Wednesday, 2018-07-25

« Tuesday, 2018-07-24 Index Thursday, 2018-07-26 »
*** felipemonteiro has joined #openstack-keystone00:08
*** felipemonteiro has quit IRC00:19
*** gongysh has quit IRC00:24
*** felipemonteiro has joined #openstack-keystone00:33
*** dave-mcc_ has quit IRC00:35
*** dklyle_ has quit IRC00:36
*** dklyle has joined #openstack-keystone00:36
openstackgerritMerged openstack/keystone master: Add project hierarchical tree check when Keystone start  https://review.openstack.org/58033100:53
*** felipemonteiro has quit IRC00:57
*** links has joined #openstack-keystone01:30
*** dave-mccowan has joined #openstack-keystone01:35
*** felipemonteiro has joined #openstack-keystone01:39
*** felipemonteiro has quit IRC01:52
*** gyee has quit IRC01:55
*** felipemonteiro has joined #openstack-keystone02:10
*** adriant has quit IRC02:16
*** adriant has joined #openstack-keystone02:19
*** sapd has joined #openstack-keystone02:21
*** dave-mccowan has quit IRC02:29
*** dave-mccowan has joined #openstack-keystone02:30
*** abhi89 has joined #openstack-keystone02:30
*** gongysh has joined #openstack-keystone02:30
openstackgerritMerged openstack/keystone master: Delete project limits when deleting project  https://review.openstack.org/53837102:34
*** zeus has quit IRC02:35
*** zeus has joined #openstack-keystone02:39
*** zeus is now known as Guest1421702:40
*** jmlowe has joined #openstack-keystone02:43
*** felipemonteiro has quit IRC02:43
*** felipemonteiro has joined #openstack-keystone02:54
*** sapd has quit IRC02:58
wxyabhi89: https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L230 https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L45803:00
wxyabhi89: seems the notification is sent?03:01
*** felipemonteiro has quit IRC03:03
*** sapd has joined #openstack-keystone03:07
*** dave-mcc_ has joined #openstack-keystone03:09
*** dave-mccowan has quit IRC03:12
*** dave-mcc_ has quit IRC03:12
abhi89wxy: are audit events & service events same? we have audit.http.request & audit.http.response as event types under which all service audit events are collected.. the code snippet you mentioned is for these audit events i guess..03:13
*** zhurong has joined #openstack-keystone03:30
wxyabhi89: they are not the same.03:46
wxyabhi89: audit.http.request & audit.http.response is sent by keystonemiddleware.03:46
wxyabhi89: The code I pointed is sent by Keystone. it's service events, the event can be used for audit as well.03:48
wxyabhi89: the event_type is https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L404 or https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L44103:50
wxyabhi89: depends on the options `notification_format` you set (basic or cadf). default is cadf format.03:51
abhi89wxy: the events are getting generated by keystone.. but they are not there in panko db 'event' table.. may be they getting lost somewhere in between.. need to check whether they are reaching the message queue & then if panko is able to listen to these notifications..03:56
wxyabhi89: emm. from my sight, Keystone has sent the notifications to message bus already. Not sure what happened during the transport. It's worth to trace a message in the message bus to see what the input from Keystone and how panko query it04:01
abhi89wxy: yes, event is getting generated in keystone & is being sent.. need to check further as you mentioned.. thanks..04:02
*** zhurong has quit IRC04:27
*** r-daneel has joined #openstack-keystone04:37
kmallocDo you have keystone confifured to talk on the bus?04:53
kmallocIt's pretty explicit to do so.04:53
kmallocKeystone by default doesn't emit on the bus, but still generates the notification, since we use the same framework to talk between keystone subsystems.04:55
