Wednesday, 2015-01-21

*** ayoung has joined #openstack-keystone		00:09
*** ChanServ sets mode: +v ayoung		00:09
*** topol has quit IRC		00:12
*** jaosorior has quit IRC		00:13
*** marg7175 has quit IRC		00:14
*** ayoung has quit IRC		00:18
openstackgerrit	Merged openstack/keystone-specs: Enable the storing of domain specific configuration in SQL. https://review.openstack.org/123238	00:27
*** shakamunyi has joined #openstack-keystone		00:29
*** shakamunyi has quit IRC		00:30
*** shakamunyi has joined #openstack-keystone		00:32
*** shakamunyi has quit IRC		00:38
*** henrynash has quit IRC		00:38
openstackgerrit	Steve Martinelli proposed openstack/keystone-specs: Visual Page for WebSSO https://review.openstack.org/133529	00:40
*** stevemar has quit IRC		00:45
*** packet has quit IRC		00:49
*** henrynash has joined #openstack-keystone		00:51
*** ChanServ sets mode: +v henrynash		00:51
*** abhirc has joined #openstack-keystone		00:51
*** chrisshattuck has joined #openstack-keystone		00:53
*** zzzeek has quit IRC		00:53
*** abhirc has quit IRC		01:10
*** abhirc has joined #openstack-keystone		01:19
*** zigo_ has joined #openstack-keystone		01:21
*** abhirc has quit IRC		01:21
*** abhirc has joined #openstack-keystone		01:21
*** zigo has quit IRC		01:21
*** rwsu has quit IRC		01:23
*** radez is now known as radez_g0n3		01:25
*** ncoghlan has joined #openstack-keystone		01:26
*** zigo has joined #openstack-keystone		01:27
*** zigo_ has quit IRC		01:27
*** _cjones_ has quit IRC		01:30
*** henrynash has quit IRC		01:31
*** chrisshattuck has quit IRC		01:38
*** abhirc has quit IRC		01:42
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Removes unnecessary checks when cleaning a domain https://review.openstack.org/146264	01:43
*** zigo has quit IRC		01:46
*** zigo has joined #openstack-keystone		01:47
*** abhirc has joined #openstack-keystone		01:52
*** ljfisher has joined #openstack-keystone		01:57
*** g2` is now known as nixter1029		01:58
*** nixter1029 is now known as g2`		01:58
*** g2` is now known as Quest26477		01:59
openstackgerrit	Ian Cordasco proposed openstack/python-keystoneclient: Configure TCP Keep-Alive for all Sessions https://review.openstack.org/147707	02:00
*** zigo has quit IRC		02:00
*** zigo has joined #openstack-keystone		02:00
*** Quest26477 is now known as g2`		02:01
*** tellesnobrega has quit IRC		02:06
*** dims__ has quit IRC		02:09
*** chrisshattuck has joined #openstack-keystone		02:27
*** erkules_ has joined #openstack-keystone		02:32
*** erkules has quit IRC		02:34
*** afazekas has quit IRC		02:35
*** harlowja is now known as harlowja_away		02:42
*** KanagarajM has joined #openstack-keystone		02:45
*** marg7175 has joined #openstack-keystone		02:52
*** marekd-mobile has joined #openstack-keystone		02:54
*** chrisshattuck has quit IRC		03:02
*** avozza is now known as zz_avozza		03:04
*** richm has quit IRC		03:09
*** chrisshattuck has joined #openstack-keystone		03:28
*** wanghong_away is now known as wanghong		03:29
*** klaas_ has quit IRC		03:32
*** klaas__ has joined #openstack-keystone		03:47
*** klaas__ has quit IRC		03:52
*** ljfisher has quit IRC		03:52
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Enforce that some plugin options are required https://review.openstack.org/148784	04:02
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Enforce that some plugin options are required https://review.openstack.org/148784	04:08
*** klaas__ has joined #openstack-keystone		04:14
*** diegows has joined #openstack-keystone		04:26
*** boltR has quit IRC		04:29
*** lhcheng has joined #openstack-keystone		04:43
*** abhirc has quit IRC		04:44
*** diegows has quit IRC		04:48
*** klaas__ has quit IRC		04:49
jamielennox	wanghong: did you do a bug for: https://review.openstack.org/#/c/144422/2 ?	04:50
*** samueldmq has quit IRC		04:56
wanghong	jamielennox, I will report soon	04:57
jamielennox	wanghong: no worries	04:57
openstackgerrit	guang-yee proposed openstack/keystone-specs: Tokenless authorization with X.509 SSL client certificate https://review.openstack.org/105913	04:59
wanghong	jamielennox, here is the bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1413071	05:08
openstackgerrit	wanghong proposed openstack/python-keystoneclient: fix enabled parameter of update doesn't default to None https://review.openstack.org/144422	05:10
openstackgerrit	wanghong proposed openstack/python-keystoneclient: make req_ref doesn't require id https://review.openstack.org/148499	05:12
*** henrynash has joined #openstack-keystone		05:15
*** ChanServ sets mode: +v henrynash		05:15
*** MasterPiece has joined #openstack-keystone		05:18
*** junhongl has quit IRC		05:33
*** junhongl has joined #openstack-keystone		05:36
*** chrisshattuck has quit IRC		06:03
*** henrynash has quit IRC		06:04
*** jaosorior has joined #openstack-keystone		06:05
*** tellesnobrega_ has quit IRC		06:22
*** jamielennox is now known as jamielennox\|away		06:25
openstackgerrit	wanghong proposed openstack/python-keystoneclient: make req_ref doesn't require id https://review.openstack.org/148499	06:30
*** MasterPiece has quit IRC		06:31
openstackgerrit	wanghong proposed openstack/keystone: move region and service exist checks into manager layer https://review.openstack.org/141977	06:39
*** stevemar has joined #openstack-keystone		06:39
*** ChanServ sets mode: +v stevemar		06:39
*** MasterPiece has joined #openstack-keystone		06:44
*** KanagarajM has quit IRC		06:46
*** KanagarajM has joined #openstack-keystone		06:48
*** lhcheng has quit IRC		06:55
*** oomichi has quit IRC		06:59
*** stevemar has quit IRC		07:25
*** zz_avozza is now known as avozza		07:28
*** markvoelker has quit IRC		07:29
*** avozza is now known as zz_avozza		07:37
*** zz_avozza is now known as avozza		07:39
*** aix has joined #openstack-keystone		07:45
*** chlong has quit IRC		07:46
*** avozza is now known as zz_avozza		07:49
*** oomichi has joined #openstack-keystone		07:52
*** bjornar has joined #openstack-keystone		07:54
*** erkules_ is now known as erkules		07:56
*** krykowski has joined #openstack-keystone		08:17
*** krykowski_ has joined #openstack-keystone		08:25
*** zz_avozza is now known as avozza		08:27
*** krykowski has quit IRC		08:28
*** oomichi has quit IRC		08:28
*** boris-42 has quit IRC		08:33
*** krykowski_ has quit IRC		08:35
*** avozza is now known as zz_avozza		08:37
*** krykowski has joined #openstack-keystone		08:41
*** marg7175 has quit IRC		08:49
*** zz_avozza is now known as avozza		09:03
*** ncoghlan has quit IRC		09:08
*** jistr has joined #openstack-keystone		09:09
*** josecastroleon has quit IRC		09:36
*** josecastroleon has joined #openstack-keystone		09:37
*** mzbik has joined #openstack-keystone		09:40
mzbik	amakarov_away, Hi, it looks like your patch for keystone role names (https://review.openstack.org/148642 ) works and helped with heat delegation :D Thanks!	09:41
