Thursday, 2015-01-15

gyee	dstanek, heh, I've got nothin but love	00:03
dstanek	gyee: i think i'm switching to an x1 carbon now that they fixed the keyboard	00:03
*** dims__ has joined #openstack-keystone		00:03
*** dims__ has quit IRC		00:03
*** chlong has joined #openstack-keystone		00:06
gyee	dstanek, cool, let me know how it goes with x1	00:07
*** lhcheng_afk has quit IRC		00:07
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: Fixes HEAD return code for OS-INHERIT extension https://review.openstack.org/142065	00:08
*** lhcheng_afk has joined #openstack-keystone		00:09
rodrigods	bknudson, indeed it was fixing the wrong section, now it's fixing the HEAD return codes: https://review.openstack.org/#/c/142065	00:09
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: Fixes HEAD return code for OS-INHERIT extension https://review.openstack.org/142065	00:11
morganfainberg	Yosemite really doesn't support everything we need for unit tests anymore. This is because apple doesn't ship updated libs for OpenSSL or ldap. They opted for their own instead.	00:17
morganfainberg	And some of the fixes aren't appropriate for venv. It would require changes to true setup.py for the lib to make it work right.	00:18
bknudson	morganfainberg: shipping their own openssl could never come back to bite them.	00:18
morganfainberg	It's not OpenSSL, it's a different lib completely. But yeah. Google "goto fail" for fun	00:18
morganfainberg	In short we removed docs indicating support for unit tests (or runtime) on OS X for keystone.	00:19
atiwari	morganfainberg, what is recommended? use ubuntu on virtual box to for keystone dev setup on MAC?	00:20
morganfainberg	atiwari, i use vmware, but yes, a linux distro in a VM	00:21
morganfainberg	hm, stevemar isn't here... will need to look for him later	00:22
atiwari	hmm, OK :(	00:22
*** henrynash has quit IRC		00:22
rodrigods	bknudson, just commented in https://bugs.launchpad.net/keystone/+bug/1397318	00:24
*** atiwari has quit IRC		00:26
*** carlosmarin has quit IRC		00:27
morganfainberg	bknudson, dstanek, so due to last minute meetings i think we'll just do the non-spec-bps at the mid-cycle (should be super quick in person)	00:28
morganfainberg	bknudson, dstanek, unless you want to do them not-too-late today [i'm on an airplane at 7am tomorrow]	00:28
morganfainberg	and not back until ~10pm	00:28
dstanek	morganfainberg: bknudson: i'm fine with in person	00:28
morganfainberg	dstanek, great.	00:28
bknudson	morganfainberg: doesn't matter to me.	00:29
morganfainberg	bknudson, cool lets go with in-person then	00:29
bknudson	we seem to be spending more time trying to decide to do it that it would take to review the change and merge it.	00:29
morganfainberg	bknudson, i think it's just a confirm it's good w/o spec, it shouldn't be much time even on irc.	00:29
morganfainberg	bknudson, heck, i'd be ok with 2x core (like a code review) confirming that status	00:30
bknudson	morganfainberg: isn't that all that's required for a spec?	00:30
morganfainberg	bknudson, yep. but this means no need to write a spec up [and have it reviewed / conform to a template, etc]	00:31
bknudson	plus it seems to take forever to get a spec approved.	00:31
bknudson	we actually do have quite a few kilo-approved specs already	00:32
bknudson	it would be nice to have http://specs.openstack.org/openstack/keystone-specs/ show which were completed already.	00:32
*** gordc has joined #openstack-keystone		00:33
morganfainberg	bknudson, so lets go with 2x core with same rules as code review to approve a BP w/o needing a spec. probably need some way to track it besides LP [or at least have those two people agree to +2/comment that it doesn't need the spec on the review itself]	00:33
morganfainberg	bknudson, we can discuss that policy ^ at the midcycle	00:33
bknudson	morganfainberg: for that I'd have to make the bp first	00:34
morganfainberg	bknudson, and yeah, need to figure out marking a spec as complete [besides looking at the status of the bp]	00:34
bknudson	I didn't make bps... I just posted the code change	00:34
*** LinstatSDR has quit IRC		00:34
morganfainberg	bknudson i's ok to make a bp before the spec - if it needs a spec we can mark the BP as blocked (ttx's recommendation, if it's landing in a specific milestone)	00:35
bknudson	ok, I'll make bps.	00:35
bknudson	I'll mark them as blocked.	00:35
morganfainberg	bknudson, if you tag them to a milestone, make sure they have a priority (or a script will auto-un-tag them)	00:43
*** zz_avozza is now known as avozza		00:49
*** jaosorior has quit IRC		01:03
*** dims__ has joined #openstack-keystone		01:04
*** gordc has quit IRC		01:06
*** _cjones_ has quit IRC		01:07
*** henrynash has joined #openstack-keystone		01:07
*** ChanServ sets mode: +v henrynash		01:07
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Deprecate various methods and attributes https://review.openstack.org/147026	01:07
*** dims__ has quit IRC		01:09
*** avozza is now known as zz_avozza		01:11
*** LinstatSDR has joined #openstack-keystone		01:14
*** gyee has quit IRC		01:21
openstackgerrit	henry-nash proposed openstack/keystone: Fix incorrect filter test name https://review.openstack.org/147354	01:21
bknudson	morganfainberg: I don't know how to set it to blocked.	01:29
morganfainberg	bknudson, hmm. implementation i think	01:29
morganfainberg	blocked should be a status	01:29
bknudson	morganfainberg: yep, that was it.	01:29
morganfainberg	:)	01:30
openstackgerrit	Brant Knudson proposed openstack/keystone: Use RequestBodySizeLimiter from oslo.middleware https://review.openstack.org/144697	01:30
*** _cjones_ has joined #openstack-keystone		01:32
openstackgerrit	henry-nash proposed openstack/keystone: Move sql specific filter test code into test_backend_sql https://review.openstack.org/147358	01:33
openstackgerrit	Brant Knudson proposed openstack/keystone: Move eventlet server options to a config section https://review.openstack.org/130962	01:38
*** david-lyle has joined #openstack-keystone		01:43
openstackgerrit	Dave Chen proposed openstack/keystone: Minor fix in RestfulTestCase https://review.openstack.org/147361	01:44
*** zzzeek has quit IRC		01:44
*** rwsu has quit IRC		01:47
*** _cjones_ has quit IRC		01:59
*** david-lyle has quit IRC		02:06
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Provide a deprecation warning for old functionality https://review.openstack.org/147026	02:12
*** _cjones_ has joined #openstack-keystone		02:13
*** _cjones_ has quit IRC		02:15
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/147028	02:16
*** david-lyle has joined #openstack-keystone		02:16
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Deprecate passing config options via paste file https://review.openstack.org/146730	02:17
*** david-lyle has quit IRC		02:19
openstackgerrit	Brant Knudson proposed openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	02:20
*** stevemar has joined #openstack-keystone		02:20
*** ChanServ sets mode: +v stevemar		02:20
openstackgerrit	Brant Knudson proposed openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	02:21