*** gongysh has quit IRC04:55
*** flwang1 has quit IRC04:56
*** pcichy has quit IRC04:58
*** pcichy has joined #openstack-keystone04:59
*** gongysh has joined #openstack-keystone05:27
*** felipemonteiro has joined #openstack-keystone05:52
*** hoonetorg has quit IRC06:01
*** annp has joined #openstack-keystone06:05
*** felipemonteiro has quit IRC06:16
*** hoonetorg has joined #openstack-keystone06:17
*** martinus__ has joined #openstack-keystone06:19
*** pcaruana has joined #openstack-keystone06:33
*** felipemonteiro has joined #openstack-keystone06:37
*** rcernin has quit IRC06:59
*** ispp has joined #openstack-keystone07:09
*** tesseract has joined #openstack-keystone07:16
*** ispp has quit IRC07:21
*** AlexeyAbashkin has joined #openstack-keystone07:42
*** ispp has joined #openstack-keystone07:47
*** felipemonteiro has quit IRC08:01
*** dstanek has quit IRC08:18
*** dstanek has joined #openstack-keystone08:20
*** rcernin has joined #openstack-keystone08:29
*** openstackgerrit has quit IRC08:48
*** josecastroleon has quit IRC09:01
*** josecastroleon1 has joined #openstack-keystone09:01
*** josecastroleon1 is now known as josecastroleon09:01
*** ispp has quit IRC09:11
*** pcichy has quit IRC09:16
*** chason has quit IRC09:16
*** pcichy has joined #openstack-keystone09:17
*** chason has joined #openstack-keystone09:17
*** ispp has joined #openstack-keystone09:19
*** d0ugal has joined #openstack-keystone09:36
*** d0ugal has quit IRC09:36
*** d0ugal has joined #openstack-keystone09:36
*** lifeless has quit IRC09:37
*** flwang1 has joined #openstack-keystone09:48
*** Tahvok has quit IRC09:50
*** Tahvok has joined #openstack-keystone09:51
*** ispp has quit IRC10:01
*** abhi89 has quit IRC10:08
*** josecastroleon has quit IRC10:10
*** josecastroleon has joined #openstack-keystone10:10
*** shyamb has joined #openstack-keystone10:14
*** chason has quit IRC10:15
*** chason has joined #openstack-keystone10:17
*** josecastroleon has quit IRC10:17
*** shyambiradar has joined #openstack-keystone10:17
*** chason[m] has joined #openstack-keystone10:17
*** d0ugal has quit IRC10:21
*** shyambiradar has quit IRC10:22
*** kukacz_ has quit IRC10:23
*** shyamb has quit IRC10:23
*** kukacz_ has joined #openstack-keystone10:23
*** lifeless has joined #openstack-keystone10:23
*** gongysh has quit IRC10:41
*** edmondsw has joined #openstack-keystone10:49
*** ispp has joined #openstack-keystone10:49
*** shyambiradar has joined #openstack-keystone10:59
*** shyamb has joined #openstack-keystone10:59
*** shyambiradar has quit IRC11:00
*** shyambiradar has joined #openstack-keystone11:00
*** josecastroleon has joined #openstack-keystone11:13
*** rcernin has quit IRC11:21
*** abhi89 has joined #openstack-keystone11:46
*** ispp has quit IRC11:54
*** ispp has joined #openstack-keystone11:57
*** dave-mccowan has joined #openstack-keystone12:25
*** jaosorior has quit IRC12:27
knikollao/12:33
*** shyamb has quit IRC12:41
*** shyamb has joined #openstack-keystone12:42
*** jaosorior has joined #openstack-keystone12:50
*** r-daneel has quit IRC12:57
*** pcichy has quit IRC12:59
*** openstackgerrit has joined #openstack-keystone13:03
openstackgerritMerged openstack/keystone master: Allow for 'extension' rel in json home  https://review.openstack.org/58335713:03
openstackgerritMerged openstack/keystone master: Trusts do not implement patch.  https://review.openstack.org/58335813:03
*** pcichy has joined #openstack-keystone13:07
*** Tahvok has quit IRC13:08
*** Tahvok has joined #openstack-keystone13:11
*** d0ugal has joined #openstack-keystone13:27
*** cmurphy is now known as cmurphy|vacation13:29
*** dave-mcc_ has joined #openstack-keystone13:33
*** dave-mccowan has quit IRC13:34
*** dave-mccowan has joined #openstack-keystone13:36
*** dave-mcc_ has quit IRC13:38
*** shyamb has quit IRC13:38
*** d0ugal has quit IRC13:45
*** r-daneel has joined #openstack-keystone13:55
openstackgerritLance Bragstad proposed openstack/keystone master: Address nits in strict-two-level implementation  https://review.openstack.org/58537913:57
*** gongysh has joined #openstack-keystone14:00
*** xinran__ has joined #openstack-keystone14:05
*** vrv_ has joined #openstack-keystone14:06
*** felipemonteiro has joined #openstack-keystone14:08
*** spilla has joined #openstack-keystone14:19
gagehugoo/14:30
lbragstado/14:31
