Friday, 2014-11-28

« Thursday, 2014-11-27 Index Saturday, 2014-11-29 »
*** nellysmitt has joined #openstack-keystone00:04
*** nellysmitt has quit IRC00:08
*** henrynash has quit IRC00:09
*** henrynash has joined #openstack-keystone00:09
*** ChanServ sets mode: +v henrynash00:09
*** tellesnobrega_ has quit IRC00:52
*** tellesnobrega_ has joined #openstack-keystone00:58
*** lhcheng has quit IRC00:58
*** lhcheng has joined #openstack-keystone00:59
*** lhcheng has quit IRC01:04
*** htruta_ has joined #openstack-keystone01:12
*** stevemar has joined #openstack-keystone01:29
*** ChanServ sets mode: +v stevemar01:29
*** _cjones_ has quit IRC01:39
*** _cjones_ has joined #openstack-keystone01:42
*** _cjones_ has quit IRC01:44
*** NM has joined #openstack-keystone01:53
*** NM has quit IRC01:59
*** nellysmitt has joined #openstack-keystone02:05
*** nellysmitt has quit IRC02:09
*** sluo_wfh has joined #openstack-keystone02:17
*** erkules_ has joined #openstack-keystone02:25
*** erkules has quit IRC02:27
*** r-daneel has quit IRC02:32
*** r-daneel has joined #openstack-keystone02:33
*** htruta_ has quit IRC02:41
*** dims has quit IRC02:47
*** r-daneel has quit IRC02:51
*** henrynash has quit IRC03:16
*** samuelms_ has quit IRC03:16
*** henrynash has joined #openstack-keystone03:17
*** ChanServ sets mode: +v henrynash03:17
*** NM has joined #openstack-keystone03:23
*** kobtea has joined #openstack-keystone03:25
*** kobtea has quit IRC03:29
*** david-ly_ has joined #openstack-keystone03:35
*** david-lyle_afk has quit IRC03:37
*** ayoung has quit IRC03:37
*** NM has quit IRC03:39
*** nellysmitt has joined #openstack-keystone04:05
*** nellysmitt has quit IRC04:10
*** yasu_ has joined #openstack-keystone04:15
*** yasu_ has quit IRC04:43
*** KanagarajM has joined #openstack-keystone04:52
*** tellesnobrega_ has quit IRC05:07
*** henrynash has quit IRC05:08
*** tellesnobrega_ has joined #openstack-keystone05:08
*** henrynash has joined #openstack-keystone05:09
*** ChanServ sets mode: +v henrynash05:09
*** _cjones_ has joined #openstack-keystone05:13
*** _cjones_ has quit IRC05:13
*** kobtea has joined #openstack-keystone05:14
*** kobtea has quit IRC05:18
*** mitz_ has quit IRC05:41
*** ajayaa has joined #openstack-keystone05:42
*** mitz_ has joined #openstack-keystone05:44
*** dims has joined #openstack-keystone05:48
*** dims has quit IRC05:52
*** yasu_ has joined #openstack-keystone05:54
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/13624306:02
*** nellysmitt has joined #openstack-keystone06:06
henrynashsamuelms: We have, in the past, used the term “effective” for what you get after expansion (it’s what the ?option is for the REST API), so I’d be tempted to go for list_effective_assignments_for_user_and_project06:11
*** nellysmitt has quit IRC06:11
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Turn our auth plugin into a token interface  https://review.openstack.org/13726806:12
*** oomichi has quit IRC06:32
*** mzbik has joined #openstack-keystone06:38
*** k4n0 has joined #openstack-keystone07:00
*** kobtea has joined #openstack-keystone07:02
*** kobtea has quit IRC07:07
*** ukalifon1 has joined #openstack-keystone07:07
openstackgerritjun xie proposed openstack/keystone: Fix the copy-pasted help info for db_version  https://review.openstack.org/13772907:23
*** ukalifon1 has quit IRC07:31
*** oomichi_ has joined #openstack-keystone07:42
*** oomichi_ has quit IRC07:44
*** stevemar has quit IRC07:44
*** ukalifon has joined #openstack-keystone07:51
*** nellysmitt has joined #openstack-keystone08:07
*** nellysmitt has quit IRC08:12
openstackgerritSergey Kraynev proposed openstack/python-keystoneclient: Using correct keyword for region in v3  https://review.openstack.org/11838308:12