*** david-lyle has joined #openstack-keystone		02:23
*** henrynash has quit IRC		02:26
*** rushiagr_away is now known as rushiagr		02:27
*** stevemar has quit IRC		02:28
*** dims__ has joined #openstack-keystone		02:30
*** zz_avozza is now known as avozza		02:30
*** henrynash has joined #openstack-keystone		02:32
*** ChanServ sets mode: +v henrynash		02:32
*** lsmola_ has joined #openstack-keystone		02:38
*** erkules_ has joined #openstack-keystone		02:40
*** avozza is now known as zz_avozza		02:40
*** lsmola has quit IRC		02:41
*** pcaruana has quit IRC		02:41
*** david-lyle has quit IRC		02:42
*** erkules has quit IRC		02:42
*** david-lyle has joined #openstack-keystone		02:43
*** david-lyle has quit IRC		02:49
*** lhcheng_afk has quit IRC		02:56
*** david-lyle has joined #openstack-keystone		02:56
*** rushiagr is now known as rushiagr_away		02:56
*** chrisshattuck has joined #openstack-keystone		03:06
*** henrynash has quit IRC		03:08
*** samueldmq_ has joined #openstack-keystone		03:17
*** dims__ has quit IRC		03:19
*** chrisshattuck has quit IRC		03:19
openstackgerrit	ayoung proposed openstack/keystone: domain as project https://review.openstack.org/143763	03:23
*** david-lyle has quit IRC		03:32
*** harlowja is now known as harlowja_away		03:38
Sanchit	Hi, I am having a setup of objectStorage which can handle a load of about 10,000 requests.	03:43
Sanchit	I am using UUID type tokens.	03:43
Sanchit	Will my keystone server be able to handle the same load?	03:43
openstackgerrit	Merged openstack/python-keystoneclient: Move to hacking 0.10 https://review.openstack.org/146336	03:45
*** harlowja_away is now known as harlowja		03:47
openstackgerrit	Merged openstack/python-keystoneclient: Correct failures for check W292 https://review.openstack.org/146338	03:51
*** stevemar has joined #openstack-keystone		03:55
*** ChanServ sets mode: +v stevemar		03:55
*** chlong has quit IRC		04:06
*** abhirc has joined #openstack-keystone		04:07
*** chlong has joined #openstack-keystone		04:11
*** oomichi has joined #openstack-keystone		04:12
*** chlong_ has joined #openstack-keystone		04:13
*** chlong has quit IRC		04:17
*** richm has quit IRC		04:17
*** chlong_ has quit IRC		04:18
*** zz_avozza is now known as avozza		04:19
*** dims__ has joined #openstack-keystone		04:19
*** chlong has joined #openstack-keystone		04:24
*** dims__ has quit IRC		04:25
*** chlong_ has joined #openstack-keystone		04:26
*** chlong has quit IRC		04:27
*** chlong__ has joined #openstack-keystone		04:27
*** chlong_ has quit IRC		04:29
*** zzzeek has joined #openstack-keystone		04:29
*** zzzeek has quit IRC		04:29
*** chlong_ has joined #openstack-keystone		04:29
*** avozza is now known as zz_avozza		04:29
*** chlong_ has quit IRC		04:32
*** chlong has joined #openstack-keystone		04:32
*** chlong__ has quit IRC		04:33
*** chlong has quit IRC		04:34
*** gordc has joined #openstack-keystone		04:35
*** lhcheng_afk has joined #openstack-keystone		04:39
*** chrisshattuck has joined #openstack-keystone		04:56
*** topol has joined #openstack-keystone		05:00
*** ChanServ sets mode: +v topol		05:00
*** chlong has joined #openstack-keystone		05:00
*** chlong_ has joined #openstack-keystone		05:01
*** rushiagr_away is now known as rushiagr		05:02
*** jamielennox is now known as jamielennox\|away		05:02
*** lhcheng_afk has quit IRC		05:03
*** chlong has quit IRC		05:04
*** ajayaa has joined #openstack-keystone		05:05
*** jamielennox\|away is now known as jamielennox		05:05
*** chlong__ has joined #openstack-keystone		05:06
*** chlong_ has quit IRC		05:09
*** chlong has joined #openstack-keystone		05:12
*** chlong__ has quit IRC		05:12
*** chlong has quit IRC		05:12
*** abhirc has quit IRC		05:13
*** _cjones_ has joined #openstack-keystone		05:15
*** _cjones_ has quit IRC		05:20
*** jamielennox is now known as jamielennox\|away		05:22
*** jamielennox\|away is now known as jamielennox		05:22
*** ayoung has quit IRC		05:23
*** ayoung has joined #openstack-keystone		05:25
*** ChanServ sets mode: +v ayoung		05:25
*** chlong has joined #openstack-keystone		05:25
*** diegows has quit IRC		05:25
*** chlong has quit IRC		05:31
*** chlong has joined #openstack-keystone		05:31
*** gordc has quit IRC		05:34
*** chlong has quit IRC		05:34
*** chlong has joined #openstack-keystone		05:40
*** chlong_ has joined #openstack-keystone		05:41
*** chlong has quit IRC		05:45
*** chrisshattuck has quit IRC		05:57
*** zz_avozza is now known as avozza		06:05
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/145135	06:06
*** harlowja is now known as harlowja_away		06:08
*** dims__ has joined #openstack-keystone		06:09
*** dims__ has quit IRC		06:14
*** avozza is now known as zz_avozza		06:15
*** lhcheng has joined #openstack-keystone		06:17
*** lhcheng has quit IRC		06:17
*** topol has quit IRC		06:31
*** wanghong has quit IRC		06:42
*** lhcheng has joined #openstack-keystone		06:45
openstackgerrit	Abhishek Talwar proposed openstack/python-keystoneclient: User-password-update accepts blank as password https://review.openstack.org/147399	06:53
*** LinstatSDR has quit IRC		07:09
*** jamielennox is now known as jamielennox\|away		07:24
*** nellysmitt has joined #openstack-keystone		07:26
*** lhcheng has quit IRC		07:31
*** zz_avozza is now known as avozza		07:36
*** chlong_ has quit IRC		07:39
*** lhcheng has joined #openstack-keystone		07:40
*** avozza is now known as zz_avozza		07:46
*** lhcheng has quit IRC		07:49
*** lhcheng has joined #openstack-keystone		07:49
*** lhcheng has quit IRC		07:54
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignments Filters Performance https://review.openstack.org/137202	08:01
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests https://review.openstack.org/137021	08:01
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	08:01
*** samueldmq_ has quit IRC		08:13
*** zz_avozza is now known as avozza		08:19
*** erkules_ is now known as erkules		08:20
*** stevemar has quit IRC		08:21
*** stevemar has joined #openstack-keystone		08:28
*** ChanServ sets mode: +v stevemar		08:28
*** dtantsur\|afk is now known as dtantsur		08:33
*** stevemar has quit IRC		08:34
*** jistr has joined #openstack-keystone		08:35
*** jacer_huawei has joined #openstack-keystone		08:38
*** jacer_huawei is now known as wanghong		08:39
*** dims__ has joined #openstack-keystone		08:49
*** henrynash has joined #openstack-keystone		08:50
*** ChanServ sets mode: +v henrynash		08:50
*** henrynash has quit IRC		08:53
*** dims__ has quit IRC		08:54
*** Stephen has joined #openstack-keystone		09:10
*** Stephen is now known as Guest15493		09:10
*** Guest15493 is now known as SteveyT		09:11
openstackgerrit	Abhishek Talwar proposed openstack/python-keystoneclient: User-password-update accepts blank as password https://review.openstack.org/147399	09:12
*** SteveyT has left #openstack-keystone		09:15
openstackgerrit	Marek Denis proposed openstack/keystone: Identify groups by name/domain in mapping rules. https://review.openstack.org/139013	09:19
*** afazekas has joined #openstack-keystone		09:26
*** k4n0 has joined #openstack-keystone		09:29
*** waverider has joined #openstack-keystone		09:29
waverider	hello	09:29
waverider	where can i find some documentation for adding a user role to project via v3 API. Looking at source looks like Keystone v2 was using Roles.add_user_role - mathod that is removed in v3. I've noticed RoleAssignmentManager.create and .put but there's no docs of how to use those.	09:32
*** josecastroleon has joined #openstack-keystone		09:34
*** k4n0 has quit IRC		09:36
*** aix has joined #openstack-keystone		10:09
openstackgerrit	Abhishek Talwar proposed openstack/python-keystoneclient: User-password-update accepts blank as password https://review.openstack.org/147399	10:32
*** jamielennox\|away is now known as jamielennox		10:34
*** henrynash has joined #openstack-keystone		10:57
*** ChanServ sets mode: +v henrynash		10:57
openstackgerrit	henry-nash proposed openstack/keystone: Fix incorrect filter test name https://review.openstack.org/147354	11:00
