Thursday, 2014-11-27

« Wednesday, 2014-11-26 Index Friday, 2014-11-28 »
*** david-lyle is now known as david-lyle_afk00:26
*** _cjones_ has quit IRC00:33
*** _cjones_ has joined #openstack-keystone00:36
crinklezigo: hmm, I think I'm either misunderstanding or I didn't communicate effectively - we're looking to consume python-openstackclient in the stackforge puppet modules, ideally without the user having to add a new repository, so my inquiry was about its status in the ubuntu standard package repositories or ubuntu cloud archive (and similarly for epel/rdo)00:45
crinkleit's great that we can use that package for development in the mean time though00:46
*** lhcheng has quit IRC00:46
*** lhcheng has joined #openstack-keystone00:47
zigocrinkle: I do *not* control whatever crap they do at Canonical ! :)00:50
crinklezigo: :)00:51
zigoI do my bugs only in Debian... :)00:51
zigocrinkle: You probably want to ask james page about that.00:51
*** lhcheng has quit IRC00:52
crinklezigo: does he have an irc nick?00:52
zigoYeah... jamespage ... :)00:52
crinklehow unexpected00:52
zigoOtherwise James Page <james.page@canonical.com>00:53
crinkleawesome, thanks for your help!00:53
zigoBut he's currently logged on IRC (both OFTC and Freenode).00:53
zigocrinkle: No problem, and please do consider switching to Debian ! :)00:53
crinklezigo: haha, we're trying to support Debian + Ubuntu + RHEL :)00:54
crinklewill probably try to bug people after the holiday00:55
mgagnecrinkle: there is a list of packages available in Ubuntu Cloud Archive: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/juno_versions.html and http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/icehouse_versions.html00:55
crinklethat is useful00:56
mgagnecrinkle: unfortunately, python-openstackclient looks to not be packaged in UCA00:56
crinklehence my inquiry00:56
*** raildo_ has joined #openstack-keystone00:57
*** ekarlso- has quit IRC01:12
*** ekarlso- has joined #openstack-keystone01:13
*** diegows has quit IRC01:13
*** raildo_ has quit IRC01:26
*** henrynash has quit IRC01:29
*** henrynash has joined #openstack-keystone01:34
*** ChanServ sets mode: +v henrynash01:34
*** kobtea has joined #openstack-keystone01:34
*** NM has joined #openstack-keystone01:37
*** kobtea has quit IRC01:39
*** r-daneel has quit IRC01:47
*** NM has quit IRC01:57
*** _cjones_ has quit IRC01:58
*** tellesnobrega_ has quit IRC02:04
*** stevemar has joined #openstack-keystone02:11
*** ChanServ sets mode: +v stevemar02:11
*** fifieldt has joined #openstack-keystone02:13
*** htruta_ has quit IRC02:16
*** tellesnobrega_ has joined #openstack-keystone02:18
*** jorge_munoz has quit IRC02:18
*** erkules_ has joined #openstack-keystone02:27
*** erkules has quit IRC02:29
*** tellesnobrega_ has quit IRC02:29
*** tellesnobrega_ has joined #openstack-keystone02:44
*** saipandi has quit IRC02:48
*** KanagarajM has joined #openstack-keystone02:54
*** erkules_ is now known as erkules02:58
*** harlowja_ is now known as harlowja_away03:18
openstackgerritSteve Martinelli proposed openstack/keystone: Update docs to no longer show XML support  https://review.openstack.org/12575303:38
openstackgerritwanghong proposed openstack/keystone: move matching id check in policy update into controller  https://review.openstack.org/13215203:44
openstackgerritwanghong proposed openstack/keystone: move matching id check in policy update into controller  https://review.openstack.org/13215203:44
*** jdennis1 has quit IRC03:47
ayoungnkinder, https://review.openstack.org/#/c/129951/  merged.  It twice got caught in a server migration issue, dropping it from Zuul.03:57
nkinderayoung: yep, I saw the notification04:00
nkinderayoung: nice to see that finally go through04:00
ayoungnkinder, I think we need to get more reviewers on the other puppet-keystone patches04:00
ayoungalso, Matt has an LDAP patch that is in merge conflict and has been sitting since August04:01
ayoungwant me to grab that?04:01
ayounger, Rich...not Matt04:02
ayounghttps://review.openstack.org/#/c/76002/  nkinder this one04:02
*** samuelms_ has joined #openstack-keystone04:06
*** samuelms has quit IRC04:09
openstackgerritayoung proposed openstack/keystone: better handling for empty/None ldap values  https://review.openstack.org/7600204:13
