Friday, 2018-11-30

« Thursday, 2018-11-29 Index Saturday, 2018-12-01 »
*** dave-mccowan has quit IRC00:08
*** dave-mccowan has joined #openstack-keystone00:15
*** threestrands has joined #openstack-keystone00:18
*** tosky has quit IRC00:27
openstackgerritMerged openstack/python-keystoneclient master: Fix keystoneclient-devstack-functional job  https://review.openstack.org/62055300:56
*** dave-mccowan has quit IRC01:31
*** dave-mccowan has joined #openstack-keystone01:50
*** gyee has quit IRC01:52
*** dklyle has joined #openstack-keystone01:59
*** dklyle has quit IRC02:05
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Add domain level limit support  https://review.openstack.org/59949102:23
*** Dinesh_Bhor has joined #openstack-keystone02:27
*** dave-mccowan has quit IRC02:46
*** dave-mccowan has joined #openstack-keystone02:56
*** dklyle has joined #openstack-keystone03:11
*** dklyle has quit IRC03:17
*** dave-mccowan has quit IRC03:33
*** dave-mccowan has joined #openstack-keystone03:35
*** dave-mccowan has quit IRC04:30
*** markvoelker has quit IRC04:32
*** markvoelker has joined #openstack-keystone05:02
*** Nel1x has quit IRC05:14
*** threestrands has quit IRC05:20
*** pcaruana has quit IRC05:35
*** imacdonn has quit IRC05:39
*** imacdonn has joined #openstack-keystone05:39
openstackgerritFilippo Inzaghi proposed openstack/python-keystoneclient master: Add Python 3.6 classifier to setup.cfg  https://review.openstack.org/62108006:57
*** pcaruana has joined #openstack-keystone07:22
*** rcernin has quit IRC08:06
*** awalende has joined #openstack-keystone08:08
*** awalende_ has joined #openstack-keystone08:08
*** awalende_ has quit IRC08:10
*** awalende has quit IRC08:12
*** amoralej|off is now known as amoralej08:24
*** xek has joined #openstack-keystone08:38
*** tosky has joined #openstack-keystone08:42
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain_id column for limit  https://review.openstack.org/62020208:54
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain_id column for limit  https://review.openstack.org/62020209:00
*** shrasool has joined #openstack-keystone09:26
*** takamatsu has quit IRC09:41
openstackgerritMerged openstack/keystone master: Move to password validation schema  https://review.openstack.org/61429409:43
*** Dinesh_Bhor has quit IRC10:09
*** pcaruana has quit IRC10:44
*** pcaruana has joined #openstack-keystone10:50
*** raildo has joined #openstack-keystone11:32
*** pcaruana has quit IRC12:11
*** shrasool has quit IRC12:37
*** Nel1x has joined #openstack-keystone12:46
*** xek has quit IRC12:46
*** xek has joined #openstack-keystone12:47
*** nehaalhat has quit IRC13:02
*** dave-mccowan has joined #openstack-keystone13:19
*** jackivanov has quit IRC13:26
*** annp has quit IRC13:29
*** shrasool has joined #openstack-keystone13:38
*** shrasool has quit IRC13:41
*** mchlumsky has joined #openstack-keystone13:44
*** takamatsu has joined #openstack-keystone13:55
*** shrasool has joined #openstack-keystone13:55
*** jdennis has quit IRC14:02
*** amoralej is now known as amoralej|lunch14:04
*** jdennis has joined #openstack-keystone14:06
*** etp has quit IRC14:18
*** etp has joined #openstack-keystone14:22
lbragstadjdennis get it figured out?14:36
*** lbragstad is now known as elbragstad14:36
knikollao/14:39
*** alexchadin has quit IRC14:42
elbragstadgood morning/afternoon/evening14:44
elbragstader... good day?14:44
cmurphygood times14:45
elbragstadgood UGT14:45
*** takamatsu has quit IRC14:48
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add domain scope support for scope types  https://review.openstack.org/61144314:53
elbragstadjaosorior bnemec ^14:53
elbragstadrev'd that to pick up the new oslo.context version (which is passing for me locally)14:53
jaosoriorelbragstad: excellent!14:54
jaosoriorelbragstad: great summit summary! (just read it)14:55
jdenniselbragstad: yes, working on a updated patch now ...15:03
*** takamatsu has joined #openstack-keystone15:29
*** bnemec is now known as beekneemech15:34
beekneemechelbragstad: Just remember it's always 5 o'clock somewhere. :-)15:35
*** amoralej|lunch is now known as amoralej15:39
*** dansmith is now known as SteelyDan15:43
*** shrasool has quit IRC15:45
*** takamatsu has quit IRC15:53
elbragstadjaosorior glad you found it useful :)15:57
elbragstadbeekneemech inoright?15:57
elbragstadcmurphy good question on https://review.openstack.org/#/c/620157/316:09
elbragstadcurious to hear what your opinion is about the member role (i'm a little conflicted on it)16:10
cmurphyelbragstad: one sec, in a meeting16:10
cmurphyelbragstad: but that makes zero sense to me16:10