*** yasu_ has quit IRC08:14
*** _cjones_ has joined #openstack-keystone08:14
*** _cjones_ has quit IRC08:19
*** yasu_ has joined #openstack-keystone08:20
*** jistr has joined #openstack-keystone08:22
*** oomichi_ has joined #openstack-keystone08:24
*** ukalifon has quit IRC08:25
*** erkules_ is now known as erkules08:29
*** k4n0 has quit IRC08:56
*** oomichi_ has quit IRC09:22
*** eglynn-officeafk is now known as eglynn-office09:22
*** nellysmitt has joined #openstack-keystone09:35
*** f13o has quit IRC09:36
*** jamielennox is now known as jamielennox|away10:05
*** jistr has quit IRC10:11
*** sluo_wfh has quit IRC10:12
josecastroleonjamielennox: are you around?10:31
josecastroleoni have a very nice bug (kerberos related)10:32
josecastroleonlet's say: non desired behavior10:33
*** jistr has joined #openstack-keystone10:34
samuelmshenrynash, yep I know that terminology .. but how could we call the set before the expansion?10:46
samuelmshenrynash, morning :-)10:46
samuelmshenrynash, anyway.. I'll reorganize the code such way we have no need to a new terminology .. this will mess up people's brains10:50
*** henrynash has quit IRC10:51
*** henrynash has joined #openstack-keystone10:52
*** ChanServ sets mode: +v henrynash10:52
*** tellesnobrega_ has quit IRC11:01
*** KanagarajM has quit IRC11:04
*** aix has joined #openstack-keystone11:08
*** NM has joined #openstack-keystone11:12
*** henrynash has quit IRC11:19
*** NM has quit IRC11:35
*** kobtea has joined #openstack-keystone11:40
*** yasu_ has quit IRC11:43
*** kobtea has quit IRC11:45
*** NM has joined #openstack-keystone11:48
*** yasu_ has joined #openstack-keystone11:54
*** NM has quit IRC11:55
*** diegows has joined #openstack-keystone12:01
openstackgerritIlya Pekelny proposed openstack/keystone: Migrate_repo init version helper  https://review.openstack.org/13764012:24
openstackgerritIlya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column.  https://review.openstack.org/13763812:24
openstackgerritIlya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at.  https://review.openstack.org/13763912:24
openstackgerritIlya Pekelny proposed openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063012:24
openstackgerritIlya Pekelny proposed openstack/keystone: Share engine between migration helpers.  https://review.openstack.org/13777812:24
openstackgerritIlya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database  https://review.openstack.org/9355812:25
*** NM has joined #openstack-keystone12:29
*** yasu_ has quit IRC12:33
*** ukalifon1 has joined #openstack-keystone12:35
*** afazekas has joined #openstack-keystone12:48
*** NM has quit IRC12:48
*** ajayaa has quit IRC12:51
*** eglynn-office is now known as eglynn-lunch12:54
*** NM has joined #openstack-keystone12:54
*** ukalifon1 has quit IRC13:00
*** mzbik has quit IRC13:01
openstackgerritSergey Kraynev proposed openstack/python-keystoneclient: Using correct keyword for region in v3  https://review.openstack.org/11838313:02
*** NM has quit IRC13:04
*** mzbik has joined #openstack-keystone13:06
*** boris-42 has quit IRC13:17
openstackgerritRodrigo Duarte proposed openstack/keystone-specs: API doc for Inherited Role Assignments to Projects  https://review.openstack.org/13027713:18
openstackgerritRodrigo Duarte proposed openstack/keystone-specs: Fixes HEAD return code for OS-INHERIT extension  https://review.openstack.org/13778213:18
*** NM has joined #openstack-keystone13:19
*** mzbik_ has joined #openstack-keystone13:21
*** NM has quit IRC13:24
*** mzbik has quit IRC13:24
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file  https://review.openstack.org/13540813:28
*** dims has joined #openstack-keystone13:41
openstackgerritAndre Aranha proposed openstack/keystone-specs: Modify the policy file  https://review.openstack.org/13540813:45
*** eglynn-lunch is now known as eglynn-office13:46
*** henrynash has joined #openstack-keystone13:46
*** ChanServ sets mode: +v henrynash13:46
*** NM has joined #openstack-keystone13:53
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/13596514:01
openstackgerritMerged openstack/keystone: Updated from global requirements  https://review.openstack.org/13661614:02
eglynn-officequick question anyone?14:04
eglynn-officeprior to the advent of domains, am I right in assuming that the admin role is intended to a global thing?14:04