openstackgerrit	henry-nash proposed openstack/keystone: Move sql specific filter test code into test_backend_sql https://review.openstack.org/147358	11:02
*** krykowski has joined #openstack-keystone		11:13
*** dims__ has joined #openstack-keystone		11:21
*** dims__ has quit IRC		11:26
openstackgerrit	Bogun Dmitriy proposed openstack/keystone: FIX multiple SQL backend usage validation https://review.openstack.org/138113	11:39
samueldmq	waverider, morning :)	11:40
samueldmq	waverider, you may take a look at the API spec (http://developer.openstack.org/api-ref-identity-v3.html)	11:40
samueldmq	waverider, more precisely at Projects section, for grants/assignments on projects	11:41
*** dims__ has joined #openstack-keystone		11:49
*** krykowski has quit IRC		11:51
*** EmilienM\|afk is now known as EmilienM		11:58
*** jamielennox is now known as jamielennox\|away		12:03
*** aix has quit IRC		12:07
*** chlong_ has joined #openstack-keystone		12:08
*** blinky_ghost has joined #openstack-keystone		12:28
*** avozza is now known as zz_avozza		12:36
*** dims__ is now known as dims		12:36
*** krykowski has joined #openstack-keystone		12:39
*** krykowski has quit IRC		12:46
*** zz_avozza is now known as avozza		12:49
*** krykowski has joined #openstack-keystone		12:50
*** dims has quit IRC		13:04
*** aix has joined #openstack-keystone		13:05
*** dims has joined #openstack-keystone		13:05
*** oomichi has quit IRC		13:06
*** rushiagr is now known as rushiagr_away		13:08
*** nellysmitt has quit IRC		13:12
*** ajayaa has quit IRC		13:17
*** diegows has joined #openstack-keystone		13:21
*** ayoung has quit IRC		13:27
*** bknudson has quit IRC		13:46
*** nellysmitt has joined #openstack-keystone		13:50
openstackgerrit	ZhiQiang Fan proposed openstack/python-keystoneclient: Enable hacking rule F821 https://review.openstack.org/134096	13:53
*** chlong_ has quit IRC		13:56
*** gordc has joined #openstack-keystone		13:57
*** amakarov_away is now known as amakarov		14:01
*** bknudson has joined #openstack-keystone		14:02
*** ChanServ sets mode: +v bknudson		14:02
*** lufix has joined #openstack-keystone		14:04
*** lufix has quit IRC		14:04
*** lufix has joined #openstack-keystone		14:04
*** topol has joined #openstack-keystone		14:05
*** ChanServ sets mode: +v topol		14:05
*** ajayaa has joined #openstack-keystone		14:13
*** krykowski has quit IRC		14:17
*** krykowski has joined #openstack-keystone		14:21
*** joesavak has joined #openstack-keystone		14:22
*** ayoung has joined #openstack-keystone		14:26
*** ChanServ sets mode: +v ayoung		14:26
*** topol has quit IRC		14:28
*** tellesnobrega_ has joined #openstack-keystone		14:29
*** abhirc has joined #openstack-keystone		14:47
*** richm has joined #openstack-keystone		14:52
*** avozza is now known as zz_avozza		14:53
*** raildo has joined #openstack-keystone		14:58
*** LinstatSDR has joined #openstack-keystone		15:01
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use migration_cli for db migrations https://review.openstack.org/147548	15:03
openstackgerrit	Marek Denis proposed openstack/keystone: Implements whitelist and blacklist mapping rules https://review.openstack.org/142573	15:06
*** radez_g0n3 is now known as radez		15:07
lufix	Quick question about the keystone api. What is the difference between specifying a domain in the user object versus the scope object?	15:16
*** dims has quit IRC		15:16
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter tests in prepartion for LDAP support https://review.openstack.org/147551	15:16
*** dims has joined #openstack-keystone		15:21
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter tests in prepartion for LDAP support https://review.openstack.org/147551	15:23
marekd	ayoung: https://review.openstack.org/#/c/130593/ you have already +2'd it once. Can you take a look again?	15:24
ayoung	marekd, happy to look	15:25
ayoung	marekd, +A	15:33
marekd	ayoung: thank you.	15:33
ayoung	marekd, YW	15:33
*** raildo has quit IRC		15:38
*** stevemar has joined #openstack-keystone		15:39
*** ChanServ sets mode: +v stevemar		15:39
*** nkinder is now known as nkinder_away		15:40
*** krykowski has quit IRC		15:43
ayoung	marekd, so what to do about the WebSSO spec?	15:44
marekd	ayoung: i'd split and focus on SAML/Oidc only for now.	15:44
marekd	unless krb will work in a excatly same way.	15:45
marekd	I'd drop user/pass for now.	15:45
marekd	ayoung: did you see my comments on the spec?	15:45
ayoung	marekd, but where to put the UI?	15:45
marekd	Horizon.	15:45
marekd	or any Horizon-like app.	15:45
*** Ctina__ has joined #openstack-keystone		15:46
ayoung	marekd, but then Horizon ends up with the power to issue tokens	15:46
*** afazekas has quit IRC		15:46
marekd	ayoung: no.	15:46
ayoung	You guys have a stand alone service	15:46
marekd	ayoung: horizon know that for saml it should redirect to v3/OS-FEDERATION/websso/saml2 and for oidc to /v3/OS-FEDERATION/websso/oidc	15:47
marekd	and later it will let user through if he presents a token (issued by Keystone).	15:47
ayoung	So you have a button you add to Horizon telling the user to click one or the other? I didn't see that on the cern site	15:47
marekd	because we made saml2 default and only possible way to authenticate	15:48
marekd	that general cern-wide rule.	15:48
*** tellesnobrega_ has quit IRC		15:48
marekd	but in general use case I would imagine some buttons/form/whatever where user chooses his preffered auth way.	15:48
marekd	(constrained to what admins allows there)	15:49
marekd	in this particular case Horizon's job is to look nice and be able to issue HTTP 302 to Keystone with 2-3 differenc endpoints.	15:49
marekd	v3/OS-FEDERATION/websso/saml2, /v3/OS-FEDERATION/websso/oidc, /v3/krb	15:50
marekd	or something like that.	15:50
ayoung	marekd, Heh, that is what /auth/token was originally supposed to be. those should be /auth/<mechanism>	15:50
marekd	ayoung: /auth/websso/saml2 (or any other format) would work for me too.	15:51
ayoung	but then, we need to allow the user to slect the saml provider, which means a sync between Keystone and the webui	15:51
marekd	ayoung: let's be hones - Keystone doesn't understand SAML	15:52
marekd	identity_provider objects are stubs, nothing else.	15:52
ayoung	Neither do I, if we are being Honest.	15:52
marekd	ayoung: i also have lots of work in that matter.	15:53
marekd	ayoung: but this sync step is actually done by the admin.	15:53
ayoung	So, you know how we have the auth mechanisms list for the token controller? I would like that to be multiple, different urls get different methods allowed.	15:53
marekd	what do you mean?	15:54
*** tellesnobrega_ has joined #openstack-keystone		15:59
*** lufix has quit IRC		16:01
*** chrisshattuck has joined #openstack-keystone		16:04
ayoung	marekd, in the token request we list htemoethods...I would like to be able to distinguish between "SAML" and "KERBEROS" say and have botha cceptable, but on different urls	16:12
*** mattfarina has joined #openstack-keystone		16:13
*** abhirc has quit IRC		16:13
marekd	ayoung: as long as keystone is not a first class Service Provider (understanding SAML/OIDC) we cannot do it this way.	16:16
ayoung	Yes we can...you must mean something other than I do here.	16:16
ayoung	I just mean that	16:16
ayoung	if I have SAML and Kerberos, both handled by Apache, I can distinguish between them	16:17
marekd	ayoung: yes, by using different urls	16:17