elbragstadno worries - just ping when you wanna talk about it16:10
cmurphyelbragstad: so imo create update and delete are all equally dangerous actions, create and update are basically the same action, so it makes no sense to only allow admins to create but anyone can edit16:18
cmurphyit's like if you have a root user be able to create a file but then anyone could edit the file16:18
cmurphyanyone could completely destroy the file by emptying it or adding garbage to it16:19
cmurphyso you would never do that, you'd have the same protections for create and modify16:19
*** mchlumsky has quit IRC16:21
elbragstadyeah - that's fair16:22
elbragstadi can see that argument16:23
cmurphyelbragstad: what's the other side of the argument?16:23
elbragstadi guess the only other perspective i can see for having member be something in between admin and reader is..16:23
gagehugoo/16:24
elbragstadalleviating operations from administrators16:24
elbragstad(not assuming bad actors)16:24
elbragstadso - reader = get, list; member = get, list, update; admin = get, list, update, create, delete16:25
cmurphyin my mind member isn't a half step, it's a member of a project/domain with full control of things of resources that belong to that project/domain16:25
cmurphyi can't see member being useful for any system-scope action16:25
elbragstadthat's fair16:25
*** pcaruana has joined #openstack-keystone16:26
elbragstadso - with service providers that makes sense16:26
*** gyee has joined #openstack-keystone16:27
* cmurphy -> afk for ~1 hour16:30
*** xek has quit IRC16:36
elbragstadcmurphy for when you get back: think there is a good use case for member within keystone? i'm struggling to find any16:38
* elbragstad has a lot of patches to respin16:41
elbragstadbut that should make protection testing a bit easier since reader and member are effectively the same thing16:41
elbragstadso - all member patches should really just be testing patches to make sure system members can only do what system reader can16:49
*** pcaruana has quit IRC17:04
*** ayoung has quit IRC17:12
nsmedsback with more wonderful questions. When I run command `openstack role add admin --user nsmeds --user-domain cloud_admin` it errors with `Must specify either system, domain, or project`.17:16
nsmedsI thought roles were global and not restricted to domains/projects yet?17:17
cmurphyelbragstad: i can't think of one17:20
openstackgerritJohn Dennis proposed openstack/oslo.policy master: Fully log RBAC enforcement data  https://review.openstack.org/61926017:48
* kmalloc catches up with backscroll17:48
kmallocnsmeds: roles have always been restricted to projects/domains until recently. Now we also support system scope (future looking to fix the is-admin hell we wrote ourselves into)17:50
elbragstadcmurphy ack17:50
elbragstadi'll just start reworking the patches to downgrade member to reader17:51
elbragstadbut yeah, i wasn't too sure what to do with that since we never really came up with a definitive conclusion, glad you said something17:51
*** openstackgerrit has quit IRC17:51
*** amoralej is now known as amoralej|off17:53
*** openstackgerrit has joined #openstack-keystone18:28
openstackgerritLance Bragstad proposed openstack/keystone master: Update mapping policies for system reader  https://review.openstack.org/61961218:28
openstackgerritLance Bragstad proposed openstack/keystone master: Add mapping tests for system member role  https://review.openstack.org/61961318:28
openstackgerritLance Bragstad proposed openstack/keystone master: Update mapping policies for system admin  https://review.openstack.org/61961418:28
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with mappings  https://review.openstack.org/61961518:28
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with mappings  https://review.openstack.org/61961618:28
openstackgerritLance Bragstad proposed openstack/keystone master: Remove mapping policies from policy.v3cloudsample.json  https://review.openstack.org/61961718:28
openstackgerritMonty Taylor proposed openstack/keystoneauth master: WIP Fix version discovery for rackspace public cloud  https://review.openstack.org/62125718:40
kmallocmordred: seriously?! ^18:45
kmallocmordred: *sigh*18:45
cmurphyo.018:46
kmalloccmurphy: yay having custom code to handle rax deployment in KSA.18:47
cmurphy:(18:47
cmurphycan we not18:47
kmalloci kindof want to say no, but i get that it probably is something we need.18:47
kmallocbecause.... reasons.18:48
kmallocbecause it's in the discovery doc it is not easy to push up/down elsewhere18:49
kmallocit's WIP patch, but ugh.18:49
