| *** threestrands has joined #openstack-keystone | 00:03 | |
| *** threestrands has quit IRC | 00:03 | |
| *** threestrands has joined #openstack-keystone | 00:03 | |
| *** toddnni_ has joined #openstack-keystone | 00:36 | |
| *** toddnni has quit IRC | 00:36 | |
| *** toddnni_ is now known as toddnni | 00:37 | |
| *** pcichy has quit IRC | 00:39 | |
| *** pcichy has joined #openstack-keystone | 00:40 | |
| *** alex_xu has quit IRC | 00:40 | |
| *** alex_xu has joined #openstack-keystone | 00:41 | |
| *** edmondsw has joined #openstack-keystone | 01:04 | |
| *** edmondsw has quit IRC | 01:08 | |
| *** threestrands_ has joined #openstack-keystone | 01:18 | |
| *** threestrands_ has quit IRC | 01:18 | |
| *** threestrands_ has joined #openstack-keystone | 01:18 | |
| *** threestrands_ has quit IRC | 01:19 | |
| *** threestrands_ has joined #openstack-keystone | 01:20 | |
| *** threestrands_ has quit IRC | 01:21 | |
| *** threestrands_ has joined #openstack-keystone | 01:21 | |
| *** threestrands_ has quit IRC | 01:21 | |
| *** threestrands_ has joined #openstack-keystone | 01:21 | |
| *** threestrands has quit IRC | 01:21 | |
| *** sapd_ has quit IRC | 01:54 | |
| *** sapd has joined #openstack-keystone | 01:55 | |
| *** sapd_ has joined #openstack-keystone | 02:22 | |
| *** sapd has quit IRC | 02:22 | |
| *** annp has joined #openstack-keystone | 02:30 | |
| *** edmondsw has joined #openstack-keystone | 02:52 | |
| *** edmondsw has quit IRC | 02:57 | |
| *** sapd__ has joined #openstack-keystone | 03:17 | |
| *** sapd_ has quit IRC | 03:18 | |
| *** deepak_mourya has joined #openstack-keystone | 03:50 | |
| *** annp has quit IRC | 03:56 | |
| *** annp has joined #openstack-keystone | 03:56 | |
| *** edmondsw has joined #openstack-keystone | 04:40 | |
| *** edmondsw has quit IRC | 04:44 | |
| *** links has joined #openstack-keystone | 05:00 | |
| *** pooja_jadhav has joined #openstack-keystone | 05:46 | |
| *** martinus__ has joined #openstack-keystone | 05:57 | |
| *** ispp has joined #openstack-keystone | 06:24 | |
| *** edmondsw has joined #openstack-keystone | 06:28 | |
| *** annp has quit IRC | 06:30 | |
| *** annp has joined #openstack-keystone | 06:30 | |
| *** edmondsw has quit IRC | 06:33 | |
| *** rha has joined #openstack-keystone | 07:02 | |
| *** rha has quit IRC | 07:02 | |
| *** rha has joined #openstack-keystone | 07:02 | |
| *** peereb has joined #openstack-keystone | 07:05 | |
| *** tesseract has joined #openstack-keystone | 07:06 | |
| *** rcernin has quit IRC | 07:08 | |
| *** amoralej|off is now known as amoralej | 07:21 | |
| *** tesseract has quit IRC | 07:25 | |
| *** tesseract has joined #openstack-keystone | 07:27 | |
| *** itlinux has joined #openstack-keystone | 07:32 | |
| *** ispp has quit IRC | 07:32 | |
| *** pcichy has quit IRC | 07:33 | |
| *** d0ugal_ has quit IRC | 07:33 | |
| *** d0ugal has joined #openstack-keystone | 07:33 | |
| *** d0ugal has quit IRC | 07:33 | |
| *** d0ugal has joined #openstack-keystone | 07:33 | |
| *** tosky has joined #openstack-keystone | 07:35 | |
| *** pcichy has joined #openstack-keystone | 07:35 | |
| *** pcichy has quit IRC | 07:36 | |
| *** pcichy has joined #openstack-keystone | 07:37 | |
| *** pcichy has joined #openstack-keystone | 07:38 | |
| *** BlackDex has quit IRC | 07:40 | |
| *** BlackDex has joined #openstack-keystone | 07:41 | |
| *** itlinux has quit IRC | 07:52 | |
| *** ispp has joined #openstack-keystone | 07:54 | |
| *** itlinux has joined #openstack-keystone | 08:00 | |
| *** zigo has quit IRC | 08:03 | |
| *** zigo has joined #openstack-keystone | 08:05 | |
| *** threestrands_ has quit IRC | 08:12 | |
| openstackgerrit | wangxiyuan proposed openstack/keystone master: Remove enable config option of trust feature https://review.openstack.org/580587 | 08:14 |
|---|---|---|
