Wednesday, 2018-08-29

*** gyee has quit IRC00:42
*** itlinux is now known as itlinux-away01:09
*** fungi has quit IRC01:18
*** fungi has joined #openstack-keystone01:18
*** imacdonn has quit IRC01:18
*** imacdonn has joined #openstack-keystone01:19
*** odyssey4me has quit IRC01:19
*** zioproto has quit IRC01:19
*** odyssey4me has joined #openstack-keystone01:20
*** itlinux-away is now known as itlinux01:21
*** itlinux is now known as itlinux-away01:22
*** itlinux-away is now known as itlinux01:24
*** itlinux is now known as itlinux-away01:24
*** itlinux-away is now known as itlinux01:27
*** itlinux is now known as itlinux-away01:27
*** itlinux-away is now known as itlinux01:28
*** itlinux is now known as itlinux-away01:29
openstackgerritGage Hugo proposed openstack/keystone master: DNM/WIP Convert domains api to flask  https://review.openstack.org/59735001:37
*** Dinesh_Bhor has joined #openstack-keystone01:45
openstackgerritMerged openstack/oslo.policy master: Docs: Remove references to JSON format  https://review.openstack.org/59217001:48
*** pas-ha has quit IRC01:49
*** eglute has quit IRC01:49
*** ianw has quit IRC01:49
*** andreykurilin has quit IRC01:49
*** zigo has quit IRC01:49
*** spsurya has quit IRC01:49
*** jamielennox has quit IRC01:49
*** rm_work has quit IRC01:49
*** andreykurilin has joined #openstack-keystone01:49
*** itlinux-away is now known as itlinux01:51
*** itlinux is now known as itlinux-away01:51
*** ianw has joined #openstack-keystone01:53
*** jamielennox has joined #openstack-keystone01:53
*** rm_work has joined #openstack-keystone01:55
*** Dinesh_Bhor has quit IRC01:58
*** itlinux-away is now known as itlinux02:01
*** ianw has quit IRC02:03
*** ianw has joined #openstack-keystone02:04
*** vishakha has quit IRC02:08
*** Dinesh_Bhor has joined #openstack-keystone02:09
*** itlinux is now known as itlinux-away02:11
*** itlinux-away is now known as itlinux02:29
*** itlinux is now known as itlinux-away02:29
*** sapd1 has joined #openstack-keystone02:34
*** openstack has joined #openstack-keystone02:51
*** jhesketh has quit IRC02:51
*** zzzeek has joined #openstack-keystone02:52
*** ChanServ sets mode: +o openstack02:52
*** itlinux-away is now known as itlinux02:53
*** itlinux is now known as itlinux-away02:53
*** itlinux-away is now known as itlinux02:54
*** jhesketh has joined #openstack-keystone02:57
*** openstackstatus has joined #openstack-keystone03:00
*** ChanServ sets mode: +v openstackstatus03:00
*** spsurya has joined #openstack-keystone03:52
*** Dinesh_Bhor has quit IRC03:52
*** nicolasbock has quit IRC03:58
*** Dinesh_Bhor has joined #openstack-keystone04:31
*** ykarel has joined #openstack-keystone05:28
*** itlinux has quit IRC05:31
*** ykarel has quit IRC05:42
*** ykarel has joined #openstack-keystone05:52
*** shyamb has joined #openstack-keystone06:05
*** BlackDex has joined #openstack-keystone06:05
*** ykarel has quit IRC06:23
*** markvoelker has joined #openstack-keystone06:39
*** pcaruana has joined #openstack-keystone06:50
*** shyamb has quit IRC06:52
*** shyamb has joined #openstack-keystone06:53
*** ykarel has joined #openstack-keystone06:55
*** vishakha has joined #openstack-keystone06:57
*** rcernin has quit IRC07:00
*** ykarel has quit IRC07:05
vishakhawxy-xiyuan: Hi, https://bugs.launchpad.net/keystone/+bug/1724685 . The bug seems invalid as with a invalid role name  error 404 should return. It isn't a bad request which should return 400. Pl confirm07:05
openstackLaunchpad bug 1724685 in OpenStack Identity (keystone) "HTTP 404 creating trust with role that you don't have" [Low,Confirmed] - Assigned to Vishakha Agarwal (vishakha.agarwal)07:05
wxy-xiyuanvishakha: it should return 400, not 404 see api guide: http://git.openstack.org/cgit/openstack/api-sig/tree/guidelines/http/response-codes.rst#n7907:10
*** ykarel has joined #openstack-keystone07:10
*** ykarel has quit IRC07:10
wxy-xiyuanvishakha: IIRC´╝î some other APIs have this issue as well. But we need microversion support for API change. it's the reason why this bug is blocked.07:13
*** dolly has quit IRC07:16
*** takamatsu has quit IRC07:16
*** shyamb has quit IRC07:19
*** shyamb has joined #openstack-keystone07:20
*** shyamb has quit IRC07:25
*** shyamb has joined #openstack-keystone07:37
*** shyamb has quit IRC07:44
*** threestrands has quit IRC07:50
*** zigo has joined #openstack-keystone07:57
*** Emine has joined #openstack-keystone07:58
*** shyamb has joined #openstack-keystone08:30
vishakhawxy-xiyuan: Thanks for the update.08:39