*** krykowski has quit IRC		09:49
*** jistr has quit IRC		09:50
*** jistr has joined #openstack-keystone		09:56
*** tellesnobrega_ has joined #openstack-keystone		10:15
*** krykowski has joined #openstack-keystone		10:19
*** afazekas has joined #openstack-keystone		10:28
*** nellysmitt has joined #openstack-keystone		10:32
*** aix has quit IRC		10:45
*** marg7175 has joined #openstack-keystone		10:50
*** KanagarajM has quit IRC		10:56
*** boris-42 has joined #openstack-keystone		11:05
*** tellesnobrega_ has quit IRC		11:13
*** aix has joined #openstack-keystone		11:16
*** marekd-mobile has quit IRC		11:20
*** amakarov_away is now known as amakarov		11:29
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: API changes for subtree_ids and parents_ids params https://review.openstack.org/147871	11:38
*** krykowski has quit IRC		11:46
*** rdo has quit IRC		11:46
*** tellesnobrega has joined #openstack-keystone		11:47
*** rdo has joined #openstack-keystone		11:48
*** krykowski has joined #openstack-keystone		11:49
amakarov	mzbik, cheers!	11:52
mzbik	amakarov, :)	11:53
mzbik	amakarov, but I think I just found issue	11:53
amakarov	mzbik, please share :)	11:54
mzbik	amakarov, http://wklej.org/id/1602988/	11:54
*** krykowski has quit IRC		11:55
mzbik	it happend when deleting heat stack, however stack was created without problems - after your patch	11:56
mzbik	so It might be connected	11:56
mzbik	but not sure	11:57
amakarov	mzbik, well, looks like validation needs to check role format by itself	11:57
amakarov	ok, follow my patch then, fixing now :)	11:58
mzbik	:)	11:58
*** jamielennox\|away is now known as jamielennox		12:01
*** krykowski has joined #openstack-keystone		12:01
*** saltsa has quit IRC		12:02
*** chlong has joined #openstack-keystone		12:02
*** saltsa has joined #openstack-keystone		12:03
*** raildo has joined #openstack-keystone		12:03
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignments Filters Performance https://review.openstack.org/137202	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve creation of expected assignments in tests https://review.openstack.org/144544	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests https://review.openstack.org/137021	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor check of targets and actors on RoleV3 https://review.openstack.org/144702	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor role assignment assertions https://review.openstack.org/144543	12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Fixes 'OS-INHERIT:inherited_to' info in tests https://review.openstack.org/144542	12:08
*** krykowski has quit IRC		12:08
openstackgerrit	Alexander Makarov proposed openstack/keystone: Chain a trust with a role specified by name https://review.openstack.org/148642	12:19
amakarov	mzbik, ^^	12:20
mzbik	checking	12:20
mzbik	some progress	12:36
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Reorder parameters in federation API docs. https://review.openstack.org/148911	12:37
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements parents_ids query param https://review.openstack.org/148567	12:42
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements subtree_ids query param https://review.openstack.org/148618	12:42
mzbik	Look like your patch works, but I have problem with roles: Some of requested roles are not in redelegated trust	12:43
mzbik	need to trace it :)	12:43
mzbik	thanks	12:43
*** diegows has joined #openstack-keystone		12:47
*** krykowski has joined #openstack-keystone		12:53
openstackgerrit	Henrique Truta proposed openstack/python-keystoneclient: Creating parameter to list inherited role assignments https://review.openstack.org/117300	12:54
*** nellysmitt has quit IRC		13:01
*** krykowski has quit IRC		13:02
*** marg7175 has quit IRC		13:03
*** krykowski has joined #openstack-keystone		13:08
*** dims__ has joined #openstack-keystone		13:10
*** jamielennox is now known as jamielennox\|away		13:21
*** rdo has quit IRC		13:22
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Correct failures for check H238 https://review.openstack.org/146337	13:27
*** abhirc has joined #openstack-keystone		13:28
openstackgerrit	Brant Knudson proposed openstack/oslo.policy: Update .gitignore https://review.openstack.org/148671	13:33
*** ljfisher has joined #openstack-keystone		13:40
*** rdo has joined #openstack-keystone		13:41
*** ljfisher has quit IRC		13:44
*** abhirc has quit IRC		13:45
*** gordc has joined #openstack-keystone		13:45
*** lhcheng has joined #openstack-keystone		13:45
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Switch from oslo.utils to oslo_utils https://review.openstack.org/145968	13:48
*** abhirc has joined #openstack-keystone		13:49
*** ljfisher has joined #openstack-keystone		13:51
*** abhirc has quit IRC		13:52
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Change oslo.serialization to oslo_serialization https://review.openstack.org/148632	13:52
*** tellesnobrega has quit IRC		13:54
*** samueldmq-away has quit IRC		13:55
*** raildo has quit IRC		13:55
*** htruta has quit IRC		13:55
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Change oslo.config to oslo_config https://review.openstack.org/145252	13:55
*** krykowski has quit IRC		14:00
*** radez_g0n3 is now known as radez		14:00
*** krykowski has joined #openstack-keystone		14:04
*** lhcheng has quit IRC		14:04
*** htruta has joined #openstack-keystone		14:06
*** raildo has joined #openstack-keystone		14:06
*** mattfarina has joined #openstack-keystone		14:06
*** samueldmq-away has joined #openstack-keystone		14:06
*** tellesnobrega has joined #openstack-keystone		14:06
*** kashyap has joined #openstack-keystone		14:06
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use migration_cli for db migrations https://review.openstack.org/147548	14:07
kashyap	Heya, so - with current Keystone git master, DevStack invocations started failing with:	14:08
kashyap	"2015-01-21 13:58:42.440 \| The service catalog is empty."	14:08
kashyap	The above occurs when Neutron is trying to create a private network	14:09
kashyap	Contextual log from DevStack: http://paste.openstack.org/show/159743/ . Any hints as to what could be the root cause?	14:09
*** joesavak has joined #openstack-keystone		14:10
*** sriram has joined #openstack-keystone		14:13
kashyap	Hmm, the IP address of the DevStack VM changed, probably something related to that in Keystone configs. . /me double checks	14:13
