Thursday, 2019-06-13

« Wednesday, 2019-06-12 Index Friday, 2019-06-14 »
*** jamesmcarthur has joined #openstack-keystone00:07
*** markvoelker has quit IRC00:09
*** liushuo has joined #openstack-keystone00:45
*** jamesmcarthur has quit IRC00:49
*** jamesmcarthur has joined #openstack-keystone00:50
*** jamesmcarthur has quit IRC00:55
*** markvoelker has joined #openstack-keystone01:05
*** lbragstad has quit IRC01:10
*** lifeless has joined #openstack-keystone01:14
*** jamesmcarthur has joined #openstack-keystone01:20
*** markvoelker has quit IRC01:39
*** gyee has quit IRC02:11
*** whoami-rajat has joined #openstack-keystone02:14
*** jamesmcarthur has quit IRC02:15
*** jamesmcarthur has joined #openstack-keystone02:15
*** jamesmcarthur has quit IRC02:18
*** jamesmcarthur has joined #openstack-keystone02:20
*** jamesmcarthur has quit IRC02:33
*** jamesmcarthur has joined #openstack-keystone02:33
*** markvoelker has joined #openstack-keystone02:36
*** lifeless has quit IRC02:38
*** lifeless has joined #openstack-keystone02:44
*** jamesmcarthur has quit IRC03:01
*** jamesmcarthur has joined #openstack-keystone03:02
*** jamesmcarthur has quit IRC03:04
*** jamesmcarthur has joined #openstack-keystone03:04
*** markvoelker has quit IRC03:09
*** jamesmcarthur has quit IRC03:43
*** jamesmcarthur has joined #openstack-keystone03:43
*** dave-mccowan has quit IRC03:54
*** jamesmcarthur has quit IRC03:58
*** markvoelker has joined #openstack-keystone04:06
*** whoami-rajat has quit IRC04:23
*** markvoelker has quit IRC04:40
*** vishalmanchanda has joined #openstack-keystone04:44
*** shyamb has joined #openstack-keystone04:46
*** vishalmanchanda has quit IRC04:49
*** vishalmanchanda has joined #openstack-keystone04:49
*** shyamb has quit IRC04:51
*** shyam89 has joined #openstack-keystone04:51
*** shyam89 has quit IRC04:56
*** shyamb has joined #openstack-keystone04:56
*** pcaruana|afk| has joined #openstack-keystone05:01
*** shyamb has quit IRC05:02
*** pcaruana|afk| has quit IRC05:04
*** pcaruana has joined #openstack-keystone05:04
*** shyamb has joined #openstack-keystone05:11
*** cmurphy is now known as cmurphy_afk05:14
*** shyamb has quit IRC05:31
*** shyamb has joined #openstack-keystone05:32
*** markvoelker has joined #openstack-keystone05:37
*** takamatsu has joined #openstack-keystone05:42
*** liushuo has quit IRC05:50
*** spsurya has joined #openstack-keystone06:08
*** markvoelker has quit IRC06:10
*** shyamb has quit IRC06:18
*** shyamb has joined #openstack-keystone06:37
*** xek_ has joined #openstack-keystone06:53
*** shyamb has quit IRC07:04
*** markvoelker has joined #openstack-keystone07:08
*** markvoelker has quit IRC07:13
*** vishalmanchanda has quit IRC07:14
*** tesseract has joined #openstack-keystone07:21
*** trident has quit IRC07:31
*** takamatsu has quit IRC07:32
*** trident has joined #openstack-keystone07:34
*** awalende has joined #openstack-keystone07:43
*** liushuo has joined #openstack-keystone07:50
*** gjayavelu has joined #openstack-keystone08:07
*** markvoelker has joined #openstack-keystone08:10
*** whoami-rajat has joined #openstack-keystone08:10
*** markvoelker has quit IRC08:14
*** takamatsu has joined #openstack-keystone08:19
*** rcernin has quit IRC08:23
*** jaosorior has joined #openstack-keystone08:29
*** gjayavelu has quit IRC08:36
*** imacdonn has quit IRC08:38
*** imacdonn has joined #openstack-keystone08:39
*** tkajinam has quit IRC08:51
*** liushuo_ has joined #openstack-keystone09:04
*** liushuo has quit IRC09:07
*** liushuo_ has quit IRC09:08
*** markvoelker has joined #openstack-keystone09:10
*** shyamb has joined #openstack-keystone09:15
*** markvoelker has quit IRC09:15
*** gmann has quit IRC09:33
*** markvoelker has joined #openstack-keystone10:11
*** shyamb