Wednesday, 2014-12-03

« Tuesday, 2014-12-02 Index Thursday, 2014-12-04 »
*** jimhoagland has quit IRC00:07
*** david-lyle is now known as david-lyle_afk00:08
openstackgerritMerged openstack/keystone: Ignore H302 - bug 1398472  https://review.openstack.org/13849100:19
uvirtbotLaunchpad bug 1398472 in hacking "H302 isn't handling oslo_concurrency namespace change" [Undecided,Fix released] https://launchpad.net/bugs/139847200:19
*** stevemar has quit IRC00:28
*** dims_ has joined #openstack-keystone00:31
*** dims has quit IRC00:34
*** htruta has quit IRC00:37
*** gabriel-bezerra has quit IRC00:37
*** raildo has quit IRC00:37
*** tellesnobrega has quit IRC00:37
*** samuelms-away has quit IRC00:37
*** raildo has joined #openstack-keystone00:44
*** tellesnobrega has joined #openstack-keystone00:44
*** samuelms has joined #openstack-keystone00:44
*** tellesnobrega_ has quit IRC00:46
*** gugl has joined #openstack-keystone00:46
*** raildo_ has quit IRC00:47
guglHi keystone guru, using devstack, I started from scrach ..tried to run ./stack.sh, but I constantly run into issues with keystone today,  please see the errors http://paste.openstack.org/show/143876/  any idea?00:49
*** gabriel-bezerra has joined #openstack-keystone00:50
guglI have blowed away /opt/stack before I stack.sh00:50
guglbefore I run stack.sh...I also did "sudo pip uninstall six"00:51
*** htruta has joined #openstack-keystone00:53
*** jorge_munoz has joined #openstack-keystone00:54
guglafter it failed..I checked six.py which got installed during stacking....00:55
guglwell even I have six installed...it still has the issue00:56
dstanekgugl: do you have a module six.py in your current directory?00:57
gugldstanek, current directory in /opt/stack?00:57
dstanekgugl: or anywhere in your Python path...00:58
gugldstanek, let me check00:58
dstanekgugl: wherever you have devstack checked out00:58
gugldstanek, ic...let me check00:58
*** afaranha has joined #openstack-keystone00:59
guglit is not in devstack00:59
dstaneki'm betting there is one somewhere....run python and import six01:00
dstanekthen see if that has wraps01:00
gugldstanek, k01:01
gugldstanek, it is there01:03
gugljust doesn't like six.wrap01:03
*** jorge_munoz has quit IRC01:03
dstanekgugl: it wouldn't because that shouldn't exist01:04
gugldstanek, ?01:04
gugldstanek, six should not be there?01:04
dstanekgugl: the only thing i can think of is to brute force debug by adding 'print(six.__file__)' at the top of versionutils after six is imported01:05
dstanekgugl: no six.wrap won't exist because it's six.wraps01:05
guglic01:05
gugldstanek, it doesn't like wraps either...01:06
dstanekgugl: when you ran python? or when you started the stack?01:06
guglboth01:07
guglI was trying to restacking and run into01:07
guglissue01:07
dstanekgugl: good. in the interactive interpreter run 'print six.__file__'01:07
gugldstanek, k01:07
dstanekwhat does it print out?01:08
gugldstanek, did see my path01:09
gugl" /usr/lib/python2.7/dist-packages/six.pyc"01:09
dstanekgugl: maybe your six is our of date01:11
dstaneksudo pip install -U six01:11
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use real discovery object in auth_token middleware.  https://review.openstack.org/13053201:11
gugldstanek, let me try01:11
*** jorge_munoz has joined #openstack-keystone01:12
guglpip installed in six in /usr/local/lib/python2.7/dist-packages01:12
gugldstanek, will that be a problem?01:13
dstanekgugl: not if it gets imported first :-)01:13
dstanekdist-packages must be installed by the package manager01:13
dstanekthat needs to be removed or updated ... i think01:13
gugldstanek, ok, will do some clean up and try again. thanks very much for the help!01:14
*** jorge_munoz has quit IRC01:14
dstanekgugl: hopefully it helps01:14
gugldstanek, thanks again, you have a nice evening!01:15
dstanekgugl: you too01:17
*** marg7175 has quit IRC01:18
lbragstadmorganfainberg: sounds good, I'm rechecking stuff on that patch anyway :/01:19
*** jorge_munoz has joined #openstack-keystone01:23
*** samuelms_ has joined #openstack-keystone01:27
*** nellysmitt has joined #openstack-keystone01:32
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Allow loading other auth methods in auth_token  https://review.openstack.org/12955201:33
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Split identity server into v2 and v3  https://review.openstack.org/13053401:33
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use real discovery object in auth_token middleware.  https://review.openstack.org/13053201:33
*** nellysmitt has quit IRC01:36
*** _cjones_ has quit IRC01:36
*** lhcheng_ has joined #openstack-keystone01:40
*** stevemar has joined #openstack-keystone01:42
*** ChanServ sets mode: +v stevemar01:42
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Allow loading other auth methods in auth_token  https://review.openstack.org/12955201:42
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Split identity server into v2 and v3  https://review.openstack.org/13053401:42
*** lhcheng has quit IRC01:43
openstackgerritNathan Kinder proposed openstack/keystone-specs: Mapping enhancements - direct groups mapping.  https://review.openstack.org/13803501:43
stevemarnkinder, thanks for the cleanup!01:51
stevemarnkinder, hope you are feelin better01:52
nkinderstevemar: sure.  I hate adding nitpicks to a review when it's just easy to go in and fix them yourself.01:52
nkinderstevemar: and thanks!  Feeling much better now, but just trying to catch up on everything after the long weekend01:52
stevemarnkinder, yeah, especially when i'm happy with the actual content01:52
stevemarwelcome to the fray :)01:53
*** yasu_ has joined #openstack-keystone01:53
*** samuelms_ has quit IRC01:56
*** jorge_munoz has quit IRC02:01
*** zzzeek has quit IRC02:02
*** r-daneel has quit IRC02:03
*** tellesnobrega_ has joined #openstack-keystone02:04
*** DaveChen has quit IRC02:08
*** marg7175 has joined #openstack-keystone02:10
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Expose version matching functions to the public  https://review.openstack.org/12993502:13
*** ayoung has joined #openstack-keystone02:17
*** ChanServ sets mode: +v ayoung02:17
*** afaranha has quit IRC02:23
*** erkules_ has joined #openstack-keystone02:23
*** marcoemorais has quit IRC02:24
*** erkules has quit IRC02:25
*** afaranha has joined #openstack-keystone02:30
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Allow loading other auth methods in auth_token  https://review.openstack.org/12955202:31
