Tuesday, 2018-07-31

« Monday, 2018-07-30 Index Wednesday, 2018-08-01 »
kmallocI know00:00
kmallocBut still.00:00
kmallocAt least there is a chance the non freeze affected changes can go a bit faster now ;)00:01
kmallocclarkb: also ohai! :)00:01
clarkbhello there. But ya post feature freeze bug fixing and stabilization usually means everyone goes on a multi month vacation :P the upside is if you do work chances of it getting in are high :)00:01
kmallocYeah, too bad my vacation will be sometime in Oct/Nov or so00:02
*** bigdogstl has joined #openstack-keystone00:17
*** bigdogstl has quit IRC00:22
mgagnethis release note states that v2.0 endpoint will be removed in T release: https://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-notes00:29
mgagnebut in Queens release, at the far bottom, there is a little note about v2.0 being completely removed: https://docs.openstack.org/releasenotes/keystone/queens.html#other-notes00:29
mgagneI think this kind of removal should have been moved at the very top of the release note... and pike release note updated :-/00:30
*** bigdogstl has joined #openstack-keystone00:32
*** edmondsw has joined #openstack-keystone00:42
*** edmondsw has quit IRC00:48
*** ayoung has quit IRC00:53
*** ayoung has joined #openstack-keystone01:09
*** mvk_ has quit IRC01:10
*** mvk_ has joined #openstack-keystone01:11
*** bigdogstl has quit IRC01:15
*** dklyle has quit IRC01:38
*** gyee has quit IRC01:40
kmallocmgagne: updating release notes is a nightmare, we just don't do it. Second, we don't (afaik) have control over the order of release notes.01:48
kmallocmgagne: updating release notes for a past fully completed release.01:48
*** annp has joined #openstack-keystone01:50
*** sapd has joined #openstack-keystone01:51
openstackgerritBi wei proposed openstack/keystone master: fix Bug #1784375  https://review.openstack.org/58726201:52
openstackbug 1784375 in OpenStack Identity (keystone) "Identity API v3 (CURRENT) in Identity API Reference: PUT method for "Add user to group" returns 204 on success, not 200 as written" [Low,Confirmed] https://launchpad.net/bugs/1784375 - Assigned to Bi wei (biwei)01:52
*** threestrands has quit IRC02:10
openstackgerritBi wei proposed openstack/keystone master: Api-ref:Correct response code  https://review.openstack.org/58726202:19
openstackgerritBi wei proposed openstack/keystone master: Api-ref: Correct response code  https://review.openstack.org/58726202:21
openstackgerritwangxiyuan proposed openstack/keystone master: Remove get_catalog from manage layer  https://review.openstack.org/57570402:45
*** gongysh has joined #openstack-keystone02:56
*** links has joined #openstack-keystone03:15
*** bigdogstl has joined #openstack-keystone03:16
*** bigdogstl has quit IRC03:20
*** itlinux_ has joined #openstack-keystone03:21
*** threestrands has joined #openstack-keystone03:26
*** threestrands has quit IRC03:26
*** threestrands has joined #openstack-keystone03:26
*** DinaBelova has quit IRC04:07
*** andreykurilin has quit IRC04:07
*** jmccrory has quit IRC04:09
*** kevko has quit IRC04:09
*** chason has quit IRC04:09
*** gongysh has quit IRC04:11
*** jmccrory has joined #openstack-keystone04:13
*** andreykurilin has joined #openstack-keystone04:13
*** DinaBelova has joined #openstack-keystone04:15
*** chason has joined #openstack-keystone04:15
*** kevko has joined #openstack-keystone04:23
*** pooja_jadhav has joined #openstack-keystone04:30
*** jmlowe has quit IRC04:50
*** jmlowe has joined #openstack-keystone04:51
*** flwang1 has quit IRC04:58
openstackgerritMerged openstack/keystone master: Api-ref: Correct response code  https://review.openstack.org/58726205:09
