Friday, 2015-01-23

« Thursday, 2015-01-22 Index Saturday, 2015-01-24 »
*** abhirc has joined #openstack-keystone00:00
*** jasondotstar has quit IRC00:03
*** chrisshattuck has quit IRC00:09
*** nellysmitt has quit IRC00:10
morganfainbergdhellmann: https://review.openstack.org/#/c/148354/7 strictabc00:11
*** dims__ has joined #openstack-keystone00:11
morganfainbergjamielennox, yeah i need to chase down that url... or bug dolphm to fix it00:11
jamielennoxmorganfainberg: would like to see some client reviews, it's been kind of quiet and there's things i'm starting to need00:12
morganfainbergjamielennox, yeah - should be doable.00:12
*** dims__ has quit IRC00:16
*** markvoelker has quit IRC00:18
*** oomichi has joined #openstack-keystone00:22
*** Tahmina has quit IRC00:27
*** zzzeek has joined #openstack-keystone00:35
*** zzzeek has quit IRC00:37
*** jasondotstar has joined #openstack-keystone00:40
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Surface the user_id and project_id beyond the plugin  https://review.openstack.org/13203000:41
*** packet has quit IRC00:57
*** jasondotstar has quit IRC00:58
openstackgerritgordon chung proposed openstack/keystonemiddleware: move add event creation logic to keystonemiddleware  https://review.openstack.org/14940500:59
*** dims__ has joined #openstack-keystone00:59
*** gyee has quit IRC01:07
*** flwang1 has quit IRC01:11
*** rwsu is now known as rwsu-afk01:15
*** avozza is now known as zz_avozza01:20
*** lhcheng has quit IRC01:29
morganfainbergdolphm, ping01:32
morganfainbergdolphm, you're set as the release manager for 1.x.x of keystoneclient01:33
morganfainbergi can't actually do anything with it01:33
morganfainbergdolphm, aha got it resolved since jeblair is sitting at the table here, nvm01:38
morganfainbergjamielennox, ok looking at the python-keystoneclient-kerberos and federation. will be looking at doing the release(s) at the same time as the next keystoneclient01:39
jamielennoxdon't worry about federation for now01:39
morganfainbergjamielennox, eh ok01:41
morganfainbergfigured i'd do both at the same time01:42
morganfainbergit's not a lot of work to do01:42
jamielennoxthere's nothing in federation afaik01:42
morganfainbergjamielennox, ah ok01:42
jamielennoxlike from a launchpad perspective set it up - but there's no code to release01:42
morganfainberggot it01:43
morganfainbergyeah01:43
*** tellesnobrega_ has joined #openstack-keystone01:47
wanghongmorganfainberg, dolphm, ayoung, we are close to K2 now and these two patch are marked as K2. Do you have a time to look, I think they are OK already:)02:02
wanghonghttps://review.openstack.org/#/c/130180/02:02
wanghonghttps://review.openstack.org/#/c/130474/02:02
*** abhirc has quit IRC02:03
*** abhirc has joined #openstack-keystone02:04
*** _cjones_ has quit IRC02:04
*** jasondotstar has joined #openstack-keystone02:05
*** jasondotstar has quit IRC02:05
*** _cjones_ has joined #openstack-keystone02:06
*** atiwari has quit IRC02:09
*** ayoung has quit IRC02:22
*** _cjones_ has quit IRC02:24
*** erkules_ has joined #openstack-keystone02:29
*** erkules has quit IRC02:32
*** stevemar has quit IRC02:39
*** stevemar2 has joined #openstack-keystone02:39
*** ChanServ sets mode: +v stevemar202:39
*** atiwari has joined #openstack-keystone02:39
*** atiwari has quit IRC02:44
stevemar2morganfainberg, jamielennox im not even sure if the -federation one builds02:50