*** Shohei has quit IRC02:35
*** dims_ has quit IRC02:36
*** Shohei has joined #openstack-keystone02:38
*** erkules_ has quit IRC02:49
*** gabriel-bezerra has quit IRC02:49
*** erkules_ has joined #openstack-keystone02:50
*** gabriel-bezerra has joined #openstack-keystone02:51
*** marg7175 has quit IRC02:54
*** marg7175_ has joined #openstack-keystone02:58
*** marg7175_ has quit IRC03:04
*** Shohei has quit IRC03:04
*** Shohei has joined #openstack-keystone03:05
*** kobtea has joined #openstack-keystone03:06
*** Shohei has quit IRC03:10
*** kobtea has quit IRC03:10
*** jdennis has quit IRC03:11
*** Shohei has joined #openstack-keystone03:21
*** jdennis has joined #openstack-keystone03:29
*** afaranha has quit IRC03:31
*** david-ly_ has joined #openstack-keystone03:32
*** nellysmitt has joined #openstack-keystone03:32
*** david-lyle_afk has quit IRC03:33
*** dims has joined #openstack-keystone03:36
*** nellysmitt has quit IRC03:37
*** dims has quit IRC03:42
*** jamielennox is now known as jamielennox|away03:44
*** harlowja_ is now known as harlowja_away03:47
*** jdennis has quit IRC04:04
*** richm has quit IRC04:04
*** jamielennox|away is now known as jamielennox04:20
*** thedodd has joined #openstack-keystone04:26
*** Shohei has quit IRC04:32
*** Shohei has joined #openstack-keystone04:33
*** Shohei has joined #openstack-keystone04:33
*** lhcheng_ has quit IRC04:46
*** david-ly_ has quit IRC04:48
*** david-lyle_afk has joined #openstack-keystone04:49
*** chrisshattuck has joined #openstack-keystone04:58
*** chrisshattuck has quit IRC04:58
*** davechen has joined #openstack-keystone05:01
*** lhcheng has joined #openstack-keystone05:02
*** alexiz has quit IRC05:15
*** jimbaker has quit IRC05:22
*** tellesnobrega_ has quit IRC05:28
*** ajayaa has joined #openstack-keystone05:31
*** nellysmitt has joined #openstack-keystone05:33
*** stevemar has quit IRC05:36
*** thedodd has quit IRC05:38
*** nellysmitt has quit IRC05:38
*** ncoghlan has joined #openstack-keystone05:42
*** chrisshattuck has joined #openstack-keystone05:45
*** chrisshattuck has quit IRC05:49
*** Shohei has quit IRC05:58
*** Shohei has joined #openstack-keystone05:59
*** Shohei_ has joined #openstack-keystone06:01
*** Shohei has quit IRC06:02
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/13624306:02
*** yasu_ has quit IRC06:05
*** k4n0 has joined #openstack-keystone06:20
*** saipandi has quit IRC06:22
*** henrynash has joined #openstack-keystone06:28
*** ChanServ sets mode: +v henrynash06:28
*** saipandi has joined #openstack-keystone06:35
*** gyee_ has quit IRC06:36
*** ncoghlan has quit IRC06:41
*** ncoghlan has joined #openstack-keystone06:41
*** ajayaa has quit IRC06:48
*** saipandi has quit IRC06:57
*** david-ly_ has joined #openstack-keystone07:15
*** david-lyle_afk has quit IRC07:16
*** svasheka has quit IRC07:16
*** svasheka has joined #openstack-keystone07:16
*** lhcheng has quit IRC07:17
*** ajayaa has joined #openstack-keystone07:19
*** nellysmitt has joined #openstack-keystone07:34
*** nellysmitt has quit IRC07:39
*** afazekas has joined #openstack-keystone07:39
*** ajayaa has quit IRC07:42
*** openstackgerrit has quit IRC07:50
*** openstackgerrit has joined #openstack-keystone07:50
*** ajayaa has joined #openstack-keystone08:01
openstackgerritMerged openstack/keystone: drop developer support for OS X  https://review.openstack.org/13849608:14
openstackgerritChristian Berendt proposed openstack/keystone: Log the user id when using an invalid username or password  https://review.openstack.org/12886008:37
*** marekd|away is now known as marekd08:40
openstackgerritMarek Denis proposed openstack/keystone-specs: Mapping enhancements - direct groups mapping.  https://review.openstack.org/13803508:41
marekdhenrynash: last polishes for https://review.openstack.org/#/c/138035/ . Should make you happy :-)08:48
henrynashmarekd: ok!08:48
henrynashwill take a look in a while08:48
marekdhenrynash: whenever you can.08:48
*** henrynash has quit IRC08:55
*** erkules_ is now known as erkules09:00
*** dims has joined #openstack-keystone09:03
*** dims has quit IRC09:08
*** ncoghlan has quit IRC09:13
*** nellysmitt has joined #openstack-keystone09:23
*** henrynash has joined #openstack-keystone09:34
*** ChanServ sets mode: +v henrynash09:34
rodrigodsis the gate already fixed? I mean, ready to recheck reviews (still seeing lots of -1 from jenkins)09:52
*** samuelms_ has joined #openstack-keystone09:53
marekdrodrigods: so, what time is in Brasil now?10:00
rodrigodsmarekd, 7 AM heh10:00
marekdhm, only 4hours of difference.10:00
marekdi though it was more.10:00
rodrigodsmarekd, my region is not at summer time, for those that are is 8 AM10:01
rodrigodsmarekd, yep, usually the difference is 4/5 hours10:01
samuelms_hey, morning :)10:17
*** tellesnobrega_ has joined #openstack-keystone10:18
marekdsamuelms_: hey10:24
samuelms_marekd, :)10:29
*** jistr has joined #openstack-keystone10:37
*** jistr is now known as jistr|trng10:38
*** bdossant has joined #openstack-keystone10:44
*** samuelms_ has quit IRC10:53
*** tellesnobrega_ has quit IRC11:02
*** diegows has joined #openstack-keystone11:14
*** bdossant has quit IRC11:16
svashekahi guys11:16
svashekahow can I get token, using python bindings?11:16
svashekaI mean get token id11:16
*** andreaf has joined #openstack-keystone11:22
*** aix has joined #openstack-keystone11:22
*** k4n0 has quit IRC11:23
*** dims has joined #openstack-keystone11:30
*** samuelms_ has joined #openstack-keystone11:37
rodrigodssvasheka, think this can help http://www.jamielennox.net/blog/2014/02/24/client-session-objects/11:40
*** jdennis has joined #openstack-keystone11:45
*** ajayaa has quit IRC11:50
*** samuelms_ has quit IRC12:03
openstackgerritAlexander Makarov proposed openstack/keystone-specs: Trust redelegation documentation  https://review.openstack.org/13154112:13
openstackgerritAlexander Makarov proposed openstack/keystone: LDAP additional attribute mappings description  https://review.openstack.org/11859012:15
openstackgerritDavid Chadwick proposed openstack/keystone-specs: Trusted Attributes Policy for External Identity Providers  https://review.openstack.org/13869312:16
*** bdossant has joined #openstack-keystone12:17
*** bdossant has quit IRC12:21
*** samuelms_ has joined #openstack-keystone12:24
*** jistr|trng has quit IRC12:28
*** jistr has joined #openstack-keystone12:34
*** jistr is now known as jistr|trng12:35
*** raildo has quit IRC12:36
*** samuelms_ has quit IRC12:37
*** aix has quit IRC12:38
*** henrynash has quit IRC12:38
*** raildo has joined #openstack-keystone12:39
*** bdossant has joined #openstack-keystone12:41
*** htruta has quit IRC12:44
*** bdossant has quit IRC12:45
*** bdossant has joined #openstack-keystone12:45
*** afaranha has joined #openstack-keystone12:47
*** htruta has joined #openstack-keystone12:47
*** ajayaa has joined #openstack-keystone12:51
*** afaranha has quit IRC12:52
*** afaranha has joined #openstack-keystone12:53
openstackgerritIlya Pekelny proposed openstack/keystone: Migrate_repo init version helper  https://review.openstack.org/13764012:59
openstackgerritIlya Pekelny proposed openstack/keystone: Share engine between migration helpers.  https://review.openstack.org/13777812:59
openstackgerritIlya Pekelny proposed openstack/keystone: Add primary key to the endpoint_group id column.  https://review.openstack.org/13763812:59
openstackgerritIlya Pekelny proposed openstack/keystone: Add index to the revocation_event.revoked_at.  https://review.openstack.org/13763912:59
openstackgerritIlya Pekelny proposed openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063012:59
openstackgerritIlya Pekelny proposed openstack/keystone: Fix index name the assignment.actor_id table.  https://review.openstack.org/13763712:59
openstackgerritIlya Pekelny proposed openstack/keystone: Explicit MySQL engine designation.  https://review.openstack.org/13871212:59