*** Dinesh_Bhor has quit IRC08:51
*** Dinesh_Bhor has joined #openstack-keystone08:56
*** josecastroleon has quit IRC08:57
openstackgerritVishakha Agarwal proposed openstack/keystone master: Incorrect use of translation _()  https://review.openstack.org/59668309:29
*** shyamb has quit IRC09:34
*** shyamb has joined #openstack-keystone10:11
*** dave-mccowan has joined #openstack-keystone10:51
vishakhaHi wxy-xiyuan . I have updated a patch for  https://review.openstack.org/59668310:51
vishakhawxy-xiyuan: having a little doubt that code  for logging translated string  is done https://github.com/openstack/keystone/blob/master/keystone/tests/hacking/checks.py#L287-L30010:59
*** d0ugal has quit IRC11:03
*** Dinesh_Bhor has quit IRC11:08
*** nicolasbock has joined #openstack-keystone11:11
*** ykarel has joined #openstack-keystone11:12
*** shyamb has quit IRC11:16
*** shyamb has joined #openstack-keystone11:16
*** d0ugal has joined #openstack-keystone11:17
*** viks__ has quit IRC11:17
*** Dinesh_Bhor has joined #openstack-keystone11:31
*** Dinesh_Bhor has quit IRC11:31
openstackgerritMerged openstack/keystone master: Trivial: Add missing space in exception  https://review.openstack.org/59500211:42
openstackgerritMerged openstack/keystone master: Trivial: Remove app_conf kwarg from testing setup  https://review.openstack.org/59527111:42
*** shyamb has quit IRC11:44
*** raildo has joined #openstack-keystone11:50
*** shyamb has joined #openstack-keystone12:16
*** ykarel_ has joined #openstack-keystone12:20
*** shyamb has quit IRC12:22
*** ykarel has quit IRC12:22
*** shyamb has joined #openstack-keystone12:24
*** mchlumsky has joined #openstack-keystone12:35
*** ykarel_ is now known as ykarel12:36
ildikovlbragstad: if you happen to be around, there's an OPNFV Edge Cloud meeting call in 5 minutes where we will talk about a demo including Keystone federation and the guys might have some questions to sort out12:55
ildikovlbragstad: I've realized a little late that we have that call today, will figure out the schedule better onward12:55
*** pcaruana has quit IRC13:04
*** shyamb has quit IRC13:07
lbragstadildikov: sorry about that - i'll add a meeting notice to my calendar13:35
lbragstadwas it recorded?13:35
ildikovlbragstad: it's ok, I pinged you late, figured it out this morning13:36
ildikovlbragstad: we're trying to figure out the demo content and the guys who're working on it had some struggle with tokens and config13:36
ildikovColleen joins usually, but she's on vacation this week13:37
lbragstadsounds like you figured out the issue though?13:43
lbragstadi think i misread the original comment, was there a demo in the meeting today or was it just a discussion about a demo?13:43
*** markvoelker has quit IRC13:53
*** lbragstad has quit IRC13:56
*** raildo_ has joined #openstack-keystone14:00
*** raildo has quit IRC14:01
*** knikolla has joined #openstack-keystone14:01
*** rmascena__ has joined #openstack-keystone14:03
*** raildo_ has quit IRC14:05
*** lbragstad has joined #openstack-keystone14:07
*** ChanServ sets mode: +o lbragstad14:07
knikollao/14:07
*** ykarel is now known as ykarel|afk14:11
*** ykarel|afk has quit IRC14:15
*** rmascena__ has quit IRC14:16
*** raildo has joined #openstack-keystone14:17
*** raildo has quit IRC14:19
*** raildo has joined #openstack-keystone14:20
gagehugoo/14:35
*** markvoelker has joined #openstack-keystone14:44
*** pcaruana has joined #openstack-keystone14:50
*** ykarel has joined #openstack-keystone14:57
*** N3l1x has joined #openstack-keystone15:02
*** raildo_ has joined #openstack-keystone15:14
*** knikolla has quit IRC15:14
*** knikolla has joined #openstack-keystone15:15
*** raildo has quit IRC15:17
*** dklyle has quit IRC15:22
*** dklyle has joined #openstack-keystone15:23
*** ykarel has quit IRC15:25
*** ykarel has joined #openstack-keystone15:27
*** Emine has quit IRC15:27
*** ykarel_ has joined #openstack-keystone15:39
*** ykarel has quit IRC15:42
*** shyamb has joined #openstack-keystone15:46
*** r-daneel has joined #openstack-keystone15:48
*** markvoelker has quit IRC15:48
*** shyamb has quit IRC16:03
*** raildo_ has quit IRC16:04
*** raildo has joined #openstack-keystone16:05
*** ykarel_ is now known as ykarel|away16:16
lbragstadFYI - http://lists.openstack.org/pipermail/openstack-dev/2018-August/133982.html16:22