*** gongysh has joined #openstack-keystone05:34
*** liuzz_ has joined #openstack-keystone05:41
*** liuzz has quit IRC05:45
*** liuzz has joined #openstack-keystone06:11
*** liuzz_ has quit IRC06:15
*** pcaruana has joined #openstack-keystone06:37
*** dklyle has joined #openstack-keystone06:39
*** martinus__ has joined #openstack-keystone06:54
*** aloga has joined #openstack-keystone07:02
*** dklyle has quit IRC07:06
*** ispp has joined #openstack-keystone07:07
*** peereb has joined #openstack-keystone07:10
*** links has quit IRC07:13
*** gongysh has quit IRC07:21
*** abhi89 has joined #openstack-keystone07:21
*** rcernin has quit IRC07:22
*** aloga has quit IRC07:27
*** aloga has joined #openstack-keystone07:39
*** tesseract has joined #openstack-keystone07:42
*** AlexeyAbashkin has joined #openstack-keystone07:42
*** aloga has quit IRC07:43
*** threestrands has quit IRC07:45
openstackgerritzhengliuyang proposed openstack/keystone master: Checking safety before keys rotation  https://review.openstack.org/58732607:51
*** threestrands has joined #openstack-keystone08:00
*** threestrands has quit IRC08:03
*** links has joined #openstack-keystone08:13
*** gongysh has joined #openstack-keystone08:19
abhi89lbragstad: please check comment #68 https://bugs.launchpad.net/keystone/+bug/177920508:49
openstackLaunchpad bug 1779205 in OpenStack Identity (keystone) rocky "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad)08:49
*** aloga has joined #openstack-keystone08:56
*** aloga_ has joined #openstack-keystone09:07
*** flwang1 has joined #openstack-keystone09:11
*** aloga_ has quit IRC09:14
*** jaosorior has quit IRC09:53
*** jaosorior has joined #openstack-keystone09:53
openstackgerritBi wei proposed openstack/keystone master: Expose a bug that issue token with project-scope get error: "object of type 'NoneType' has no len()"  https://review.openstack.org/58736809:59
openstackgerritBi wei proposed openstack/keystone master: Expose a bug that issue token with project-scope gets error  https://review.openstack.org/58736810:04
*** mvk_ has quit IRC10:16
*** abhi89 has quit IRC10:16
*** gongysh has quit IRC10:23
*** mvk_ has joined #openstack-keystone10:47
*** annp has quit IRC10:49
*** annp has joined #openstack-keystone11:03
*** raildo has joined #openstack-keystone11:53
openstackgerritBi wei proposed openstack/keystone master: Fix a bug that issue token with project-scope gets error  https://review.openstack.org/58739912:13
*** edmondsw has joined #openstack-keystone12:24
*** abhi89 has joined #openstack-keystone12:29
*** bigdogstl has joined #openstack-keystone12:52
*** bigdogstl has quit IRC12:58
*** links has quit IRC13:09
knikollao/13:12
*** bigdogstl has joined #openstack-keystone13:17
*** bigdogstl has quit IRC13:17
*** bigdogstl has joined #openstack-keystone13:17
*** s10 has joined #openstack-keystone13:18
*** links has joined #openstack-keystone13:26
lbragstado/13:33
lbragstadabhi89: do you know if you've set a default policy in your policy file?14:01
*** vrv_ has joined #openstack-keystone14:02
*** ispp has quit IRC14:03
*** ispp has joined #openstack-keystone14:07
*** spilla has joined #openstack-keystone14:11
*** bigdogstl has quit IRC14:12
*** itlinux_ has quit IRC14:38
*** mchlumsky has joined #openstack-keystone14:39
*** links has quit IRC14:41
*** bigdogstl has joined #openstack-keystone14:45
*** cwright has quit IRC14:45
*** cwright has joined #openstack-keystone14:50
*** abhi89 has quit IRC14:51
*** bigdogstl has quit IRC14:52
*** imacdonn has quit IRC14:53
*** imacdonn has joined #openstack-keystone14:54
*** links has joined #openstack-keystone15:00
*** wxy| has joined #openstack-keystone15:00
*** peereb has quit IRC15:06
*** s10 has quit IRC15:07
*** pcaruana has quit IRC15:10
*** links has quit IRC15:12
*** s10 has joined #openstack-keystone15:12
*** ispp has quit IRC15:21
*** bigdogstl has joined #openstack-keystone15:29
kmallocO/15:36
gagehugoo/15:46