ayoung	so /v3/auth/kerberos would have "method"="kerberos" set and the same for SAML	16:17
marekd	but you still want to have /v3/auth/kerberos and /v3/auth/saml2	16:18
marekd	right?	16:18
marekd	stevemar: thanks for the reviews.	16:20
stevemar	np!	16:20
ayoung	marekd, yeah, I think it makes sense to have many different auth urls.	16:23
richm	stevemar: ping - is there some reason 'description' was dropped as a property of services? That is, with the identity v2.0 api, you can specify --description foo for service create - but not with v3	16:23
marekd	ayoung: so we are on the same page.	16:23
marekd	ayoung: also, we don't need to have identity methods specifying kerberos, saml2 et all.	16:24
marekd	at least in the current Keystone's shape.	16:24
ayoung	the Auth urls can even be on different systems. I was talking with my boss yesterday. He had a really interesting idea of using multiple containers for each domain.	16:24
marekd	containers like Docker?	16:24
stevemar	richm, hmm... with OSC v3 you mean description doesn't work right	16:24
ayoung	where the container was configured using SSSD, and each could talk to a different IdP	16:24
*** abhirc has joined #openstack-keystone		16:24
ayoung	marekd, yes	16:24
stevemar	cause it looks like description is allowed here: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#create-service (at the API level)	16:24
richm	stevemar: yes - openstack --os-identity-api-version 3 help service create	16:25
*** dims has quit IRC		16:25
ayoung	marekd, if we completely split the Identity part off the rest of Keystone, and then the "traditional" keystone would start with "unscoped->scoped" token exchanges	16:25
stevemar	richm, ahhh someone caught that and fixed it :) https://github.com/openstack/python-openstackclient/commit/36ab944d2ecac5227880a6b09b4184bff4c0aba8	16:26
stevemar	24 days ago	16:26
marekd	ayoung: it would handle only one auth method - token	16:26
stevemar	we will be releasing a new version soon... 1.0.2	16:26
richm	ok - so I guess I'm stuck with calling the rest api directly for this case for puppet . . .	16:27
ayoung	marekd, ooh, what if we put groups in unscoped tokens	16:27
marekd	ayoung: ...and?	16:27
stevemar	richm, :( would it help if we released something soon? like tomorrow?	16:27
ayoung	marekd, and used PKIZ tokens for the Unscoped	16:27
marekd	so you see it as a problem ?	16:27
stevemar	or even today?	16:28
ayoung	we'd have a bunch of different Idps issuing the unscoped tokens, and then the user could go to the Keystone assignement server to get a scoped tokenm	16:28
richm	stevemar: we can't even get all of the supported debian/ubuntu platforms off of osc 0.3 :P	16:28
stevemar	bah	16:28
marekd	ayoung: Idp == keystone in this case (?)	16:28
stevemar	alright, time to go appeal to the packagers	16:28
ayoung	marekd, yes	16:28
stevemar	morganfainberg, ping	16:29
ayoung	marekd, keystone identity vs keystone assignment	16:29
ayoung	if we knew that an unscoped token had performed all of the mapping from IdP specific data (SAML, OIDC) to Keystone, we can just use what is in the token body	16:29
marekd	that's an idea.	16:30
ayoung	marekd, and all unscoped tokens would have for a service catalog is the endpoint for Keystone assignment	16:32
ayoung	jamielennox\|away, has been proposing that for a while. It makes good sense.	16:32
*** waverider has quit IRC		16:32
marekd	SC un unscoped tokens? Yes. I think so too.	16:32
marekd	ayoung: are you ok if i edit websso spec?	16:34
ayoung	marekd, please do so!	16:34
*** carlosmarin has joined #openstack-keystone		16:34
morganfainberg	stevemar: pong. But in Bay Area heading to the office shortly for meetings.	16:35
stevemar	morganfainberg, wanted to know who i should contact to update the OSC being packaged by ubuntu	16:36
stevemar	morganfainberg, but i suspect it's zul?	16:36
morganfainberg	zigo I think.	16:36
zigo	stevemar: OSC ?	16:37
zigo	As in openstackclient ?	16:37
stevemar	zigo, python-openstackclienthttps://launchpad.net/python-openstackclient	16:37
zigo	That would be me ...	16:37
stevemar	zigo, yay, found the right person	16:38
zigo	stevemar: You need the last version ?	16:38
zigo	stevemar: Will it work with the global-requirements for Juno?	16:38
stevemar	zigo, i believe the latest version supported is 0.3 and there's a been at least 2 or 3 new releases since	16:39
*** jorge_munoz has joined #openstack-keystone		16:39
stevemar	i suspect so, our requirements doesn't move much... just oslo libraries and other openstack python-*client libraries	16:39
zigo	stevemar: I have packaged and uploaded version 1.0.1-1 of python-openstackclient to Debian Experimental, and that's what Ubuntu uses too.	16:40
zigo	Plus a bit of changes, let me check what they did.	16:40
*** raildo has joined #openstack-keystone		16:40
stevemar	zigo, oh maybe richm is speaking about 'all supported platforms' specifically?	16:41
richm	right	16:42
stevemar	richm, i guess y'all don't use experimental either?	16:42
richm	I'm not sure what all of the platforms that have to be supported by puppet are	16:42
zigo	stevemar: There's nothing interesting in the debian/changelog of Ubuntu for openstackclient, so I'd say we have the same version.	16:43
richm	we can go over to #puppet-openstack and find out	16:43
*** dtantsur is now known as dtantsur\|afk		16:44
stevemar	zigo, ah i guess trusty is at 0.3.0 still: http://packages.ubuntu.com/search?keywords=python-openstackclient&searchon=names&suite=all&section=all	16:45
stevemar	i'm guessing that's the one causing richm a headache	16:45
richm	yes	16:45
zigo	stevemar: I don't think they will ever update it.	16:45
stevemar	zigo, :(	16:45
stevemar	zigo why is that?	16:45
zigo	richm: & stevemar: I have a backport of it for Trusty if you need it.	16:45
richm	then we can never rely on any bug/feature past 0.3	16:45
zigo	richm: & stevemar: The concept of a stable release is that you don't update it.	16:45
zigo	richm: & stevemar: http://juno-trusty.pkgs.mirantis.com/debian/pool/trusty-juno-backports/main/p/python-openstackclient/	16:46
richm	. . . which puts the burden on puppet-openstack to hack/code around it	16:46
zigo	It's there ...	16:46
zigo	richm: Did you test puppet-openstack with Debian?	16:47
zigo	richm: I'd be happy to have more support for it, as I know there's some users for that.	16:47
zigo	Especially for with Icehouse.	16:47
richm	zigo: I didn't - there were some people on #puppet-openstack	16:47
openstackgerrit	Alexander Makarov proposed openstack/keystone: LDAP additional attribute mappings description https://review.openstack.org/118590	16:47
richm	I'm a Red Hat/Fedora guy	16:47
zigo	Ah ok.	16:48
openstackgerrit	Alexander Makarov proposed openstack/keystone: LDAP additional attribute mappings description https://review.openstack.org/118590	16:48
richm	I know whose arm to twist to get updated packages in rdo . . .	16:48
zigo	richm: I do as well! :)	16:48
stevemar	richm, sounds like we're stuck =\	16:51
*** jorge_munoz has quit IRC		16:51
stevemar	i didn't know stable releases don't get updates	16:52
richm	they do, but they have to be "proven" not to break anything or cause regressions (or be a CVE . . .)	16:52
*** lhcheng has joined #openstack-keystone		16:53
*** abhirc has quit IRC		16:54
*** abhirc has joined #openstack-keystone		16:54
stevemar	richm, sounds like the odds of it happening are slim	16:55
stevemar	richm, can you use the backport? or the one from pypi instead of the packaged one?	16:56
ayoung	richm, can Puppet usage require an updated package?	16:56