openstackgerrit	Henrique Truta proposed openstack/python-keystoneclient: Creating parameter to list inherited role assignments https://review.openstack.org/117300	14:14
*** richm has joined #openstack-keystone		14:26
*** diegows has quit IRC		14:37
mzbik	amakarov, any idea how to debug this: https://github.com/openstack/keystone/blob/4325113f163137976ccb625ea5f324e75beed44e/keystone/trust/core.py#L82-L87	14:40
mzbik	we have no idea what role is missing :/	14:40
mzbik	uh, this is somwhere you created patch	14:42
mzbik	https://review.openstack.org/#/c/148642/4/keystone/trust/core.py --> if role[key] not in p_roles[key]:	14:43
amakarov	mzbik, yes - the problem is that I expected roles to be stored with id	14:45
mzbik	hmm	14:46
amakarov	last patch checks against id and name	14:46
mzbik	Maybe this is heat bug?	14:46
mzbik	But why I was able to create stack, and it fail only when I want to delete it oO	14:46
amakarov	so if you redelegate role by name then it will validate against parent trust's role names	14:47
mzbik	so it looks like it was redelegated by name, but now heat expects ids?	14:48
amakarov	I cant say for sure without traceback or something like that	14:49
mzbik	trying to get sth more than Json requests	14:50
amakarov	What goes wrong?	14:50
mzbik	and error from heat	14:50
amakarov	ok, can you see the keystone response?	14:50
mzbik	http://wklej.org/id/1603188/	14:51
mzbik	http://wklej.org/hash/6da1bd37fa8/ <-- keystone response for using trust	14:52
mzbik	http://wklej.org/hash/1287dbb61f5/ <-- creating trust (it was before using it of course ;) )	14:52
*** ljfisher has quit IRC		14:53
mzbik	this is trust created from trust to be exact	14:53
mzbik	maybe this is problem	14:53
mzbik	we created "oryginal" trust with two roles: _member_ and heat_stack_owner	14:53
amakarov	mzbik, can you get 2b621f0a1e44488c8205227355f33e7c trust?	14:54
mzbik	sure	14:54
*** ljfisher has joined #openstack-keystone		14:58
amakarov	mzbik, I'd like to see "roles" from it, I have a suspicion that ids may differ	14:59
mzbik	http://wklej.org/hash/7cd5c58a8b4/ <-- create that trust	14:59
amakarov	cool, thanks	15:00
* amakarov compares role ids		15:00
mzbik	http://wklej.org/hash/1812cdaa8d2/ <-- first use (in my tcpdump ;) )	15:00
mzbik	http://wklej.org/hash/51bba223eaa/ <-- second use	15:00
amakarov	ok, my suspicion was wrong...	15:01
amakarov	mzbik, let me think for a while	15:02
*** nellysmitt has joined #openstack-keystone		15:02
mzbik	amakarov, take your time	15:02
*** rushiagr_away is now known as rushiagr		15:05
*** nellysmitt has quit IRC		15:06
*** gpanda has joined #openstack-keystone		15:08
amakarov	mzbik, looks like my test was not complete, I reproduced it, thanks!	15:08
*** jasondotstar has joined #openstack-keystone		15:08
mzbik	:)	15:08
*** jasondotstar has quit IRC		15:08
*** jasondotstar has joined #openstack-keystone		15:09
*** krykowski has quit IRC		15:09
*** gpanda has quit IRC		15:11
*** kashyap has left #openstack-keystone		15:13
*** krykowski has joined #openstack-keystone		15:15
*** thedodd has joined #openstack-keystone		15:16
*** marg7175 has joined #openstack-keystone		15:21
*** topol has joined #openstack-keystone		15:21
*** ChanServ sets mode: +v topol		15:21
*** ayoung has joined #openstack-keystone		15:21
*** ChanServ sets mode: +v ayoung		15:21
*** abhirc has joined #openstack-keystone		15:22
*** bknudson has joined #openstack-keystone		15:23
*** ChanServ sets mode: +v bknudson		15:23
*** topol has quit IRC		15:24
*** stevemar has joined #openstack-keystone		15:24
*** ChanServ sets mode: +v stevemar		15:24
*** topol has joined #openstack-keystone		15:24
*** ChanServ sets mode: +v topol		15:24
*** stevemar has quit IRC		15:25
*** henrynash has joined #openstack-keystone		15:25
*** ChanServ sets mode: +v henrynash		15:25
*** mzbik has quit IRC		15:26
*** pnavarro has joined #openstack-keystone		15:27
henrynash	lbragstad: https://review.openstack.org/#/c/144650/5	15:28
*** stevemar has joined #openstack-keystone		15:29
*** ChanServ sets mode: +v stevemar		15:29
marekd	stevemar: ayoung: https://review.openstack.org/#/c/142573	15:31
marekd	stevemar's already +1'd it.	15:31
stevemar	websso?	15:31
marekd	stevemar: nope, direct group mapping	15:32
marekd	stevemar: sorry, white/blacklists	15:32
stevemar	ah	15:32
marekd	stevemar: for the websso added a "to-check" comment.	15:32
*** fpatwa has joined #openstack-keystone		15:35
rodrigods	stevemar, ping re: replied your comment in https://review.openstack.org/#/c/147871/	15:37
stevemar	rodrigods, still catching up!	15:37
*** jasondotstar has quit IRC		15:38
*** atiwari has joined #openstack-keystone		15:39
*** lhcheng has joined #openstack-keystone		15:40
stevemar	rodrigods, okay, makes sense	15:40
rodrigods	stevemar, did you see the second reply?	15:41
*** MasterPiece has quit IRC		15:42
*** jxxxxx has quit IRC		15:43
stevemar	rodrigods, yeah, let me ask around here	15:45
rodrigods	stevemar, ++	15:46
openstackgerrit	henry-nash proposed openstack/keystone: Move projects and domains to their own backend https://review.openstack.org/144824	15:47
openstackgerrit	Merged openstack/keystone-specs: Reorder parameters in federation API docs. https://review.openstack.org/148911	15:50
openstackgerrit	henry-nash proposed openstack/keystone: Remove unused pointer to assignment in identity driver https://review.openstack.org/145022	15:51
openstackgerrit	henry-nash proposed openstack/keystone: Make controllers and managers reference new resource manager https://review.openstack.org/133525	15:52
*** krykowski has quit IRC		15:54
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient-federation: Workflow documentation is now in infra-manual https://review.openstack.org/139376	15:54
*** stevemar has quit IRC		15:57
*** stevemar has joined #openstack-keystone		15:57
*** ChanServ sets mode: +v stevemar		15:57
*** jasondotstar has joined #openstack-keystone		16:01
*** krykowski has joined #openstack-keystone		16:03
openstackgerrit	henry-nash proposed openstack/keystone: Make unit tests call the new resource manager https://review.openstack.org/130954	16:07
*** fpatwa has quit IRC		16:08
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use migration_cli for db migrations https://review.openstack.org/147548	16:09
openstackgerrit	David Stanek proposed openstack/keystone: Fixes a type check to make it work in Python 3 https://review.openstack.org/125410	16:11
openstackgerrit	David Stanek proposed openstack/keystone: Updates Python3 requirements https://review.openstack.org/130579	16:11