*** tellesnobrega_ has quit IRC04:27
*** oomichi_ has joined #openstack-keystone04:30
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Turn our auth plugin into a token interface  https://review.openstack.org/13726804:31
*** zzzeek has quit IRC04:37
*** stevemar has quit IRC04:39
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Fix importing config module and classmethod params  https://review.openstack.org/13386604:49
*** _cjones_ has joined #openstack-keystone04:59
*** _cjones_ has quit IRC05:04
*** kobtea has joined #openstack-keystone05:12
*** kobtea has quit IRC05:17
*** ajayaa has joined #openstack-keystone05:21
*** amakarov_away has quit IRC05:31
*** amakarov_away has joined #openstack-keystone05:31
*** Shohei has quit IRC05:35
*** Shohei has joined #openstack-keystone05:36
*** Shohei has quit IRC05:36
*** Shohei has joined #openstack-keystone05:37
openstackgerritMerged openstack/python-keystoneclient: Sync oslo-incubator to 1fc3cd47  https://review.openstack.org/13095905:46
*** _cjones_ has joined #openstack-keystone05:56
*** stevemar has joined #openstack-keystone06:03
*** ChanServ sets mode: +v stevemar06:03
stevemarbump06:05
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/13624306:07
*** k4n0 has joined #openstack-keystone06:26
*** ukalifon1 has joined #openstack-keystone06:37
*** _cjones_ has quit IRC06:40
*** jamielennox is now known as jamielennox|away06:50
*** ekarlso- has quit IRC06:54
*** ekarlso- has joined #openstack-keystone06:54
openstackgerritSteve Martinelli proposed openstack/keystone: New stuff  https://review.openstack.org/13754007:40
ekarlso-stevemar: ^ not the best title i've seen :P07:41
openstackgerritSteve Martinelli proposed openstack/keystone: Add support for listing public idps  https://review.openstack.org/13754007:42
*** ukalifon1 has quit IRC07:47
openstackgerritMarcos Fermín Lobo proposed openstack/keystone: Implement group related methods for LDAP backend  https://review.openstack.org/10224407:47
*** stevemar has quit IRC07:56
*** henrynash has quit IRC07:59
*** henrynash has joined #openstack-keystone08:10
*** ChanServ sets mode: +v henrynash08:10
*** afazekas has joined #openstack-keystone08:19
*** oomichi_ has quit IRC08:24
*** kobtea has joined #openstack-keystone08:49
*** mzbik has joined #openstack-keystone08:52
mzbikAnyone alive here?08:54
*** kobtea has quit IRC08:54
mzbikHow can I pass filter like this (&(cn={0})(objectClass=groupOfUniqueNames)) in keystone with LDAP?08:55
mzbikexact question is: how to pass argument to that cn={0}?08:56
*** jistr has joined #openstack-keystone09:10
*** nellysmitt has joined #openstack-keystone09:14
*** xiaozhi_ has joined #openstack-keystone09:29
*** _cjones_ has joined #openstack-keystone09:41
*** _cjones_ has quit IRC09:45
*** tellesnobrega_ has joined #openstack-keystone10:15
*** henrynash has quit IRC10:24
*** tellesnobrega_ has quit IRC10:31
*** tellesnobrega_ has joined #openstack-keystone10:35
samuelms_morning10:36
*** samuelms_ is now known as samuelms10:36
samuelmsmzbik, hi10:36
samuelmsmzbik, what do you'd like to do? filter users when calling list_users API?10:36
*** aix has joined #openstack-keystone10:37
*** tellesnobrega_ has quit IRC10:52
*** NM has joined #openstack-keystone10:52
*** fifieldt has quit IRC10:59
*** henrynash has joined #openstack-keystone11:08
*** ChanServ sets mode: +v henrynash11:08
mzbiksamuelms, rather I wanted to filter group name when listing groups11:13
mzbikI have huge LDAP11:13
mzbikI wanted to use /v3/groups?name=MyGroup&domain_id=123456 to filter only MyGroup11:14
mzbikbut11:14
mzbikin LDAP for that domain there are thousands of groups11:14
mzbikit too much for keystone (size exeeced)11:15
mzbikand I cant use page_size11:15
mzbikso I thout I could use that kind of filter to filter only one group without fetching all groups from LDAP11:17
*** NM has quit IRC11:30
*** NM has joined #openstack-keystone11:30
*** xiaozhi_ has quit IRC11:38
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient: Add self-installation to venv deployment  https://review.openstack.org/13761311:42