ayoung	I know when I was doing Debian, I was mixing in packages from unstable on a regular basis	16:56
*** _cjones_ has joined #openstack-keystone		17:00
richm	I don't know - let's have this discussion in #puppet-openstack	17:01
*** afazekas has joined #openstack-keystone		17:03
*** jorge_munoz has joined #openstack-keystone		17:11
*** abhirc has quit IRC		17:14
*** zzzeek has joined #openstack-keystone		17:15
richm	zigo: according to crinkle in #puppet-openstack, uca needs to upgrade the juno version of python-openstackclient to 1.0.1 (and later)	17:23
crinkle	they don't just need to update, they need to add it http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/juno_versions.html	17:23
*** rwsu has joined #openstack-keystone		17:24
crinkle	the ubuntu-server mailing list told me they wouldn't be adding it till kilo	17:24
crinkle	https://lists.ubuntu.com/archives/ubuntu-server/2014-December/007000.html	17:24
richm	stevemar: If I'm reading https://github.com/openstack/python-openstackclient/commit/36ab944d2ecac5227880a6b09b4184bff4c0aba8 correctly, does that add the "description" column to the service list output?	17:25
*** dims has joined #openstack-keystone		17:26
*** Ctina__ is now known as Ctina		17:28
*** dims has quit IRC		17:30
stevemar	richm, it just added description to create and set,	17:31
richm	stevemar: ok - need description in service list and service show	17:31
stevemar	richm, it'll appear in show, that's automagic	17:32
richm	ok	17:32
stevemar	richm, for list we need to fix it up, blah...	17:32
openstackgerrit	Raildo Mascena de Sousa Filho proposed openstack/keystone-specs: Reseller https://review.openstack.org/139824	17:32
stevemar	dtroyer, ^ bug + interesting convo	17:32
*** ajayaa has quit IRC		17:34
richm	stevemar: dtroyer https://bugs.launchpad.net/python-openstackclient/+bug/1411337	17:35
openstackgerrit	ayoung proposed openstack/keystone: Multiple IdP authentication URL https://review.openstack.org/142743	17:36
*** tellesnobrega_ has quit IRC		17:36
*** EmilienM is now known as EmilienM\|afk		17:36
openstackgerrit	ayoung proposed openstack/keystone: Multiple IdP authentication URL https://review.openstack.org/142743	17:36
openstackgerrit	Raildo Mascena de Sousa Filho proposed openstack/keystone-specs: Reseller https://review.openstack.org/139824	17:36
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter tests in prepartion for LDAP support https://review.openstack.org/147551	17:37
dtroyer	thanks richm. fwiw, we're not guaranteeing compatibility with the prettytable outputs so adding description by default should be ok.	17:37
dtroyer	I'll target that to the soon-now m7 release	17:37
*** g2` has joined #openstack-keystone		17:37
*** LinstatSDR has quit IRC		17:40
*** rushiagr_away is now known as rushiagr		17:41
*** dims has joined #openstack-keystone		17:43
*** aix has quit IRC		17:45
*** tellesnobrega_ has joined #openstack-keystone		17:47
henrynash	ayoung: ping	17:47
*** afazekas has quit IRC		17:47
ayoung	henrynash, hey	17:47
henrynash	ayoung: howdy…..old question…do you think ldap searches are typically case sensitive or insensitive?	17:48
ayoung	henrynash, I'd ask richm or nkinder_away	17:48
ayoung	I'd just be making up an answer	17:49
henrynash	ayoung: ok, thxI’ll ping thme	17:49
stevemar	ayoung, i like your honesty in that reply	17:49
henrynash	richm, nkinder_away: any ideas?	17:49
ayoung	nkinder_away is travelling.	17:49
ayoung	LUNCH AND THEN GYM!	17:50
*** ayoung is now known as ayoung-gym		17:50
*** afazekas has joined #openstack-keystone		17:51
*** afazekas has quit IRC		17:57
openstackgerrit	David Stanek proposed openstack/keystone-specs: Spec for adding functional testing support https://review.openstack.org/147608	17:58
richm	henrynash: typically case insensitive - it depends on the syntax/matching rules defined for the attribute that you are using in the search filter, and those are typically case insensitive	18:00
henrynash	richm: ok, that’s what I thought…just tring to get a 2nd opinion…thanks!	18:01
richm	for example - (cn=Henry Nash) and (cn=henry nash)	18:01
richm	because 'cn' is a subclass of 'name', which is defined with EQUALITY caseIgnoreMatch	18:01
henrynash	richm: and the equality rules are defined as part of the “schema” I assume (well the object definition anyway)	18:02
*** abhirc has joined #openstack-keystone		18:03
richm	henrynash: right	18:04
richm	e.g. ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALITY caseIgnoreMatch	18:04
richm	so searches for (uid=somevalue) are also case insensitive	18:05
dstanek	bknudson: you around?	18:05
henrynash	richm: ok, thx…fyi, reason why I’m asking is that I’m adding filtering into our ldap backend…..and need to modify our tests (and our fakeldap) so that they do teh right thing for matching (including wildcards)	18:06
bknudson	dstanek: yes	18:07
richm	henrynash: ok - then yes, in general, ldap filter comparisons will be case insensitive for keystone since (almost?) all of the attributes used there use caseIgnore matching for equality and substring (i.e. wildcards)	18:07
henrynash	richm: yep, agreed	18:08
*** jorge_munoz has quit IRC		18:08
*** _cjones_ has quit IRC		18:09
dstanek	bknudson: i get the feeling that test_bootstrap isn't really doing anything useful - https://review.openstack.org/#/c/134096/8/keystoneclient/tests/v2_0/test_shell.py	18:09
dstanek	bknudson: called anytime effectively does nothing	18:09
*** _cjones_ has joined #openstack-keystone		18:09
openstackgerrit	henry-nash proposed openstack/keystone: Enable filtering in LDAP backend for listing entities https://review.openstack.org/147612	18:09
bknudson	dstanek: I didn't look into it too much since it's v2 shell test code... but it's obviously not doing what the original code thought it was doing.	18:10
bknudson	if somebody wanted to rewrite it to do something sane then I would be happy with that	18:10
dstanek	bknudson: i'll look at it real quick and see	18:10
bknudson	I didn't know there was a bootstrap command	18:11
dstanek	bknudson: like you said 'old shell test code' and i don't want to spend too much time on it	18:11
openstackgerrit	henry-nash proposed openstack/keystone: Enable filtering in LDAP backend for listing entities https://review.openstack.org/147612	18:13
*** jorge_munoz has joined #openstack-keystone		18:13
bknudson	dstanek: looks like it should be going through the request history and make sure that a request with that body was made.	18:14
bknudson	but that's not what it was doing.	18:14
dstanek	well i just raised an exception in stead or returning false in called_anytime and got failures	18:15
*** harlowja_away is now known as harlowja		18:16
bknudson	dstanek: looks like called_anytime is supposed to raise or the caller is supposed to check the return code.	18:16
dstanek	bknudson: yeah, but it seems to fail anytime it's called; maybe the logic is incorrect	18:17
*** tellesnobrega_ has quit IRC		18:17
dstanek	bknudson: ah, i think i got it - the path never matches	18:19
bknudson	dstanek: the right request isn't made?	18:19
openstackgerrit	Merged openstack/keystone: Scope federated token with 'token' identity method https://review.openstack.org/130593	18:20
*** _cjones_ has quit IRC		18:22
*** jaosorior has joined #openstack-keystone		18:23
dstanek	bknudson: no i think it's fine - i'll push up a patch showing what i did	18:23
*** topol has joined #openstack-keystone		18:23
*** ChanServ sets mode: +v topol		18:23
openstackgerrit	David Stanek proposed openstack/python-keystoneclient: Fixes bootstrap tests https://review.openstack.org/147618	18:32