| *** edmondsw has joined #openstack-keystone | 08:16 | |
| *** edmondsw has quit IRC | 08:21 | |
| *** ispp has quit IRC | 08:44 | |
| openstackgerrit | Gergely Csatari proposed openstack/keystone master: Clarifications to API & Scenario Tests https://review.openstack.org/580589 | 08:50 |
| *** vigneshwar has joined #openstack-keystone | 08:56 | |
| *** d0ugal has quit IRC | 09:17 | |
| *** d0ugal has joined #openstack-keystone | 09:23 | |
| *** itlinux has quit IRC | 09:42 | |
| *** ispp has joined #openstack-keystone | 09:46 | |
| *** itlinux has joined #openstack-keystone | 09:49 | |
| *** pcichy has quit IRC | 10:28 | |
| *** itlinux has quit IRC | 11:39 | |
| *** raildo has joined #openstack-keystone | 11:54 | |
| *** amoralej is now known as amoralej|lunch | 12:03 | |
| *** d0ugal has quit IRC | 12:06 | |
| *** d0ugal has joined #openstack-keystone | 12:08 | |
| *** jistr is now known as jistr|mtg | 12:12 | |
| *** edmondsw has joined #openstack-keystone | 12:24 | |
| *** yuxin_ has quit IRC | 12:25 | |
| *** yuxin_ has joined #openstack-keystone | 12:25 | |
| *** yuxin_ has quit IRC | 12:26 | |
| *** yuxin_ has joined #openstack-keystone | 12:27 | |
| *** edmondsw has quit IRC | 12:29 | |
| *** edmondsw has joined #openstack-keystone | 12:31 | |
| *** edmondsw has quit IRC | 12:35 | |
| *** edmondsw has joined #openstack-keystone | 12:37 | |
| hrybacki | o/ | 12:41 |
| *** edmondsw has quit IRC | 12:42 | |
| *** jmlowe has quit IRC | 12:45 | |
| *** edmondsw has joined #openstack-keystone | 12:45 | |
| knikolla | o/ | 12:49 |
| *** edmondsw has quit IRC | 12:49 | |
| *** edmondsw has joined #openstack-keystone | 12:51 | |
| *** edmondsw has quit IRC | 12:53 | |
| *** edmondsw has joined #openstack-keystone | 12:53 | |
| openstackgerrit | Gergely Csatari proposed openstack/keystone master: Clarifications to API & Scenario Tests https://review.openstack.org/580589 | 12:58 |
| *** loicgouarin has joined #openstack-keystone | 13:03 | |
| *** mvk has quit IRC | 13:03 | |
| loicgouarin | Hi, I tried to use kuryr-kubernetes on openstack and I have trouble with keystoneauth1 that I don't understand. | 13:03 |
| loicgouarin | I have a config file with the following keystone url https://keystone.lal.in2p3.fr:5000/v3 | 13:04 |
| loicgouarin | When kuryr tries to create a keystone clien I have an error which tells me that it is not possible to connect to the url https://keystone-admin.lal.in2p3.fr:35357/v3 | 13:05 |
| loicgouarin | I don't understand why the url is not unchanged | 13:06 |
| loicgouarin | Note that I can create subnet, ... using neutron cli | 13:09 |
| *** amoralej|lunch is now known as amoralej | 13:11 | |
| *** jistr|mtg is now known as jistr | 13:14 | |
| *** wolsen has quit IRC | 13:18 | |
| *** wolsen has joined #openstack-keystone | 13:20 | |
| *** jmlowe has joined #openstack-keystone | 13:34 | |
| *** jistr is now known as jistr|mtg | 13:36 | |
| *** lbragstad has joined #openstack-keystone | 13:37 | |
| *** ChanServ sets mode: +o lbragstad | 13:37 | |
| *** jistr|mtg is now known as jistr | 14:05 | |
| gagehugo | o/ | 14:07 |
| lbragstad | morning | 14:07 |
| kmalloc | Mornin | 14:12 |
| kmalloc | lbragstad: we need to stop using exception.NotImplemented() for abstract base classes | 14:17 |
| lbragstad | kmalloc: and just replace it with pass? | 14:17 |
| kmalloc | An http NotImplemented is different than what we are using it for | 14:17 |
| kmalloc | No. | 14:17 |
| *** spilla has joined #openstack-keystone | 14:17 | |
| kmalloc | Raise NotImplementedError() | 14:17 |
| *** links has quit IRC | 14:18 | |
| kmalloc | Http not implemented indicates GET or PUT isn't implemented, NotImplementedError is saying "Python code isn't implemented" | 14:18 |
| lbragstad | ahh | 14:18 |
| kmalloc | A plain 500 rather than 501 | 14:18 |
| kmalloc | This is the only case a 500 should be expected in code :) | 14:19 |