*** links has joined #openstack-keystone15:49
*** links has quit IRC15:51
*** links has joined #openstack-keystone15:52
*** felipemonteiro has joined #openstack-keystone15:53
*** links has quit IRC15:55
*** links has joined #openstack-keystone15:55
*** dklyle has joined #openstack-keystone15:56
*** felipemonteiro_ has joined #openstack-keystone15:56
knikollalbragstad: i won't be attending the meeting today, but i'll be back for office hours15:56
*** links has quit IRC15:58
*** links has joined #openstack-keystone15:58
*** felipemonteiro has quit IRC16:00
*** r-daneel has joined #openstack-keystone16:00
*** links has quit IRC16:01
*** links has joined #openstack-keystone16:01
*** felipemonteiro_ has quit IRC16:04
*** felipemonteiro_ has joined #openstack-keystone16:04
*** bigdogstl has quit IRC16:09
*** links has quit IRC16:10
*** vrv_ has quit IRC16:11
*** bigdogstl has joined #openstack-keystone16:16
*** r-daneel has quit IRC16:21
*** links has joined #openstack-keystone16:21
*** bigdogstl has quit IRC16:21
*** bigdogstl has joined #openstack-keystone16:22
*** links has quit IRC16:24
*** links has joined #openstack-keystone16:25
*** zhongjun__ has quit IRC16:25
*** wxy| has quit IRC16:26
*** links has quit IRC16:27
lbragstadstepping out for a bit16:27
lbragstadbiab16:27
*** bigdogstl has quit IRC16:27
*** links has joined #openstack-keystone16:28
*** bigdogstl has joined #openstack-keystone16:29
*** links has quit IRC16:30
*** links has joined #openstack-keystone16:31
*** links has quit IRC16:33
*** spilla has quit IRC16:33
*** links has joined #openstack-keystone16:33
*** bigdogstl has quit IRC16:34
*** bigdogstl has joined #openstack-keystone16:35
*** itlinux has joined #openstack-keystone16:35
*** links has quit IRC16:35
*** dtruong2 has joined #openstack-keystone16:36
*** links has joined #openstack-keystone16:36
*** links has quit IRC16:38
*** bigdogstl has quit IRC16:39
*** links has joined #openstack-keystone16:39
*** bigdogstl has joined #openstack-keystone16:39
*** r-daneel has joined #openstack-keystone16:41
*** links has quit IRC16:41
*** links has joined #openstack-keystone16:42
*** spilla has joined #openstack-keystone16:43
*** links has quit IRC16:44
*** links has joined #openstack-keystone16:45
*** AlexeyAbashkin has quit IRC16:47
*** yikun has quit IRC16:47
*** dklyle has quit IRC16:48
*** spilla has quit IRC16:48
*** links has quit IRC16:48
*** spilla has joined #openstack-keystone16:48
*** links has joined #openstack-keystone16:48
*** links has quit IRC16:51
*** links has joined #openstack-keystone16:51
*** abhi89 has joined #openstack-keystone16:52
*** links has quit IRC16:54
*** links has joined #openstack-keystone16:54
*** links has quit IRC16:56
*** links has joined #openstack-keystone16:57
*** links has quit IRC17:00
*** bigdogstl has quit IRC17:00
*** s10 has quit IRC17:00
*** r-daneel_ has joined #openstack-keystone17:01
*** links has joined #openstack-keystone17:01
*** bigdogstl has joined #openstack-keystone17:03
*** r-daneel has quit IRC17:03
*** r-daneel_ is now known as r-daneel17:03
*** tesseract has quit IRC17:03
*** links has quit IRC17:03
*** links has joined #openstack-keystone17:04
*** links has quit IRC17:06
*** links has joined #openstack-keystone17:07
lbragstad#startmeeting keystone-office-hours17:07
openstackMeeting started Tue Jul 31 17:07:10 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.17:07
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:07
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"17:07
*** ChanServ changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"17:07
openstackThe meeting name has been set to 'keystone_office_hours'17:07
*** dklyle has joined #openstack-keystone17:07
*** gyee has joined #openstack-keystone17:07
*** links has quit IRC17:09
abhi89lbragstad: no, there is no default policy set17:09
*** links has joined #openstack-keystone17:10
*** bigdogstl has quit IRC17:11
*** links has quit IRC17:12
*** links has joined #openstack-keystone17:12
*** links has quit IRC17:15
*** links has joined #openstack-keystone17:15
lbragstadabhi89: so - you don't have that policy listed in your policy.json but you can still access it?17:16