openstackgerritIlya Pekelny proposed openstack/keystone: Use metadata.create_all() to fill a test database  https://review.openstack.org/9355813:00
*** radez_g0n3 is now known as radez13:16
*** nellysmitt has quit IRC13:17
*** aix has joined #openstack-keystone13:19
*** bknudson1 has quit IRC13:21
openstackgerritSergey Kraynev proposed openstack/python-keystoneclient: Using correct keyword for region in v3  https://review.openstack.org/11838313:30
*** oomichi has quit IRC13:40
*** bknudson has joined #openstack-keystone13:40
*** ChanServ sets mode: +v bknudson13:40
*** nellysmitt has joined #openstack-keystone13:49
marekdbknudson: dstanek: jamielennox: can I ask for a review https://review.openstack.org/#/c/130593/ ?13:56
*** joesavak has joined #openstack-keystone13:56
*** richm has joined #openstack-keystone13:58
openstackgerritDavid Chadwick proposed openstack/keystone-specs: Self Management of Domain Scoped (DS) Roles ===========================================  https://review.openstack.org/13872814:01
*** bdossant_ has joined #openstack-keystone14:02
*** bdossant has quit IRC14:03
*** henrynash has joined #openstack-keystone14:04
*** ChanServ sets mode: +v henrynash14:04
openstackgerritSergey Skripnick proposed openstack/python-keystoneclient: Add ConnectionError exception  https://review.openstack.org/13873414:07
openstackgerritSergey Skripnick proposed openstack/python-keystoneclient: Raise proper exception in case of connection error  https://review.openstack.org/13742214:08
*** sriram has joined #openstack-keystone14:10
openstackgerritSergey Skripnick proposed openstack/python-keystoneclient: Raise proper exception in case of connection error  https://review.openstack.org/13742214:11
samuelmshenrynash, hi :) when are you planning to rebase the assignment split stuff under hm patches ?14:12
henrynashsamuelms: underway as we speak14:12
henrynashsamuelms: it’s complicated14:12
samuelmshenrynash, haha great14:12
rodrigodshenrynash, working in your reviews right now as well :)14:13
samuelmshenrynash, pls do not rebase my list role assingment patches14:13
samuelmshenrynash, I'll reorganize the code and then I rebase after .. (still this week)14:13
henrynashsamulems: I won’t!14:14
samuelmshenrynash, so we won't need to fight :p14:16
* samuelms is just kidding :)14:16
henrynashsamuelms: :-)14:16
*** henrynash has quit IRC14:20
lbragstadis anyone here real familiar with grenade?14:29
bknudsonlbragstad: they're probably in -qa14:29
lbragstadbknudson: yeah, I left a message there for them14:30
bknudsonlbragstad: my suggestion was to leave XMLBodyMiddleware in the code and have it not do anything other than log a warning to remove it14:30
bknudsongrenade is doing what a customer would do so they'll run into this same problem.14:31
lbragstadyeah, that makes sense14:32
lbragstadI can get a patch up and see what people say about it14:32
bknudsonwe should be able to remove it entirely next release14:33
lbragstadbknudson: it's like an extremely long deprecation cycle14:33
lbragstadI guess14:33
*** chrisshattuck has joined #openstack-keystone14:33
*** jimhoagland has joined #openstack-keystone14:39
*** diegows has quit IRC14:40
*** chrisshattuck has quit IRC14:40
*** jogo has left #openstack-keystone14:41
*** topol has joined #openstack-keystone14:42
*** ChanServ sets mode: +v topol14:42
openstackgerritRodrigo Duarte proposed openstack/keystone: Inherited role assignments to projects  https://review.openstack.org/13855214:45
openstackgerritRodrigo Duarte proposed openstack/keystone: Create, update and delete hierarchical projects  https://review.openstack.org/13855014:45
openstackgerritRodrigo Duarte proposed openstack/keystone: Adds correct checks in LDAP backend tests  https://review.openstack.org/13855114:45
*** thedodd has joined #openstack-keystone14:46
*** bdossant_ has quit IRC14:47
*** bdossant has joined #openstack-keystone14:48
*** david-ly_ is now known as david-lyle15:00
*** bdossant has quit IRC15:00
*** ayoung has quit IRC15:00
*** henrynash has joined #openstack-keystone15:02
*** ChanServ sets mode: +v henrynash15:02
*** samuelms is now known as samuelms-away15:04
*** dims has quit IRC15:04
*** dims has joined #openstack-keystone15:04
*** uschreiber has joined #openstack-keystone15:05
*** bdossant has joined #openstack-keystone15:06
*** tellesnobrega_ has joined #openstack-keystone15:12
*** ajayaa has quit IRC15:14
*** thedodd has quit IRC15:18
*** jsavak has joined #openstack-keystone15:20
*** r-daneel has joined #openstack-keystone15:21
*** joesavak has quit IRC15:22
*** jimbaker has joined #openstack-keystone15:29
*** jimbaker has quit IRC15:29
*** jimbaker has joined #openstack-keystone15:29
openstackgerritLance Bragstad proposed openstack/keystone: Remove XML support  https://review.openstack.org/12573815:35
*** f13o has quit IRC15:36
*** uschreiber has quit IRC15:37
*** kobtea has joined #openstack-keystone15:42
*** jorge_munoz has joined #openstack-keystone15:42
*** jimhoagland has quit IRC15:45
*** kobtea has quit IRC15:47
*** henrynash has quit IRC15:50
*** gordc has joined #openstack-keystone15:53
*** stevemar has joined #openstack-keystone15:55
*** ChanServ sets mode: +v stevemar15:55
*** jorge_munoz has quit IRC16:05
*** jorge_munoz has joined #openstack-keystone16:08
*** jorge_munoz has quit IRC16:13
openstackgerritLance Bragstad proposed openstack/keystone: Bump hacking to be at least 0.9.4  https://review.openstack.org/13849716:19
*** jorge_munoz has joined #openstack-keystone16:20
*** tellesnobrega_ has quit IRC16:28
*** andreaf has quit IRC16:29
*** jimbaker has quit IRC16:36
*** sriram has quit IRC16:36
*** amakarov_away is now known as amakarov16:38
*** sriram has joined #openstack-keystone16:40
openstackgerritDolph Mathews proposed openstack/keystone: improve error message when tenant ID does not exist  https://review.openstack.org/13125516:46
*** henrynash has joined #openstack-keystone16:47
*** ChanServ sets mode: +v henrynash16:47
dolphma two line change for the sake of user experience, and 45 lines of new testing ^^16:47
QlawyHow can I find method in code which is responsible for /v3/users?name=blabla16:49
rodrigodsQlawy, keystone/identity/controllers.py (get_user())16:51
bknudsonQlawy: set a breakpoint and make the rest call.16:51
dolphmQlawy: that's list_users() with a filter16:53
Qlawytnx16:54
*** _cjones_ has joined #openstack-keystone16:55
rodrigodsdolphm, list_user()* :)16:56
Qlawyrodrigods: no such function :P But list_users() exists ;)16:58
QlawyHowever I am too poor programmer to do changes by myself :/16:58
openstackgerritDolph Mathews proposed openstack/keystone: update sample conf using oslo-config-generator  https://review.openstack.org/13850816:59
openstackgerritDolph Mathews proposed openstack/keystone: switch from sample_config.sh to oslo-config-generator  https://review.openstack.org/11390516:59
*** joesavak has joined #openstack-keystone16:59
rodrigodsQlawy, what changes are you willing to make?16:59
*** jsavak has quit IRC17:00
*** jsavak has joined #openstack-keystone17:01
Qlawyrodrigods: I though maybe I will be able to find out how to fix issue I reported: https://bugs.launchpad.net/keystone/+bug/139834717:01
uvirtbotLaunchpad bug 1398347 in keystone "LDAP backend should do filtered query instead of getting all data and then filtering" [Undecided,New]17:01
