Wednesday, 2018-08-22

« Tuesday, 2018-08-21 Index Thursday, 2018-08-23 »
*** gyee has quit IRC00:19
*** felipemonteiro has joined #openstack-keystone00:20
*** harlowja has quit IRC00:23
*** imacdonn has quit IRC00:49
*** imacdonn has joined #openstack-keystone00:49
*** felipemonteiro has quit IRC00:59
*** felipemonteiro has joined #openstack-keystone01:21
*** dmellado has quit IRC01:22
*** rcernin_ has joined #openstack-keystone01:23
*** rcernin has quit IRC01:25
*** felipemonteiro has quit IRC01:31
*** felipemonteiro has joined #openstack-keystone01:45
*** wxy-xiyuan has joined #openstack-keystone01:50
*** rcernin has joined #openstack-keystone02:00
*** felipemonteiro has quit IRC02:01
*** rcernin_ has quit IRC02:03
*** felipemonteiro has joined #openstack-keystone02:05
*** felipemonteiro has quit IRC02:06
*** dmellado has joined #openstack-keystone02:38
*** edmondsw has quit IRC02:45
openstackgerritwangxiyuan proposed openstack/keystone master: Change unique_last_password_count default to 0  https://review.openstack.org/59347603:22
*** nicolasbock has quit IRC03:32
*** felipemonteiro has joined #openstack-keystone03:49
*** felipemonteiro has quit IRC03:54
*** shyamb has joined #openstack-keystone04:15
*** felipemonteiro has joined #openstack-keystone04:24
*** felipemonteiro has quit IRC04:28
*** shyamb has quit IRC04:32
*** shyamb has joined #openstack-keystone04:32
*** shyamb has quit IRC05:30
*** edmondsw has joined #openstack-keystone05:34
*** shyamb has joined #openstack-keystone05:36
*** felipemonteiro has joined #openstack-keystone05:36
openstackgerritVishakha Agarwal proposed openstack/keystone master: Using isinstance(f, collections.Callable)  https://review.openstack.org/59480605:41
*** felipemonteiro has quit IRC05:50
*** shyamb has quit IRC06:08
*** shyamb has joined #openstack-keystone06:09
*** pcaruana has joined #openstack-keystone06:41
*** gagehugo has quit IRC06:49
*** shyamb has quit IRC06:51
*** shyamb has joined #openstack-keystone06:52
*** dmellado has quit IRC07:04
*** dmellado has joined #openstack-keystone07:06
*** rcernin has quit IRC07:07
*** ispp has joined #openstack-keystone07:08
*** dmellado has quit IRC07:12
*** ispp has quit IRC07:12
*** dmellado has joined #openstack-keystone07:19
*** gagehugo has joined #openstack-keystone07:26
*** evrardjp has joined #openstack-keystone07:26
*** shyamb has quit IRC07:27
*** pcaruana has quit IRC08:28
openstackgerritMerged openstack/keystone master: Redundant parameters in api-ref:domain-config  https://review.openstack.org/59060408:29
*** pcaruana has joined #openstack-keystone08:30
*** s10 has joined #openstack-keystone08:30
*** shyamb has joined #openstack-keystone08:41
*** josecastroleon has quit IRC09:00
*** josecastroleon has joined #openstack-keystone09:00
*** shyam89 has joined #openstack-keystone09:22
*** shyamb has quit IRC09:27
*** tobberydberg has joined #openstack-keystone09:31
*** Mantorok has quit IRC09:42
*** shyam89 has quit IRC09:54
*** josecastroleon has quit IRC09:56
*** shyam89 has joined #openstack-keystone10:02
*** shyamb has joined #openstack-keystone10:03
mbuilcmurphy: hello! I finally got time again to check keystone federation using horizon. On the top right, I can see that I can switch between Local Keystone and mysp. When I click on mysp "Switch to Keystone Provider mysp successful" and "Error: Unauthorized: Unable to retrieve project list"10:05
*** jaosorior_ has quit IRC10:05
mbuilcmurphy: looking at /var/log/horizon/horizon-error.log I see the following error: https://hastebin.com/ivamibevih.sql10:05
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: create() call in v3.regions.py is wrong  https://review.openstack.org/59492110:06
mbuilcmurphy: however, I don't see much at the SP side. Keystone logs don't show any error in both apache2 and keystone. Everything seems fine. Any idea what might be happening? Thanks in advance!10:06
*** shyam89 has quit IRC10:07
openstackgerritStephen Finucane proposed openstack/oslo.policy master: sphinxext: Start parsing 'DocumentedRuleDefault.description' as rST  https://review.openstack.org/59422210:17
*** s10 has quit IRC10:42
*** nicolasbock has joined #openstack-keystone10:44
*** dave-mccowan has joined #openstack-keystone10:47
openstackgerritVishakha Agarwal proposed openstack/keystone master: Use items() instead of iteritems()  https://review.openstack.org/59492911:05
*** josecastroleon has joined #openstack-keystone11:08
*** shyamb has quit IRC11:11
*** jaosorior has joined #openstack-keystone11:15
*** shyamb has joined #openstack-keystone11:17
cmurphymbuil: are you trying to log in as admin?11:52
cmurphysometimes horizon is weird about the admin user in this situation11:52
cmurphyit's weird because it wants to list projects for nova or something11:53