abhi89lbragstad: is there a policy rule for GET /v3/OS-FEDERATION/projects.. i didnot find any.. https://docs.openstack.org/keystone/queens/configuration/policy.html17:17
abhi89lbragstad: yes, no policy set for that api, but still i can access it17:17
*** links has quit IRC17:18
*** links has joined #openstack-keystone17:18
openstackgerritMorgan Fainberg proposed openstack/keystone master: Break dependencies on auth.controllers  https://review.openstack.org/58551917:19
abhi89lbragstad: we are also not using federation at all17:19
openstackgerritMorgan Fainberg proposed openstack/keystone master: Move unenforced_api decorator to module function  https://review.openstack.org/58586917:20
openstackgerritMorgan Fainberg proposed openstack/keystone master: Address FIXMEs for listing revoked tokens  https://review.openstack.org/54500917:20
openstackgerritMorgan Fainberg proposed openstack/keystone master: Cleanup last of tests leaning on auth controllers  https://review.openstack.org/58630617:20
*** links has quit IRC17:21
lbragstadabhi89: ah - yeah.. sorry17:21
*** mvk_ has quit IRC17:21
lbragstadi think it's protected by https://github.com/openstack/keystone/blob/master/keystone/common/policies/user.py#L5417:21
*** links has joined #openstack-keystone17:21
abhi89lbragstad: yes17:22
lbragstadi see what you're saying now17:22
lbragstadyou're correct - the description was misleading17:23
kmalloclbragstad: yep, that is what i guessed was the issue17:23
*** links has quit IRC17:24
*** links has joined #openstack-keystone17:24
lbragstadchecking with prometheanfire to see if there is a way to update those descriptions after disclosure17:25
abhi89lbragstad: ok..17:25
itlinuxhello all, I know the policy.json is now not showing in the /etc/keystone/policy.json file.. what's the best way to get that extracted so I can create a new role. Thanks17:25
lbragstaditlinux: oslo.policy exposes some tooling to generate sample policy files17:26
lbragstaditlinux: https://docs.openstack.org/oslo.policy/latest/cli/index.html#oslopolicy-sample-generator17:26
*** links has quit IRC17:27
*** links has joined #openstack-keystone17:27
itlinuxthanks lbragstad17:27
lbragstadyep17:28
itlinuxso if I oslopolicy-sample-generator --namespace keystone it extracts what's in use now and I can then add/modify it and place it in the /etc/keystone and it will automatically be used.. That's my understanding correct me if I am wrong. @lbragstad17:30
*** links has quit IRC17:30
*** links has joined #openstack-keystone17:30
*** felipemonteiro__ has joined #openstack-keystone17:30
*** bigdogstl has joined #openstack-keystone17:32
*** links has quit IRC17:33
*** links has joined #openstack-keystone17:33
*** felipemonteiro_ has quit IRC17:34
imacdonnhaven't tried it with keystone, but with nova (at least), you can define new policies in an otherwise-empty policy.json, and they get merged with the defaults17:34
*** felipemonteiro__ has quit IRC17:35
*** felipemonteiro__ has joined #openstack-keystone17:35
*** links has quit IRC17:36
*** links has joined #openstack-keystone17:37
*** links has quit IRC17:39
lbragstaditlinux: you can use it to generate a sample based on the defaults in code17:39
lbragstador your can use it to generate a policy file including the overrides you have already on disk17:40
*** links has joined #openstack-keystone17:40
lbragstadthe use case for the later is for horizon or supplying an auditor with a copy of your policy.json17:40
lbragstadoslopolicy-policy-generator generates a complete policy file that includes any overrides you supply via an existing policy file and default policies17:41
*** links has quit IRC17:42
lbragstadoslopolicy-sample-generator just gives you a sample policy file with the default we maintain in keystone's source (it doesn't take any of your overrides into consideration, if you have any)17:42