eglynn-officesay user 'bob' has the admin role in the project 'dev', but not in the project 'finance'14:05
eglynn-officeshould bob be able to apply administrative actions to resources associated with the 'finance' tenant?14:06
rodrigodseglynn-office, no14:06
rodrigodseglynn-office, bob would need a role in 'finance' tenant as well14:07
eglynn-officerodrigods: so how do typical RBAC rules of form "role:admin" capture that distinction between "having the admin role" and "having the admin role in a particular project"?14:09
eglynn-officerodrigods: e.g. https://github.com/openstack/nova/blob/master/etc/nova/policy.json#L2714:12
*** gordc has joined #openstack-keystone14:13
eglynn-officerodrigods: I always thought that meant "a caller can stop a server if they own the server *or* have the admin role in the user/project associated with the call"14:13
*** gordc has joined #openstack-keystone14:13
eglynn-office(even if that project is different to the tenant associated with the server)14:14
*** NM has quit IRC14:16
eglynn-officerodrigods: this bug seems to line up with my original understanding of admin-ness being global ... https://bugs.launchpad.net/keystone/+bug/96869614:30
uvirtbotLaunchpad bug 968696 in keystone ""admin"-ness not properly scoped" [High,Confirmed]14:30
*** ajayaa has joined #openstack-keystone14:34
rodrigodseglynn-office, it checks the role against your token scope14:34
*** NM has joined #openstack-keystone14:36
eglynn-officerodrigods: "it" being the policy enforcer?14:37
rodrigodseglynn-office, yes14:39
*** NM has quit IRC14:39
*** diegows has quit IRC14:41
rodrigodseglynn-office, actually... if the rule is just "role:admin", you need only the admin role to be listed in your token14:42
rodrigodseglynn-office, to enforce by project, you need a rule like: https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json#L3714:43
rodrigodseglynn-office, you are right by considering the admin-ess as being global for the default policy.json (v2)14:43
*** kobtea has joined #openstack-keystone14:45
eglynn-officerodrigods: a-ha, thanks for the confirmation14:46
eglynn-officerodrigods: ... so in "domain_id:%(target.project.domain_id)s" is target.project.domain_id=="the domain containing the project associated with the target resource"?14:46
rodrigodseglynn-office, exactly! :)14:48
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient: Add self-installation to venv deployment  https://review.openstack.org/13761314:48
*** kobtea has quit IRC14:50
rodrigodseglynn-office, here you have a good explanation about how you use different rules: https://review.openstack.org/#/c/137476/2/openstack/common/policy.py14:50
eglynn-officerodrigods: a-ha, thank you sir!14:54
*** diegows has joined #openstack-keystone14:57
*** stevemar has joined #openstack-keystone15:02
*** ChanServ sets mode: +v stevemar15:02
*** marekd is now known as marekd|away15:02
*** samuelms is now known as samuelms-away15:34
*** r-daneel has joined #openstack-keystone15:41
*** mzbik_ has quit IRC15:44
*** mflobo has quit IRC15:58
*** thiagop has quit IRC16:00
*** nellysmitt has quit IRC16:04
*** dims has quit IRC16:07
*** _cjones_ has joined #openstack-keystone16:08
*** josecastroleon has quit IRC16:08
*** mitz- has joined #openstack-keystone16:10
*** mitz_ has quit IRC16:10
*** stevemar has quit IRC16:13
*** stevemar has joined #openstack-keystone16:14
*** ChanServ sets mode: +v stevemar16:14
openstackgerritAndre Aranha proposed openstack/keystone: Make the policy v3 as default  https://review.openstack.org/13782816:23
*** NM has joined #openstack-keystone16:27
*** shakamunyi has joined #openstack-keystone16:30
*** shakamunyi has quit IRC16:31
*** kobtea has joined #openstack-keystone16:34
*** shakamunyi has joined #openstack-keystone16:34
openstackgerritIlya Pekelny proposed openstack/keystone: Migrate_repo init version helper  https://review.openstack.org/13764016:38
openstackgerritIlya Pekelny proposed openstack/keystone: Share engine between migration helpers.  https://review.openstack.org/13777816:38