cmurphytry using a different user and also turn on insecure_debug in both keystones to get more information11:53
mbuilcmurphy: yes, I was admin11:55
*** raildo has joined #openstack-keystone11:56
*** shyamb has quit IRC12:35
*** shyamb has joined #openstack-keystone12:42
mbuilcmurphy: BTW, should I add the "WEBSSO_CHOICES" option explained under http://www.gazlene.net/demystifying-keystone-federation.html?13:02
openstackgerritMerged openstack/keystone master: Update api-ref for unified limits  https://review.openstack.org/58842513:18
*** shyamb has quit IRC13:21
*** ayoung has quit IRC13:23
*** felipemonteiro has joined #openstack-keystone13:26
openstackgerritLance Bragstad proposed openstack/keystone master: Trivial: Add missing space in exception  https://review.openstack.org/59500213:30
cmurphymbuil: no, that only applies for an external identity provider, with k2k you don't need to make any config changes to horizon13:34
*** josecastroleon has quit IRC13:44
*** josecastroleon has joined #openstack-keystone13:44
*** r-daneel has joined #openstack-keystone13:48
*** felipemonteiro has quit IRC13:54
*** dmellado has quit IRC14:01
BlackDexHello there. I'm having some issues with keystone and project/user/domain roles14:02
BlackDexi have admin_domain with an admin project which is the big-mother of admins14:03
BlackDexnow i have a second domain, say test_domain14:03
BlackDexand i want to have a special user which can create projects and users only within that domain14:04
*** nicolasbock has quit IRC14:04
*** s10 has joined #openstack-keystone14:05
lbragstadBlackDex: yeah - fixing that today likely requires a bunch of modifications to policy.yaml files14:06
lbragstadunforunately14:06
BlackDexif i create an user and link it as admin to that specific domain i'm not able to do much14:07
BlackDexbut if i give that admin user an admin project and make it admin, it can add projects14:07
BlackDexbut it also sees the instances of other domains!14:08
lbragstadyeah :(14:08
BlackDexah14:08
lbragstadit's a mess14:08
BlackDexa known issue14:08
lbragstadbut the good news is that we have the plumbing in place to start fixing it14:08
lbragstadhttps://bugs.launchpad.net/keystone/+bug/175066014:08
openstackLaunchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged]14:08
BlackDexis there a ticket somewhere which i can follow?14:08
BlackDexthx :14:08
BlackDex:)14:08
*** felipemonteiro has joined #openstack-keystone14:08
BlackDexlbragstad: i whish you good luck then with fixing it14:09
lbragstadBlackDex: the overall issue spanning OpenStack projects is here https://bugs.launchpad.net/keystone/+bug/96869614:09
openstackLaunchpad bug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] - Assigned to Adam Young (ayoung)14:09
BlackDexoke thx14:09
BlackDexi subscribed to it14:09
lbragstadbut we do have bugs open against keystone directly to make out API more self-service https://bugs.launchpad.net/keystone/+bugs?field.tag=policy14:09
lbragstadhttps://bugs.launchpad.net/keystone/+bug/1750660 is specifically what you're looking for I think14:10
openstackLaunchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged]14:10
*** felipemonteiro has quit IRC14:10
BlackDexyea it seems so thx!14:11
lbragstadno problem14:11
BlackDexi found those bugs, but wernt sure14:11
BlackDexfirst thought i was going crazy14:11
BlackDexbut it's non-wanted-feature14:11
BlackDexthx lbragstad, i have subscribed my self to these tickets so i will get notified of the changes!14:14
*** felipemonteiro has joined #openstack-keystone14:14
lbragstadsounds good14:14
*** felipemonteiro has quit IRC14:18
*** felipemonteiro has joined #openstack-keystone14:18
*** felipemonteiro has quit IRC14:24
*** felipemonteiro has joined #openstack-keystone14:27
*** felipemonteiro has quit IRC14:30
*** nicolasbock has joined #openstack-keystone14:31
*** felipemonteiro has joined #openstack-keystone14:33
*** felipemonteiro has quit IRC14:35
gagehugolbragstad https://review.openstack.org/#/c/581122/14:40
*** raildo has quit IRC14:40
gagehugodevstack change for "member"14:40
*** raildo has joined #openstack-keystone14:42
lbragstadgagehugo: nice14:43
*** jrist has joined #openstack-keystone14:45
*** s10 has quit IRC14:47
*** raildo_ has joined #openstack-keystone14:51
*** raildo has quit IRC14:54
*** pcaruana has quit IRC15:10
*** r-daneel has quit IRC15:23
*** r-daneel has joined #openstack-keystone15:24
*** openstackgerrit has quit IRC15:31
lbragstadkmalloc: is there anything specific that needs to be done before we can start using the flask client stuff in tests?15:37
lbragstadi'm trying to figure out the best path forward for testing fixes for incorporating scope types, but i think we need to teach the tests how to use keystone-manage bootstrap instead of self.load_sample_data()15:38
