Monday, 2019-10-28

« Sunday, 2019-10-27 Index Tuesday, 2019-10-29 »
*** ivve has quit IRC01:23
*** markvoelker has joined #openstack-keystone01:40
*** markvoelker has quit IRC01:45
*** markvoelker has joined #openstack-keystone01:50
*** markvoelker has quit IRC02:00
*** markvoelker has joined #openstack-keystone02:01
*** markvoelker has quit IRC02:05
*** jamesmcarthur has joined #openstack-keystone02:06
*** Dinesh_Bhor has quit IRC02:10
*** rcernin has quit IRC02:10
*** jamesmcarthur has quit IRC03:02
*** jamesmcarthur has joined #openstack-keystone03:03
*** jamesmcarthur has quit IRC03:03
*** jamesmcarthur has joined #openstack-keystone03:03
*** jamesmcarthur has quit IRC03:05
*** jamesmcarthur has joined #openstack-keystone03:06
*** jamesmcarthur has quit IRC03:11
*** Dinesh_Bhor has joined #openstack-keystone03:32
*** jamesmcarthur has joined #openstack-keystone03:36
*** jamesmcarthur has quit IRC03:42
*** jamesmcarthur has joined #openstack-keystone04:16
*** jamesmcarthur has quit IRC04:20
*** jawad_axd has joined #openstack-keystone04:44
*** jamesmcarthur has joined #openstack-keystone04:48
*** jamesmcarthur has quit IRC04:53
*** jawad_axd has quit IRC04:59
*** jamesmcarthur has joined #openstack-keystone05:49
*** jamesmcarthur has quit IRC05:54
*** jamesmcarthur has joined #openstack-keystone06:10
*** jawad_axd has joined #openstack-keystone06:12
openstackgerritzhangboye proposed openstack/keystone master: Stop testing python2.7  https://review.opendev.org/69159506:13
*** jawad_ax_ has joined #openstack-keystone06:14
openstackgerrithaixin proposed openstack/ldappool master: Drop python2.7 support  https://review.opendev.org/69159706:15
*** jawad_axd has quit IRC06:17
*** jawad_ax_ has quit IRC06:19
*** jawad_axd has joined #openstack-keystone06:20
*** Luzi has joined #openstack-keystone06:22
*** jawad_axd has quit IRC06:25
*** jawad_axd has joined #openstack-keystone06:25
*** jawad_axd has quit IRC06:29
*** jawad_axd has joined #openstack-keystone06:30
*** mloza has quit IRC06:30
*** jamesmcarthur has quit IRC06:44
*** dancn has joined #openstack-keystone06:49
*** jmlowe has quit IRC06:52
*** jmlowe has joined #openstack-keystone06:55
*** markvoelker has joined #openstack-keystone07:08
*** markvoelker has quit IRC07:12
*** jawad_axd has quit IRC07:39
*** jawad_axd has joined #openstack-keystone07:39
*** jamesmcarthur has joined #openstack-keystone07:47
*** jamesmcarthur has quit IRC07:51
*** tkajinam has quit IRC08:04
*** lifeless has joined #openstack-keystone08:05
*** tesseract has joined #openstack-keystone08:13
*** ivve has joined #openstack-keystone08:48
*** jamesmcarthur has joined #openstack-keystone08:48
*** jamesmcarthur has quit IRC08:53
*** trident has quit IRC09:01
*** markvoelker has joined #openstack-keystone09:08
*** trident has joined #openstack-keystone09:08
*** markvoelker has quit IRC09:13
*** jamesmcarthur has joined #openstack-keystone09:24
*** yankcrime has joined #openstack-keystone09:26
*** jamesmcarthur has quit IRC09:28
*** dancn has quit IRC09:34
*** dancn has joined #openstack-keystone09:40
*** dswebb has quit IRC09:47
*** dustinc is now known as dustinc_pto10:07
*** adriant has quit IRC10:23
*** jamesmcarthur has joined #openstack-keystone10:24
*** jaosorior has joined #openstack-keystone10:25
*** adriant has joined #openstack-keystone10:25
*** adriant has quit IRC10:27
*** jamesmcarthur has quit IRC10:29
*** dancn has quit IRC10:35
*** jaosorior has quit IRC10:36
*** dancn has joined #openstack-keystone10:40
*** dancn has quit IRC10:53
*** dancn has joined #openstack-keystone10:59
*** jamesmcarthur has joined #openstack-keystone11:25
*** jamesmcarthur has quit IRC11:30
*** jaosorior has joined #openstack-keystone11:34
*** dave-mccowan has joined #openstack-keystone11:57
*** markvoelker has joined #openstack-keystone12:06
*** jamesmcarthur has joined #openstack-keystone12:11
*** jaosorior has quit IRC12:26
*** jamesmcarthur has quit IRC12:29
*** jmlowe has quit IRC12:46
*** jamesmcarthur has joined #openstack-keystone12:46
*** jmlowe has joined #openstack-keystone13:02
*** dklyle has quit IRC13:12
*** prometheanfire has quit IRC13:18
*** prometheanfire has joined #openstack-keystone13:20
*** raildo has joined #openstack-keystone13:24
*** jaosorior has joined #openstack-keystone13:33
*** dancn