Thursday, 2018-09-27

« Wednesday, 2018-09-26 Index Friday, 2018-09-28 »
*** openstackgerrit has joined #openstack-keystone00:00
openstackgerritVishakha Agarwal proposed openstack/keystone master: Purge soft-deleted trusts  https://review.openstack.org/60497000:00
*** felipemonteiro has joined #openstack-keystone00:22
openstackgerritGage Hugo proposed openstack/keystone master: DNM - Expose get domain enforcement issue  https://review.openstack.org/60556000:41
gagehugolbragstad ^00:42
gagehugoFrom last friday: http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-09-21.log.html#t2018-09-21T18:37:2000:42
gagehugoI recreated the issue trevormc had I believe00:42
*** felipemonteiro has quit IRC00:51
*** Emine has quit IRC00:55
openstackgerritVishakha Agarwal proposed openstack/keystone master: Fixing wrong url of keystone-specs  https://review.openstack.org/60556101:05
*** Dinesh_Bhor has joined #openstack-keystone01:11
ayoungjamielennox, !  As I live and breathe!01:17
*** aning has quit IRC01:18
ayoungkmalloc, that is why I wrote https://review.openstack.org/#/c/165908/  originally01:18
*** aojea has joined #openstack-keystone01:23
*** aojea has quit IRC01:27
*** Dinesh_Bhor has quit IRC01:31
*** Dinesh_Bhor has joined #openstack-keystone01:37
openstackgerritMerged openstack/keystone master: Fix command to verify role removal in docs  https://review.openstack.org/60550902:00
*** Dinesh_Bhor has quit IRC02:22
*** Dinesh_Bhor has joined #openstack-keystone02:26
openstackgerritayoung proposed openstack/keystone-specs master: Federated Query APIs  https://review.openstack.org/31360402:36
*** imacdonn has quit IRC02:50
*** markvoelker has joined #openstack-keystone02:50
*** imacdonn has joined #openstack-keystone02:51
*** felipemonteiro has joined #openstack-keystone03:15
*** rcernin_ has quit IRC03:42
*** rcernin has joined #openstack-keystone03:43
*** dave-mccowan has quit IRC03:46
*** ayoung has quit IRC03:50
*** sapd1 has quit IRC03:55
*** sapd1 has joined #openstack-keystone04:00
*** blake has quit IRC04:04
*** blake has joined #openstack-keystone04:06
*** blake has quit IRC04:11
*** felipemonteiro has quit IRC04:16
openstackgerritVishakha Agarwal proposed openstack/keystone master: Removes unnecessary utf-8 encoding  https://review.openstack.org/60558204:24
*** blake has joined #openstack-keystone04:36
*** shyamb has joined #openstack-keystone04:48
openstackgerritMerged openstack/keystone master: Comment out un-runnable tests  https://review.openstack.org/60345904:52
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: create() call in v3.regions.py is wrong  https://review.openstack.org/59492104:59
*** blake has quit IRC05:06
*** bnemec has quit IRC05:39
*** shyamb has quit IRC06:11
*** shyamb has joined #openstack-keystone06:19
*** Dinesh_Bhor has quit IRC06:24
*** shyamb has quit IRC06:25
*** pcaruana has joined #openstack-keystone06:33
*** shyamb has joined #openstack-keystone06:36
*** Dinesh_Bhor has joined #openstack-keystone06:43
*** shyamb has quit IRC07:11
*** rcernin has quit IRC07:12
*** shyamb has joined #openstack-keystone07:52
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Add domain level limit support  https://review.openstack.org/59949108:12
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adding test case for MappingEngineTester  https://review.openstack.org/60353908:15
*** Dinesh_Bhor has quit IRC08:16
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adding test case for MappingEngineTester  https://review.openstack.org/60353908:21
*** nick_kar_ has quit IRC08:52
*** nick_kar has joined #openstack-keystone08:53
*** Dinesh_Bhor has joined #openstack-keystone08:55
*** a-pugachev has joined #openstack-keystone09:01
*** shyamb has quit IRC09:16
*** shyamb has joined #openstack-keystone09:24
*** Emine has joined #openstack-keystone09:24
*** Dinesh_Bhor has quit IRC09:29
*** shyamb has quit IRC09:57
*** shyamb has joined #openstack-keystone09:57
*** Dinesh_Bhor has joined #openstack-keystone10:04
openstackgerritMerged openstack/keystone master: Convert legacy functional jobs to Zuul-v3-native  https://review.openstack.org/60245210:15
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adding test case for MappingEngineTester  https://review.openstack.org/60353910:21