lbragstadand the setup chain for test_v3.RestfulTestCase is intense15:40
lbragstadso i'm considering options for implementing a new RestfulTestCase that doesn't rely on all the bloated setup stuff15:41
lbragstadthoughts anyone/15:41
*** nicolasbock has quit IRC15:43
*** dmellado has joined #openstack-keystone15:45
*** nicolasbock has joined #openstack-keystone15:49
*** pcaruana has joined #openstack-keystone15:49
kmalloclbragstad: you can use the test client at anytime, just can't use flask.request unless the API has been ported15:59
lbragstadack15:59
lbragstadok15:59
kmallocBut test client and all that works today, it's how rbac enforcer is tested, among other things.15:59
lbragstadi might try and incorporate that into the new protection tests...16:00
kmallocSure!16:00
lbragstadidk... kinda feels like a rabbit hole16:00
lbragstadour existing test setup infrastructure is so complicated16:00
lbragstadand incorporating bootstrap into that to reduce the complexity could be a pretty large refactor16:01
*** raildo has joined #openstack-keystone16:16
*** raildo_ has quit IRC16:19
*** spilla has joined #openstack-keystone16:25
*** felipemonteiro has joined #openstack-keystone16:58
*** gyee has joined #openstack-keystone17:03
*** DinaBelova has quit IRC17:25
*** redrobot has quit IRC17:25
*** cburgess has quit IRC17:25
*** mchlumsky has quit IRC17:25
*** aloga has quit IRC17:25
*** sayalilunkad has quit IRC17:25
*** mbuil has quit IRC17:25
*** mtreinish has quit IRC17:25
*** N3l1x has quit IRC17:25
*** obre has quit IRC17:25
*** jlvillal has quit IRC17:25
*** afazekas_ has quit IRC17:25
*** hemna has quit IRC17:25
*** dims has quit IRC17:25
*** cwright has quit IRC17:25
*** Anticimex has quit IRC17:25
*** chudly_ has quit IRC17:25
*** DinaBelova has joined #openstack-keystone17:26
*** jlvillal has joined #openstack-keystone17:27
*** cburgess has joined #openstack-keystone17:32
*** dims_ has joined #openstack-keystone17:36
*** openstackgerrit has joined #openstack-keystone17:36
openstackgerritLance Bragstad proposed openstack/keystone master: Trivial: Remove app_conf kwarg from testing setup  https://review.openstack.org/59527117:36
*** markvoelker has quit IRC17:39
*** rodrigods has joined #openstack-keystone17:44
*** felipemonteiro has quit IRC17:45
*** hemna has joined #openstack-keystone18:08
*** ChanServ has quit IRC18:16
*** ChanServ has joined #openstack-keystone18:22
*** barjavel.freenode.net sets mode: +o ChanServ18:22
*** dmellado has quit IRC18:22
openstackgerritLance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional  https://review.openstack.org/59527918:26
*** pcaruana has quit IRC19:47
*** aloga has joined #openstack-keystone20:30
*** harlowja has joined #openstack-keystone20:42
*** raildo has quit IRC20:45
*** spilla has quit IRC20:54
*** spilla has joined #openstack-keystone20:54
*** spilla has quit IRC20:58
*** felipemonteiro has joined #openstack-keystone20:59
*** felipemonteiro has quit IRC21:23
*** felipemonteiro has joined #openstack-keystone21:26
*** dansmith is now known as htimsnad21:34
*** felipemonteiro has quit IRC21:57
openstackgerritLance Bragstad proposed openstack/keystone master: Fix db model inconsistency for FederatedUser  https://review.openstack.org/56624222:12
openstackgerritLance Bragstad proposed openstack/keystone master: Enable Foreign keys for sql backend unit test  https://review.openstack.org/55802922:12
openstackgerritLance Bragstad proposed openstack/keystone master: Enable foreign keys for unit test  https://review.openstack.org/55819322:12
openstackgerritLance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional  https://review.openstack.org/59527922:12
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: Implement scope_type checking for credentials  https://review.openstack.org/59454722:12
openstackgerritLance Bragstad proposed openstack/keystone master: Move loadapp to a generic place  https://review.openstack.org/59537122:12
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: Implement scope_type checking for credentials  https://review.openstack.org/59454722:13
*** felipemonteiro has joined #openstack-keystone22:22
*** rcernin has joined #openstack-keystone22:34
*** felipemonteiro has quit IRC22:37
*** ChanServ has quit IRC22:49
*** ChanServ has joined #openstack-keystone23:03
*** barjavel.freenode.net sets mode: +o ChanServ23:03
*** _KaszpiR_ has quit IRC23:04
*** _KaszpiR_ has joined #openstack-keystone23:06
*** felipemonteiro has joined #openstack-keystone23:26
*** felipemonteiro has quit IRC23:55
*** r-daneel has quit IRC23:58
« Tuesday, 2018-08-21 Index Thursday, 2018-08-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!