openstackgerrit	David Stanek proposed openstack/keystone: Mocks out the memcache library for tests https://review.openstack.org/125409	16:11
openstackgerrit	David Stanek proposed openstack/keystone: Adds a fork of python-ldap for Py3 testing https://review.openstack.org/95827	16:11
*** krykowski has quit IRC		16:13
*** briancurtin has joined #openstack-keystone		16:14
*** atiwari has quit IRC		16:15
*** atiwari has joined #openstack-keystone		16:15
*** lhcheng has quit IRC		16:20
*** lhcheng has joined #openstack-keystone		16:20
openstackgerrit	guang-yee proposed openstack/keystone-specs: Tokenless authorization with X.509 SSL client certificate https://review.openstack.org/105913	16:23
gordc	stevemar: any concerns with me moving https://github.com/openstack/pycadf/blob/master/pycadf/audit/api.py to keystonemiddleware?	16:24
gordc	the code is very middleware specific.	16:24
*** abhirc has quit IRC		16:25
*** jasondotstar has quit IRC		16:27
stevemar	gordc, at which point you won't have anything left in pycadf!	16:27
stevemar	nah, i think it makes sense	16:28
stevemar	i guess pycadf will just create the payload/content, which makes sense	16:28
gordc	stevemar: my grand scheme. :)	16:28
stevemar	you want something else to actually send it off	16:28
stevemar	propose a spec	16:29
gordc	stevemar: yeah. i want to make pycadf to be just the schema... and validation.	16:29
stevemar	cause you'll need to move the the mappings and the tests over too	16:29
stevemar	:(	16:29
*** atiwari has quit IRC		16:29
gordc	stevemar: the actually building i wanted to offload... unless it's super generic.	16:29
stevemar	yep	16:29
stevemar	at which point the keystone team will have to decide what they want to do when there is no service catalog, and auditing is enabled :O	16:30
gordc	stevemar: crap... yeah.. test cases...	16:30
gordc	i'm going to make the service catalog usage optional... ie. adding a 'enable_discovery' opt	16:30
gordc	i'll just move it over sans unit tests... and if it's cool i'll move over tests as well	16:33
*** abhirc has joined #openstack-keystone		16:33
*** lhcheng_ has joined #openstack-keystone		16:34
*** lhcheng has quit IRC		16:38
raildo	ayoung, ping, I'm implementing the sql migration to domain as project. Do you decide something about what I have to do when i found some namespace clashing and Id clashing?	16:41
openstackgerrit	Merged openstack/python-keystoneclient-federation: Workflow documentation is now in infra-manual https://review.openstack.org/139376	16:43
openstackgerrit	guang-yee proposed openstack/keystone-specs: Tokenless authorization with X.509 SSL client certificate https://review.openstack.org/105913	16:45
openstackgerrit	Merged openstack/oslo.policy: Move project imports after 3rd party imports https://review.openstack.org/148743	16:45
openstackgerrit	Alexander Makarov proposed openstack/keystone: Chain a trust with a role specified by name https://review.openstack.org/148642	16:48
*** nellysmitt has joined #openstack-keystone		16:48
*** dims__ has quit IRC		16:50
stevemar	rodrigods, OK, we talked it over	16:54
rodrigods	stevemar, great, thx for that	16:55
*** jsavak has joined #openstack-keystone		16:58
*** dims__ has joined #openstack-keystone		17:01
*** joesavak has quit IRC		17:01
*** joesavak has joined #openstack-keystone		17:02
*** packet has joined #openstack-keystone		17:02
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: API changes for subtree_as_ids and parents_as_ids https://review.openstack.org/147871	17:03
*** jsavak has quit IRC		17:03
*** rwsu has joined #openstack-keystone		17:04
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: API changes for subtree_as_ids and parents_as_ids https://review.openstack.org/147871	17:05
*** andreaf has joined #openstack-keystone		17:06
rodrigods	stevemar, morganfainberg, henrynash, thx for clarifying this ^	17:06
*** _cjones_ has joined #openstack-keystone		17:07
*** _cjones_ has quit IRC		17:09
*** _cjones_ has joined #openstack-keystone		17:09
raildo	morganfainberg, henrynash, topol Enjoying the rodrigods comment... I fixed what you requested in the reseler spec :) https://review.openstack.org/#/c/139824/17/specs/kilo/reseller.rst Is there anything else that I can do?	17:13
*** atiwari has joined #openstack-keystone		17:14
*** rushiagr is now known as rushiagr_away		17:16
*** samueldmq-away is now known as samueldmq		17:19
samueldmq	henrynash, was reviewing 'Make unit tests call the new resource manager'	17:19
henrynash	yes	17:19
samueldmq	henrynash, it took so long that you uploaded a new patch set, and I am on 13th	17:20
samueldmq	henrynash, :/	17:20
henrynash	sorry!	17:20
samueldmq	henrynash, will adapt and submit, :p	17:20
henrynash	it was only a rebase, I think	17:20
henrynash	btw, see my comemnt on https://review.openstack.org/#/c/137202/	17:20
samueldmq	henrynash, np, that should not take so long to put my comments there :)	17:20
henrynash	just submut the comments on the older patch…I’ll pick them up	17:21
samueldmq	henrynash, going to see	17:21
samueldmq	henrynash, ok, submitted	17:21
henrynash	thx	17:21
anteaya	dstanek: http://git.openstack.org/cgit/openstack-infra/system-config/tree/modules/openstack_project/templates/nodepool/nodepool.yaml.erb	17:22
samueldmq	henrynash, regarding your comment, we defined we cannot ask for effective + user + domain	17:22
samueldmq	henrynash, effective + domain is invalid	17:23
henrynash	samueldmq: I’m not that’s true, what if I want the group roles on a domain expanded out for the user	17:23
rodrigods	samueldmq, henrynash, ++ I think we we're considering only the inherited role assignments use case	17:24
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements parents_as_ids query param https://review.openstack.org/148567	17:24
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements subtree_as_ids query param https://review.openstack.org/148618	17:24
henrynash	agreed…..I found this wwhile working in the metadata removal patch (which I have rebased on yours)..let me post a WIP	17:25
openstackgerrit	henry-nash proposed openstack/keystone: Remove manager-driver assignment metadata construct https://review.openstack.org/148995	17:27
henrynash	samueldmq, rodigods: see changes to assignment/core.py in https://review.openstack.org/148995	17:28
samueldmq	henrynash, so we should be able to have the ability to query domain+user and expand only groups ..	17:30
henrynash	samueldmq; exactly	17:30
samueldmq	henrynash, any other special case you have in mind?	17:30
henrynash	samueldmq: not so far :-)…implementing this metadata removal is quiet a good test of whether we have the fucntionality we need….f	17:31