*** lhcheng has joined #openstack-keystone17:01
rodrigodsQlawy, hmm this filtering is done the common/ldap.py file17:02
rodrigodsit's a general filtering method used by all ldap backends17:02
Qlawyrodrigods: yeah but (at least in juno) when I want to find my users ID using /v3/users?name=myUser keystone will query LDAP for all users and then filter17:03
Qlawyrodrigods: it does not work well with huge LDAP database :(17:03
Qlawyrodrigods: And I have nice: limit size exceeded, and yes... I cant use paging (lack of rights)17:04
*** joesavak has quit IRC17:04
rodrigodsQlawy, yes, what I mean was that the list_users() calls this filtering method from common/ldap.py17:04
dolphmQlawy: the driver is being given "hints" that contain the desired filtering, but the current LDAP driver does nothing with them, so the manager layer has to step in and apply the filtering as a sort of backup plan17:05
dolphmQlawy: so i'd start by looking at this: https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L80-L8117:06
dolphmQlawy: you can see hints being passed in, but ignored. and the implementation just gets everything instead17:06
Qlawythanks17:06
*** afaranha_ has joined #openstack-keystone17:07
*** _cjones_ has quit IRC17:07
rodrigodsQlawy, you better listen to dolphm (/me lied twice heh)17:08
*** samuelms-away is now known as samuelms17:10
*** _cjones_ has joined #openstack-keystone17:11
*** jistr|trng has quit IRC17:11
*** gyee_ has joined #openstack-keystone17:12
*** marcoemorais has joined #openstack-keystone17:13
Qlawyrodrigods: :P17:13
openstackgerritDolph Mathews proposed openstack/keystone: update sample conf using oslo-config-generator  https://review.openstack.org/13850817:15
openstackgerritDolph Mathews proposed openstack/keystone: switch from sample_config.sh to oslo-config-generator  https://review.openstack.org/11390517:15
*** marcoemorais1 has joined #openstack-keystone17:15
*** marcoemorais1 has quit IRC17:16
*** marcoemorais1 has joined #openstack-keystone17:17
*** marcoemorais has quit IRC17:17
Qlawycomparing it to sql backend it needs a lot of love :(17:18
*** jimbaker has joined #openstack-keystone17:24
*** lhcheng has quit IRC17:24
*** jimbaker has quit IRC17:24
*** jimbaker has joined #openstack-keystone17:24
*** lhcheng has joined #openstack-keystone17:30
stevemardolphm, sample config guy is still not working :(17:30
dolphmstevemar: yeah... i'm wondering if it's my fault or not17:31
dolphmstevemar: you're referring to missing options, right?17:31
stevemardolphm, correctamundo17:31
dolphmstevemar: i'm wondering if i'm missing namespaces https://review.openstack.org/#/c/113905/9/config-generator/keystone.conf17:32
stevemaryeah, but you added them there..17:32
stevemarand those are the ones that are missing17:32
dolphmstevemar: i mean others that should be included17:32
stevemarlog/notifications/eventlet17:32
stevemarlike what?17:32
dolphmstevemar: well, like [trust] is an interesting section. why is IT missing?17:33
stevemardolphm, i didn't think it was, let me check17:33
dolphmstevemar: is it only including the [DEFAULT] section of keystone?17:35
stevemardolphm, also, fwiw we should add oslo.concurrency too https://review.openstack.org/#/c/137270/117:35
*** _cjones_ has quit IRC17:35
*** _cjones_ has joined #openstack-keystone17:36
openstackgerritSteve Martinelli proposed openstack/keystone: update sample conf using oslo-config-generator  https://review.openstack.org/13850817:36
openstackgerritSteve Martinelli proposed openstack/keystone: sync to oslo commit b19af08  https://review.openstack.org/13825317:36
openstackgerritSteve Martinelli proposed openstack/keystone: switch from sample_config.sh to oslo-config-generator  https://review.openstack.org/11390517:36
dolphmooh, what'd you change..17:36
stevemaruh oh... i only meant to change the last one17:37
dolphmstevemar: lol --no-rebase17:37
dolphmstevemar: are you using https://review.openstack.org/#/c/136482/ too?17:37
stevemar... no17:37
dolphmstevemar: how did you get the missing sections back?17:38
stevemarlet me double check17:38
lbragstadso... if patches could share emotion to express themselves, https://review.openstack.org/#/c/125738/ would probably be saying something like https://www.youtube.com/watch?v=YH4xz2j82kg&feature=youtu.be&t=12s17:40
stevemarhey it's all there17:40
dolphmlbragstad: ++17:40
stevemardolphm, i have no idea what weird magic is working17:40
stevemari think i had to nuke sample_config17:41
dolphmstevemar: maybe it's because you're not using https://review.openstack.org/#/c/136482/ lol17:41
stevemardolphm, maybe,17:41
stevemarif you can verify that... we can push this one through17:42
dolphmstevemar: unpatched oslo-config-generator http://pasteraw.com/6j5n73vbkiedn917a8wwh5xthitjc1v17:42
dolphmstevemar: oslo-config-generator master and then patched http://pasteraw.com/lttajkr1c8bx3itx2cssx20m4f9095j17:43
stevemardolphm, seems like the patch is the problem17:43
dolphmnope17:44
dolphmhere's oslo-config-generator, unpatched http://pasteraw.com/bx45k7t8d1a0l2t53q9rysrbf946jbr17:44
dolphmjust master17:44
dolphmso master is broken17:44
stevemari'm not sure at this point17:45
dolphmstevemar: i'm filing a bug17:45
*** ayoung has joined #openstack-keystone17:46
*** ChanServ sets mode: +v ayoung17:46
amakarovstevemar, hello! There is a place in the spec https://review.openstack.org/#/c/131541/ demonstrating described behavior, but from your comment there I see, this is quite well hidden. Can you please give me any hint how to make it more visible?17:47
*** browne has joined #openstack-keystone17:47
*** thiagop has joined #openstack-keystone17:48
*** aix has quit IRC17:48
*** afaranha_ has quit IRC17:48
stevemaramakarov, hmm... for which parameter are you referring to?17:50
stevemardolphm, so... i think the patch is good?17:50
dolphmstevemar: the sort fix?17:51
stevemardolphm, nah, the one i just proposed to keystone17:52
*** marg7175 has joined #openstack-keystone17:52
dolphmstevemar: oh sort of. i don't want it until oslo-config-generator works17:53
stevemardolphm, the oslo-sync -> use oslo.config -> regenerate .conf chain17:54
stevemaryou mean the master branch of it?17:54
dolphmstevemar: yeah, the master branch is broken17:57
*** jsavak has quit IRC17:57
dolphmstevemar: and i don't want to merge a dep on oslo-config-generator until it works like we want it to17:57
amakarovstevemar, redelegation_count17:57
stevemardolphm, okay, fair enough, but the oslo sync is still good :)18:01
stevemaramakarov, what is max_redelegation_count by default?18:04
*** joesavak has joined #openstack-keystone18:04
*** harlowja_away is now known as harlowja_18:04
dolphmstevemar: that part is, yes18:06
dolphmstevemar: null18:07
dolphm(no limit)18:07
stevemardolphm, are you answering the redelegation count question?18:08
dolphmstevemar: yes18:09
stevemarso it redelegation_count is optional, and becomes max_redelegation_count, which is null, that doesn't sound right18:09
amakarovstevemar, max_redelegation_count is a configuration parameter18:10
*** nellysmitt has quit IRC18:13
*** RichardRaseley has joined #openstack-keystone18:13
stevemaramakarov, the API changes seem good to me18:13