has quit IRC10:13
*** markvoelker has quit IRC10:15
*** shyamb has joined #openstack-keystone10:18
*** shyamb has quit IRC10:29
*** shyamb has joined #openstack-keystone10:30
*** awalende has quit IRC10:49
*** awalende has joined #openstack-keystone10:50
*** whoami-rajat has quit IRC10:50
*** shyamb has quit IRC11:06
*** gmann has joined #openstack-keystone11:09
*** shyamb has joined #openstack-keystone11:20
*** awalende has quit IRC12:02
*** awalende has joined #openstack-keystone12:03
*** awalende has quit IRC12:07
*** shyamb has quit IRC12:12
*** markvoelker has joined #openstack-keystone12:13
*** awalende has joined #openstack-keystone12:16
*** markvoelker has quit IRC12:17
*** spsurya has quit IRC12:18
*** shyamb has joined #openstack-keystone12:19
*** shyamb has quit IRC12:33
*** lbragstad has joined #openstack-keystone12:37
ayoungkmalloc, cmurphy_afk lbragstad this is the kind of thing we should be targetting:  replacing keystonemiddleware with HAProxy to validate Keystone/JWT tokens    https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-2-authentication/12:49
*** awalende has quit IRC12:59
*** awalende has joined #openstack-keystone13:00
*** pcaruana has quit IRC13:01
*** awalende_ has joined #openstack-keystone13:02
*** awalende has quit IRC13:04
*** awalende_ has quit IRC13:07
*** jaosorior has quit IRC13:11
*** markvoelker has joined #openstack-keystone13:14
*** markvoelker has quit IRC13:18
*** awalende has joined #openstack-keystone13:30
*** awalende has quit IRC13:35
*** dave-mccowan has joined #openstack-keystone13:40
*** jamesmcarthur has joined #openstack-keystone13:43
lbragstad ayoung we'd need to decouple the service catalog from the token, right?13:44
lbragstadthat and roles would need to be in the payload i think13:44
gagehugoo/13:45
* lbragstad hopes gagehugo and knikolla will be able to work together today 13:46
gagehugohaha13:46
lbragstadfirst franchise stanley cup, that's pretty cool13:46
knikollahaha13:46
knikollai'm tired of everything we've won lately, tbh.13:47
gagehugoyup, it was a fun night last night13:47
lbragstadtoo much #winning13:47
knikollatoo bad we have one of the worst soccer teams in the US... which is what i care about most.13:48
gagehugoheh13:49
gagehugolbragstad I'm kinda relieved it's over, it's been a stressful 2 months13:59
lbragstadthe blues had a helluva season13:59
lbragstademotional rollcoaster13:59
lbragstadroller coaster*13:59
gagehugoliterally a roller coaster13:59
gagehugofrom last place to SC14:00
lbragstadcrazy14:05
lbragstadlast place in the league, too*14:05
lbragstadnot just the central conference14:05
gagehugoyup14:05
*** szaher has quit IRC14:05
ayounglbragstad, decouple?  Yes, I think.  The service catalog  really does not have anything to do with the token these days14:06
ayoungI could see case where we would want to bind a token to a specific service, but that is not what things are doing now14:07
lbragstadright14:07
lbragstadimo - that falls inline with being able to scope a token to specific parts of the system14:07
lbragstad(e.g., breaking the system into a hierarchy, kind of like the service catalog)14:07
*** xek_ has quit IRC14:13
*** markvoelker has joined #openstack-keystone14:14
*** szaher has joined #openstack-keystone14:19
*** markvoelker has quit IRC14:19
*** jaosorior has joined #openstack-keystone14:37
*** jaosorior has quit IRC14:45
*** raildo has joined #openstack-keystone14:58
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: use testresources for sharing across unit tests  https://review.opendev.org/66306515:03
lbragstadshoving ^ that to the side for a bit...15:04
lbragstadi'm going to get back to the system-scope+default roles work for a bit to be productive on something else15:07