dstanek	bknudson: ^	18:32
*** _cjones_ has joined #openstack-keystone		18:33
*** rushiagr is now known as rushiagr_away		18:39
*** raildo has quit IRC		18:45
*** amakarov is now known as amakarov_away		18:48
*** tellesnobrega_ has joined #openstack-keystone		18:49
*** jorge_munoz_ has joined #openstack-keystone		18:53
*** jorge_munoz has quit IRC		18:54
*** jorge_munoz_ is now known as jorge_munoz		18:54
*** EmilienM\|afk is now known as EmilienM		19:02
*** tellesnobrega_ has quit IRC		19:04
*** jistr has quit IRC		19:05
*** gyee has joined #openstack-keystone		19:10
*** ChanServ sets mode: +v gyee		19:10
*** afazekas has joined #openstack-keystone		19:16
bknudson	dstanek: failed on py33	19:20
dstanek	bknudson: yeah, i saw - working on a fix now	19:20
dims	hi all, need some help, chasing a boto 401 problem with latest boto, logs show this, where should i look for more info?	19:21
dims	keystone_access.txt.gz:127.0.0.1 - - [15/Jan/2015:18:18:15 +0000] "POST /v2.0/ec2tokens HTTP/1.1" 401 366 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.13.0-43-generic"	19:21
*** blinky_ghost has quit IRC		19:22
ayoung-gym	dims, what is boto?	19:23
*** ayoung-gym is now known as ayoung		19:24
dims	ayoung-gym: boto is the python client library for ec2, bug is here - https://bugs.launchpad.net/nova/+bug/1410622	19:24
dims	ayoung: several tests got fixed in https://bugs.launchpad.net/nova/+bug/1408987 by adding hmac-v4 auth	19:25
dims	ayoung: in this review - https://review.openstack.org/#/c/146609/	19:26
ayoung	POST /v2.0/ec2tokens HTTP/1.1" 401 seems pretty self explanatory: bad token	19:26
dims	however, we still see 2 tests fail in tempest	19:26
ayoung	dims, or some other permission issue	19:26
ayoung	dims, can you reproduce it ?	19:26
dims	yep	19:26
dims	in the gate	19:26
dims	http://logs.openstack.org/01/147601/1/check/check-tempest-dsvm-full/f5523c6/logs/screen-n-api.txt.gz#_2015-01-15_18_18_15_045	19:27
ayoung	dims, can you reproduce it on systems that you can affect change on?	19:27
dims	haven't tried that yet, guess i am trying to see how to enable some verbose logging on the keystone side?	19:28
ayoung	dims, rpdb is my friend. rpdb should be yours, too.	19:29
dims	ah debugger :)	19:30
ayoung	its fantastic	19:30
ayoung	if you can't get the logging you need to figure out what is wrong, it is just super friendly	19:30
dims	cool, will poke around a bit before i jump in there	19:31
dims	thanks	19:31
ayoung	import rpdb; rpdb.set_trace(); then trigger it and, in another window, do	19:31
ayoung	telnet localhost 4444	19:31
ayoung	dims, let me look at the log, though	19:31
dims	ayoung: found it i think	19:32
dims	Authorization failed. EC2 signature not supplied.	19:32
dims	http://logs.openstack.org/01/147601/1/check/check-tempest-dsvm-full/f5523c6/logs/apache/keystone.txt.gz#_2015-01-15_18_18_15_043	19:32
dims	thanks again :)	19:33
*** david-lyle has joined #openstack-keystone		19:49
ayoung	henrynash, just +Aed a few of your split-role patches. Consider that sticky and shepherd them through if the gate fails you	19:51
rodrigods	ayoung, henrynash yay	19:54
*** _cjones_ has quit IRC		19:56
rodrigods	can someone add some thoughts here: https://bugs.launchpad.net/keystone/+bug/1397318 ?	20:01
*** jorge_munoz has quit IRC		20:03
*** lhcheng has quit IRC		20:04
*** lhcheng has joined #openstack-keystone		20:04
openstackgerrit	Matt Riedemann proposed openstack/keystone: Distinguish between missing access/signature ec2 creds 401 errors https://review.openstack.org/147639	20:04
henrynash	ayoung: thx…morganfainberg, you ok with it..?	20:09
*** lhcheng has quit IRC		20:09
morganfainberg	henrynash: with which? I'm actually in a meeting until like 4pm (noon now)	20:10
esp	ayoung: got a noobie question for ya regarding keystone policy files again	20:11
henrynash	morganfainberg: the first of the role split patches was just given +A….just checking in case you had had any negative thoughts following your +1	20:11
*** jorge_munoz has joined #openstack-keystone		20:12
zigo	richm: I can't do anything about what Canonical/Ubuntu does, and frankly, I don't really care what they do, I'm doing debian packages, they only use my work they way they are pleased to.	20:14
zigo	richm: Feel free to just use my Trusty repository if you don't like theirs.	20:14
*** david-lyle has quit IRC		20:15
henrynash	esp: I may be able to answer too…what’s the question?	20:16
esp	thx henrynash :)	20:16
esp	I just needed a bit of clarification	20:17
esp	so keystone API runs v2 and v3 at simulatneously	20:17
henrynash	esp: yep	20:17
esp	but does the v2 api care about or use the /etc/keystone/policy.json ?	20:18
henrynash	esp: no	20:18
esp	cool	20:18
esp	thx henrynash	20:18
henrynash	esp: well, you have to be admin, basically to use the v2 API	20:18
esp	right, so like in devstack for example	20:18
esp	you need to do this $ source .openrc admin admin	20:19
esp	^ use admin creds to do anything in keystone v2	20:19
esp	correct ?	20:19
henrynash	esp: not true for other pojects (e.g. nova)…you can run keystone v2, but still have propert API policy proteciton for other projects (nova, galnce etc.)….just not for keystone	20:19
henrynash	esp: basically, yes	20:19
esp	k, I think I understand	20:20
esp	thx for the help	20:20
henrynash	esp: no problem	20:20
*** fifieldt_ has joined #openstack-keystone		20:22
*** nellysmitt has quit IRC		20:24
rodrigods	ayoung, receiving a "Database Error" when I try to access your "Dynamic Policy" blog post =/	20:24
ayoung	rodrigods, hmmm, really? Wordpress just updated.	20:25
*** fifieldt__ has quit IRC		20:25
ayoung	rodrigods, worked for me	20:25
ayoung	http://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/	20:25
*** _cjones_ has joined #openstack-keystone		20:26
rodrigods	ayoung, now it worked :)	20:27
rodrigods	bknudson, changed the bug description to the other way around :)	20:27
ayoung	rodrigods, I'm going to make that into a spec	20:28
bknudson	rodrigods: were you able to recreate it yourself?	20:28
bknudson	maybe there's a difference between eventlet and apache?	20:28
rodrigods	bknudson, were you testing in which env?	20:29
rodrigods	ayoung, heh	20:29
bknudson	rodrigods: eventlet	20:29
bknudson	(so that I can debug!)	20:29
rodrigods	ayoung, btw, we are just one +2 apart from having the last step from the oslo.policy graduation, right? (anything else?)	20:29
rodrigods	bknudson, will reproduce here using apache	20:30
*** radez is now known as radez_g0n3		20:35
henrynash	fyi…keystone sample config is out of date again…just pushing an update…	20:35
*** _cjones_ has quit IRC		20:35
*** _cjones_ has joined #openstack-keystone		20:36
openstackgerrit	ayoung proposed openstack/keystone-specs: Dynamic Policy Overview https://review.openstack.org/147651	20:38
rodrigods	ayoung, haha	20:39
ayoung	rodrigods, btw, I got "domain is a project" to pass tests.	20:39
ayoung	look at it, bleed on it.	20:39
*** ayoung is now known as ayoung-afk		20:39
ayoung-afk	Gotta run out for a bit	20:40
rodrigods	ayoung-afk, ++ think raildo is back on action tomorrow or monday	20:40
openstackgerrit	David Stanek proposed openstack/python-keystoneclient: Fixes bootstrap tests https://review.openstack.org/147618	20:40
ayoung-afk	cool	20:44
*** ayoung-afk has quit IRC		20:44
*** joesavak has quit IRC		20:45
openstackgerrit	henry-nash proposed openstack/keystone: Update the keystone sample config https://review.openstack.org/147654	20:45