cmurphyrax should fail refstack for something like this18:49
kmallocaccordcing to shrews, there is work on alternatives.18:50
kmallocbut bandaiding in other places doesn't make it better imo18:50
mordredkmalloc: I'm coming up with a better patch18:52
mordredthat handles it without a >1018:52
kmallocmordred: i still don't like that we need to special case the discovery doc18:52
mordredkmalloc: the full story is - the discovery document is inaccessible there18:52
mordredso we have to fall back to inferring from the url - which we also have to do for things like slightly older neutron that didn't have one18:53
kmallocand they have absurd things in their urls.18:53
mordredwell - yeah - they still put project ids in their url ... BUT - it gets better18:53
mordredat rackspace, project ids are integers18:53
mordredso when we test things we pop from the url to see if they are versions ...18:53
mordredthe project_id parses as a valid, albeit very large, version18:53
kmallocwhich technically isn't a violation of anything.............. project ids as ints that is18:54
mordredkmalloc: oh - you know what-18:54
mordredjust testing if the url segment starts with v before testing if it parses might do the trick18:54
mordredand be less magic18:54
kmallocthat would be ideal18:54
* mordred does that - much easier than the thing he was writing18:54
kmallocbecause that shows we might have an issue with an all-int project-id18:54
kmallocin the general case18:54
kmallocsans disc. document18:54
mordredyeah18:54
kmallocand we *could* have an all int id18:55
kmallocI'm much much happier with phrasing this as a "hey... so .. all int project ids cause issues with url-based version discovery"18:55
kmallocvs. "rax is weird"18:55
kmallocbecause rax *is* sometimes weird, but this highlights a different bug in KSA's fallback  behavior18:55
kmalloci also think refstack should require the discovery doc (forward looking)18:56
kmallocmeaning, rax can't get away with making it not available.18:56
kmallocand in that view, it's not really targeting rax, just saying "uh, we require discovery documents... it's part of the API"18:56
kmallocand our tools need it18:56
cmurphyhow could rax be using ints for project ids? we use uuids, that's not configurable http://git.openstack.org/cgit/openstack/keystone/tree/keystone/api/projects.py#n13518:57
kmalloccmurphy: historical long long long ago18:57
kmallocrax used to run not-really-keystone18:57
cmurphyit sounds like they're still running not-really-keystone18:57
* kmalloc doesn't pass judgement18:57
mordredkmalloc: I also think refstack should require discovery doc18:57
cmurphy++18:58
*** shrasool has joined #openstack-keystone18:58
kmallocmordred: i *thought* we forced auth to be validated as about the only thing in keystone required via refstack, if we missed the discovery doc as part of that18:58
kmalloc*facepalm*18:58
elbragstadrax uses a private identity system18:58
* elbragstad used to be on that team 18:58
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Fix version discovery for clouds with int project_ids  https://review.openstack.org/62125718:58
kmallocright.18:58
elbragstadit predates keystone and was supposed to be the reference implementation for keystone18:59
mordredkmalloc: well - we need a discovery doc test for each service18:59
kmalloci mean, oath uses a custom identity system, but they integrated nicely with keystone18:59
kmallocmordred: lets get a bug open on that as well.18:59
mordredok. I also can verify that that fix fixes the issue we saw in infra land19:00
kmalloccool.19:00
mordredis keystone on launchpad or storyboard?19:00
kmallocand we need a minimal unit test so we don't regress19:00
kmalloclp19:00
mordredyeah19:00
elbragstadlaunchpad19:00
kmallocmordred: i'm working on ipsilon setup to demo things for infra today. i am pretty close to having a workable system we can start building config for (on the topic of LP vs SB)19:01
kmallocmordred: https://bugs.launchpad.net/keystoneauth/19:03
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Fix version discovery for clouds with int project_ids  https://review.openstack.org/62125719:09
mordredkmalloc, elbragstad, cmurphy: now with test and bug19:09
kmallocyay19:10
elbragstadcmurphy https://www.openstack.org/marketplace/public-clouds/rackspace/rackspace-public-cloud is the latest run that I can find19:11
elbragstadbut it doesn't really go into much detail - so looks like mileage varies based on interpretation?19:11
kmallocyeah19:11
kmallocand it's not just keystone19:11
kmallocit's *all services that have a discovery doc* should be required to show it via refstack19:11