lbragstadif anyone is interested in that puzzle, don't hesitate to pick away at it15:08
johnthetubaguylbragstad: on the nova side, I did try to POC how it might look, ending with: https://review.opendev.org/#/c/66372115:27
johnthetubaguycurious if you had some nice short cuts on your side, its a heap of work15:27
*** gyee has joined #openstack-keystone15:35
lbragstadjohnthetubaguy oh - policy stuff?15:40
johnthetubaguyyeah, I saw you mention system-scope+default roles :)15:41
lbragstadoh - yeah15:41
lbragstadi need to finish applying those concepts to a few keystone APIs15:41
lbragstadbut i need to look at the nova stuff, too15:41
kmallocayoung: i wrote code to do that at one point15:41
kmallocayoung: i support that concept15:41
johnthetubaguylbragstad: yeah, seems like it will be a epic effort, for sure. Just wondering how to stage things in Nova land, to keep making progress.15:43
lbragstadjohnthetubaguy right...15:43
ayounglbragstad, kmalloc, we are going to want to push a change into oslo-context to get rid of the is_admin_context hack15:43
lbragstadummmm - taking another look quick johnthetubaguy15:43
lbragstadjohnthetubaguy starting here, right? https://review.opendev.org/#/c/657696/215:43
johnthetubaguylbragstad: yeah, there is one admin API and one admin_or_owner API in the stack15:44
johnthetubaguy(and I get how much that sucks for a bunch of reasons, but its what we have)15:44
kmallocayoung: sure.15:45
kmallocayoung: i'm happy to see hacks removed.15:45
lbragstadjohnthetubaguy the progression you have makes sense, i think15:49
lbragstadyou're starting by moving things into code, then testing them, which is great15:50
lbragstadthen it's just a matter of adjusting policies as needed to get the behavior you want15:50
lbragstadby default15:50
johnthetubaguylbragstad: cool thanks for the sanity check15:50
lbragstadimplementation specifics aside, we took a similar approach with keystone15:50
johnthetubaguywe are kinda changing the in code "defaults" based on the oslo_policy.enforce_scope thing, but that seems like the right behaviour, to move forward15:51
lbragstadfor example?15:51
lbragstad(i think i know what you mean, but just making sure)15:51
johnthetubaguylbragstad: this fun bit: https://review.opendev.org/#/c/663717/1/nova/policies/admin_password.py15:52
johnthetubaguyits really just dropping the deprecation, I probably should do a kwargs style thing there15:52
lbragstadoh....15:53
lbragstadinteresting?15:53
lbragstadi think we went about that in a different way15:53
lbragstadwe always return the deprecation15:54
johnthetubaguyI was hoping there was a better way :)15:54
lbragstadidk if what we did is "better"15:54
lbragstadbut - it always lists the rule as deprecated, we never conditionally deprecate things15:54
lbragstadlemme find an example15:54
*** liushuo has joined #openstack-keystone15:55
lbragstadjohnthetubaguy let's look at https://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/domain.py#L54-L6515:56
lbragstadin rocky - this is the rule we had for that policy https://opendev.org/openstack/keystone/src/branch/stable/rocky/keystone/common/policies/domain.py#L2015:57
lbragstadwhich evaluated to - https://opendev.org/openstack/keystone/src/branch/stable/rocky/keystone/common/policies/base.py#L21-L2315:57
lbragstadand again to  https://opendev.org/openstack/keystone/src/branch/stable/rocky/keystone/common/policies/base.py#L3715:58
johnthetubaguycool15:58
lbragstadso - that's the *old* thing15:58
johnthetubaguyyeah15:58
lbragstadwhich means anyone with role:admin could get domains15:58
johnthetubaguyI think its always having the "OR" with the old rule that was worrying me15:58
lbragstadso - when we wrote the new rule15:58
lbragstadwe were implicit in the system user definition15:59