samueldmq	henrynash, I kind of noticed this when cleaning up older methods to compute assignments on assignment/core... will recheck	17:31
samueldmq	henrynash, ++	17:31
*** radez is now known as radez_g0n3		17:35
*** marg7175 has quit IRC		17:36
*** marg7175 has joined #openstack-keystone		17:37
*** afazekas has quit IRC		17:37
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: Recursive deletion and project disabling https://review.openstack.org/148730	17:37
samueldmq	henrynash, please take a look at http://paste.openstack.org/show/159844/	17:39
samueldmq	henrynash, I listed the methods on assignment core that will need to simply call list_role_assignments in order to compute their results	17:39
henrynash	looking	17:40
samueldmq	henrynash, the ones that have no commentary in front of is because list_role_assignments can already return what they want	17:40
samueldmq	henrynash, there are 2 more special cases we need to care about ther	17:40
henrynash	samueldmq: ah, yes, of course list_projects_for_groups…..used by fedration, forgot about that one	17:42
henrynash	samuledmq: nice	17:42
samueldmq	henrynash, does federation issue tokens for groups?	17:43
henrynash	samuledmq: so maybe prioritise the user/domain one….since we need it for metadata removal	17:43
henrynash	be good to do this is too patches anyway	17:43
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Pull out some CADF taxonomy to be constants https://review.openstack.org/149011	17:44
samueldmq	henrynash, :-)	17:44
*** jasondotstar has joined #openstack-keystone		17:44
samueldmq	henrynash, since role assignments refactoring I already made has not changed the behavior of list_role_assignments	17:44
samueldmq	henrynash, it should be correct ... these cases we're talking about were not covered, right?	17:45
samueldmq	henrynash, should I address in a followon patch ?	17:45
*** thedodd has quit IRC		17:45
samueldmq	henrynash, just grabbed some coffee, waiting to agree how to attack this and I am able to start :)	17:50
henrynash	samueldmq: true…so yes add a follow on patch	17:50
*** avozza is now known as zz_avozza		17:50
henrynash	samueldmq: then I’ll rebase my patch on that one	17:50
samueldmq	henrynash, great! starting right now	17:50
henrynash	samueldmq: fantastic	17:50
samueldmq	henrynash, that shouldn't take me so long	17:50
samueldmq	henrynash, I'll add the functionality and then I ping you for your rebase, after I can revisit tests	17:51
samueldmq	henrynash, just to get your patch consistent asap	17:51
henrynash	samueldmq: thx, appreciated	17:51
*** thedodd has joined #openstack-keystone		17:52
*** Drago has joined #openstack-keystone		17:52
*** boris-42 has quit IRC		17:53
samueldmq	henrynash, np ... regarding inherited flag, have you discussed about in midcycle?	17:56
samueldmq	henrynash, inherited being True/False, etc	17:56
*** jistr has quit IRC		17:56
henrynash	samueldmq: ah, not really…I’ll try and see if we ahev time to raise that	17:56
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Add new CADF taxonomy types https://review.openstack.org/149013	17:57
samueldmq	henrynash, I think I found one problem on keeping only inherited flag as we do today	17:58
*** thedodd has quit IRC		17:58
henrynash	samueldmq: ok	17:58
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Add new CADF taxonomy types https://review.openstack.org/149013	17:59
*** atiwari has quit IRC		17:59
*** thedodd has joined #openstack-keystone		18:00
samueldmq	henrynash, if one get a proejct token with scope {inherited_to:projects}, he/she can't realize if that role assignment is TO BE inherited by that project's subtree or if that came from inheritance from some parent of that project	18:00
samueldmq	henrynash, maybe we should have something like scope {inherited_FROM:parent_id} for effective assignments, so that we can distinguish easily	18:01
henrynash	samueldmq: you mean when processing the output of list_assignments ?	18:02
samueldmq	henrynash, yep... because if you get a token with {inherited_to:projects} you can't realize what that flag means ..	18:03
samueldmq	henrynash, you'll only know that if you look at links:assignment and compare the project_id there with scope:project:id	18:04
samueldmq	henrynash, did you get my point?	18:04
henrynash	samueldmq: so surely it depends if you are looking at effective or not…	18:04
henrynash	samuledmq: not quire	18:04
*** _cjones_ has quit IRC		18:04
samueldmq	henrynash, ok, an example	18:04
raildo	henrynash, do you have some time to discuss this topol's comments here? https://review.openstack.org/#/c/139824/17/specs/kilo/reseller.rst	18:07
samueldmq	henrynash, have this assignment: {role:{id:123}, scope:{project:{id:X}, inherited_to:projects}, user{id:abc}, links{assignment:{/projects/Y/users/abc/roles/123}}}	18:07
*** zzzeek has joined #openstack-keystone		18:07
samueldmq	henrynash, how do you know if inherited_to:projects that mean if 1) this assignment was applied there to only affect its subtree	18:08
samueldmq	henrynash, or 2) if it has came from inheritance	18:08
henrynash	samueldmq: don’t you know becuase of whther you asked for effective or not?	18:08
samueldmq	henrynash, yes.. but do we always know if we've asked for effective? I was wondering if one could have a token and then be able to easily read it	18:09
samueldmq	henrynash, if we had : {role:{id:123}, scope:{project:{id:X}, INHERITED_FROM:Y}, user{id:abc}, links{assignment:{/projects/Y/users/abc/roles/123}}}	18:09
samueldmq	henrynash, it should be able to distinguish each case ..	18:10
henrynash	samueldmq: sure…that would clearer…but not suiqte convinved we ever don’t know if we are doing effective or not….let me mull on it for a bit	18:10
samueldmq	henrynash, we can deduce if we compare project_id on scope and project_id on assignment link	18:11
samueldmq	henrynash, ok	18:11
*** _cjones_ has joined #openstack-keystone		18:13
*** thedodd has quit IRC		18:13
amakarov	samueldmq, hi! Please see my comment in https://review.openstack.org/#/c/141854/	18:14
samueldmq	amakarov, sure	18:15
*** thedodd has joined #openstack-keystone		18:16
samueldmq	amakarov, done.. I think you just need to document the difference between notifications then ..	18:17
samueldmq	amakarov, so it will be easier to one understand what's going on :)	18:18
samueldmq	amakarov, thx	18:18
amakarov	samueldmq, for me all this notification stuff is a mess :)	18:18
samueldmq	amakarov, if so that's just one more argument to you adding a comment there :D	18:19