*** stevemar2 is now known as stevemar02:50
*** rushiagr_away is now known as rushiagr02:56
*** tellesnobrega_ has quit IRC02:58
*** harlowja is now known as harlowja_away02:59
*** tellesnobrega_ has joined #openstack-keystone03:04
*** marg7175 has quit IRC03:05
*** samueldmq_ has joined #openstack-keystone03:06
*** tellesnobrega_ has quit IRC03:09
*** jjulien has joined #openstack-keystone03:18
*** tellesnobrega_ has joined #openstack-keystone03:18
*** hichtakk has joined #openstack-keystone03:29
*** richm has quit IRC03:30
*** rushiagr is now known as rushiagr_away03:30
*** dims__ has quit IRC03:34
*** samueldmq_ has quit IRC03:44
*** zzzeek has joined #openstack-keystone03:45
*** zzzeek has quit IRC03:58
*** samueldmq_ has joined #openstack-keystone04:05
*** zzzeek has joined #openstack-keystone04:33
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf: Updated from global requirements  https://review.openstack.org/14948104:37
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/14948504:38
*** zzzeek has quit IRC04:41
*** rushiagr_away is now known as rushiagr04:49
*** chrisshattuck has joined #openstack-keystone04:52
*** lhcheng has joined #openstack-keystone04:53
*** samueldmq_ has quit IRC04:56
*** abhirc has quit IRC05:03
*** abhirc has joined #openstack-keystone05:05
*** marg7175 has joined #openstack-keystone05:06
*** zz_avozza is now known as avozza05:09
*** marg7175 has quit IRC05:11
*** stevemar has quit IRC05:30
*** stevemar has joined #openstack-keystone05:31
*** ChanServ sets mode: +v stevemar05:31
*** chrisshattuck has quit IRC05:34
*** hichtakk has quit IRC05:38
*** lhcheng_ has joined #openstack-keystone05:41
*** lhcheng has quit IRC05:44
*** abhirc has quit IRC05:46
*** chlong has quit IRC05:54
*** jamielennox is now known as jamielennox|away06:00
*** chlong has joined #openstack-keystone06:01
*** jamielennox|away is now known as jamielennox06:02
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/14915806:04
*** jamielennox is now known as jamielennox|away06:04
*** ajayaa has joined #openstack-keystone06:27
*** dims__ has joined #openstack-keystone06:35
*** dims__ has quit IRC06:39
*** ajayaa has quit IRC06:39
*** mzbik has joined #openstack-keystone06:42
*** ajayaa has joined #openstack-keystone06:51
*** tellesnobrega_ has quit IRC07:00
*** marg7175 has joined #openstack-keystone07:07
*** lhcheng_ is now known as lhcheng07:11
*** marg7175 has quit IRC07:12
*** KanagarajM2 has joined #openstack-keystone07:14
*** afazekas has quit IRC07:15
*** lhcheng_ has joined #openstack-keystone07:21
*** lhcheng has quit IRC07:23
*** avozza is now known as zz_avozza07:25
openstackgerritwanghong proposed openstack/keystonemiddleware: iso expires should be returned in one place  https://review.openstack.org/14098407:29
*** wanghong is now known as wanghong_away07:36
*** stevemar has quit IRC07:44
*** erkules_ is now known as erkules07:44
*** stevemar has joined #openstack-keystone07:46
*** ChanServ sets mode: +v stevemar07:46
*** pnavarro has joined #openstack-keystone07:52
*** stevemar has quit IRC07:57
*** afazekas has joined #openstack-keystone07:59
*** chlong has quit IRC08:14
*** zz_avozza is now known as avozza08:20
*** lhcheng_ has quit IRC08:43
*** lhcheng has joined #openstack-keystone08:44
*** ajayaa has quit IRC08:47
*** lhcheng has quit IRC08:48
*** josecastroleon_ has joined #openstack-keystone08:50
*** josecastroleon__ has joined #openstack-keystone08:51
*** josecastroleon has quit IRC08:54
*** josecastroleon_ has quit IRC08:55
*** nellysmitt has joined #openstack-keystone08:57
*** marg7175 has joined #openstack-keystone09:08
*** marg7175 has quit IRC09:13
*** jistr has joined #openstack-keystone09:15
*** avozza is now known as zz_avozza09:22
*** zz_avozza is now known as avozza09:25
*** yuzhg has joined #openstack-keystone09:26
yuzhgHello, is there anyone available for help?09:28
mzbikdepends what you need ;)09:31
yuzhghmmm,,,I'm trying to configure my keystone to sendout notifications, I've set the notification_driver to notification_driver = keystone.openstack.common.notifier.rpc_notifier and notification_driver = keystone.openstack.common.notifier.log_notifier, but seems it's not work09:32
mzbikuh09:34
yuzhgI tried to debug the keystone code, it tried to send out the notifications when I create a tenant, but it breaked at https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/notify/notifier.py.09:34