has quit IRC13:51
*** dancn has joined #openstack-keystone13:56
*** mloza has joined #openstack-keystone14:01
*** jamesmcarthur has quit IRC14:06
*** dklyle has joined #openstack-keystone14:07
*** jdwidari has joined #openstack-keystone14:19
*** kimamisa has joined #openstack-keystone14:21
*** jamesmcarthur has joined #openstack-keystone14:28
*** jamesmcarthur has quit IRC14:34
*** Luzi has quit IRC14:41
*** jamesmcarthur has joined #openstack-keystone14:42
*** jawad_axd has quit IRC14:51
*** dklyle has quit IRC14:58
*** dklyle has joined #openstack-keystone14:59
*** markvoelker has quit IRC15:12
*** markvoelker has joined #openstack-keystone15:19
*** markvoelker has quit IRC15:19
*** markvoelker has joined #openstack-keystone15:19
*** markvoelker has quit IRC15:24
*** memo_ has joined #openstack-keystone15:25
*** gyee has joined #openstack-keystone15:25
*** memo_ has quit IRC15:30
*** memo_ has joined #openstack-keystone15:32
*** markvoelker has joined #openstack-keystone15:39
*** jmlowe has quit IRC15:48
*** tellesnobrega has joined #openstack-keystone15:49
tellesnobregalbragstad, hey, have you seen this error Conflict project: (pymysql.err.IntegrityError) (1062, u"Duplicate entry 'default-admin' for key 'ixu_project_name_domain_id'" while deploying openstack with tripleo standalone?15:50
*** ivve has quit IRC16:04
*** jaosorior has quit IRC16:33
*** jamesmcarthur has quit IRC16:49
*** kimamisa has quit IRC16:49
mlozaI have "identity:list_role_assignments": "rule:admin_or_owner" and "identity:list_role_assignments_for_tree": "rule:admin_or_owner" in policy.yaml and a user member role still keep getting "You are not authorized to perform the requested action: identity:list_role_assignments."16:50
cmurphymloza: a user with a member role isn't an admin and not an owner of any role assignments so that rule doesn't apply16:58
cmurphylbragstad: fyi https://bugs.launchpad.net/keystone/+bug/185008716:58
openstackLaunchpad bug 1850087 in OpenStack Identity (keystone) "keystone: token replaced at auth_context middleware" [Undecided,New]16:58
lbragstadhmmm17:00
lbragstadare there specific steps to reproduce?17:00
cmurphyi have no other information17:01
mlozacmurphy: can I do it like this "identity:list_role_assignments": "role:admin and role:member"?17:04
*** markvoelker has quit IRC17:04
cmurphymloza: are you trying to allow regular users to list all role assignments, or just check their own role assignments?17:08
mlozaallow regular users to list all role assignments17:08
cmurphymloza: why?17:08
mlozacmurphy: I want to give a ability to a user to list the members who are in the project17:12
mlozaIt seems `openstack role assigment list --project` is the only way to list the members of a project17:13
*** dancn has quit IRC17:14
mlozaand without admin privileges, a user can't list other members who are in the project17:14
cmurphymloza: identity:list_role_assignments allows users to list all users and groups in all projects and all domains17:16
cmurphymloza: you could use identity:list_role_assignments_for_tree, then your rule should use "or" instead of "and" otherwise users would still need the admin role17:16
cmurphyidentity:list_role_assignments is also only for system or domain scope, _for_tree will work with project scope17:17
cmurphythe rule should actually be what's listed in https://docs.openstack.org/keystone/latest/configuration/policy.html under identity:list_role_assignments_for_tree but with role:admin changed to role:member17:20
lbragstadtellesnobrega i have not seen that - but i haven't tried recently17:25
*** markvoelker has joined #openstack-keystone17:27
*** pcaruana has joined #openstack-keystone17:31
*** jmlowe has joined #openstack-keystone17:32
mlozacmurphy: I changed what is listed in defaults of keystone policy.yaml but still the user is unauthorized list assignments17:38
mloza(keystone)[root@c2ostack01a /]# cat /etc/keystone/policy.yaml17:38
mloza"identity:list_role_assignments_for_tree": "role:admin or role:member"17:38
mloza(keystone)[root@c2ostack01a /]#17:38
mlozaI have stable/stein env17:39
*** jaosorior has joined #openstack-keystone17:40
cmurphymloza: you need to include the project_id:%(target.project.id)s part like in the link i gave17:42