*** harlowja_away is now known as harlowja		18:20
*** jasondotstar has quit IRC		18:24
*** bknudson has quit IRC		18:27
openstackgerrit	Alexander Makarov proposed openstack/keystone: Group role revocation invalidates all user tokens https://review.openstack.org/141854	18:28
amakarov	samueldmq, ^^	18:28
*** boris-42 has joined #openstack-keystone		18:28
openstackgerrit	henry-nash proposed openstack/keystone: Remove manager-driver assignment metadata construct https://review.openstack.org/148995	18:29
*** thedodd has quit IRC		18:31
samueldmq	amakarov, great, thx	18:31
samueldmq	amakarov, +1	18:31
amakarov	samueldmq, :)	18:32
*** stevemar has quit IRC		18:33
*** henrynash has quit IRC		18:34
*** jsavak has joined #openstack-keystone		18:34
*** topol has quit IRC		18:34
*** lhcheng_ has quit IRC		18:34
*** thedodd has joined #openstack-keystone		18:35
*** joesavak has quit IRC		18:37
*** ayoung has quit IRC		18:40
*** marg7175 has quit IRC		18:46
openstackgerrit	Merged openstack/keystone: Refactor assignment manager/driver methods https://review.openstack.org/144650	18:59
*** dims__ has quit IRC		19:00
openstackgerrit	Merged openstack/keystone: Correct comment about circular dependency https://review.openstack.org/144850	19:02
*** aix has quit IRC		19:04
*** dims__ has joined #openstack-keystone		19:18
*** dims__ has quit IRC		19:23
*** carlosmarin has joined #openstack-keystone		19:23
*** marg7175 has joined #openstack-keystone		19:27
*** dims_ has joined #openstack-keystone		19:34
*** thedodd has quit IRC		19:34
*** dims_ has quit IRC		19:37
*** dims__ has joined #openstack-keystone		19:37
*** dims_ has joined #openstack-keystone		19:40
openstackgerrit	Alexander Makarov proposed openstack/keystone: Assignment sql backend create_grant refactoring https://review.openstack.org/141352	19:42
*** dims___ has joined #openstack-keystone		19:42
*** dims___ has quit IRC		19:43
*** dims___ has joined #openstack-keystone		19:43
*** dims__ has quit IRC		19:43
openstackgerrit	Alexander Makarov proposed openstack/keystone: Assignment sql backend create_grant refactoring https://review.openstack.org/141352	19:44
*** dims_ has quit IRC		19:46
*** fifieldt__ has joined #openstack-keystone		19:53
samueldmq	amakarov, just rebased ? ^	19:54
amakarov	samueldmq, yes, it was a conflict	19:54
*** _cjones_ has quit IRC		19:55
*** fifieldt_ has quit IRC		19:56
*** diegows has joined #openstack-keystone		19:57
openstackgerrit	Alexander Makarov proposed openstack/keystone: Chain a trust with a role specified by name https://review.openstack.org/148642	19:58
*** thedodd has joined #openstack-keystone		19:59
*** thedodd has quit IRC		19:59
*** harlowja is now known as harlowja_away		19:59
*** marg7175 has quit IRC		20:00
*** _cjones_ has joined #openstack-keystone		20:02
openstackgerrit	Ian Cordasco proposed openstack/python-keystoneclient: Configure TCP Keep-Alive for certain Sessions https://review.openstack.org/147707	20:02
*** chrisshattuck has joined #openstack-keystone		20:02
*** amakarov is now known as amakarov_away		20:03
*** harlowja_away is now known as harlowja		20:04
*** jasondotstar has joined #openstack-keystone		20:04
*** marg7175 has joined #openstack-keystone		20:06
*** jasondotstar has quit IRC		20:09
*** vhoward has left #openstack-keystone		20:13
*** marg7175 has quit IRC		20:16
*** marg7175 has joined #openstack-keystone		20:17
*** henrynash has joined #openstack-keystone		20:20
*** ChanServ sets mode: +v henrynash		20:20
samueldmq	henrynash, almost finished... just need to agree one thing	20:21
henrynash	samueldmq: hi	20:21
samueldmq	henrynash, will we expose effective + domain to controller ? (in which we just expand group membership)	20:21
samueldmq	henrynash, or just use it internally ?	20:22
henrynash	samueldmq: I think this is meant to be exposed via the existing API...	20:22
samueldmq	henrynash, well... we cant do this with the existing api ..	20:23
henrynash	samueldmq: don’t we support: GET	20:25
henrynash	GET /role_assignments?user.id={user_id}&scope.domain_id={domain_id}&effective	20:26
samueldmq	henrynash, with actual implementation, default v3 filtering is applied to the resultant list (in wrapper v3)	20:26
samueldmq	henrynash, using ?effective the resultant list has not domain assingment	20:27
samueldmq	henrynash, so filtering by domain id returns nothing	20:27
henrynash	samueldmq: are you taling abour what happens today or what youthink should happen?	20:27
samueldmq	henrynash, what happens today	20:27
samueldmq	henrynash, but we need to support that, as we talked earlier	20:28
henrynash	samueldmq: so that maybe true…but I think it is meant to be supported…but is a bug!	20:28
*** andreaf has quit IRC		20:29
samueldmq	henrynash, ok so in order to support the two operations we defined earlier (http://paste.openstack.org/show/159844/)	20:31
henrynash	samueldmq: so the api spec even has an example of domains being included in the response of an ?effective call…(although it isn’t actually a group role)	20:31
samueldmq	henrynash, if effective + domain is specified, just expand group membership	20:31
samueldmq	henrynash, if effective + group is specified, just expand inheritance	20:31
samueldmq	henrynash, will look	20:32
henrynash	samueldms: yes, to the firtst	20:32
henrynash	samueldmq: if effective + group + project, you have to expand group and inheritance	20:32
samueldmq	henrynash, yes	20:33
henrynash	samueldmq: I think the current master code works for effective + domain	20:35
henrynash	samueldmq: hmm, maybe not...	20:37
*** jdennis has quit IRC		20:37
*** nellysmitt has quit IRC		20:37
samueldmq	henrynash, that's why I want to be exhaustive on combining filters for this api call	20:37
samueldmq	henrynash, we need to test everything :)	20:37
henrynash	yep	20:37
samueldmq	henrynash, did you take a look in my tests patch?	20:38
*** nellysmitt has joined #openstack-keystone		20:38
*** vhoward has joined #openstack-keystone		20:39
henrynash	started….will do more later	20:39
samueldmq	henrynash, nice ... what I propose is:	20:40
henrynash	samuledmq: …and actually I think the current code DOES support the domain-group expansion.....	20:40
samueldmq	henrynash, I'll remove effective + group and effetive + domain from invalid options on (https://review.openstack.org/#/c/144703/)	20:41
samueldmq	henrynash, current code = on master?	20:41
henrynash	if that’s true, then we need to fix this is the current patch…rather than a follow on…otherwise we are breaking existing functionalu	20:41
henrynash	I think so, we call: _build_user_assignment_equivalent_of_group(	20:41
henrynash	for any non-inherited group assignments in effective mode	20:42