mzbiknever used this09:34
yuzhgoh, still thanks :)09:34
mzbikbut try to whait09:35
mzbiksomebody might know09:35
mzbikor try at #openstack09:35
yuzhgsure, I'll wait for a while.09:35
yuzhgah, will try that later :)09:35
yuzhgthx09:35
*** KanagarajM2 has quit IRC09:39
*** lhcheng has joined #openstack-keystone09:45
*** lhcheng has quit IRC09:49
openstackgerritwanghong proposed openstack/keystone: make trust manager raise formatted message exception  https://review.openstack.org/14955009:56
*** henrynash has joined #openstack-keystone10:02
*** ChanServ sets mode: +v henrynash10:02
*** andreaf_ is now known as andreaf10:04
*** dhague has joined #openstack-keystone10:05
*** jaosorior has joined #openstack-keystone10:14
*** ajayaa has joined #openstack-keystone10:18
*** bdossant has joined #openstack-keystone10:23
*** aix has joined #openstack-keystone10:29
*** tellesnobrega_ has joined #openstack-keystone10:36
*** nellysmitt has quit IRC10:43
*** dims__ has joined #openstack-keystone10:58
*** dims__ has quit IRC11:02
*** tellesnobrega_ has quit IRC11:05
*** marg7175 has joined #openstack-keystone11:09
*** dims__ has joined #openstack-keystone11:11
openstackgerrithenry-nash proposed openstack/keystone: Experimental data-driver assignment testing  https://review.openstack.org/14917811:12
*** henrynash has quit IRC11:13
*** avozza is now known as zz_avozza11:13
*** zz_avozza is now known as avozza11:13
*** marg7175 has quit IRC11:14
*** yuzhg has quit IRC11:20
openstackgerritYuriy Taraday proposed openstack/keystone: Add a module to work with LDAP filters and DNs  https://review.openstack.org/11748411:45
*** chlong has joined #openstack-keystone11:50
*** nellysmitt has joined #openstack-keystone12:10
*** tellesnobrega_ has joined #openstack-keystone12:20
*** my_openstack_use has quit IRC12:21
*** raildo has joined #openstack-keystone12:31
*** lhcheng has joined #openstack-keystone12:34
*** tellesnobrega_ has quit IRC12:35
*** josecastroleon__ has quit IRC12:36
*** mflobo has quit IRC12:36
*** josecastroleon__ has joined #openstack-keystone12:36
*** mflobo has joined #openstack-keystone12:38
*** lhcheng has quit IRC12:39
openstackgerritMerged openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/14948512:40
*** tellesnobrega_ has joined #openstack-keystone12:43
*** marg7175 has joined #openstack-keystone13:10
*** rushiagr is now known as rushiagr_away13:10
*** dims__ has quit IRC13:11
*** dims__ has joined #openstack-keystone13:11
*** marg7175 has quit IRC13:15
*** bknudson has joined #openstack-keystone13:16
*** ChanServ sets mode: +v bknudson13:16
*** mzbik has quit IRC13:20
*** Samolo has joined #openstack-keystone13:24
Samolohi all13:24
Samoloi have a question about tenant from keystone13:24
Samolowhat is the best way of creating a Vm13:25
Samolowe are a hosting company and want to allow customer to create VM througth openstack13:25
Samolowhat is the best practice :13:25
Samolo1 - create a tenant for the customer and create a vm with the tenantId of the customer13:26
Samoloor13:26
Samolo2 - create a VM with admin enant and link it to the customer tenant plz ?13:26
*** markvoelker has joined #openstack-keystone13:29
raildoSamolo, IMO its depend what do you want to do. A tenant is a container of resources, so if you have some users that will use the same resources (VMs), so the best solution is put this users in one tenant,13:30
raildoSamolo, so I say the 1 option :)13:31
SamoloOk good, thanks a lot to you :)13:31
raildoSamolo, in the Openstack glossary we have this definition "project = A logical grouping of users within Compute; defines quotas and access to VM images."13:33
raildohttp://docs.openstack.org/glossary/content/glossary.html13:33
Samolothanks for pointing this :)13:34
Samolobookmarked ;)13:34