mordred++19:12
kmallocthen longer term, all services covered by refstack need to have a discovery doc19:12
mordredall services should have a discovery doc. all of those discovery docs should be accessible without authentication19:12
kmallocyes19:12
mordredis what I'd REALLY like to see19:12
*** ayoung has joined #openstack-keystone19:16
*** shrasool has quit IRC19:16
mordredkmalloc: https://review.openstack.org/621272 is a nodepool patch blocking the openstacksdk release that exposes the keystoneauth bug19:19
mordredI gave the keystone team kudos in it for being helpful19:20
kmallocYay :)19:20
*** shrasool has joined #openstack-keystone19:22
ayoungelbragstad, can  I convince you to drop the -1 on https://review.openstack.org/#/c/605169/  and instead push it on through?  I think changing the ID generation scheme for all providers is a bigger step than we want to do here, and that is really what you are asking for19:27
elbragstadlet me wrap up a series here and i'll take a look19:27
ayoungIn order to not call the generator from the SQL providers, we'd have to call it externally and pass in the ID.  Not a bad idea, but to do it right, we should use that approach consistantly across providers.19:28
ayoungI'll add that comment to the review19:28
elbragstadiirc - my thing with that patch was the backends should know about what's above them and shouldn't call up19:30
elbragstadthey should be given the information they need to do what they need to do19:30
openstackgerritLance Bragstad proposed openstack/keystone master: Update service provider policies for system reader  https://review.openstack.org/62015619:32
openstackgerritLance Bragstad proposed openstack/keystone master: Add service provider tests for system member role  https://review.openstack.org/62015719:32
openstackgerritLance Bragstad proposed openstack/keystone master: Update service provider  policies for system admin  https://review.openstack.org/62015819:32
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with sps  https://review.openstack.org/62015919:32
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with sps  https://review.openstack.org/62016019:32
openstackgerritLance Bragstad proposed openstack/keystone master: Remove service provider policies from v3cloudsample.json  https://review.openstack.org/62016119:32
ayoungelbragstad, while that is the general approach we've taken, the UUID generator could be thought of as a hard coded provider, and this swaps it out for a configurable one as a first step.  But there is nothingt implicitly wrong for one provider calling another, excpet that it is likely to  duplicate business logic between providers19:33
ayoungin this case, there is on the one SQL provider for shadow users.  When we go towards kmalloc 's principal mechanism, we'll probably extract this code to a higher level19:34
elbragstadwell - we commonly call across provides, the approach in that patch is calling from a backend *up* to a provider19:34
ayoungSo, this is probably not the end state.19:34
ayoungRight.  There is really nothing wrong with that, as providers are just abstractions above drivers.  Driver to driver would be bad.19:36
ayounglooking at the shadow user abstraction, most of the logic should be up in the manager for it as well19:36
elbragstadtrue - but it's not, and that interface is a plugin point19:38
elbragstadso someone rolling their own backend (however unlikely it is) is going to miss this19:38
ayoungelbragstad, what do you think should be done, then?19:39
elbragstadhttps://github.com/openstack/keystone/blob/master/setup.cfg#L13019:39
*** shrasool has quit IRC19:39
kmallocthat backend should go away imop19:40
ayoungelbragstad, my change only changes the implementation on OUR version, not the contract.19:40
kmallocthat "pluggable" point that is19:40
elbragstadcan we generate the public id at https://review.openstack.org/#/c/605169/8/keystone/identity/shadow_backends/sql.py@39 and pass it into the driver?19:40
kmallocin fact... i think a chunk of keystone should be *less* pluggable19:40
ayoungelbragstad, of coursxe we could, but it would change the contract19:41
elbragstadyeah.. and it would prevent the backend from having a dependency on a higher layer19:41
kmallocayoung: the contract we adhere to is the public API/rest api19:41
kmallocanything internal to keystone is not considered a contract19:41
kmallocwe tried it and reverted tracking the backend interface as a contract19:42
ayoungkmalloc, please don't confuse the issue with facts.  I was merely responding to the contract implicit in " so someone rolling their own backend (however unlikely it is) is going to miss this"19:42