openstackgerrit	Merged openstack/keystone: Split roles into their own backend within assignments https://review.openstack.org/144239	20:45
henrynash	wahhooooo	20:46
morganfainberg	henrynash, nice	20:46
henrynash	morganfainberg, ayoung: fyi…nearly done on this ldap one…https://review.openstack.org/#/c/147612/	20:47
openstackgerrit	Merged openstack/keystone: Correct doc string for grant driver methods https://review.openstack.org/144403	20:51
openstackgerrit	henry-nash proposed openstack/keystone: Update the keystone sample config https://review.openstack.org/147654	20:52
openstackgerrit	Merged openstack/keystone: Make controllers call the new, split out, role manager https://review.openstack.org/144494	20:52
rodrigods	henrynash, the gate likes you :)	20:52
openstackgerrit	henry-nash proposed openstack/keystone: Fix incorrect filter test name https://review.openstack.org/147354	20:52
henrynash	rodigods: never turn down a gift-gate in the mouth….or something like that	20:53
openstackgerrit	henry-nash proposed openstack/keystone: Move sql specific filter test code into test_backend_sql https://review.openstack.org/147358	20:54
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter and sensitivity tests in prepartion for LDAP support https://review.openstack.org/147551	20:55
openstackgerrit	henry-nash proposed openstack/keystone: Enable filtering in LDAP backend for listing entities https://review.openstack.org/147612	20:59
*** mgarza has joined #openstack-keystone		21:00
henrynash	morganfainberg: quick view on whether you think https://blueprints.launchpad.net/keystone/+spec/ldap-filtering needs a spec?	21:01
openstackgerrit	Brant Knudson proposed openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	21:05
openstackgerrit	Brant Knudson proposed openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	21:06
*** carlosmarin has quit IRC		21:10
openstackgerrit	Matt Riedemann proposed openstack/keystone: DO NOT MERGE: more logging for failed ec2 creds https://review.openstack.org/147663	21:11
*** chrisshattuck has quit IRC		21:17
*** chlong_ has joined #openstack-keystone		21:20
*** bknudson has quit IRC		21:23
*** carlosmarin has joined #openstack-keystone		21:25
*** carlosmarin has quit IRC		21:26
openstackgerrit	Matt Riedemann proposed openstack/keystone: DO NOT MERGE: more logging for failed ec2 creds https://review.openstack.org/147663	21:26
*** carlosmarin has joined #openstack-keystone		21:26
*** bknudson has joined #openstack-keystone		21:27
*** ChanServ sets mode: +v bknudson		21:27
*** ayoung has joined #openstack-keystone		21:31
*** ChanServ sets mode: +v ayoung		21:31
henrynash	ayoung: could I trouble for a quick +2/A on this before someone else trips over it: https://review.openstack.org/#/c/147654/2	21:43
ayoung	henrynash, looking	21:43
henrynash	ayoung: easy one	21:43
ayoung	henrynash, +A	21:44
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/147028	21:44
henrynash	ayoung: thx….we shame we can’t somehow prevent taht sort of thing slipping in	21:44
ayoung	henrynash, for one liners or things like that, we really should relax the review ruls:	21:44
ayoung	rule	21:44
ayoung	I should be able to +A this one, for example: https://review.openstack.org/#/c/147354/3/keystone/tests/test_backend.py,cm	21:45
*** jorge_munoz has quit IRC		21:45
henrynash	ayoung: yep….I guess it isn’t taht hard to fine someone else to push it in….but I know what you mean	21:46
*** david-lyle has joined #openstack-keystone		21:46
ayoung	henrynash, it would be cool if we could sort the outstanding reviews by the number of lines changed	21:47
henrynash	ayoung: …and have a more iintellegent caompare that spotted lines moved !	21:48
ayoung	henrynash, ++	21:49
*** chlong_ has quit IRC		21:50
*** jorge_munoz has joined #openstack-keystone		21:52
*** chrisshattuck has joined #openstack-keystone		21:54
*** carlosmarin has quit IRC		21:55
*** Ctina_ has joined #openstack-keystone		21:58
*** jorge_munoz has quit IRC		21:59
*** jorge_munoz has joined #openstack-keystone		22:00
*** stevemar has quit IRC		22:01
*** Ctina has quit IRC		22:02
*** gyee_ has joined #openstack-keystone		22:02
*** Ctina_ has quit IRC		22:03
*** gyee has quit IRC		22:06
*** topol has quit IRC		22:12
*** _cjones_ has quit IRC		22:15
*** abhirc has quit IRC		22:15
*** lhcheng has joined #openstack-keystone		22:16
*** _cjones_ has joined #openstack-keystone		22:18
*** ayoung has quit IRC		22:20
*** dims_ has joined #openstack-keystone		22:22
*** dims has quit IRC		22:26
*** david-lyle has quit IRC		22:27
*** fifieldt__ has joined #openstack-keystone		22:32
*** _cjones_ has quit IRC		22:34
*** fifieldt_ has quit IRC		22:34
*** david-lyle has joined #openstack-keystone		22:37
openstackgerrit	Merged openstack/keystone: Update the keystone sample config https://review.openstack.org/147654	22:42
openstackgerrit	Merged openstack/keystone: Make unit tests call the new, split out, role manager https://review.openstack.org/144548	22:43
*** openstack has joined #openstack-keystone		23:01
*** kragniz_ has joined #openstack-keystone		23:06
*** toddnni has joined #openstack-keystone		23:06
*** breton has joined #openstack-keystone		23:06
*** vhoward has joined #openstack-keystone		23:06
*** tziom has joined #openstack-keystone		23:06
*** avozza has joined #openstack-keystone		23:06
*** csd has joined #openstack-keystone		23:06
*** crinkle_ has joined #openstack-keystone		23:06
*** alex_xu_ has joined #openstack-keystone		23:06
*** esmute has joined #openstack-keystone		23:06
*** andreaf has joined #openstack-keystone		23:06
*** morganfainberg has joined #openstack-keystone		23:06
*** david-lyle has joined #openstack-keystone		23:06
*** ekarlso has joined #openstack-keystone		23:06
*** BAKfr has joined #openstack-keystone		23:06
*** Guest49876 has joined #openstack-keystone		23:06
*** viktors has joined #openstack-keystone		23:06
*** arif-ali has joined #openstack-keystone		23:06
*** achudnovets_ has joined #openstack-keystone		23:06
*** samueldmq has joined #openstack-keystone		23:06
*** lsmola_ has joined #openstack-keystone		23:06
*** afaranha_ has joined #openstack-keystone		23:06
*** charz has joined #openstack-keystone		23:06
*** Guest97735 has joined #openstack-keystone		23:06
*** ptoohill has joined #openstack-keystone		23:06
*** mkoderer_ has joined #openstack-keystone		23:06
*** dvorak has joined #openstack-keystone		23:06
*** radez_g0` has joined #openstack-keystone		23:06
*** mitz_ has joined #openstack-keystone		23:06
*** rodrigod` has joined #openstack-keystone		23:06
*** klaas__ has joined #openstack-keystone		23:06
*** lvh_ has joined #openstack-keystone		23:06
*** dims has joined #openstack-keystone		23:06
*** ctracey_ has joined #openstack-keystone		23:06
*** lhcheng has joined #openstack-keystone		23:06
*** afazekas has joined #openstack-keystone		23:06
*** jaosorior has joined #openstack-keystone		23:06
*** zzzeek has joined #openstack-keystone		23:06
*** diegows has joined #openstack-keystone		23:06
*** josecastroleon has joined #openstack-keystone		23:06
*** erkules has joined #openstack-keystone		23:06
*** Sanchit has joined #openstack-keystone		23:06
*** dtantsur\|afk has joined #openstack-keystone		23:06
*** serverascode has joined #openstack-keystone		23:06
*** flwang has joined #openstack-keystone		23:06
*** sendak.freenode.net sets mode: +v morganfainberg		23:06
*** jraim has joined #openstack-keystone		23:06
*** tellesnobrega has joined #openstack-keystone		23:06
*** dstanek has joined #openstack-keystone		23:06
*** hockeynut has joined #openstack-keystone		23:06
*** adam_g has joined #openstack-keystone		23:06
*** rushiagr_away has joined #openstack-keystone		23:06
*** mancdaz has joined #openstack-keystone		23:06
*** dolphm has joined #openstack-keystone		23:06
*** jacorob has joined #openstack-keystone		23:06
*** hugokuo has joined #openstack-keystone		23:06
*** quack_quack_ has joined #openstack-keystone		23:06
*** amaurymedeiros has joined #openstack-keystone		23:06
*** wolsen has joined #openstack-keystone		23:06
*** alex_xu has joined #openstack-keystone		23:06
*** openstackgerrit has joined #openstack-keystone		23:06
*** larsks has joined #openstack-keystone		23:06
*** anteaya has joined #openstack-keystone		23:06
*** gothicmindfood has joined #openstack-keystone		23:06
*** gus has joined #openstack-keystone		23:06
*** rharwood has joined #openstack-keystone		23:06
*** dhellmann has joined #openstack-keystone		23:06
*** amerine has joined #openstack-keystone		23:06
*** marekd has joined #openstack-keystone		23:06
*** xxj has joined #openstack-keystone		23:06
*** telemonster has joined #openstack-keystone		23:06
*** jdennis has joined #openstack-keystone		23:06
*** notmyname has joined #openstack-keystone		23:06
*** chmouel has joined #openstack-keystone		23:06
*** ChanServ has joined #openstack-keystone		23:06
*** sendak.freenode.net sets mode: +voo dstanek dolphm ChanServ		23:06
*** chrisshattuck has joined #openstack-keystone		23:06
*** amauryme` has joined #openstack-keystone		23:06
*** esp has joined #openstack-keystone		23:06
*** nonameentername has joined #openstack-keystone		23:06
*** wolsen_ has joined #openstack-keystone		23:06
*** x58 has joined #openstack-keystone		23:07
*** dvorak has quit IRC		23:07
*** mkoderer_ has quit IRC		23:07
*** flwang has quit IRC		23:07
*** tellesnobrega has quit IRC		23:07
*** openstackgerrit has quit IRC		23:07
*** alex_xu has quit IRC		23:07
*** wolsen has quit IRC		23:07
*** amaurymedeiros has quit IRC		23:07
*** klaas__ is now known as klaas_		23:07
*** grantbow has joined #openstack-keystone		23:08
*** tellesnobrega has joined #openstack-keystone		23:08
*** xxj has quit IRC		23:08
*** kragniz_ is now known as kragniz		23:08
*** gordc has joined #openstack-keystone		23:09
*** lbragstad has quit IRC		23:09
*** navid_ has joined #openstack-keystone		23:09
*** lbragstad has joined #openstack-keystone		23:11
*** tristanC has joined #openstack-keystone		23:12
*** david_hu__ has joined #openstack-keystone		23:12
*** therve has joined #openstack-keystone		23:12
*** wanghong has joined #openstack-keystone		23:12
*** jbonjean has joined #openstack-keystone		23:12
*** dguerri has joined #openstack-keystone		23:12
*** wpf has joined #openstack-keystone		23:12
*** rwsu has joined #openstack-keystone		23:12
*** _cjones_ has joined #openstack-keystone		23:12
*** Qlawy_ has joined #openstack-keystone		23:12
*** jimbaker` has joined #openstack-keystone		23:12
*** boltR has joined #openstack-keystone		23:12
*** nkinder_away has joined #openstack-keystone		23:12
*** richm has joined #openstack-keystone		23:12
*** amakarov_away has joined #openstack-keystone		23:12
*** dobson has joined #openstack-keystone		23:12
*** redrobot has joined #openstack-keystone		23:12
*** HenryG has joined #openstack-keystone		23:12
*** mkoderer has joined #openstack-keystone		23:12
*** gabriel-bezerra has joined #openstack-keystone		23:12
*** jell has joined #openstack-keystone		23:13
*** saltsa has joined #openstack-keystone		23:13
*** rdo has joined #openstack-keystone		23:13
*** junhongl has joined #openstack-keystone		23:13
*** openstackgerrit has joined #openstack-keystone		23:13
*** dvorak has joined #openstack-keystone		23:13
*** baffle has joined #openstack-keystone		23:13
*** carlosmarin has joined #openstack-keystone		23:13
*** jamiec has joined #openstack-keystone		23:13
*** flwang has joined #openstack-keystone		23:13
*** sudorandom has joined #openstack-keystone		23:13
*** ayoung has joined #openstack-keystone		23:13
*** hogepodge has joined #openstack-keystone		23:13
*** xianghui has joined #openstack-keystone		23:14
*** redrobot is now known as Guest29310		23:14
*** jell is now known as Guest39600		23:14
*** tsufiev has joined #openstack-keystone		23:14
*** xxj has joined #openstack-keystone		23:15
*** harlowja has joined #openstack-keystone		23:15
*** junhongl has quit IRC		23:20
*** ctracey_ is now known as ctracey		23:20
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignments Filters Performance https://review.openstack.org/137202	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve creation of expected role assignments https://review.openstack.org/144544	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests https://review.openstack.org/137021	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor check of targets and actors on RoleV3 https://review.openstack.org/144702	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor role assignment assertions https://review.openstack.org/144543	23:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Fixes 'OS-INHERIT:inherited_to' info in tests https://review.openstack.org/144542	23:21
*** amauryme` is now known as amaurymedeiros		23:22
*** amaurymedeiros has joined #openstack-keystone		23:22
*** dougwig has joined #openstack-keystone		23:23
openstackgerrit	Merged openstack/keystone: Fix transaction issue in migration 44 downgrade https://review.openstack.org/144321	23:24
*** junhongl has joined #openstack-keystone		23:24
*** david-lyle has quit IRC		23:24
jamielennox	I'm sure i'm right on this, but the X-Auth-Token header will be ignored if you pass it when getting a token - right?	23:26
*** lsmola_ has quit IRC		23:26
*** lsmola_ has joined #openstack-keystone		23:26
jamielennox	the token method takes the token within the body - and i can't think (or see in a quick look over) anywhere you would use the header	23:27
*** andreaf has quit IRC		23:27
*** andreaf has joined #openstack-keystone		23:27
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignments Filters Performance https://review.openstack.org/137202	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve creation of expected role assignments https://review.openstack.org/144544	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests https://review.openstack.org/137021	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor check of targets and actors on RoleV3 https://review.openstack.org/144702	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor role assignment assertions https://review.openstack.org/144543	23:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Fixes 'OS-INHERIT:inherited_to' info in tests https://review.openstack.org/144542	23:28
*** david_hu__ has quit IRC		23:30
*** david_hu__ has joined #openstack-keystone		23:30
*** harlowja has quit IRC		23:31
*** harlowja has joined #openstack-keystone		23:31
*** dougwig has quit IRC		23:31
*** dougwig has joined #openstack-keystone		23:31
*** jaosorior has quit IRC		23:33
*** carlosmarin has quit IRC		23:33
*** carlosmarin has joined #openstack-keystone		23:36
*** oomichi has joined #openstack-keystone		23:38
*** chlong has joined #openstack-keystone		23:40
*** crinkle_ is now known as crinkle		23:51
*** carlosmarin has quit IRC		23:51
*** carlosmarin has joined #openstack-keystone		23:52
*** gordc has quit IRC		23:57
*** carlosmarin has quit IRC		23:58
*** chrisshattuck has quit IRC		23:58
*** carlosmarin has joined #openstack-keystone		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!