lbragstadhttps://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/domain.py#L4715:59
lbragstadso during the deprecation period - if an operator doesn't override the policy manually15:59
lbragstadyou end up with15:59
lbragstada system user OR domain user OR project user being able to get a domain (within reason)16:00
lbragstadif all of those fail16:00
lbragstada project administrator can still get a domain (since the old policy was OR'd with the new policy)16:00
lbragstadbut - role:reader and system_scope:all only works if a system-scoped token is used16:01
lbragstadit's just really explicit16:02
lbragstadjohnthetubaguy that specific policy (identity:get_domains) isn't a great example of why oslo_policy.enforce_scope is important though16:04
lbragstadsince the API can be called with multiple token scopes, we need to build that protection into the policy checks directly16:04
lbragstadto handle each case16:04
johnthetubaguyits a great example for the problems we were seeing mind16:05
johnthetubaguythat config stuff was basically to drop the OR-ing of the deprecated check that was missing the scope check16:06
johnthetubaguyso you know only "good new" tokens are allowed16:06
lbragstadotoh - if you have an api that is only supposed to be called with one specific scope, enforce_scope is more useful since you only need to set the role and the scope_types16:06
johnthetubaguyyeah16:06
lbragstadso there are a couple of options open to how you want to do it16:07
johnthetubaguyI hadn't quite gone through that thought process properly till doing that chain of patches16:07
lbragstad++16:07
lbragstaddo you think you're still going to drop the OR'ing in nova manually?16:07
lbragstador will the native deprecation logic in oslo.policy help you now?16:08
johnthetubaguyI might be miss-understanding what oslo.policy is giving me16:08
johnthetubaguyits the option to drop the deprecated rules, as an operator, if I know I am ready for "the new world"16:09
johnthetubaguypart of me wants us to first check the non-deprecated rule, and log a warning if we only pass a rule due to the deprecation16:09
johnthetubaguya bit more like the scope enforement I guess16:10
johnthetubaguymy worry is operators that want the Reader roles, so can't have the "or anyone" fallback still active16:11
johnthetubaguythe real problem is we have checks that basically mean "any token with project scope x" as the deprecated rule16:11
lbragstadso - if operators want to jump into the new world16:12
lbragstadand policies are still deprecated16:12
kmallocright. the transition built into olso.policy is to allow NEW or OLD (if nothing is overridden, deprecated is the old)16:12
lbragstadthen they need to explicitly override the old policies with the new policies16:12
kmallocif they want only the new form, they can override with just the NEW rule.16:12
lbragstadthen oslo.policy won't OR anything16:12
johnthetubaguyyeah, that's true16:13
lbragstadwhen the deprecations are removed16:13
kmallocif a rule is supplied in policy.json, no or is done16:13
kmalloceventually you as Nova drop the deprecated, which means only new-style works.16:13
kmallocbut that is on your timeline16:13
kmalloc(if ever)16:13
lbragstadwhen the deprecations are removed, they're just dealing with defaults that are in code, and the oslo policy CLI tools will tell them they can remove those redundant policies16:13
johnthetubaguytrue...16:14
kmalloclbragstad: we should check... if someone supplies the new rule in policy.json, it should prevent an OR with the deprecated16:14
johnthetubaguythe way I wrote the POC patch, at least its only six rules they need to override, or something like that16:14
kmalloceven if the new rule is the same as the in-code new.16:14