| lbragstad | it does seem slightly confusing... | 14:19 |
| kmalloc | Yeah. | 14:19 |
| lbragstad | since the python code is what's implementing the GET/PUT/etc... | 14:19 |
| *** mvk_ has joined #openstack-keystone | 14:20 | |
| kmalloc | Right, in the cases we don't have a put/post etc, 501 is fine | 14:20 |
| lbragstad | would it make a different to someone consuming those APIs? | 14:20 |
| kmalloc | But most of these cases we have a put/post/etc and someone failed to write code. | 14:20 |
| lbragstad | what's a case where we wouldn't have a PUT/POST/GET/DELETE and should return a 501? | 14:21 |
| kmalloc | (except they didn't because abc, but we did it elsewhere and let it bubble up) | 14:21 |
| kmalloc | The API spec doesn't implemnt post | 14:21 |
| kmalloc | The API is a get/head only. | 14:21 |
| * lbragstad thought that was always a 404 | 14:22 | |
| lbragstad | but maybe that's wrong | 14:22 |
| kmalloc | That is probably wrong. | 14:22 |
| lbragstad | it's that how we treat it today? | 14:22 |
| kmalloc | Some cases. | 14:23 |
| kmalloc | We are inconsistent. | 14:23 |
| kmalloc | But the easiest is never raise a 501. | 14:23 |
| kmalloc | That is more correct than we do today. | 14:23 |
| kmalloc | Esp. in say, read-only backends. | 14:23 |
| kmalloc | Read-only backends (catalog) raise 501 on write ops.. | 14:24 |
| kmalloc | Not a huge deal, just a "hey, this is wrong" and we should be aware of it. | 14:24 |
| lbragstad | we should probably write this down in a bug report | 14:24 |
| kmalloc | Other things I found when doing flask things. | 14:24 |
| lbragstad | i assume flask makes this type of stuff easier to adhere to | 14:25 |
| kmalloc | Yeah. On mobile till post coffee. Can write it down after. | 14:25 |
| kmalloc | Yep. | 14:25 |
| lbragstad | sounds good, thanks | 14:25 |
| kmalloc | Flask restful, if we don't implement a get/post/put/whatever method, it 501s. | 14:25 |
| kmalloc | Built in. :) | 14:25 |
| kmalloc | Also, need to circle up on the policy passthrough, I think we solved the whole reason to support "unknown" rules (passthrough or fail) when we went to in-code. Someone can no longer remove a line from the policy.json and force a fall-through to the default rule by accident, we fall back on the default in code now. | 14:28 |
| kmalloc | Previous to in-code, removing a line from policy.json meant the enforcement action was unknown, and the default "pass/deny" is used. With in-code, an action is never unknown. | 14:29 |
| kmalloc | As it has a default registered.. | 14:29 |
| *** kimamisa has joined #openstack-keystone | 15:03 | |
| *** peereb has quit IRC | 15:03 | |
| kimamisa | Hello. I'm facing an issue regarding cache and inherited roles, and I'd like to know if someone already experienced it. I have a role assigned to a user on a domain, with the flag inherited (and also without). When I create a new project in this domain, I expect the role to be assigned on this project, so that when I list the project, I can see the new one created. However, the cache is not disabled, and listing I can't find the new project | 15:09 |
| kimamisa | until the cache is expired. I triedwhile disabling the role cache, it works directly. Anyone experienced it ? Is it bug material ?? | 15:09 |
| *** felipemonteiro has joined #openstack-keystone | 15:10 | |
| *** felipemonteiro_ has joined #openstack-keystone | 15:12 | |
| *** vigneshwar has quit IRC | 15:14 | |
| *** felipemonteiro has quit IRC | 15:15 | |
| *** felipemonteiro_ has quit IRC | 15:15 | |
| *** felipemonteiro__ has joined #openstack-keystone | 15:15 | |
| lbragstad | kimamisa: it sounds like the project cache needs to be invalidated when the inherited role assignment happens | 15:15 |
| lbragstad | kimamisa: does that sound coorect? | 15:15 |