*** links has quit IRC14:33
*** felipemonteiro has quit IRC14:33
*** jmlowe has quit IRC14:38
*** gongysh has quit IRC14:48
*** jrist has quit IRC14:49
*** imacdonn has quit IRC14:51
*** imacdonn has joined #openstack-keystone14:51
*** pcaruana has quit IRC14:52
*** ChanServ sets mode: +o lbragstad15:01
*** r-daneel has quit IRC15:07
*** r-daneel has joined #openstack-keystone15:08
*** jrist has joined #openstack-keystone15:15
*** jrist has quit IRC15:15
*** jrist has joined #openstack-keystone15:15
*** r-daneel has quit IRC15:19
openstackgerritLance Bragstad proposed openstack/keystone master: Reduce duplication in federated auth APIs  https://review.openstack.org/58578215:20
jaosoriorlbragstad: hey! Back from vacations. Was the bug fixed where it wasn't passed if a token is system scoped? (forgot the bug ID)15:22
lbragstadjaosorior: yep - let me grab you a link15:22
lbragstadwelcome back :)15:22
lbragstadjaosorior: https://bugs.launchpad.net/oslo.policy/+bug/1779172 was it - yeah?15:24
openstackLaunchpad bug 1779172 in oslo.policy "RFE: policy enforcement should accept context objects" [Undecided,Fix released] - Assigned to Lance Bragstad (lbragstad)15:24
lbragstadif so - that was addressed with https://review.openstack.org/#/c/578995/15:24
jaosoriorlbragstad: that looks about right15:25
jaosoriornice!15:25
lbragstadyeah - that should be fixed in oslo.policy 1.38.015:25
jaosoriorso, currently only projects passing the context object to the policy enforcer will be able to use system scopes, right? (unless they explicitly pass the key "system" in the creds)15:26
lbragstad(latest release is 1.38.1)15:26
lbragstadcorrect15:26
lbragstadIMO - having the ability to use a context object is a nice carrot that might help move projects in that direction (and hopefully away from building creds dictionaries by hand)15:26
jaosorioragreed15:27
*** r-daneel has joined #openstack-keystone15:27
lbragstadthen we should be able to control all that stuff with just oslo.context and oslo.policy patches if projects are just using context objects15:28
*** gyee has joined #openstack-keystone15:29
jaosoriorthat sounds like the way to go15:30
lbragstadi hope so15:30
jaosoriorway less error-prone15:30
lbragstad++15:30
jaosoriorand if folks need extra attributes, then they can just subclass the context class (would probably be the case for nova)15:31
lbragstadyeah - some projects are already doing that (i know we do in keystone)15:31
*** abhi89 has quit IRC15:31
*** dtantsur has joined #openstack-keystone15:43
dtantsurhi folks! I desperately need help with understanding https://bugs.launchpad.net/keystoneauth/+bug/178359015:43
openstackLaunchpad bug 1783590 in keystoneauth "EmptyCatalog raised when the catalog is not empty" [Undecided,New]15:43
dtantsurthe only thing I understand is that the exception message is wrong.. but I have no ideas on what could cause it to not see the catalog15:43
*** itlinux has joined #openstack-keystone15:49
dtantsurthe only conclusion I can make from local testing is that Token auth is completely broken :-/15:51
*** ispp has quit IRC15:53
*** dave-mccowan has quit IRC15:58
*** dave-mccowan has joined #openstack-keystone16:00
*** vrv_ has quit IRC16:15
ayoungjaosorior, lets set up some time for you me and hrybacki to talk through what we want to present on policy.  We can then backbrief the rest of the Keystoners in the next couple weeks.16:50
*** tesseract has quit IRC16:53
*** dtantsur is now known as dtantsur|afk17:13
*** AlexeyAbashkin has quit IRC17:17
*** xinran__ has quit IRC17:34
hrybackiayoung: perhaps Tuesday morning? I'm off this Fri/Mon17:45
*** felipemonteiro has joined #openstack-keystone17:45
jaosoriorayoung: sounds good to me17:47
ayoungim out tuesday and wednesday17:47
*** itlinux has quit IRC17:47
*** spilla has quit IRC17:49
*** itlinux has joined #openstack-keystone17:51
*** spilla has joined #openstack-keystone17:52
*** sapd has quit IRC17:56
*** abhi89 has joined #openstack-keystone17:57
*** markvoelker_ has joined #openstack-keystone18:05
*** markvoelker has quit IRC18:06
*** rcernin has joined #openstack-keystone18:09
*** abhi89 has quit IRC18:11
*** fiddletwix has joined #openstack-keystone18:12
*** dave-mcc_ has joined #openstack-keystone18:19
*** dave-mccowan has quit IRC18:20
*** rodrigod` is now known as rodrigods18:22
*** rodrigods has quit IRC18:22
*** rodrigods has joined #openstack-keystone18:22
ayounghrybacki, jaosorior sorry, I should have notified you on that;  I'm moving on Tuesday/Wednesday next week.18:25