raildoSamolo, :)13:34
*** bdossant has quit IRC13:41
*** gordc has joined #openstack-keystone13:46
*** rushiagr_away is now known as rushiagr13:46
*** htruta has quit IRC13:54
*** richm has joined #openstack-keystone14:02
*** htruta has joined #openstack-keystone14:04
samueldmqbknudson, ping - have you a minute to talk about tests?14:07
*** sriram has joined #openstack-keystone14:09
*** mattfarina has joined #openstack-keystone14:09
bknudsonsamueldmq: sure14:09
samueldmqbknudson, in order to have a great suite of tests, besides of functional ones14:12
samueldmqbknudson, should we have unit tests for each level in (controller, manager, drivers) using mocks?14:13
samueldmqbknudson, is that necessary (all levels), in your opinion ..14:13
bknudsonsamueldmq: that's considered best practice.14:13
bknudsonI doubt that we could get contributors to meet that standard.14:14
samueldmqbknudson, don't know how much effort it could require, but I could try to examine it14:15
samueldmqbknudson, and then see if it's feasible14:15
samueldmqbknudson, i) backend (driver) level is quite complete already14:16
*** abhirc has joined #openstack-keystone14:16
samueldmqbknudson, ii) manager would be tested on how additional business logic is treated (that what managers stand for), for example inherited role assignment expansion14:16
samueldmqbknudson, iii) controllers would be tested in order to check validation of received params14:17
samueldmqI think this work would help us to keep the levels consistent with what they stand for14:18
samueldmqfor example inehrited role assingment expansion was at controller level, but it should be at manager (because it's additional business logic)14:18
*** henrynash has joined #openstack-keystone14:23
*** ChanServ sets mode: +v henrynash14:23
*** tellesnobrega_ has quit IRC14:27
*** tellesnobrega_ has joined #openstack-keystone14:27
*** joesavak has joined #openstack-keystone14:40
*** mflobo has quit IRC14:40
*** topol has joined #openstack-keystone14:42
*** ChanServ sets mode: +v topol14:42
samueldmqhenrynash, ping - replied your comment on assignments refactoring14:44
*** packet has joined #openstack-keystone14:45
*** ayoung has joined #openstack-keystone14:45
*** ChanServ sets mode: +v ayoung14:45
samueldmqhenrynash, once we agree that , I am able to send new patchsets on that chain complaining both: i) allow effective + domain (as discussed earlier); ii) that new representation between manager/controller14:46
henrynashyes, agreed. just responding - yes, with group_id in indirect, it could be applying to a domain as well…14:47
henrynashdid you see my other comment about effective?14:47
henrynashline 62414:47
henrynashI know it’s a bit of a corner case this new one….but it depeds what we think happens if you turn off os-inherit14:48
henrynashI wrote a test for it (with my experimental stuff) and found it14:49
henrynashI updated my experimental patch with it in14:49
henrynash(it’s the last test i added)14:49
*** avozza is now known as zz_avozza14:51
*** tellesnobrega_ has quit IRC14:52
*** chlong has quit IRC14:54
*** samueldmq_ has joined #openstack-keystone14:58
*** abhirc has quit IRC15:01
*** jasondotstar has joined #openstack-keystone15:10
openstackgerritMerged openstack/pycadf: Updated from global requirements  https://review.openstack.org/14948115:10
*** abhirc has joined #openstack-keystone15:14
*** rwsu-afk is now known as rwsu15:24
SamoloI have a question relative to openstack interaction15:26
Samoloas a hosting company, we have a tenant per customer15:26
Samolowhat is the best way to intercat with openstack while making action :15:27
Samolo1 - use a general admin token to make all the request (like creating vm etc...)15:27
Samoloor15:27
Samolo2 - get a token from the current tenant and make the request ?15:28
*** henrynash has quit IRC15:31
Samoloplz15:31