| kimamisa | lbragstad: well, the role assignment happened before the project creation in my case | 15:16 |
| lbragstad | oh - so the project creation should invalidate the cache then? | 15:17 |
| lbragstad | what release are you using? | 15:17 |
| kimamisa | lbragstad: I think the role cache should be invalidated when a new project is created ANDÂ there are inherited role in the domain | 15:17 |
| kimamisa | I'm on queens | 15:18 |
| lbragstad | kimamisa: if you'd like to write down that steps you took to recreate in a bug report, you can do that here https://bugs.launchpad.net/keystone/+filebug | 15:19 |
| *** felipemonteiro__ has quit IRC | 15:20 | |
| kimamisa | lbragstad: ok. I wanted to check that I wasn't doing anything impossible before reporting a bug. Thanks | 15:22 |
| lbragstad | kimamisa: no problem, we can continue to investigate in the bug report | 15:22 |
| *** mchlumsky has joined #openstack-keystone | 15:27 | |
| *** felipemonteiro has joined #openstack-keystone | 15:32 | |
| *** mchlumsky has quit IRC | 15:33 | |
| *** gyee has joined #openstack-keystone | 15:35 | |
| *** mchlumsky has joined #openstack-keystone | 15:35 | |
| kimamisa | lbragstad: launchpad found an old bug which points to one of your comments: https://bugs.launchpad.net/keystone/+bug/1780159 | 15:42 |
| openstack | Launchpad bug 1780159 in OpenStack Identity (keystone) "Some inherited projects missing when listing user's projects" [Undecided,Invalid] | 15:42 |
| kimamisa | the bug is exactly what I'm facing. Do you think there is any hope in improving this ? | 15:44 |
| lbragstad | kimamisa: hmmmm | 15:50 |
| lbragstad | ayoung: is there a reason to not keep https://bugs.launchpad.net/keystone/+bug/1780159 open? | 15:51 |
| openstack | Launchpad bug 1780159 in OpenStack Identity (keystone) "Some inherited projects missing when listing user's projects" [Undecided,Invalid] | 15:51 |
| ayoung | lbragstad, it was a cache problem | 15:51 |
| lbragstad | right | 15:51 |
| lbragstad | we don't invalidate the cache in certain inherited role assignment cases | 15:52 |
| ayoung | so, cache is going to introduce delay. | 15:52 |
| ayoung | ah...you think it should be cache invalidation...ok, keep it open | 15:52 |
| ayoung | restored it to the "new" state | 15:53 |
| lbragstad | we could go either way with it... but dealing with the invalidation directly is a pattern we have in other places | 15:53 |
| lbragstad | kimamisa: in that case, we can reuse that report, can't we? | 15:53 |
| kimamisa | yes | 15:53 |
| kimamisa | I almost had the same ready ! | 15:54 |
| lbragstad | cool - setting to medium since the workaround is to set low cache TTL for that specific subsystem | 15:54 |
| lbragstad | ayoung: thanks for working that report | 15:55 |
| *** pcichy has joined #openstack-keystone | 15:57 | |
| ayoung | Can someone explain K2K to me? | 16:09 |
| ayoung | I get SAML. WHat I don't get is how it keeps assignment data straight | 16:09 |
| ayoung | say I have 2 setups, call em old and new | 16:09 |
| ayoung | and I add a project to old. How does that show up as anything in new without making a direct call to new to create the project? | 16:10 |
| openstackgerrit | Merged openstack/keystone-tempest-plugin master: fix tox python3 overrides https://review.openstack.org/573862 | 16:10 |
| ayoung | if I want to have a rule that says "anything in old Dom 1 gets mirrored in new Dom 5" there is nothing that keeps people also from assigning to things in new dom 5. Fine, I get that | 16:11 |
| *** felipemonteiro_ has joined #openstack-keystone | 16:12 | |
| ayoung | what makes the new Dom 5 project in the first place, or is it just assumed that you will start with some top level sync, like "let old and new each get a set of domains, and we'll explicitly create projects in the remote ones" so using a domain level assiugnment? | 16:12 |
| *** felipemonteiro__ has joined #openstack-keystone | 16:13 | |