samueldmq	henrynash, domain-group expansion for GET /role_assignments/user.id=<>&scope.project.id=<> ?	20:42
henrynash	block of code starts at 866 in assignment/core	20:43
samueldmq	henrynash, yes, we do support inheritance + group expansion, that's the current behavior	20:43
samueldmq	henrynash, always expanding both group and inheritance	20:43
henrynash	well no…..that’s a more complicated case...	20:43
samueldmq	henrynash, what we cant is to expand just one of them	20:43
henrynash	GET /role_assignments?user.id={user_id}&scope.domain_id={domain_id}&effective	20:43
*** andreaf has joined #openstack-keystone		20:44
henrynash	should list me all the roles I have as a user on the domain, including any by virtue of group membership	20:44
samueldmq	henrynash, so the rationally is: if a group_id is provided, dont expand group membership	20:46
samueldmq	henrynash, if a domain id is provided, dont expand inheritance	20:46
samueldmq	henrynash, am i right?	20:46
henrynash	samueldmq: hmm, sure if that’s the way to think about it	20:46
henrynash	samueldmq: the way to think about it(not necessarily code it) is that if effective mode is on…	20:47
henrynash	…then you conceptually expand ALL the roles assignments in the entire systems - but filter the results by whatever filter params are provide in the call….i,e, in this case and that result in matches for user_id on domain_id	20:48
*** jdennis has joined #openstack-keystone		20:49
henrynash	i’m not sure effective and group can be supplied together….thinking about that…	20:49
samueldmq	if not, we could not supply effective + domain	20:50
henrynash	yes we can!	20:50
henrynash	think about how I described it above	20:50
henrynash	you conceptually expand ALL the roles assignments in the entire systems - but filter the results by whatever filter params are provide in the call….i,e, in this case and that result in matches for user_id on domain_id	20:50
samueldmq	expand ALL the roles assignments in the entire systems	20:51
samueldmq	if we do that, we expand inherited assignments right?	20:51
henrynash	(I said that’s not necesarily how you code it)	20:51
samueldmq	owww, but there are assignments on the domain that are not inherited	20:51
henrynash	yes	20:51
henrynash	yes, should still be in the answer	20:52
samueldmq	great! your mind still works well	20:52
samueldmq	mine got crazy with this functionality :D	20:52
henrynash	:-)	20:52
samueldmq	(this is the most complex functionality I've ever developed)	20:52
samueldmq	having fun with it	20:52
henrynash	good !!	20:53
samueldmq	so effective + group does not make sense	20:53
henrynash	not at the api level	20:53
samueldmq	exactly, but we can reuse the existing methods to do what federation needs (internally at assignemnt manager)	20:54
henrynash	i need to think about federation thought	20:54
henrynash	hmmm	20:54
henrynash	in effective mode you can only have user (optionally) and optionally one of domain or project	20:55
henrynash	effective mode is the equivilent of building a token	20:55
henrynash	(and in fact that what the token code should eventually call)	20:55
henrynash	but fedration migt have a subtle additional need	20:56
henrynash	it has a need to list all the groups that have a role on a particualr project or domain...	20:57
samueldmq	henrynash, does federation generate tokens for groups ?	20:57
henrynash	…and if it is for a project, include any groups who have an inherited role onto this project	20:58
* samueldmq needs to study and deeply understand federation to contribute to it as well		20:58
henrynash	so the part of fedration in question doesn’t actually do a keystone token gernation, but needs to generate a SAML assertion that includees all the groups for which teh user is a member and have a role on a given project	20:59
henrynash	hmmm…I need to think about this!!!!	20:59
*** _cjones_ has quit IRC		21:00
samueldmq	henrynash, yep, that should not be that hard to implement with the existing methods used by list_role_assignmtns	21:03
samueldmq	henrynash, but isnt a behavior supported by list_role_assignments api :)	21:03
raildo	henrynash, i answered the question about name and id clashing here: https://review.openstack.org/#/c/139824/17/specs/kilo/reseller.rst	21:04
henrynash	samueldmq: and maybe we leave it that way….and don’t try and shoe-horn it into list_assignments	21:05
henrynash	raildo: you answered muy issue?	21:06
henrynash	raildo: you saw my comment about the domain name in the domain specific config file name?	21:06
henrynash	samueldmq: I mean, we don’t shoe-horn in the fedration requirement into list_assignment	21:07
samueldmq	henrynash, ++	21:09
samueldmq	henrynash, so I think we've agreed :)	21:09
samueldmq	henrynash, nexts steps: 1) allow effective + domain in https://review.openstack.org/#/c/144703/	21:10
henrynash	samueldmq: yep…although if the group expansion for domains is supported in today’s code, you need to add it to the your existing patch, rather than in a follow on patch…otherwise we are breaking current functionalty	21:10
samueldmq	henrynash, add tests for that case in https://review.openstack.org/#/c/137021/	21:10
samueldmq	henrynash, and fix my refactoring, if needed	21:10
henrynash	agreed	21:10
samueldmq	henrynash, yes, keeping in mind it's a refactoring	21:10
samueldmq	henrynash, got it	21:10
*** marg7175 has quit IRC		21:12
samueldmq	henrynash, got to go .... will work on this and ping you since this is done	21:14
henrynash	samueldmq: one other minor point…in assignment/core….all the support methods for list_assignment, e.g. _create_expanded_assignment() etc…..is there a reason those methods are not local to list_assignment()	21:14
samueldmq	henrynash, if you guys have no more time to discuss about hte role inheritance api changes, we can do it in the meeting next week	21:14
henrynash	samueldmq: I think we lost a quorum for that, sadly	21:14
*** zz_avozza is now known as avozza		21:15
samueldmq	henrynash, well, scoping them to list_assignments() is good, but it should have an impact on performance (I dont know how much)	21:15
samueldmq	henrynash, since python evaluates inner functions each time outer function is called	21:16
samueldmq	henrynash, I meant, creates the function object (or something similar)	21:16
henrynash	samueldmq: for me, it’s just more of a conceptual scope thing…leaving them outside hints that we expect to call them from somewhere else…which I don’t think we do...	21:16
samueldmq	henrynash, no we dont... maybe in the federation methdo list_projects_for_groups ...	21:17
samueldmq	henrynash, as we were discussing ..	21:17
henrynash	I don’t think we will need them for that....	21:17