lbragstadjust another note for everyone16:38
lbragstadi've volunteered keystone for the py3 community goal16:39
lbragstaddhellmann will be generating a bunch of patches to get that started for us16:39
*** r-daneel has quit IRC16:40
gagehugoack16:45
*** ykarel|away has quit IRC16:46
*** gyee has joined #openstack-keystone16:59
*** zul has quit IRC17:06
*** Emine has joined #openstack-keystone17:44
*** GregWaines has joined #openstack-keystone18:04
kmalloclbragstad: shouldn't be too bad18:59
kmallocmemcache is an issue =/19:00
lbragstadpymemcached?19:01
*** Emine has quit IRC19:08
*** pcaruana has quit IRC19:09
*** mchlumsky has quit IRC19:09
kmallocyah we need to look at moving to it19:15
kmallocpython-memcache is ick19:15
kmallocsame for ksm19:15
kmallocit's writing a driver for dogpile19:15
kmallocreally19:15
lbragstadso those might be things we hit this release doing the community goal19:26
kmallocit's pretty straight forward19:30
kmallocthe hard part is ensuring we have a clear analogue for the way the multiple memcache servers are specified in config19:31
kmalloclbragstad: also, i should revisit/fix the stupid config thing for oslo.cache19:31
kmallocit's a long running bug at this point19:31
lbragstadyeah19:39
lbragstadbut... there is a documented workaround19:39
*** GregWaines has quit IRC19:47
kmalloc"work around"19:56
kmalloc*eyeroll*19:56
kmallocit's not a good workaround19:56
*** r-daneel has joined #openstack-keystone20:01
openstackgerritDoug Hellmann proposed openstack/keystone master: import zuul job settings from project-config  https://review.openstack.org/59765220:10
openstackgerritDoug Hellmann proposed openstack/keystone master: switch documentation job to new PTI  https://review.openstack.org/59765320:10
openstackgerritDoug Hellmann proposed openstack/keystone master: add python 3.6 unit test job  https://review.openstack.org/59765420:10
openstackgerritDoug Hellmann proposed openstack/keystoneauth master: import zuul job settings from project-config  https://review.openstack.org/59765520:10
openstackgerritDoug Hellmann proposed openstack/keystoneauth master: switch documentation job to new PTI  https://review.openstack.org/59765620:10
openstackgerritDoug Hellmann proposed openstack/keystoneauth master: add python 3.6 unit test job  https://review.openstack.org/59765720:10
openstackgerritDoug Hellmann proposed openstack/keystoneauth master: add lib-forward-testing-python3 test job  https://review.openstack.org/59765820:10
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: import zuul job settings from project-config  https://review.openstack.org/59765920:11
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: switch documentation job to new PTI  https://review.openstack.org/59766020:11
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: add python 3.6 unit test job  https://review.openstack.org/59766120:11
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: add lib-forward-testing-python3 test job  https://review.openstack.org/59766220:11
openstackgerritDoug Hellmann proposed openstack/keystone-specs master: import zuul job settings from project-config  https://review.openstack.org/59766320:11
openstackgerritDoug Hellmann proposed openstack/keystone-tempest-plugin master: import zuul job settings from project-config  https://review.openstack.org/59766420:11
openstackgerritDoug Hellmann proposed openstack/ldappool master: import zuul job settings from project-config  https://review.openstack.org/59766520:11
openstackgerritDoug Hellmann proposed openstack/ldappool master: add python 3.6 unit test job  https://review.openstack.org/59766620:11
openstackgerritDoug Hellmann proposed openstack/pycadf master: import zuul job settings from project-config  https://review.openstack.org/59766720:11
openstackgerritDoug Hellmann proposed openstack/pycadf master: switch documentation job to new PTI  https://review.openstack.org/59766820:11
openstackgerritDoug Hellmann proposed openstack/pycadf master: add python 3.6 unit test job  https://review.openstack.org/59766920:11
openstackgerritDoug Hellmann proposed openstack/pycadf master: add lib-forward-testing-python3 test job  https://review.openstack.org/59767020:11
openstackgerritDoug Hellmann proposed openstack/python-keystoneclient master: import zuul job settings from project-config  https://review.openstack.org/59767120:11