*** links has joined #openstack-keystone17:42
*** links has quit IRC17:45
*** links has joined #openstack-keystone17:46
*** bigdogstl has quit IRC17:47
*** links has quit IRC17:52
itlinuxok.. so basically I could just create a new policy role and does not affect the others.. and save it in /etc/keystone/policy.json and /etc/openstack-dashbaord ..17:57
itlinuxlbargstad:17:57
*** bigdogstl has joined #openstack-keystone17:57
itlinuxbragstad:17:57
itlinuxthanks for your tips..17:57
*** mvk_ has joined #openstack-keystone18:01
itlinuxthe file I gen.. does not show the ResellerAdmin stuff.. can you let me know what's the best to show what's actually the policy now lbagstad: thanks18:01
*** r-daneel has quit IRC18:02
*** bigdogstl has quit IRC18:07
*** bigdogstl has joined #openstack-keystone18:10
*** r-daneel has joined #openstack-keystone18:20
*** dklyle has quit IRC18:23
*** itlinux has quit IRC18:24
*** abhi89 has quit IRC18:37
*** bigdogstl has quit IRC18:37
*** dklyle has joined #openstack-keystone18:40
*** bigdogstl has joined #openstack-keystone18:51
*** bigdogstl has quit IRC18:56
*** bigdogstl has joined #openstack-keystone18:58
*** itlinux has joined #openstack-keystone19:02
*** bigdogstl has quit IRC19:03
*** bigdogstl has joined #openstack-keystone19:14
*** bigdogstl has quit IRC19:19
*** bigdogstl has joined #openstack-keystone19:20
*** felipemonteiro_ has joined #openstack-keystone19:32
*** felipemonteiro__ has quit IRC19:36
*** bigdogstl has quit IRC19:37
*** flwang1 has quit IRC19:40
*** bigdogstl has joined #openstack-keystone19:40
*** bigdogstl has quit IRC20:00
*** bigdogstl has joined #openstack-keystone20:05
*** bigdogstl has quit IRC20:19
*** bigdogstl has joined #openstack-keystone20:23
*** bigdogstl has quit IRC20:36
*** martinus__ has quit IRC20:40
*** bigdogstl has joined #openstack-keystone20:51
*** bigdogstl has quit IRC20:56
*** bigdogstl has joined #openstack-keystone21:00
*** edmondsw has quit IRC21:00
*** raildo has quit IRC21:00
*** edmondsw has joined #openstack-keystone21:01
*** edmondsw has quit IRC21:01
*** edmondsw has joined #openstack-keystone21:01
*** bigdogstl has quit IRC21:04
*** spilla has quit IRC21:09
*** flwang1 has joined #openstack-keystone21:11
*** felipemonteiro_ has quit IRC21:25
*** felipemonteiro_ has joined #openstack-keystone21:26
*** bigdogstl has joined #openstack-keystone21:29
*** bigdogstl has quit IRC21:34
*** felipemonteiro_ has quit IRC21:46
lbragstad#endmeeting21:48
*** openstack changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"21:48
openstackMeeting ended Tue Jul 31 21:48:37 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:48
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-07-31-17.07.html21:48
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-07-31-17.07.txt21:48
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-07-31-17.07.log.html21:48
*** bigdogstl has joined #openstack-keystone22:03
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert OS-REVOKE to flask dispatching  https://review.openstack.org/58764722:06
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert OS-REVOKE to flask dispatching  https://review.openstack.org/58764722:07
*** itlinux has quit IRC22:09
*** bigdogstl has quit IRC22:16
*** edmondsw has quit IRC22:23
*** edmondsw has joined #openstack-keystone22:23
*** rcernin has joined #openstack-keystone22:26
*** edmondsw has quit IRC22:30
*** edmondsw has joined #openstack-keystone22:31
*** bigdogstl has joined #openstack-keystone23:10
*** edmondsw has quit IRC23:11
*** bigdogstl has quit IRC23:16
*** threestrands has joined #openstack-keystone23:24
*** _KaszpiR_ has quit IRC23:39
*** _KaszpiR_ has joined #openstack-keystone23:50
*** bigdogstl has joined #openstack-keystone23:54
*** r-daneel has quit IRC23:58
« Monday, 2018-07-30 Index Wednesday, 2018-08-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!