hrybackiayoung: oh nice! to where??18:27
ayoungSame town, but we bought a house.18:27
ayoung1850s18:28
openstackgerritKristi Nikolla proposed openstack/keystone master: Enable mutable config  https://review.openstack.org/58541718:30
knikollalbragstad, kmalloc ^^18:31
lbragstadayoung: congrats!18:34
*** dtruong_ has joined #openstack-keystone18:45
*** dtruong has quit IRC18:49
*** rcernin has quit IRC18:53
*** dklyle has quit IRC19:03
openstackgerritKristi Nikolla proposed openstack/keystone master: Deprecate [token] infer_roles=False  https://review.openstack.org/57486919:04
*** rcernin has joined #openstack-keystone19:09
*** d0ugal has joined #openstack-keystone19:11
*** rcernin has quit IRC19:16
ayounglbragstad, thanks19:18
gagehugoayoung nice!19:23
*** flwang1 has quit IRC19:34
*** d0ugal has quit IRC19:46
*** felipemonteiro_ has joined #openstack-keystone19:52
kmalloclbragstad: is revoked token list deprecated?19:52
kmalloclbragstad: it sure would be easier if i could just always make it return 41019:53
* lbragstad hands kmalloc https://review.openstack.org/#/c/545009/19:54
lbragstadgagehugo: thanks for the rechecks19:55
lbragstadi'm hoping that fix doesn't drab out because of zuul tripping19:55
kmalloclol, i thought we landed that one lbragstad19:56
kmallocbah.19:56
*** felipemonteiro has quit IRC19:56
jaosoriorayoung: congrats!19:56
* gagehugo stares at zuul19:58
openstackgerritMorgan Fainberg proposed openstack/keystone master: Address FIXMEs for listing revoked tokens  https://review.openstack.org/54500920:03
openstackgerritMorgan Fainberg proposed openstack/keystone master: Move unenforced_api decorator to module function  https://review.openstack.org/58586920:03
kmalloclbragstad: ^ it's now part of the flask chain20:03
lbragstadkmalloc: nice - i can abandon mine then20:12
lbragstadoh - wait... nevermind20:13
lbragstadthanks for working that into the chain20:13
kmalloclbragstad: makes my life a TON easier for auth->api.auth20:14
*** edmondsw has quit IRC20:28
*** edmondsw has joined #openstack-keystone20:28
openstackgerritMerged openstack/keystone master: Introduce new TokenModel object  https://review.openstack.org/55912920:31
*** edmondsw has quit IRC20:32
*** gongysh has joined #openstack-keystone20:50
*** flwang1 has joined #openstack-keystone20:58
*** spilla has quit IRC21:00
gagehugolbragstad kmalloc for the FIXMEs it's going from a 2XX -> 403, we're not breaking any contracts there are we?21:01
kmallocit isn't actually moving to a 20021:03
kmallocerm from21:03
kmallocif you don't have signing stuff, you end up with 500s21:03
kmalloclook at the comment on the previous patchset21:03
kmallocbasically we move from consistent 500 -> 40321:03
openstackgerritMerged openstack/keystone master: Add docs for case-insensitivity in keystone  https://review.openstack.org/57664021:04
*** gongysh has quit IRC21:04
*** openstackgerrit has quit IRC21:04
gagehugokmalloc welp idk how I missed that21:07
gagehugoseeing as I left the same comment back in Feb21:08
kmallochehe21:08
* gagehugo facepalms21:08
*** itlinux has quit IRC21:31
*** itlinux has joined #openstack-keystone21:36
*** dklyle has joined #openstack-keystone21:38
*** edmondsw has joined #openstack-keystone21:40
*** edmondsw has quit IRC21:45
*** felipemonteiro_ has quit IRC21:48
*** martinus__ has quit IRC21:59
*** mchlumsky has quit IRC22:07
*** eandersson has quit IRC22:22
*** eandersson has joined #openstack-keystone22:24
*** itlinux has quit IRC22:25
*** spilla has joined #openstack-keystone22:26
*** mtreinish has quit IRC22:33
*** mtreinish has joined #openstack-keystone22:36
*** openstackgerrit has joined #openstack-keystone23:06
openstackgerritMerged openstack/keystonemiddleware master: Replace port 35357 with 5000  https://review.openstack.org/58425123:06
*** r-daneel has quit IRC23:28
*** edmondsw has joined #openstack-keystone23:29
*** edmondsw has quit IRC23:33
*** itlinux has joined #openstack-keystone23:44
« Tuesday, 2018-07-24 Index Thursday, 2018-07-26 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!