*** ivve has joined #openstack-keystone17:45
openstackgerritPedro Henrique Pereira Martins proposed openstack/keystone master: Stop adding entry in local_user while updating ephemerals  https://review.opendev.org/68799017:51
mloza"identity:list_role_assignments_for_tree": "(role:admin and project_id:%(target.project.id)s) or (role:member and project_id:%(target.project.id)s)"17:57
mlozastill won't let me list assigments17:57
*** bnemec has quit IRC18:01
*** bnemec has joined #openstack-keystone18:02
mlozakeystone==15.0.1.dev1618:08
*** dklyle has quit IRC18:08
*** david-lyle has joined #openstack-keystone18:08
*** ebbex has joined #openstack-keystone18:24
*** jawad_axd has joined #openstack-keystone18:25
*** jawad_axd has quit IRC18:30
*** pcaruana has quit IRC18:30
*** pcaruana has joined #openstack-keystone18:31
*** tesseract has quit IRC18:31
*** vishalmanchanda has joined #openstack-keystone18:33
*** jmlowe has quit IRC18:36
*** jmlowe has joined #openstack-keystone18:39
*** jawad_axd has joined #openstack-keystone18:46
*** jawad_axd has quit IRC18:50
*** openstackgerrit has quit IRC18:50
*** mordred has quit IRC18:52
*** jawad_axd has joined #openstack-keystone19:06
*** jawad_axd has quit IRC19:11
*** david-lyle is now known as dklyle19:29
*** openstackgerrit has joined #openstack-keystone19:32
openstackgerritMerged openstack/oslo.policy master: Modernize policy checker  https://review.opendev.org/68278319:32
*** zaneb has joined #openstack-keystone19:52
zaneblbragstad: thanks for the review on https://review.opendev.org/691181 - I have a question for you about https://bugs.launchpad.net/oslo.policy/+bug/1742569 when you have a moment19:53
openstackLaunchpad bug 1742569 in oslo.policy "Including deprecated policy names in sample file" [Undecided,Fix released] - Assigned to Lance Bragstad (lbragstad)19:53
*** dswebb has joined #openstack-keystone19:56
bnemecOh, that was added for Horizon. TIL.19:57
dswebbhi, hopefully quick question.  I think I've run into the limitations of openid for federated auth (namely I can't get the cli to work for the life of me which I think relates to: https://bugs.launchpad.net/keystone/+bug/1815971).  Does SAML2 suffer the same problems?19:58
openstackLaunchpad bug 1815971 in OpenStack Identity (keystone) "RFE: Improved OpenID Connect Support" [Wishlist,In progress] - Assigned to Alvaro Lopez (aloga)19:58
zanebbnemec: I'm glad someone else found it as inexplicable as I did ;)20:01
*** pcaruana has quit IRC20:02
*** jawad_axd has joined #openstack-keystone20:08
*** jawad_axd has quit IRC20:13
cmurphydswebb: saml2 should work just fine with the cli, you just need to ensure ECP is enabled on your service provider https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#use-the-cli-to-authenticate-with-a-saml2-0-identity-provider20:32
dswebbI'm using keycloak as my IdP so it should support ECP out of the box based on 1 minutes googling, cheers!20:35
*** mordred has joined #openstack-keystone20:43
*** jmlowe has quit IRC20:43
*** jdwidari has quit IRC20:44
*** jamesmcarthur has joined #openstack-keystone20:47
*** kimamisa has joined #openstack-keystone20:49
*** vishalmanchanda has quit IRC21:02
*** jaosorior has quit IRC21:19
*** jaosorior has joined #openstack-keystone21:20
*** raildo has quit IRC21:22
*** kimamisa has quit IRC21:26
*** jmlowe has joined #openstack-keystone21:27
*** kimamisa has joined #openstack-keystone21:41
*** markvoelker has quit IRC21:45
*** dswebb has quit IRC21:54
*** adriant has joined #openstack-keystone21:57
*** jamesmcarthur has quit IRC22:28
*** jawad_axd has joined #openstack-keystone22:36
*** jaosorior has quit IRC22:38
*** jawad_axd has quit IRC22:40
openstackgerritColleen Murphy proposed openstack/keystone master: Refresh "how can I help?" doc  https://review.opendev.org/69176922:48
*** kimamisa has quit IRC22:52
*** rcernin has joined #openstack-keystone22:58
*** tkajinam has joined #openstack-keystone23:00
*** markvoelker has joined #openstack-keystone23:01
*** markvoelker has quit IRC23:06
*** mvkr has joined #openstack-keystone23:13
*** adriant has quit IRC23:25
*** adriant has joined #openstack-keystone23:25
*** prometheanfire has quit IRC23:50
*** prometheanfire has joined #openstack-keystone23:50
*** gyee has quit IRC23:57
« Sunday, 2019-10-27 Index Tuesday, 2019-10-29 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!