*** diegows has joined #openstack-keystone18:14
*** zzzeek has joined #openstack-keystone18:20
*** _cjones_ has quit IRC18:22
morganfainbergmorning-ish18:22
*** marg7175 has quit IRC18:24
openstackgerritMerged openstack/keystone: Merge remote-tracking branch 'remotes/origin/feature/hierarchical-multitenancy' into HEAD  https://review.openstack.org/13818618:26
morganfainbergrodrigods, raildo, ^18:26
*** _cjones_ has joined #openstack-keystone18:26
dolphmmorganfainberg: afternoon-ish18:28
bknudsonI'm not a fan of the git merge commit message... doesn't say what the commit was.18:29
bknudsonjust your local branch name.18:29
*** jsavak has joined #openstack-keystone18:31
morganfainbergbknudson, well, we'll use less topic branches in the future.18:31
rodrigodsmorganfainberg, \o/18:31
morganfainbergbknudson, i also made it a point to use the full remotes/<blah> path for that reason.18:31
bknudsontopic branches need to be easier to use... shouldn't have to talk to infra to create /delete18:31
morganfainbergbknudson, typically you don't need topic branches in gerrit.18:32
morganfainbergbknudson, most of the time multiple people can collaborate more in isolation and just push changes to master for review. this was a special case due to timing i think18:32
morganfainbergbknudson, isolation = locally.18:33
bknudsonworking in isolation sounds scary18:33
morganfainbergbknudson, the code would be reviewed the same, just not pushed to gerrit to a topic branch18:33
*** joesavak has quit IRC18:33
*** aix has joined #openstack-keystone18:33
morganfainbergit would be worked on against master, then pushed to gerrit against master.18:33
dolphmyeah, i haven't created a topic branch in openstack in a couple years18:34
morganfainbergthe topic branch would be "local"18:34
morganfainbergdolphm, can i nuke the "key distribution" topic branch from gerrit too?18:34
dolphmmorganfainberg: i think so18:35
bknudsonwe still have kite api in our specs repo18:35
dolphmwe should nuke that too18:35
morganfainbergoh might be dead actually already18:35
amakarovmorganfainberg, can you please take a look to my spec? https://review.openstack.org/#/c/131541/18:35
dolphmespecially because it describes itself as an 'identity' api, and if anything, we determined that it should certainly not be that18:35
bknudsonhttp://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-kds-ext.html18:36
*** afazekas has quit IRC18:36
morganfainbergbknudson, dolphm, yeah we shold nuke that18:36
morganfainbergamakarov, i'm going to need to jump off irc and code review to deal with some HP stuff today. hopefully tonight. :( sorry i can't review it now.18:37
morganfainbergs/jump off irc/put irc client in the background18:37
amakarovmorganfainberg, np, just eager to see I satisfied everybody ))18:38
morganfainbergamakarov, ++ totally understand18:38
* morganfainberg goes looking for VPN token...18:38
openstackgerritSteve Martinelli proposed openstack/keystone: User ids that begin with 0 cannot authenticate through ldap  https://review.openstack.org/13744918:38
stevemardolphm, morganfainberg can y'all take a look at ^18:39
*** nellysmitt has joined #openstack-keystone18:39
*** bknudson has quit IRC18:50
*** Haneef_ has joined #openstack-keystone18:50
*** chrisshattuck has joined #openstack-keystone18:52
*** amakarov is now known as amakarov_away18:53
Haneef_ayoung: What is the difference between   create_region ( POST)  & create_region_with_id (PUT)?  Is there any difference?18:53
ayoungHaneef_, no clue18:53
*** arif-ali has quit IRC18:54
ayoungHaneef_, other than what I can deduce from first principals....the second knows the ID ahead of time18:54
morganfainbergstevemar, see comment to amakarov_away, maybe tonight. need to jump on $employer$ things.18:54
ayoungwhy do we have both?  Have to ask the regions folks like jaypipes18:54
morganfainbergayoung, likely one generates id programatically and one allows specification? [honestly, i dunno either]18:54
*** arif-ali has joined #openstack-keystone18:56
*** chrisshattuck has quit IRC18:57
Haneef_morganfainberg:  yes that's how it is written in code, but not sure  which api shoud user use?   Basically I can do    POST  regions  with empty regions body which doesn't make any sense18:58
morganfainbergHaneef_, i think from a consistency standpoint (other APIs we have) POST with an ID included should function like the put implementation18:59
raildomorganfainberg, i saw the patch now! thanks a lot!18:59
openstackgerritRodrigo Duarte proposed openstack/keystone: Create, update and delete hierarchical projects  https://review.openstack.org/13855018:59
openstackgerritRodrigo Duarte proposed openstack/keystone: Create, update and delete hierarchical projects  https://review.openstack.org/13855018:59
morganfainbergraildo, rodrigods, topic branch is dead - and removed from gerrit as well19:00
rodrigodsmorganfainberg, great19:00
raildook :)19:00
openstackgerritRodrigo Duarte proposed openstack/keystone: Adds correct checks in LDAP backend tests  https://review.openstack.org/13855119:00
*** chrisshattuck has joined #openstack-keystone19:00
openstackgerritRodrigo Duarte proposed openstack/keystone: Inherited role assignments to projects  https://review.openstack.org/13855219:01
*** jsavak has quit IRC19:02
morganfainberggyee, message sent to you.19:02
*** xxj has quit IRC19:03
*** xxj has joined #openstack-keystone19:03
openstackgerritThiago Paiva Brito proposed openstack/python-keystoneclient: Implementing hierarchical calls on keystoneclient v3 (python only)  https://review.openstack.org/11577019:06
rodrigodsayoung, https://review.openstack.org/#/c/138551/ lost the +A after the rebase :(19:08
*** joesavak has joined #openstack-keystone19:10
ayoungrodrigods, OK19:12
rodrigodsayoung, will lose it again until we don't stop to update the previous patch19:13
ayoungworkflow....19:13
ayoungrodrigods, not a huge deal...we'll push it through once the previous patch is in19:14
rodrigodsayoung, thx19:14
ayoungrodrigods, need another +2 on this first https://review.openstack.org/#/c/138468/219:14
henrynashrodigods: made a view comments on Patch3 of  https://review.openstack.org/#/c/138550/319:14
rodrigodshenrynash, thanks! will address them19:15
henrynashrodigids: you’ll put out 2 more vesions by the time I git to finsing the review!19:15
dolphmstevemar: it doesn't look like the issue is when user ID's begin with '0', but when entire user IDs also happen to be valid integers?19:18
rodrigodshenrynash, was just the commit message heh19:19
henrynashrodigods: no…4 commnents (well 3 really) to : https://review.openstack.org/#/c/138550/3/keystone/assignment/core.py19:19
rodrigodshenrynash, I mean, what I`ve updated :)19:20
henrynashrodigods: sorry, I’m confused19:20
*** _cjones_ has quit IRC19:20
*** _cjones_ has joined #openstack-keystone19:21
henrynashrodigods: i’m just testing the rebase of the split….although it will already be out of date…it’s a tough rebase - I have to pull apart some of the changes you are making for project inherited assignments19:22
stevemardolphm, yes19:22
rodrigodshenrynash, hmm do you think could be better to rebase with the CRUD and we add the inherited stuff on top of the split?19:23
stevemardolphm, it's when the user id can be translated to an int, it's worse when it's a 0, cause then there is actual data loss19:23