kmallocjust realized that may not be the case16:14
lbragstadthat's the way it works, the last time i tested it16:14
kmallocok good.16:14
johnthetubaguykmalloc: my reading of the code said that is the case16:14
lbragstadi recorded a demo with domain admin support for the user API16:14
johnthetubaguyI discounted that option before... but it does work16:15
lbragstadand i opted into using only the new policies for that recording16:15
kmallocyeah, it's the easiest way to not break people16:15
lbragstadit's kind of a hot mess code-wise16:15
lbragstadthe deprecation logic in oslo.policy specifically16:15
johnthetubaguyso I just discovered that :D16:16
lbragstadi'm sorry :(16:16
lbragstadmy condolences16:16
*** markvoelker has joined #openstack-keystone16:16
kmallocoslo.policy was somewhat of a hot mess before we got to it16:16
kmallocmaking new stuff not really less of a hot mess16:16
johnthetubaguyah, I meant my code not oslo.policy16:16
lbragstadto be fair... it's trying to do a lot of stuff...16:16
kmallocand your code is based on oslo.policy16:16
kmallocsooooo16:16
johnthetubaguyFWIW, I didn't find oslo.policy too bad16:16
johnthetubaguybut that is a Nova person talking, so...16:17
lbragstadand having oslo.policy be smart during the migration is attributing to some of the cruft16:17
bnemeckmalloc: I don't know what you mean. :-P16:17
bnemecYou should have seen the old quota module in oslo-incubator.16:17
lbragstadonce projects define scope types properly, add testing, and fix check strings, we should be able to clean up some of oslo.policy16:17
kmallocbnemec: i did. remember i worked on openstack back in diablo, essex, folsom :)16:17
kmallocbnemec: specifically nova to start16:18
* johnthetubaguy remembers having one half of glance for swift as a backport, fun times16:18
johnthetubaguyyeah... simpler, but more broken times16:19
bnemec:-)16:19
johnthetubaguyanyways, I kinda like the proposal here, just overide the policy rule with the code default to opt in16:19
johnthetubaguyI discounted it, but its like four rule overrides, doesn't seem too bad16:19
johnthetubaguyThinking about lines 69-85 in here: https://review.opendev.org/#/c/663716/1/nova/policies/base.py16:20
lbragstadi imagine that to be a pretty low bar for people who have been wanting this for a long time16:20
johnthetubaguyI might need to "tweak" the description in there16:20
johnthetubaguylbragstad: ++16:20
*** markvoelker has quit IRC16:20
lbragstadonce they specify those overrides, they just need to wait for the deprecations to be removed and they can use tooling to detect that16:21
johnthetubaguyyeah, the more I think about your idea, the more I am liking it16:23
johnthetubaguysweet, I think this was the missing bit in head (till I find the next one!)16:23
lbragstadawesome!16:24
lbragstadclear as mud, right?16:24
johnthetubaguyyeah, a nice muddy puddle16:25
johnthetubaguy:)16:25
*** jamesmcarthur_ has joined #openstack-keystone16:29
lbragstadjohnthetubaguy i also took another look at the unified limit stuff you have up for review16:31
lbragstad(spec and code)16:31
*** jamesmcarthur has quit IRC16:32
lbragstadjohnthetubaguy i need to take a look at the oslo.policy changes, but i'm wondering about the terminilogy?16:33
lbragstadterminology*16:34
lbragstadnot sure if you saw my comment about that16:34
johnthetubaguyyeah, I spotted that16:34
johnthetubaguyI am not sure about "claim" if I am honest, but that might be because I keep thinking of how Nova used to write claims/reservations in the DB16:34
lbragstadoh - so that term is already overloaded in nova?16:35
johnthetubaguywell, that might be just in my head16:37
* lbragstad nods16:38
lbragstadi was originally thinking about having something like a ProjectClaim object16:39