*** marg7175 has joined #openstack-keystone		21:18
samueldmq	maybe not, since federation stuff doesnt even need the response formatted by the controller	21:18
samueldmq	henrynash, ok I agree, will scope them to role_assignments, will be clearer	21:19
henrynash	agreed	21:19
samueldmq	henrynash, sorry, need to go home now .. will be back in about an hour	21:20
henrynash	no problem!	21:20
*** samueldmq is now known as samueldmq-away		21:20
henrynash	mayeb sepak later	21:20
samueldmq-away	sure	21:20
*** _cjones_ has joined #openstack-keystone		21:31
*** _cjones_ has quit IRC		21:31
*** _cjones_ has joined #openstack-keystone		21:31
*** drjones has joined #openstack-keystone		21:35
*** _cjones_ has quit IRC		21:35
*** samueldmq has joined #openstack-keystone		21:35
*** drjones has quit IRC		21:37
*** _cjones_ has joined #openstack-keystone		21:37
*** drjones has joined #openstack-keystone		21:40
*** _cjones_ has quit IRC		21:40
*** _cjones_ has joined #openstack-keystone		21:42
*** drjones has quit IRC		21:43
*** _cjones_ has quit IRC		21:44
*** _cjones_ has joined #openstack-keystone		21:44
*** david-lyle has joined #openstack-keystone		21:46
*** lhcheng has joined #openstack-keystone		22:00
*** sriram has quit IRC		22:02
*** chlong has quit IRC		22:05
*** henrynash has quit IRC		22:07
*** nellysmitt has quit IRC		22:08
*** lhcheng_ has joined #openstack-keystone		22:09
*** nellysmitt has joined #openstack-keystone		22:09
*** nellysmitt has quit IRC		22:09
*** david-lyle has quit IRC		22:11
*** david-lyle has joined #openstack-keystone		22:11
*** lhcheng has quit IRC		22:12
*** jsavak has quit IRC		22:13
*** _cjones_ has quit IRC		22:14
*** _cjones_ has joined #openstack-keystone		22:14
*** radez_g0n3 is now known as radez		22:14
*** david-lyle has quit IRC		22:15
*** lhcheng_ is now known as lhcheng		22:16
*** drjones has joined #openstack-keystone		22:16
*** _cjones_ has quit IRC		22:16
*** drjones has quit IRC		22:21
*** mattfarina has quit IRC		22:24
*** _cjones_ has joined #openstack-keystone		22:28
openstackgerrit	Morgan Fainberg proposed openstack/keystone: DO NOT MERGE: StrictABC Prototype https://review.openstack.org/148354	22:31
*** tellesnobrega_ has joined #openstack-keystone		22:32
*** _cjones_ has quit IRC		22:32
*** _cjones_ has joined #openstack-keystone		22:32
openstackgerrit	Morgan Fainberg proposed openstack/keystone: DO NOT MERGE: StrictABC Prototype https://review.openstack.org/148354	22:34
*** jaosorior has quit IRC		22:34
openstackgerrit	Morgan Fainberg proposed openstack/keystone: DO NOT MERGE: StrictABC Prototype https://review.openstack.org/148354	22:36
*** _cjones_ has quit IRC		22:37
*** _cjones_ has joined #openstack-keystone		22:38
openstackgerrit	guang-yee proposed openstack/keystone-specs: Tokenless authorization with X.509 SSL client certificate https://review.openstack.org/105913	22:39
morganfainberg	dstanek, i feel almost dirty (first stab at testing, published without being run): https://review.openstack.org/#/c/148354	22:39
*** ljfisher has quit IRC		22:40
dstanek	morganfainberg: clever way to get around the import problem	22:40
morganfainberg	:)	22:40
dstanek	morganfainberg: are you in the air or at the airport?	22:41
morganfainberg	airport	22:41
*** drjones has joined #openstack-keystone		22:41
*** tellesnobrega_ has quit IRC		22:41
*** _cjones_ has quit IRC		22:42
morganfainberg	dstanek, i realize i need one more layer for the subclass tests	22:42
morganfainberg	right now they test the exact same thing as the other two tests just with redefinition of the methods	22:42
*** henrynash has joined #openstack-keystone		22:43
*** ChanServ sets mode: +v henrynash		22:43
morganfainberg	but easy to add in.	22:43
morganfainberg	dstanek, this will fail / should fail at import time if the method signatures are a mismatch	22:43
*** drjones has quit IRC		22:44
*** _cjones_ has joined #openstack-keystone		22:45
dstanek	morganfainberg: i do like this idea	22:45
*** dims___ has quit IRC		22:46
*** samueldmq has joined #openstack-keystone		22:47
*** henrynash has quit IRC		22:48
openstackgerrit	Morgan Fainberg proposed openstack/keystone: DO NOT MERGE: StrictABC Prototype https://review.openstack.org/148354	22:48
morganfainberg	dstanek, ok there we go, that should actually test things provided tests actually work. will run them once i get settled in and have a VM running	22:48
*** tellesnobrega_ has joined #openstack-keystone		22:49
*** _cjones_ has quit IRC		22:50
*** _cjones_ has joined #openstack-keystone		22:53
*** henrynash has joined #openstack-keystone		22:54
*** ChanServ sets mode: +v henrynash		22:54
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Allow for direct mapping in federated authN. https://review.openstack.org/149071	22:56
*** david-lyle has joined #openstack-keystone		22:58
*** tellesnobrega_ has quit IRC		23:00
*** diegows has quit IRC		23:07
*** david-lyle has quit IRC		23:09
*** _cjones_ has quit IRC		23:16
*** _cjones_ has joined #openstack-keystone		23:24
*** carlosmarin has quit IRC		23:25
*** _cjones_ has quit IRC		23:26
*** drjones has joined #openstack-keystone		23:26
*** jamielennox\|away is now known as jamielennox		23:27
*** henrynash has quit IRC		23:28
*** _cjones_ has joined #openstack-keystone		23:29
*** drjones has quit IRC		23:31
*** _cjones_ has quit IRC		23:31
*** _cjones_ has joined #openstack-keystone		23:32
*** henrynash has joined #openstack-keystone		23:33
*** ChanServ sets mode: +v henrynash		23:33
*** chlong has joined #openstack-keystone		23:33
*** drjones has joined #openstack-keystone		23:35
*** _cjones_ has quit IRC		23:36
*** chrisshattuck has quit IRC		23:38
*** _cjones_ has joined #openstack-keystone		23:38
*** drjones has quit IRC		23:38
*** drjones has joined #openstack-keystone		23:41
*** _cjones_ has quit IRC		23:41
*** gothicmindfood has quit IRC		23:42
*** drjones has quit IRC		23:43
*** _cjones_ has joined #openstack-keystone		23:44
*** gothicmindfood has joined #openstack-keystone		23:45
*** drjones has joined #openstack-keystone		23:46
*** dims__ has joined #openstack-keystone		23:46
*** _cjones_ has quit IRC		23:46
*** drjones has quit IRC		23:48
*** _cjones_ has joined #openstack-keystone		23:48
*** _cjones_ has quit IRC		23:50
*** _cjones_ has joined #openstack-keystone		23:50
*** oomichi_ has joined #openstack-keystone		23:50
*** dims__ has quit IRC		23:52
*** drjones has joined #openstack-keystone		23:55
*** _cjones_ has quit IRC		23:55
*** lhcheng has quit IRC		23:56
*** _cjones_ has joined #openstack-keystone		23:58
*** drjones has quit IRC		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!