dolphmstevemar: i suppose that should be clarified in the test case19:23
henrynashrodigods: well, one of us has to rework a lot of stuff…and since I’ve now done it once, probaly easier for me to do it again…let’s just hope we don’t have to go round the loop too many times!19:23
henrynashrodigods: as soon as the split passes the tests, I’ll post it (even though it will be already outdated)…so you get to see what I’m doing19:25
stevemardolphm, i thought i did that19:26
rodrigodshenrynash, ++19:27
rodrigodshenrynash, replied your comments19:31
henrynashrodigods: ok19:31
henrynashrodigods: replied19:36
marekddstanek: i responded in https://review.openstack.org/#/c/130593/519:39
marekddstanek: i don't think controller is a right place to check token type.19:39
*** zzzeek has quit IRC19:41
dstanekmarekd: i would agree19:41
*** bknudson has joined #openstack-keystone19:41
*** ChanServ sets mode: +v bknudson19:41
rodrigodshenrynash, if you are ok with the create_project() part, will submit a new patch :)19:41
dstanekmarekd: it seems like there should be some sort of token factory (for lack of naming skills) that figures out which one to use19:41
dstanekmarekd: it seems weird to have one AuthMethodHandler decide that another AuthMethodHandler really need to do this work19:42
henrynashrodigods: yep, got it now…added a further comment…but agreeing wth you!19:43
marekddstanek: i can make a wrapper for that19:44
marekdbut all in all it will be split into token.py and mapped.py19:44
rodrigodshenrynash, great!19:44
marekdnkinder, stevemar: did you see DWChadwick's comments on enhanced mapping specs?19:45
openstackgerrithenry-nash proposed openstack/keystone: Split the assignments manager/driver.  https://review.openstack.org/13095419:45
dstanekmarekd: the wrapper would be in both of those modules?19:48
openstackgerritRodrigo Duarte proposed openstack/keystone: Inherited role assignments to projects  https://review.openstack.org/13855219:48
openstackgerritRodrigo Duarte proposed openstack/keystone: Create, update and delete hierarchical projects  https://review.openstack.org/13855019:48
openstackgerritRodrigo Duarte proposed openstack/keystone: Adds correct checks in LDAP backend tests  https://review.openstack.org/13855119:48
henrynashrodigods: here’s the split rebase: https://review.openstack.org/13095419:49
henrynashrodigods: I had to pull up some eof the logic for ingerited assignments for projects into the assignmetn/manager19:50
*** diegows has quit IRC19:50
marekddstanek: We want a change, but need to keep the structure as it is today for a backward compatilibity.19:50
marekddstanek: that's why i need to keeep token.py and maped.py plugins19:51
marekdlike today, right?19:51
marekddstanek: that's why whole structure is kind of screwy19:51
dstanekmarekd: can't you change the thing that creates a Token plugin to call the factory?19:51
*** aix has quit IRC19:51
rodrigodshenrynash, looking19:51
marekddstanek: i guess i can.19:52
marekdbut it will still be Token class19:52
dstanekmarekd: you can always wait a bit and see if any other core cares about it19:52
nkindermarekd: yes, I'm replying (though I need to read some of the things that he referenced)19:52
dstanekmarekd: the factory has to be in the token class?19:53
marekddstanek: i think so, as controller has generic way to call auth plugins.19:53
marekdit reads auth_method value, fetches an object identified by a name (here 'token') and calls plugin.authenticate()19:54
openstackgerritLance Bragstad proposed openstack/keystone: Remove XML support  https://review.openstack.org/12573819:54
marekdnkinder: some fresh eyes or support would be appreciated.19:54
marekddstanek: i don't want to merge changes by changing core reviewers :-)19:55
dstanekmarekd: the way i would do it is have token resolve to the factory and have the factory create a Token or Mapping19:55
dstanekunless that isn't backward compat19:55
*** markvoelker has joined #openstack-keystone19:55
dstanekmarekd: no, but if others think there is no issue then i may change my vote :-)19:56
*** thedodd has joined #openstack-keystone19:59
dstanekmarekd: you have been super helpful with all of this federation stuff. i owe you a few beers.19:59
*** _cjones_ has quit IRC20:02
marekddstanek: i will never reject any :-) On the other hand you are superhelpful so i simply pay my debts :-)20:02
marekddstanek: anyway, did you manage to configure it?20:04
bknudsonso we marked K2K federation as experimental in J... what does it take to make it stable in K?20:05
*** aix has joined #openstack-keystone20:05
bknudsonand is the plan to do what it takes and have K2K stable in K?20:05
bknudsonmaybe by K2?20:05
rodrigodsbknudson, think the SP part will definitely help to remove the experimental flag20:06
rodrigodsbknudson, need also to verify some certificates problems we had (the last bullet point in http://rodrigods.com/playing-with-keystone-to-keystone-federation/)20:07
*** nellysmitt has quit IRC20:07
dstanekmarekd: i thought i did, but when i trashed the VM and recreated with the scripts not so much20:07
dstanekmarekd: i was doing other stuff yesterday so that i could take a break from federation20:08
bknudsonrodrigods: hopefully we'll also have tempest test for it.20:08
marekddstanek: bknudson i am hoping to spend next week trying to fix k2k20:09
nkindermarekd: I added some comments.  I think David's use-case is just different from the use-case that I have in mind20:09
bknudsonmarekd: what's wrong with it?20:09
nkindermarekd: Your proposal doesn't change or block any of what David wants, but it does add flexibility that would be very welcome for cases where the IdP is trusted (internal SSO for example).20:10
marekdbknudson: SP cannot correctly validate assertion.20:11
marekdnkinder: i think he wants something else, yet i simply need some comments from the community20:11
marekdnkinder: i don't want it to be him vs. me20:12
nkindermarekd: Sure.  I think some of what he wants doesn't conflict with what you've proposed.  It's just different (like the trusted attributes).20:12
bknudsonthat sounds bad20:13
marekdbknudson: ++20:14
marekddstanek: i will get back soon. Wanted to talk through this token factory.20:16
*** diegows has joined #openstack-keystone20:18
marekdnkinder: actually i don't see how trusted attributes are going to be a cleaner solution for our proposal. especially since we are talking about direct mapping single attribute which is a concatenated list of subattributes (like groups).20:19
dstanekk20:19
dstanekmarekd: ^20:20
nkindermarekd: really, if you set up a mapping for an attribute, you trust it IMHO20:20
nkinderIf you don't trust an attribute, you don't map it.20:20
marekdnkinder: exactly.20:20
marekdmapping rules are somewhat kind of a whitelist.20:21
nkindermarekd: I think your proposal is a clean solution that isn't a deparature from the current implementation20:21
nkindermarekd: ...though I'd still like the addition of being able to have ephemeral groups :)20:22
*** _cjones_ has joined #openstack-keystone20:22
marekdnkinder: that was in a initial proposal (and later in the alternatives, so people are aware of it). yet, after some discussion with henrynash i think it would take us at least one cycle to change role assignments api so we can have RA pointing to ephemeral groups.20:23