openstackgerritDoug Hellmann proposed openstack/python-keystoneclient master: switch documentation job to new PTI  https://review.openstack.org/59767220:11
openstackgerritDoug Hellmann proposed openstack/python-keystoneclient master: add python 3.6 unit test job  https://review.openstack.org/59767320:11
openstackgerritDoug Hellmann proposed openstack/python-keystoneclient master: add lib-forward-testing-python3 test job  https://review.openstack.org/59767420:11
lbragstadbah - we forgot to write a release note for https://bugs.launchpad.net/keystone/+bug/177920520:19
openstackLaunchpad bug 1779205 in OpenStack Identity (keystone) rocky "[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)" [Critical,Fix released] - Assigned to Lance Bragstad (lbragstad)20:19
*** mgagne has joined #openstack-keystone20:20
*** raildo has quit IRC20:41
*** markvoelker has joined #openstack-keystone20:48
*** markvoelker has quit IRC20:55
lbragstadkmalloc shouldn't https://github.com/openstack/keystone/blob/master/keystone/common/rbac_enforcer/enforcer.py#L114-L124 protect against http://paste.openstack.org/show/729089/ if I'm doing https://review.openstack.org/#/c/594547/7/keystone/api/credentials.py@82 ?21:10
lbragstadthe test_user_cannot_list_credentials_for_other_users testcase in that diff fails with the implementation currently in review ^21:11
*** mchlumsky has joined #openstack-keystone21:11
lbragstadthis is the failure i'm getting locally - http://paste.openstack.org/show/729090/21:12
lbragstadwait...21:16
lbragstadmaybe i just wrote that test wrong21:17
lbragstadi suppose if userA calls GET /v3/credentials?user_id=userB it shouldn't return a 403, should it?21:17
lbragstadbut they *should* get an empty list21:17
lbragstadbecause they are attempting to filter as a user that isn't them21:18
*** mchlumsky has quit IRC21:44
*** rcernin has joined #openstack-keystone21:49
openstackgerritLance Bragstad proposed openstack/keystone master: Fix db model inconsistency for FederatedUser  https://review.openstack.org/56624221:57
openstackgerritLance Bragstad proposed openstack/keystone master: Enable Foreign keys for sql backend unit test  https://review.openstack.org/55802921:57
openstackgerritLance Bragstad proposed openstack/keystone master: Enable foreign keys for unit test  https://review.openstack.org/55819321:57
openstackgerritLance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional  https://review.openstack.org/59527921:57
openstackgerritLance Bragstad proposed openstack/keystone master: Move loadapp to a generic place  https://review.openstack.org/59537121:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add test case for expanding implied roles in system tokens  https://review.openstack.org/59635621:57
openstackgerritLance Bragstad proposed openstack/keystone master: Expand implied roles in system-scoped tokens  https://review.openstack.org/59635721:57
openstackgerritLance Bragstad proposed openstack/keystone master: Loosen the assertion for logging scope type warnings  https://review.openstack.org/59718621:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454721:57
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies  https://review.openstack.org/59718721:57
lbragstadwxy-xiyuan i cleaned up the merge conflict i created ^21:57
*** r-daneel_ has joined #openstack-keystone22:05
*** r-daneel has quit IRC22:05
*** r-daneel_ is now known as r-daneel22:05
openstackgerritMerged openstack/keystone master: Address nits  https://review.openstack.org/59650622:07
*** threestrands has joined #openstack-keystone22:19
*** threestrands has quit IRC22:19
*** threestrands has joined #openstack-keystone22:22
kmalloclbragstad: so... that is tricky22:37
kmallocyou can either have a 403 (nope, can't filter for another user because you're not allowed) or an empty list22:37
kmalloci am inclined to say 403 if the user isn't allowed22:37
kmallocfor old code, keep consistent behavior22:38
*** markvoelker has joined #openstack-keystone22:46
*** r-daneel has quit IRC22:56
*** clarkb has joined #openstack-keystone23:06
clarkbhello keystone, github suggests that we update pysaml2 to pysaml2 ~> 4.5.0 and that our current global requirement value is insecure. I believe this is an opitonal dep for keystone api things so figured I'd let you all know23:06
*** markvoelker has quit IRC23:12

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!