lbragstadhttps://review.opendev.org/#/c/600266/6/oslo_limit/limit.py16:39
*** joshualyle has joined #openstack-keystone16:40
lbragstadand a claim would have a one to many relationship with resources16:40
lbragstadthen you'd pass a claim object to the enforcer16:40
johnthetubaguywith counting I quite like the delta model, where a delta of zero means just check the current usage16:41
johnthetubaguyyou need to pass zero so you know which resources to check, I guess16:42
johnthetubaguybut clearly that is quite a different sort of API16:42
lbragstadok - so would delta just be an integer?16:47
lbragstador would it be an object that represents the resource and delta to check?16:47
lbragstadmy thinking behind representing all of this as an object of some kind is that it would prevent the services from doing things like:16:48
lbragstadenforcer.check_limit('cores', 8)16:49
lbragstadenforcer.check_limit('ram_mb', 16)16:49
lbragstadenforcer.check_limit('server_count', 1)16:49
johnthetubaguyso I think we need to pass multiple at once16:49
lbragstadso - that would just be:16:49
lbragstadenforcer.check(delta, project_id)16:50
johnthetubaguycheck_limits({cores: 8, ram_mb: 9})16:50
johnthetubaguyyeah16:50
lbragstadok - right16:50
lbragstadso we're not expecting multiple round-trips into oslo.limit16:50
johnthetubaguymy reason is purely efficiency, we basically get a count of all resources in one go16:50
johnthetubaguyyeah16:50
lbragstad++16:50
lbragstadcool - i think we agree on that then16:50
johnthetubaguyyeah, +116:51
lbragstadso - i think the big question left is what that specific API looks like and how we represent resources and deltas from the service being passed into oslo16:51
lbragstadthat and we need to figure out how the current usage gets passed into oslo, too16:52
johnthetubaguyyeah, something simple is my preference, but beyond that16:52
johnthetubaguyah... so I think I had an example that might help with that16:52
lbragstadok - let's start with the usage16:52
johnthetubaguyyeah16:52
lbragstadbecause we know that *has* to come from the service and we've discussed a couple of options for it16:52
lbragstadone of which was to give oslo.limit a callback to calculate enforcement16:53
lbragstadthat didn't seem to get much traction16:54
johnthetubaguyhttps://github.com/JohnGarbutt/oslo.limit/commit/a5b908046fd904c25b6cd15c65266c747774b5ab#diff-10204c54762346cb8b1e7dda368866ecR4516:54
lbragstadmmmm16:54
lbragstadso - you kept that in your implementation16:54
johnthetubaguyso callback is my preference, because it makes the hierarchy simple16:54
lbragstadoh - sure16:55
lbragstadbecause oslo.limit gets a list of projects from keystone16:55
lbragstadand it iterates the list with the callback, that's right16:55
johnthetubaguyyeah16:55
johnthetubaguymeans you can count each project_id once, even though one project goes into two calculations16:55
johnthetubaguyi.e. you could the whole tree usage, and the per project usage16:56
johnthetubaguybut we might be getting ahead of things16:56
lbragstadwell - once we populate the tree16:56
lbragstadwith usage information16:56
lbragstadyou should be able to do both calculations16:56
johnthetubaguyyeah16:56
lbragstadlimits will already be calculated, obviously16:57
*** jamesmcarthur_ has quit IRC16:57
johnthetubaguyI was thinking this is the simple flat checker: https://github.com/JohnGarbutt/oslo.limit/commit/a5b908046fd904c25b6cd15c65266c747774b5ab#diff-0766eeec835e4f691c335a86b858b788R150 which calls this: https://review.opendev.org/#/c/615180/9/nova/limits/keystone.py@4916:57
*** jamesmcarthur has joined #openstack-keystone16:58
johnthetubaguyas you say, you just expand out for the tree case16:58
lbragstadsure16:58
lbragstadso, flat enforcement only cares about one thing16:58