marekdnkinder: so i decided to propose this and hope to have it by K.20:23
marekdas a parallel track we can discuss again changing role assignments API20:23
nkindermarekd: oh, no problem with separating them from me20:24
nkindermarekd: The need to create groups does give control of what values we trust20:24
nkindermarekd: combined with the blacklist/whitelist, that seems like all of the control you need to lock down the exact values you trust.20:24
marekdnkinder: i know ephemeral groups are better, but it's better to have something and go step by steprather than wait for one big change...one day in the future...maybe in L or M or later.20:24
*** nellysmitt has joined #openstack-keystone20:26
*** nellysmitt has quit IRC20:28
*** _cjones_ has quit IRC20:30
*** zzzeek has joined #openstack-keystone20:41
*** _cjones_ has joined #openstack-keystone20:44
*** jorge_munoz has quit IRC20:45
*** jorge_munoz has joined #openstack-keystone20:47
*** afaranha_ has joined #openstack-keystone20:50
morganfainbergbknudson, i'd really like K2K stable by K2 at the latest21:01
morganfainbergbknudson, earlier is better.21:01
*** kobtea has joined #openstack-keystone21:08
stevemardstanek, ping21:09
dstanekstevemar: pong21:09
stevemardstanek, just wanted to make sure you can see the presentation on google docs21:10
dstanekstevemar: let me check21:10
stevemari see your pic!21:10
dstaneki'm in!21:10
*** arif-ali has quit IRC21:11
marekdmorganfainberg: maybe you can give your PTL 0.3$ on https://review.openstack.org/#/c/138035/  and https://review.openstack.org/#/c/137020/ .21:13
marekdi am especially worried about the spec.21:13
*** arif-ali has joined #openstack-keystone21:13
*** kobtea has quit IRC21:13
marekddstanek: getting back to the factory discussion. Here is the controller piece that loads plugins after reading auth method. https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L490-L492 Since it should now be 'token' in federated and non federated case we would need to change this logic.21:15
marekddstanek: or add some weird monster in Token.authenticate() which, unlike other plugins would be a factory.21:15
stevemardstanek, it's currently a mish mash of presentations21:16
marekdstevemar: may i ask on what presentation are you working on?21:16
stevemarmarekd, general authentication one21:16
*** jimhoagland has joined #openstack-keystone21:22
morganfainbergmarekd, they are working on bootstrapping one for friday21:24
* morganfainberg is unable to do it :( -- too much going on21:24
morganfainbergdstanek, and stevemar  are awesome and doing the presentation instead21:24
*** jorge_munoz has quit IRC21:24
morganfainbergi owe them at least a beer at the midcycle ;)21:24
morganfainbergwe have a venue, hotel discount still in the works. will send an update post lunch today21:25
marekdmorganfainberg: what is on friday?21:26
stevemarmorganfainberg, i'll share the presentation with you21:26
morganfainbergmarekd, OPenStack community has a bootstrapping hour webcast thing21:26
morganfainbergthis week is Keystone and Authentication Workflows21:26
marekdmorganfainberg: oh, i see.21:26
marekddidn't know that :(21:26
*** jorge_munoz has joined #openstack-keystone21:33
*** topol has quit IRC21:39
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/13479421:41
*** jamielennox is now known as jamielennox|away21:42
dstanekmarekd: ugg...among other things i lost the DB records I created for the IdP21:44
marekddstanek: oups...21:49
marekddstanek: wil l talk to you tomorrow about functional tests, ok?21:49
marekdi want to learn how to do this.21:49
dstanekmarekd: know how to do what?21:50
marekddstanek: how to proceed with a functional tests so we can have a real IdP.21:51
marekdand one day gate tests.21:51
dstanekmarekd: k, we can talk tomorrow21:52
marekddstanek: thanks.21:52
marekdI am logging out now, cheers.21:52
dstanekthe tests themselves will be largely the same as what we have now21:52
marekddstanek: except we need Keystone running on top of Apache21:53
dstanekmarekd: you'll just use a known port for the tests and that will run against devstack21:54
dstanekmarekd: tomorrow you can help me wrap up the configuration stuff if you have time21:54
marekddstanek: i will.21:54
dstanekmarekd: i'll even get on early for you21:55
marekddstanek: if we start your normal day of work with that we should be good :-)21:55
marekdwhat time do you have now?21:55
dstanek5pm21:55
marekdok, so it's 6h of difference. i have 11pm.21:56
marekdok, gnight!21:57
*** marekd is now known as marekd|away21:57
dstanekmarekd|away: night!21:57
*** jimhoagland has quit IRC21:59
stevemardstanek, lemme know if you think anything is missing from the pres22:00
*** tellesnobrega_ has joined #openstack-keystone22:05
*** jimhoagland has joined #openstack-keystone22:06
*** joesavak has quit IRC22:15
dstanekstevemar: will do22:21
dstanekstevemar: do you have (or does there exist) a canned script that generates the records for group/role/idp/mapping needed for federation?22:22
stevemardstanek, i have a few things written down that i just copy/paste22:23
stevemardstanek, https://gist.github.com/stevemart/e1c07cf4df50f621282f#file-oidc_steps-L57-L5822:23
stevemarand lines 85-8722:23
dstanekstevemar: nice, thx22:24
*** nellysmitt has joined #openstack-keystone22:28
*** sriram has quit IRC22:31
*** nellysmitt has quit IRC22:33
*** jorge_munoz has quit IRC22:37
*** afaranha_ has quit IRC22:41
*** henrynash has quit IRC22:41
morganfainbergyay more rain in SoCal :)22:52
bknudsonIt's not going to rain here.22:53
stevemarbknudson, it'll snow22:54
bknudsonmorganfainberg probably doesn't even own a snow shovel22:55
*** afaranha_ has joined #openstack-keystone22:55
morganfainbergbknudson, i used to. grew up in the mountains shovelling snow all winter, and ~95-100degree (that's F for those who use that other weird method of temperature, stevemar ) summers22:56
stevemarbknudson, shovels are backup anyway, need a blower22:59
morganfainbergstevemar, i would have killed for a snow blower when i was a kid...23:00
morganfainbergshovelling 6-8ft of snow... just to have a plow shove 4-7ft of now ICE back onto the driveway/entryway was awful23:01
morganfainbergstevemar, our neighbors at one point had a snowblower and an ATV + blade on the front23:01
morganfainbergand yes i grew up in SoCal :P just at elevation23:01
bknudsonImagines morganfainberg as some sort of mountain man23:02
stevemarbknudson, he needs more beard23:03
morganfainbergbknudson, i grew up in the national forest :P told "go outside, don't come back till dinner" over the summers.23:03
morganfainbergand played ice hockey.23:04
bknudsonraised by wolves23:04
morganfainberg:P23:04
morganfainbergbknudson, nah, we only have coyotes and they aren't loving enough to raise a kid23:04
morganfainbergthey'd have eaten me instead :P23:04
morganfainbergnow the bears....23:04
bknudsonwe always hear about the bears23:04
morganfainbergthey're more lovable....23:04
morganfainberg(or disgusting if you're cleaning up after the mess they make of the trashcans)23:05
bknudsonsomeone probably found you swimming in their pool and took you in23:05