kmallocwe try not to break people too badly in general19:42
elbragstadwe still track backend interfaces, we just don't version them like we used to19:42
kmallocelbragstad: we track them only with abcmeta19:42
elbragstadbecause we still expose them as plugin points19:42
kmallocat best19:42
ayoungso, by that logic elbragstad , no we can't19:42
kmallocelbragstad: the plugin points are, in my opinion, not a contract19:43
ayoungif we pass in the id from external, we've changed the contract.  I'd argue that instead of doing that, we do away with the plugin point altogether19:43
kmallocin fact, i'd argue it absolutely is not a contract19:43
kmallocbecause we don't track the interface of those plugins19:43
elbragstadit's an interface19:43
kmallocmerging those together/eliminating them / adding to them / splitting them19:44
elbragstadwe provide interfaces so that we can establish boundaries and responsibilities19:44
kmallocit's not restricted19:44
kmallocit is not a contract19:44
elbragstadif we need to evolve the interface, we can19:44
ayoungBut a driver absolutely can call up to a different provider.  It is why the provider interface exists:  to avoid direct links to other implementations.  Like we have currently19:44
kmallocit is a minor convinence of split of concerns... and overly split19:44
elbragstadbut we need to let people know what we're changing and why19:44
kmallocimo, we need to drop a lot of those backends, and we just need to issue a release note indicating the merging19:45
kmallocexample, the id mapping should be merged in19:45
ayoungSo, please let this one go forward as is, and we can reengineer the shadow_users into the principal abstraction19:45
kmallocand shadow users should be eliminated.19:45
kmalloc(as a plug point)19:45
ayoungthis the whole manager/driver interface was a Termieism so we could support Key/Value pairs first and everything else later19:46
elbragstadhttps://bugs.launchpad.net/keystone/+bug/156310119:46
openstackLaunchpad bug 1563101 in OpenStack Identity (keystone) "Remove backend dependency on core" [Medium,Fix released] - Assigned to Ron De Rose (ronald-de-rose)19:46
kmallocand i want to reverse course on a lot of the split backends19:47
kmallocpart of being a full featured IDP is being more directly opinionated19:47
ayoungkmalloc, yeah. It will make the code simpler to understand and maintain.19:47
kmallocthe pluggable points should be things like: new federated auth form, or something custom a company wrote, allow loading in a plugin for that19:48
kmallocvault vs SQL for credentials/totp/etc19:48
kmallocso an HSM could be used19:49
kmallocand a number of other things would be strictly API driven.19:49
kmallocbut i realize it's a long road to get there19:52
openstackgerritLance Bragstad proposed openstack/keystone master: Update mapping policies for system admin  https://review.openstack.org/61961420:03
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with mappings  https://review.openstack.org/61961520:03
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with mappings  https://review.openstack.org/61961620:03
openstackgerritLance Bragstad proposed openstack/keystone master: Remove mapping policies from policy.v3cloudsample.json  https://review.openstack.org/61961720:03
*** jistr has quit IRC20:11
*** jistr has joined #openstack-keystone20:13
*** xek has joined #openstack-keystone20:19
*** openstackgerrit has quit IRC20:50
*** itlinux has joined #openstack-keystone20:51
*** takamatsu has joined #openstack-keystone20:53
*** openstackgerrit has joined #openstack-keystone20:55
openstackgerritLance Bragstad proposed openstack/keystone master: Update idp policies for system reader  https://review.openstack.org/61937120:55
openstackgerritLance Bragstad proposed openstack/keystone master: Add idp tests for system member role  https://review.openstack.org/61937220:55
openstackgerritLance Bragstad proposed openstack/keystone master: Update idp policies for system admin  https://review.openstack.org/61937320:55
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with idps  https://review.openstack.org/61937420:55
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with idps  https://review.openstack.org/61937520:55
openstackgerritLance Bragstad proposed openstack/keystone master: Remove idp policies from policy.v3cloudsample.json  https://review.openstack.org/61937620:55
*** itlinux_ has joined #openstack-keystone20:59
*** itlinux has quit IRC20:59
*** raildo has quit IRC21:05
nsmedsdoes anyone see anything incorrectly setup here? https://gist.github.com/nikosmeds/3738f24853c85d27548645a75807b97321:41