| *** ispp has quit IRC | 16:13 | |
| *** felipemonteiro has quit IRC | 16:15 | |
| *** felipemonteiro_ has quit IRC | 16:17 | |
| *** kimamisa has quit IRC | 16:20 | |
| *** dklyle has joined #openstack-keystone | 16:23 | |
| openstackgerrit | Merged openstack/keystone master: Clarifications to API & Scenario Tests https://review.openstack.org/580589 | 16:31 |
| *** hoonetorg has quit IRC | 16:32 | |
| *** mvk_ has quit IRC | 16:33 | |
| *** hoonetorg has joined #openstack-keystone | 16:34 | |
| *** pcichy has quit IRC | 16:44 | |
| openstackgerrit | Lance Bragstad proposed openstack/oslo.policy master: Teach Enforcer.enforce to deal with context objects https://review.openstack.org/578995 | 16:45 |
| openstackgerrit | Lance Bragstad proposed openstack/oslo.policy master: Teach Enforcer.enforce to deal with context objects https://review.openstack.org/578995 | 16:47 |
| *** tesseract has quit IRC | 17:15 | |
| *** amoralej is now known as amoralej|off | 17:49 | |
| *** blake has joined #openstack-keystone | 17:59 | |
| *** vishakha has quit IRC | 18:18 | |
| *** vishakha has joined #openstack-keystone | 18:32 | |
| *** blake has quit IRC | 19:01 | |
| *** blake has joined #openstack-keystone | 19:02 | |
| *** blake has quit IRC | 19:06 | |
| *** blake has joined #openstack-keystone | 19:16 | |
| *** blake has quit IRC | 19:20 | |
| *** tosky has quit IRC | 19:23 | |
| openstackgerrit | Gage Hugo proposed openstack/keystone master: Add docs for case-insensitivity in keystone https://review.openstack.org/576640 | 19:24 |
| *** felipemonteiro__ is now known as felipemonteiro | 19:30 | |
| *** blake has joined #openstack-keystone | 19:37 | |
| *** dklyle has quit IRC | 19:52 | |
| *** mvk_ has joined #openstack-keystone | 20:02 | |
| *** jmlowe has quit IRC | 20:20 | |
| *** dklyle has joined #openstack-keystone | 20:35 | |
| lbragstad | kmalloc: might need your eyes on the policy bits here and the @protected stuff https://review.openstack.org/#/c/579330/8/keystone/limit/controllers.py | 20:38 |
| lbragstad | context: https://review.openstack.org/#/c/579330/2/keystone/limit/controllers.py | 20:39 |
| kmalloc | Headed to the doctor, will look when back. | 20:39 |
| lbragstad | ack | 20:39 |
| *** spilla has quit IRC | 20:39 | |
| kmalloc | But #1 priority on my list. | 20:39 |
| kmalloc | Post non-code things. | 20:40 |
| kmalloc | :) | 20:40 |
| lbragstad | awesome - thanks | 20:42 |
| *** spilla has joined #openstack-keystone | 21:01 | |
| *** martinus__ has quit IRC | 21:19 | |
| *** rmascena has joined #openstack-keystone | 21:23 | |
| *** raildo has quit IRC | 21:26 | |
| *** spilla has quit IRC | 21:27 | |
| *** rmascena has quit IRC | 21:49 | |
| *** blake has quit IRC | 22:16 | |
| *** rcernin has joined #openstack-keystone | 22:20 | |
| *** threestrands_ has joined #openstack-keystone | 22:20 | |
| *** threestrands_ has quit IRC | 22:20 | |
| *** threestrands_ has joined #openstack-keystone | 22:20 | |
| *** jappleii__ has joined #openstack-keystone | 22:23 | |
| *** jappleii__ has quit IRC | 22:24 | |
| *** jappleii__ has joined #openstack-keystone | 22:25 | |
| *** threestrands_ has quit IRC | 22:26 | |
| *** felipemonteiro has quit IRC | 22:28 | |
| *** rybridges has quit IRC | 22:36 | |
| *** sonuk_ has joined #openstack-keystone | 23:21 | |
| *** bhagyashri_s has joined #openstack-keystone | 23:22 | |
| *** toddnni has quit IRC | 23:23 | |
| *** jdennis has quit IRC | 23:23 | |
| *** toddnni has joined #openstack-keystone | 23:24 | |
| *** jdennis has joined #openstack-keystone | 23:24 | |
| *** gyee has quit IRC | 23:25 | |
| *** sonuk has quit IRC | 23:25 | |
| *** bhagyashris has quit IRC | 23:25 | |
| *** edmondsw has quit IRC | 23:26 | |
| *** gyee has joined #openstack-keystone | 23:28 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!