*** henrynash has quit IRC11:48
*** aix has quit IRC11:55
samuelmsmzbik, why are you passing domain_id on your request?  /v3/groups?name=MyGroup&domain_id=12345611:58
samuelmsmzbik, one you have a token for that domain, you just need to query /v3/groups?name=MyGroup11:59
mzbiksamuelms, im affraid you are wrong12:00
mzbikit is obligatory if you have multibackend in keystone12:00
mzbikhttps://bugs.launchpad.net/keystone/+bug/138737912:00
uvirtbotLaunchpad bug 1387379 in keystone "No documentation on the fact that List users/groups  require a domain to be specified in multi domain configuration" [Medium,In progress]12:00
mzbik"if domain-specific drivers are enabled then, as indicated above, you must specify a domain_id as par of the a GET /users or GET /groups call."12:01
samuelmsmzbik, so you're using this?12:03
samuelmsmzbik, you have multiple ldap connected instead of a single one as you said ..12:03
rodrigodsmzbik, you need to specify only if you don't have the domain_id in your token12:04
*** diegows has joined #openstack-keystone12:04
mzbikrodrigods, I have but it does not work, anyways clue is a bit different ;)12:05
*** diegows has quit IRC12:14
mzbiksamuelms, yes I have SQL backend for service users and LDAP for rest of users cause I have read-only LDAP and cannot change it.12:20
*** k4n0 has quit IRC12:26
samuelmsmzbik, ok .. I think ayoung is a good person to help you out .. he understand better how ldap things are implemented12:29
mzbikayoung, ping12:30
marekdmzbik: ^^ so you are now doomed :P12:30
mzbikAm I? :(12:30
mzbikerm... ayound is Adam Young?12:30
marekdyep12:30
mzbikyes... Im doomed12:31
mzbik:P12:31
samuelmshaha12:31
*** KanagarajM has quit IRC12:37
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file  https://review.openstack.org/13540812:53
*** kobtea has joined #openstack-keystone12:55
*** f13o_f13o has joined #openstack-keystone12:55
*** f13o_f13o has quit IRC12:55
*** kobtea has quit IRC12:59
*** aix has joined #openstack-keystone13:06
*** dims has joined #openstack-keystone13:20
*** dims_ has joined #openstack-keystone13:24
*** dims has quit IRC13:27
openstackgerritIlya Pekelny proposed openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063013:37
openstackgerritIlya Pekelny proposed openstack/keystone: Fix index name the assignment.actor_id table.  https://review.openstack.org/13763713:37
openstackgerritIlya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column.  https://review.openstack.org/13763813:37
openstackgerritIlya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at.  https://review.openstack.org/13763913:37
openstackgerritIlya Pekelny proposed openstack/keystone: Migrate_repo init version helper  https://review.openstack.org/13764013:37
openstackgerritIlya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database  https://review.openstack.org/9355813:37
*** jaosorior has joined #openstack-keystone13:39
*** gordc has joined #openstack-keystone13:49
ajayaaHi. How does other openstack components check for project's existence in keystone, where project_id is used in the url.13:58
ayoungmzbik, it is thanksgiving here, and I am really not supposed to be doing work....13:59
ayoungI think you can filter on groups13:59
mzbikayoung, I will try to ping you after holidays then14:01
*** mzbik has quit IRC14:09
*** NM1 has joined #openstack-keystone14:29
*** NM has quit IRC14:31
*** ukalifon1 has joined #openstack-keystone14:39
*** _cjones_ has joined #openstack-keystone15:00
*** dims has joined #openstack-keystone15:05
*** dims_ has quit IRC15:09
*** stevemar has joined #openstack-keystone15:09
*** ChanServ sets mode: +v stevemar15:09
*** r-daneel has joined #openstack-keystone15:10
*** jdennis has joined #openstack-keystone15:23
*** NM1 has quit IRC15:28
marekdstevemar: if you make an apache configuration with <Location /v3/OS-FEDERATION/identity_providers/*/...>  you would need to *again* implement Discover service, something you want to do for Horizon already...15:29
marekdstevemar: so, you 'd go to horizon, choose idp of your choice, get redirected to Keystone, go again to similar page where you choose a IdP of your choice.15:29
marekdstevemar: hi, btw :-)15:31
stevemarmarekd, hello as well :)15:32