lbragstadand that's the current project16:58
johnthetubaguyyeah16:58
johnthetubaguyjust gets called multiple times in the tree case16:59
lbragstadchecking the tree will be more complicated implementation details of the strict-two-level model16:59
johnthetubaguyyeah, I think so16:59
lbragstadok - assuming each enforcement model implements an interface in oslo.limit17:00
lbragstadwhat should that interface look like?17:00
johnthetubaguyI went for this: https://review.opendev.org/#/c/615180/9/nova/limits/keystone.py@12717:01
johnthetubaguyhence you question on the delta name I guess17:01
johnthetubaguyI should run soon I am afraid...17:02
johnthetubaguywould love to understand the alternatives though, and see if they work better17:03
lbragstadok - this helps, let me take another look after having this discussion17:04
lbragstadif i come up with an alternative interface, i'll leave it on the review17:04
* lbragstad remembers a mess of callbacks being an issue17:05
lbragstadbut i think that was related to the verification/race condition functionality17:05
johnthetubaguycool17:05
lbragstadand what to do with resources if they needed to be cleaned up17:05
johnthetubaguyah yeah, I think its easier to skip all that for v117:05
lbragstadok - good to know17:06
johnthetubaguycurrently can't see a use for it in Nova17:06
johnthetubaguyironically17:06
lbragstadverification, you mean?17:06
johnthetubaguysorry, running off now17:06
lbragstadok - catch up with you later17:06
*** pcaruana has joined #openstack-keystone17:09
*** whoami-rajat has joined #openstack-keystone17:38
*** jamesmcarthur has quit IRC17:58
*** gyee has quit IRC18:04
*** markvoelker has joined #openstack-keystone18:17
*** gyee has joined #openstack-keystone18:19
*** markvoelker has quit IRC18:22
*** raildo has quit IRC18:53
*** raildo has joined #openstack-keystone18:54
*** hoonetorg has quit IRC18:55
*** jamesmcarthur has joined #openstack-keystone18:56
*** hoonetorg has joined #openstack-keystone19:00
*** bnemec has quit IRC19:06
*** markvoelker has joined #openstack-keystone19:18
*** markvoelker has quit IRC19:23
*** jamesmcarthur has quit IRC19:24
*** takamatsu has quit IRC19:32
openstackgerritMerged openstack/keystone master: Remove deprecated admin_endpoint  https://review.opendev.org/66424619:38
*** whoami-rajat has quit IRC19:48
*** xek has joined #openstack-keystone19:50
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system scope and default roles for token API  https://review.opendev.org/66523120:18
*** markvoelker has joined #openstack-keystone20:19
*** markvoelker has quit IRC20:24
*** pcaruana has quit IRC20:36
*** bnemec has joined #openstack-keystone20:52
*** xek has quit IRC20:57
lbragstadin case anyone really *really* missed reviewing patches for scope and default roles - you're in luck20:59
lbragstad^20:59
*** mchlumsky has quit IRC21:07
gagehugo:)21:09
*** takamatsu has joined #openstack-keystone21:13
*** markvoelker has joined #openstack-keystone21:20
*** markvoelker has quit IRC21:24
*** bnemec has quit IRC22:05
*** jamesmcarthur has joined #openstack-keystone22:18
*** takamatsu has quit IRC22:25
*** dave-mccowan has quit IRC22:26
*** rcernin has joined #openstack-keystone22:45
*** tesseract has quit IRC22:48
*** liushuo_ has joined #openstack-keystone22:48
*** dave-mccowan has joined #openstack-keystone22:49
*** tkajinam has joined #openstack-keystone22:51
*** liushuo has quit IRC22:52
*** raildo has quit IRC23:04
*** dave-mccowan has quit IRC23:20
*** markvoelker has joined #openstack-keystone23:22
*** jamesmcarthur has quit IRC23:24
*** markvoelker has quit IRC23:26
*** dave-mccowan has joined #openstack-keystone23:39
« Wednesday, 2019-06-12 Index Friday, 2019-06-14 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!