022:06
openstackgerritAnthony Washington proposed openstack/keystone master: Move trust to DocumentedRuleDefault  https://review.openstack.org/44927822:07
openstackgerritAnthony Washington proposed openstack/keystone master: Move role policies to DocumentedRuleDefault  https://review.openstack.org/44925122:08
openstackgerritAnthony Washington proposed openstack/keystone master: Move ec2 credential policies to DocumentedRuleDefault  https://review.openstack.org/44923522:08
openstackgerritAnthony Washington proposed openstack/keystone master: Move grant policies to DocumentedRuleDefault  https://review.openstack.org/44924422:13
*** adriant has joined #openstack-keystone22:22
*** ngupta has quit IRC22:25
*** spotz_ has joined #openstack-keystone22:29
*** spotz_ has quit IRC22:30
*** spotz_ has joined #openstack-keystone22:34
*** lamt has quit IRC22:37
*** lamt has joined #openstack-keystone22:39
lbragstadantwash pong22:41
*** lamt has quit IRC22:43
*** edmondsw has joined #openstack-keystone22:49
*** ngupta has joined #openstack-keystone22:52
*** edmondsw has quit IRC22:53
*** stradling has joined #openstack-keystone22:57
*** stingaci has quit IRC23:17
*** ngupta has quit IRC23:17
*** Guest93435 has joined #openstack-keystone23:34
*** thorst has joined #openstack-keystone23:37
*** ngupta has joined #openstack-keystone23:39
*** stradling has quit IRC23:42
*** stingaci has joined #openstack-keystone23:43
antwashlbragstad : haha -- quick question about https://review.openstack.org/#/c/449235/23:50
antwashlbragstad: would you happen to know the 'check_str' for authenticate23:50
*** stradling has joined #openstack-keystone23:50
*** Guest93435 has quit IRC23:52
lbragstadantwash we don't protect authenticate23:53
lbragstadwith policy anyway23:53
antwashlbragstad: cool thanks for that, I'll be sure to update it now :)23:53
lbragstadantwash :) anytime23:53
*** stradling has quit IRC23:58
« Sunday, 2017-04-16 Index Tuesday, 2017-04-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!