marekdmaybe the the alternative is to implement one endpoint, v3/OS-FEDERATION/websso15:33
marekdwhere a user is redirected always15:33
*** NM has joined #openstack-keystone15:33
marekdthen, he actually gets to the DS15:33
marekdwhich is completely separate from Keystone15:34
marekduser authenticates15:34
marekdgets back to /websso endpoint15:34
marekdand the right mapping is choosed basing on IdP identifier squeezed into saml assertion15:34
marekdthen, we would need to add entityId in the identity_provider objects, instead of is_public15:35
marekdlike here: https://github.com/cernops/keystone/commit/66dabd94b4ad32abca171cef9192210fec28923515:37
marekdyou know what i mean?15:41
*** ukalifon1 has quit IRC15:59
openstackgerritAlexander Makarov proposed openstack/keystone-specs: Trust redelegation documentation  https://review.openstack.org/13154116:23
*** stevemar has quit IRC16:27
*** _cjones_ has quit IRC16:28
*** kobtea has joined #openstack-keystone16:32
*** jaosorior has quit IRC16:33
*** kobtea has quit IRC16:37
*** _cjones_ has joined #openstack-keystone16:37
*** afazekas has quit IRC16:46
*** nellysmitt has quit IRC16:46
*** jdennis has quit IRC17:29
*** nellysmitt has joined #openstack-keystone17:31
*** ajayaa has quit IRC17:43
*** jistr has quit IRC17:50
*** diegows has joined #openstack-keystone17:52
*** mzbik has joined #openstack-keystone17:52
*** _cjones_ has quit IRC18:04
openstackgerritSergey Kraynev proposed openstack/python-keystoneclient: Using correct keyword for region in v3  https://review.openstack.org/11838318:19
*** _cjones_ has joined #openstack-keystone18:31
*** jaosorior has joined #openstack-keystone18:44
*** svasheka has quit IRC18:51
*** svasheka has joined #openstack-keystone18:51
*** stevemar has joined #openstack-keystone18:58
*** ChanServ sets mode: +v stevemar18:58
*** henrynash has joined #openstack-keystone19:05
*** ChanServ sets mode: +v henrynash19:05
*** aix has quit IRC19:15
*** dims has quit IRC19:27
openstackgerritAndre Aranha proposed openstack/keystone: Modify the policy v3 sample  https://review.openstack.org/12350919:33
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file  https://review.openstack.org/13540819:41
*** afaranha has left #openstack-keystone20:01
*** nellysmitt has quit IRC20:02
*** _cjones_ has quit IRC20:08
*** afaranha has joined #openstack-keystone20:09
*** kobtea has joined #openstack-keystone20:10
*** mzbik has quit IRC20:11
*** kobtea has quit IRC20:15
*** dims has joined #openstack-keystone20:27
*** mzbik has joined #openstack-keystone20:31
*** _cjones_ has joined #openstack-keystone20:34
*** mzbik_ has joined #openstack-keystone20:45
*** mzbik has quit IRC20:49
*** dims has quit IRC21:02
samuelmshenrynash, which one sounds better: '_list_applicable_assignments_TO_user_and_project' or '_list_applicable_assignments_FOR_user_and_project'?21:08
samuelmshenrynash, applicable should be direct + indirect assignments (from expansion)21:09
samuelmsdoes anyone know which one sounds better ?21:10
samuelmsI meant, which one is correct ? if both, then which one sounds better :p21:10
*** mzbik_ has quit IRC21:12
*** NM has quit IRC21:12
*** dims has joined #openstack-keystone21:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/13661621:42
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/13596521:43
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/13479421:48
*** dims has quit IRC21:49
*** nellysmitt has joined #openstack-keystone22:03
*** nellysmitt has quit IRC22:07
*** samuelms_ has joined #openstack-keystone22:17
*** stevemar has quit IRC22:27
*** stevemar has joined #openstack-keystone22:29
*** ChanServ sets mode: +v stevemar22:29
*** lhcheng has joined #openstack-keystone22:40
*** stevemar has quit IRC22:54
*** gordc has quit IRC23:01
*** jamielennox|away is now known as jamielennox23:19
*** tellesnobrega_ has joined #openstack-keystone23:21
*** diegows has quit IRC23:21
*** jaosorior has quit IRC23:23
*** oomichi has joined #openstack-keystone23:43
*** dims has joined #openstack-keystone23:46
*** kobtea has joined #openstack-keystone23:47
*** kobtea has quit IRC23:52
« Wednesday, 2014-11-26 Index Friday, 2014-11-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!