nsmedsgetting policy.json changes to work has been a major PITA for a few days - there's something i'm missing, and I just can't see what that is21:42
openstackgerritLance Bragstad proposed openstack/keystone master: Add region protection tests for system readers  https://review.openstack.org/61908521:50
openstackgerritLance Bragstad proposed openstack/keystone master: Add region tests for system member role  https://review.openstack.org/61908621:50
openstackgerritLance Bragstad proposed openstack/keystone master: Update region policies to use system admin  https://review.openstack.org/61924121:50
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with regions  https://review.openstack.org/61924221:50
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with regions  https://review.openstack.org/61924321:50
openstackgerritLance Bragstad proposed openstack/keystone master: Remove region policies from policy.v3cloudsample.json  https://review.openstack.org/61924421:50
*** itlinux_ has quit IRC22:13
openstackgerritLance Bragstad proposed openstack/keystone master: Update endpoint policies for system reader  https://review.openstack.org/61932922:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add endpoint tests for system member role  https://review.openstack.org/61933022:14
openstackgerritLance Bragstad proposed openstack/keystone master: Update endpoint  policies for system admin  https://review.openstack.org/61933122:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with endpoints  https://review.openstack.org/61933222:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with endpoints  https://review.openstack.org/61928122:14
openstackgerritLance Bragstad proposed openstack/keystone master: Remove endpoint policies from policy.v3cloudsample.json  https://review.openstack.org/61933322:14
openstackgerritLance Bragstad proposed openstack/keystone master: Update service policies for system reader  https://review.openstack.org/61927722:36
openstackgerritLance Bragstad proposed openstack/keystone master: Add service tests for system member role  https://review.openstack.org/61927822:36
openstackgerritLance Bragstad proposed openstack/keystone master: Update service policies for system admin  https://review.openstack.org/61927922:36
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with services  https://review.openstack.org/61928022:36
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with services  https://review.openstack.org/62062322:36
openstackgerritLance Bragstad proposed openstack/keystone master: Remove service policies from policy.v3cloudsample.json  https://review.openstack.org/61928222:36
*** xek has quit IRC22:37
*** Nel1x has quit IRC23:01
*** itlinux has joined #openstack-keystone23:07
openstackgerritLance Bragstad proposed openstack/keystone master: Add registered limit protection tests  https://review.openstack.org/62101423:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add registered limit tests for system member role  https://review.openstack.org/62101523:37
openstackgerritLance Bragstad proposed openstack/keystone master: Update registered limit policies for system admin  https://review.openstack.org/62101623:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with registered limits  https://review.openstack.org/62101723:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with registered limits  https://review.openstack.org/62101823:37
openstackgerritLance Bragstad proposed openstack/keystone master: Remove registered limit policies from policy.v3cloudsample.json  https://review.openstack.org/62101923:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add limit protection tests  https://review.openstack.org/62102023:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add limit tests for system member role  https://review.openstack.org/62102123:37
openstackgerritLance Bragstad proposed openstack/keystone master: Update limit policies for system admin  https://review.openstack.org/62102223:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for domain users interacting with limits  https://review.openstack.org/62102323:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with limits  https://review.openstack.org/62102423:37
openstackgerritLance Bragstad proposed openstack/keystone master: Remove limit policies from policy.v3cloudsample.json  https://review.openstack.org/62102523:37
*** tosky has quit IRC23:42
« Thursday, 2018-11-29 Index Saturday, 2018-12-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!