*** Dinesh_Bhor has quit IRC10:29
*** shyamb has quit IRC10:56
*** shyamb has joined #openstack-keystone10:58
cmurphyknikolla: jdennis I reported the k2k/mellon problem here https://bugs.launchpad.net/keystone/+bug/179472611:00
openstackLaunchpad bug 1794726 in OpenStack Identity (keystone) "Keystone as a SAML IdP does not work when mod_auth_mellon is used as the SP" [Undecided,New]11:00
cmurphyhrybacki: i put a bunch of things in https://trello.com/c/sNGFeeAP/81-federation-improvements11:01
*** felipemonteiro has joined #openstack-keystone11:30
knikollacmurphy: awesome. Shouldn’t be a hard fix :)11:39
hrybackiThanks cmurphy :)11:50
*** pcaruana has quit IRC11:50
*** felipemonteiro has quit IRC12:04
*** shyamb has quit IRC12:13
*** shyamb has joined #openstack-keystone12:14
*** pcaruana has joined #openstack-keystone12:39
*** shyam89 has joined #openstack-keystone12:50
*** shyamb has quit IRC12:52
*** shyam89 has quit IRC12:55
*** raildo has joined #openstack-keystone13:01
lbragstadgagehugo nice - thanks13:09
*** bnemec has joined #openstack-keystone13:18
gagehugoo/13:41
*** mbeierl has joined #openstack-keystone13:47
*** itlinux has quit IRC13:59
*** jistr is now known as jistr|call14:31
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Fix broken link to Stein roadmap  https://review.openstack.org/60576114:44
*** evrardjp has quit IRC14:45
*** evrardjp has joined #openstack-keystone14:47
*** itlinux has joined #openstack-keystone14:58
*** evrardjp has quit IRC14:58
lbragstadnice test gagehugo https://review.openstack.org/#/c/605560/115:02
lbragstadi think that was actually relevant to what we were talking about last night15:02
lbragstadlol thanks for the sanity check jamielennox ;)15:03
gagehugolbragstad ah15:06
gagehugoI'm wondering if domains isn't building the enforcement target correctly15:07
lbragstadyou mean the policy check?15:09
lbragstador the policy check string?15:09
gagehugopolicy check15:10
lbragstadyeah...15:11
gagehugobecause you should be able to access the domain if you are admin or your project domain id = domain id15:11
lbragstadi'm going to rework https://review.openstack.org/#/c/605539/ today15:11
lbragstadwhich should hopefully make it easier to figure out why the bug you're proposing a test for exists15:12
gagehugook cool15:14
gagehugoand I was able to access it once I gave the user "admin"15:14
gagehugoso it's likely the target.domain.id issue15:15
lbragstadoh - yeah..15:16
lbragstadthat could be, too15:16
lbragstadwhich would be a problem with how we're building target data?15:16
gagehugopotentially yeah15:20
gagehugoor the domainresource isn't building a target correctly15:20
lbragstadright15:22
lbragstadspecifically the domain resource15:22
gagehugoyup15:23
*** dave-mccowan has joined #openstack-keystone15:42
*** jistr|call is now known as jistr15:46
*** gyee has joined #openstack-keystone15:53
*** gyee has quit IRC15:54
*** gyee has joined #openstack-keystone15:57
*** dave-mccowan has quit IRC16:08
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553916:11
lbragstadgagehugo fixed ^16:11
lbragstadwell - using the context objects directly that is16:11
lbragstadwe no longer deal with building creds dictionaries prior to calling oslo.policy16:11
gagehugocool16:12
lbragstadkmalloc might be interested in that, too16:14
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553916:18
*** raildo_ has joined #openstack-keystone16:19
*** raildo has quit IRC16:22
*** a-pugachev has quit IRC16:34
kmalloco/16:46
kmallochere now16:46
kmallocanother dr. appt this morning16:47
kmalloctomorrow i'm prob. out most of the day16:47
lbragstadack16:48
lbragstadthanks kmalloc16:48
*** Emine has quit IRC17:21
*** aning has joined #openstack-keystone17:32
aningcmurphy: an update on the Horizon issue with WEBSSO I had a few days ago ... the issue is that when I login in the Idp, I got a error page.17:34
*** Emine has joined #openstack-keystone17:34
aningcmurphy: it turns out there is a mismatch between the SP's metadata and the URL the SP asks the Idp to send the SAML Response to17:36
aningcmurphy: This is the AssertionConsumerService in the metadata, it uses Domain Name as the Location.17:37
aningcmurphy: but the URL Horizon generated and send to Idp for the returned SAML Response is in IP address, so they don't match.17:37
cmurphyaning: that's configured by the OPENSTACK_KEYSTONE_URL setting in horizon's local_settings.py, you can change horizon to use the domain name instead of the IP address17:38