openstackgerritIlya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column.  https://review.openstack.org/13763816:38
openstackgerritIlya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at.  https://review.openstack.org/13763916:38
openstackgerritIlya Pekelny proposed openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063016:38
*** kobtea has quit IRC16:38
openstackgerritIlya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database  https://review.openstack.org/9355816:38
*** nellysmitt has joined #openstack-keystone16:45
*** afazekas has quit IRC17:00
*** ajayaa has quit IRC17:03
*** dims has joined #openstack-keystone17:08
*** dims has quit IRC17:13
*** Kieleth has quit IRC17:15
*** ajayaa has joined #openstack-keystone17:16
*** dims has joined #openstack-keystone17:18
*** dims has quit IRC17:21
*** shakayumi has joined #openstack-keystone17:21
openstackgerrithenry-nash proposed openstack/keystone-specs: Add support for domain specific roles.  https://review.openstack.org/13385517:23
*** shakamunyi has quit IRC17:25
*** dims has joined #openstack-keystone17:30
*** dims has quit IRC17:34
openstackgerrithenry-nash proposed openstack/keystone-specs: Replace the concept of extensions in Keystone.  https://review.openstack.org/13380917:38
*** jistr has quit IRC17:53
*** _cjones_ has quit IRC18:02
*** _cjones_ has joined #openstack-keystone18:08
*** boris-42 has joined #openstack-keystone18:09
openstackgerrithenry-nash proposed openstack/keystone-specs: Add support for domain specific roles.  https://review.openstack.org/13385518:14
*** eglynn-office is now known as eglynn-officeafk18:30
*** Guest68123 has joined #openstack-keystone18:31
*** NM has quit IRC18:36
*** Guest68123 has quit IRC18:37
*** nellysmitt has quit IRC18:44
openstackgerrithenry-nash proposed openstack/keystone-specs: Add support for domain specific roles.  https://review.openstack.org/13385518:49
*** harlowja_away is now known as harlowja_18:57
*** aix has quit IRC18:58
*** ajayaa has quit IRC19:01
*** dims has joined #openstack-keystone19:13
*** dims has quit IRC19:18
*** ajayaa has joined #openstack-keystone19:23
*** NM has joined #openstack-keystone19:35
*** NM has quit IRC19:44
*** zzzeek has joined #openstack-keystone19:44
*** _cjones_ has quit IRC19:49
*** kobtea has joined #openstack-keystone20:11
*** kobtea has quit IRC20:16
*** NM has joined #openstack-keystone20:29
*** NM has quit IRC20:32
*** boris-42 has quit IRC20:37
*** nellysmitt has joined #openstack-keystone20:45
*** pc-m has quit IRC20:45
*** nellysmitt has quit IRC20:49
*** _cjones_ has joined #openstack-keystone20:49
*** boris-42 has joined #openstack-keystone20:49
*** nellysmitt has joined #openstack-keystone20:52
*** nellysmitt has quit IRC20:57
*** nellysmitt has joined #openstack-keystone20:59
*** nellysmitt has quit IRC21:00
*** raildo has quit IRC21:00
*** _cjones_ has quit IRC21:05
*** _cjones_ has joined #openstack-keystone21:23
*** NM has joined #openstack-keystone21:24
*** NM has quit IRC21:34
*** NM has joined #openstack-keystone21:40
*** NM has quit IRC21:44
*** dims has joined #openstack-keystone22:18
*** harlowja_ is now known as harlowja_away22:21
*** jamielennox|away is now known as jamielennox22:22
*** dims has quit IRC22:23
*** stevemar has quit IRC22:30
*** _cjones_ has quit IRC22:34
*** tellesnobrega_ has joined #openstack-keystone22:37
*** tellesnobrega_ has quit IRC22:40
*** _cjones_ has joined #openstack-keystone22:42
*** boris-42 has quit IRC22:57
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Add wrapper plugins  https://review.openstack.org/13786423:14
*** gordc has quit IRC23:19
*** kobtea has joined #openstack-keystone23:48
*** openstackstatus has quit IRC23:53
*** openstack has joined #openstack-keystone23:53
*** openstackstatus has joined #openstack-keystone23:54
*** ChanServ sets mode: +v openstackstatus23:54
*** kobtea has quit IRC23:54
« Thursday, 2014-11-27 Index Saturday, 2014-11-29 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!