morganfainberglol23:05
*** jamielennox|away is now known as jamielennox23:09
morganfainbergjamielennox, ping.23:09
morganfainbergjamielennox, re: SDK and incompat ksc23:09
jamielennoxmorganfainberg: the re: is good form - it has the disadvantage that i'm not sure i want to talk about that :)23:10
bknudsonI'm not sure we totally got closure on that discussion23:10
bknudsonwouldn't be the first time23:10
jamielennoxso what's up?23:10
morganfainbergjamielennox, so meeting happened and *generally* speaking we're leaning towards saying incompat changes are going to look at SDK before we make say python-keystoneclient223:10
bknudsonthere were some todos.23:10
morganfainbergbut as bknudson said there wasn't clear closure.23:11
morganfainbergso, explore if SDK is the right place, and help make sure they have the standards for code they want23:11
jamielennoxmorganfainberg: that's fair - and i mostly agree23:11
bknudsonI don't think anyone was too excited about *client2.23:11
*** jimhoagland has quit IRC23:11
morganfainbergbknudson, mordred was less worried about which way, just as long as we can make it cleaner/easier to work with23:11
morganfainbergbknudson, and that is where i'm at.23:11
openstackgerritayoung proposed openstack/python-keystoneclient: Revocation event API  https://review.openstack.org/8116623:12
openstackgerritayoung proposed openstack/python-keystoneclient: Access Info  https://review.openstack.org/13851923:12
morganfainbergif we can drop the cruft, and clean it up - I'm happy.23:12
bknudsonmorganfainberg: I think that's a different discussion... you make a high-level api from a low level api23:12
morganfainbergSDK or client223:12
morganfainbergthen we make the high-level stuff on the less-crufty impl23:12
jamielennoxmorganfainberg: ++ - i don't really care, it annoys me i've had to mess with this for so long i just want something that works23:12
bknudsonwe need the low-level api and we also need a high-level api23:12
*** jimhoagland has joined #openstack-keystone23:12
morganfainbergpart of the complaint is the current stuff is crufty and not easy to make that high-level stuff on ... without a lot of other cruft in the high-level stuff23:13
morganfainbergat least that was what made me thingk about ksc2 or non-compat changes23:13
jamielennoxso sdk will provide high and low levels, i'm not up on it as much as i was23:14
jamielennoxbut i've never really been concerned with the CRUD - it's a mess but it's usable23:14
bknudsonone of the concerns was that project teams don't seem to contribute outside their projects23:14
bknudsonand tempest was the example given.23:14
bknudsonit's going to be hard for anyone to be effective in an sdk project that they haven't worked on before.23:15
jamielennoxso this chain is what i want in middleware before release: https://review.openstack.org/#/c/130532/923:17
*** diegows has quit IRC23:18
morganfainbergjamielennox, /me looks23:18
*** bknudson has quit IRC23:19
morganfainbergjamielennox, ok i see three things. i'll put that on my list to start reviewing23:19
* morganfainberg is a little mired up with other stuff atm23:19
morganfainbergjamielennox, anything for KSC ?23:19
morganfainbergi'd like to release both around the same time23:19
jamielennoxhttps://review.openstack.org/#/c/133866/23:21
jamielennoxhttps://review.openstack.org/#/c/132652/23:22
jamielennoxi'll add the test to ^23:22
morganfainbergjamielennox, ++ cool.23:22
jamielennoxhttps://review.openstack.org/#/c/138228/23:23
jamielennoxthat should do23:23
morganfainbergok i added those to the gist ^23:23
morganfainberg[give it a few to sync]23:23
morganfainbergok should all be there.23:24
morganfainbergjamielennox, my goal is end of next week to do a release. but obv. tied to these getting in23:24
jamielennoxhttps://review.openstack.org/#/c/132626 should probably go as well, it's a bug but probably not a huge problem23:25
morganfainbergjamielennox, hmm. if it lands great, but i wont hold things up for it23:26
jamielennoxi would also like to do the 'make everything private' to the audit middleware that got added23:27
*** afaranha_ has quit IRC23:27
*** afaranha_ has joined #openstack-keystone23:27
jamielennoxfrom keystonemiddleware.openstack.common import context <- makes me a little sad23:27
morganfainbergjamielennox, that is reasonable.23:28
morganfainbergthe make it all private23:28
morganfainbergjamielennox, =/23:28
stevemarnkinder, hope you don't mind i used some pics/words from your paris presentation23:34
*** diegows has joined #openstack-keystone23:34
nkinderstevemar: nope, that's fine23:35
nkinderstevemar: what'd you use them for?23:35
stevemarnkinder, bootstrapping hour on friday23:35
nkinderstevemar: ah, cool23:36
*** Haneef_ has quit IRC23:37
*** RichardRaseley has quit IRC23:37
*** afaranha_ has quit IRC23:37
*** jimhoagland has quit IRC23:39
stevemarnkinder, PM me your gmail address so i can share the presentation :)23:40
nkinderstevemar: it's a google docs preso?  If so, my RH address is signed up23:40
stevemarah that'll do23:40
stevemardone23:41
*** afaranha_ has joined #openstack-keystone23:45
*** gordc has quit IRC23:47
*** drArtemis has joined #openstack-keystone23:52
morganfainbergdolphm, published the details on the WIKI and my post about venue and possible hotels with a note that i'll finalize the discounts/best choices by monday-ish23:53
morganfainbergdolphm, so if we don't have a discount code by monday/tue/wed/some time next week (i'm guessing soon is really soon™ in the blizzard/valvetime sense in that case)23:53
morganfainbergdolphm, i'll expect people to pick the best hotel for budget etc (so travel can be setup for obv. reasons)23:54
morganfainbergnkinder, welcome back btw23:54
*** drArtemis has left #openstack-keystone23:54
nkindermorganfainberg: thanks!23:54
morganfainbergnkinder, i assume you wont make it to the midcycle in SA23:54
nkindermorganfainberg: unfortunately not.  I'm travelling just after that to the Czech Republic, so it's just too much travel too close together23:55
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Make everything in audit middleware private  https://review.openstack.org/13890723:55
morganfainbergah23:55
morganfainbergjamielennox, we have a confirmed venue... if you're going to try and showup: https://www.morganfainberg.com/blog/2014/11/18/keystone-hackathon-kilo/23:56
morganfainbergjamielennox, hotel info still pending (discount codes that is)23:56
*** xxj has quit IRC23:57
jamielennoxmorganfainberg: would love to, but not pushing it23:57
morganfainbergjamielennox, works for me. i'll see if we can figure out a hangout or something for when you're awake23:57
jamielennoxmorganfainberg: that would be great23:58
morganfainbergand maybe to get nkinder there.23:58
morganfainbergbut no guarantees.23:58
jamielennoxmorganfainberg: is it just me or are there other remotees?23:58
morganfainbergjamielennox, nkinder maybe ;)23:58
morganfainbergfor L cycle i think i want to try and do it much more "remote friendly" [if we even need it]23:59
morganfainbergpre-plan to set it all up w/ remote access etc.23:59
morganfainbergor do it as a virtual mid-cycle23:59
« Tuesday, 2014-12-02 Index Thursday, 2014-12-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!