aningcmurphy: as a quick test I manually changed the metadata to be my SP's IP address, uploaded again, and Horizon works flowless.17:38
aningcmurphy: great.17:39
cmurphyaning: btw I reported the other horizon problem you were seeing here https://bugs.launchpad.net/horizon/+bug/1794710 in case you want to track it or mark "also affects me"17:40
openstackLaunchpad bug 1794710 in OpenStack Dashboard (Horizon) "WebSSO initial redirect 404s" [Undecided,New]17:40
aningcmurphy: Thx17:40
aningcmurphy: but that's only seen in master, not in Rocky.17:41
cmurphyaning: right17:41
*** mvkr has quit IRC17:42
aningcmurphy: another piece of information in case it's helpful for others, is that ECP can be enabled like this:17:43
aningcmurphy:             <SSO entityID="https://idp.testshib.org/idp/shibboleth" ECP="true">17:43
aningcmurphy: with this both WEBSSO and ECP work, at least in Rocky.17:43
cmurphyaning: ++17:43
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader role in domains API  https://review.openstack.org/60548517:47
*** dims_ is now known as dims18:05
*** jistr has quit IRC18:47
*** jistr has joined #openstack-keystone18:49
*** jistr has quit IRC19:08
*** jistr has joined #openstack-keystone19:08
*** itlinux has quit IRC19:09
lbragstadgagehugo  is there a bug open for https://review.openstack.org/#/c/605560/1/keystone/tests/unit/test_v3_resource.py yet?19:15
*** jistr has quit IRC19:23
lbragstadgagehugo i can't seem to find one - https://bugs.launchpad.net/keystone/+bug/179486419:24
openstackLaunchpad bug 1794864 in OpenStack Identity (keystone) "Calling GET /v3/domains/{domain_id} with a project-scoped or domain-scoped token fails" [Medium,Triaged]19:24
lbragstadso i opened that ^19:24
*** jistr has joined #openstack-keystone19:26
*** jistr has quit IRC19:28
*** jistr has joined #openstack-keystone19:29
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553919:33
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader role in domains API  https://review.openstack.org/60548519:33
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system member role in domains API  https://review.openstack.org/60584919:33
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system admin role in domains API  https://review.openstack.org/60585019:33
openstackgerritLance Bragstad proposed openstack/keystone master: Allow domain users to access the GET domain API  https://review.openstack.org/60585119:33
* lbragstad steps away for a late lunch19:34
*** jistr has quit IRC19:34
*** jistr has joined #openstack-keystone19:37
*** jistr has quit IRC19:39
*** jistr has joined #openstack-keystone19:49
*** pcaruana has quit IRC19:54
*** aojea has joined #openstack-keystone19:57
openstackgerritMerged openstack/keystone-specs master: Fix broken link to Stein roadmap  https://review.openstack.org/60576120:03
*** Nel1x has joined #openstack-keystone20:04
gagehugolbragstad no I hadn't opened one yet, thanks20:12
lbragstadnp20:15
*** Emine has quit IRC20:27
*** Emine has joined #openstack-keystone20:28
*** aojea has quit IRC20:32
*** aojea has joined #openstack-keystone20:33
*** cfriesen has joined #openstack-keystone20:42
cfriesenodd question...if I run "openstack user list" should I see the service users?20:42
lbragstadyeah - the only thing that distinguishes a user from a "service" user is the name20:50
lbragstadkeystone doesn't treat them any different20:51
*** rmascena__ has joined #openstack-keystone20:57
*** raildo_ has quit IRC21:00
kmalloclbragstad: this needs stable eyes: https://review.openstack.org/#/c/601882/21:15
lbragstadkmalloc ack21:22
*** mchlumsky has quit IRC21:37
*** felipemonteiro has joined #openstack-keystone21:43
openstackgerritLance Bragstad proposed openstack/keystone master: Allow project users to retrieve domains  https://review.openstack.org/60587122:06
lbragstadgagehugo fix for the domain issue ^22:06
lbragstadwith project users22:06
gagehugonice22:07
*** mvkr has joined #openstack-keystone22:13
openstackgerritLance Bragstad proposed openstack/keystone master: Remove domain policies from policy.v3cloudsample.json  https://review.openstack.org/60587622:28
*** rcernin has joined #openstack-keystone22:29
*** aojea has quit IRC22:38
*** felipemonteiro has quit IRC23:55
« Wednesday, 2018-09-26 Index Friday, 2018-09-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!