*** henrynash has joined #openstack-keystone15:33
*** ChanServ sets mode: +v henrynash15:33
*** henrynash_ has joined #openstack-keystone15:38
*** ChanServ sets mode: +v henrynash_15:38
*** henrynash has quit IRC15:39
*** carlosmarin has joined #openstack-keystone15:40
*** henrynash_ has quit IRC15:42
*** abhirc has quit IRC15:45
*** marg7175 has joined #openstack-keystone15:45
*** ajayaa has quit IRC15:46
*** ajayaa has joined #openstack-keystone15:47
*** afazekas has quit IRC15:47
*** jsavak has joined #openstack-keystone15:54
*** abhirc has joined #openstack-keystone15:55
*** zzzeek has joined #openstack-keystone15:56
*** joesavak has quit IRC15:58
Samolowhat is the best way to intercat with openstack while making action :16:00
Samolo 1 - use a general admin token to make all the request for all customer tenant (like creating vm etc...)16:00
Samoloor16:00
Samolo2 - get a token from the current tenant and make the request ?16:00
Samolowaht is the best practice plz ?16:00
*** abhirc has quit IRC16:03
*** booly-yam-4259 has joined #openstack-keystone16:05
*** booly-yam-4259 has quit IRC16:06
*** dhague has quit IRC16:06
*** booly-yam-4912 has joined #openstack-keystone16:06
*** MasterPieceF has joined #openstack-keystone16:14
*** arunkant has joined #openstack-keystone16:23
larsksSamolo: creating things with an admin token might result in then being inaccessible to non-admin users.  So probably (2) is a better choice.  Also, #openstack is your best channel for support questions.16:24
*** thedodd has joined #openstack-keystone16:26
*** tellesnobrega_ has joined #openstack-keystone16:28
Samololarsks, Thanks for your response16:34
*** david-lyle_afk is now known as david-lyle16:35
*** nkinder has quit IRC16:35
*** marg7175 has quit IRC16:43
*** marg7175 has joined #openstack-keystone16:44
*** _cjones_ has joined #openstack-keystone16:45
Samolohow can i activate keystone extension OS-KSEC2 plz ?16:48
openstackgerritBoris Bobrov proposed openstack/keystone: Use migration_cli for db migrations  https://review.openstack.org/14754816:51
*** afazekas has joined #openstack-keystone16:51
*** lhcheng has joined #openstack-keystone16:55
*** marg7175 has quit IRC16:57
*** marg7175 has joined #openstack-keystone16:57
openstackgerritBoris Bobrov proposed openstack/keystone: Use migration_cli for db migrations  https://review.openstack.org/14754816:59
*** abhirc has joined #openstack-keystone17:02
openstackgerritBoris Bobrov proposed openstack/keystone: Use migration_cli for db migrations  https://review.openstack.org/14754817:03
*** dims__ has quit IRC17:04
*** dims__ has joined #openstack-keystone17:14
*** dims__ is now known as dimsum__17:16
*** jistr has quit IRC17:16
*** marg7175 has quit IRC17:20
*** MasterPieceF has quit IRC17:21
*** bknudson has quit IRC17:29
*** zzzeek_ has joined #openstack-keystone17:31
*** zzzeek has quit IRC17:32
*** zzzeek_ is now known as zzzeek17:32
*** zzzeek_ has joined #openstack-keystone17:35
*** zzzeek has quit IRC17:37
*** zzzeek_ is now known as zzzeek17:37
*** chrisshattuck has joined #openstack-keystone17:44
*** jaosorior has quit IRC17:44
*** booly-yam-4912_ has joined #openstack-keystone17:46
*** booly-yam-4912 has quit IRC17:46
morganfainbergbe scared, topol has +2 on specs core! ;)17:51
* morganfainberg goes back to meeting(s).17:51
*** jasondotstar has quit IRC17:52
*** samueldmq_ has quit IRC17:54
*** drjones has joined #openstack-keystone17:56
dstanekwho is this topol character you speak of?17:57
*** kfox1111 has joined #openstack-keystone17:57
kfox1111is there any way to do roles via groups yet?17:57
kfox1111I'd like to have an admin group that we have multiple admins in, that we assign to tenants.17:58
*** _cjones_ has quit IRC17:59
*** adam_g_out is now known as adam_g18:02
*** drjones has quit IRC18:06
*** jasondotstar has joined #openstack-keystone18:08
*** harlowja_away is now known as harlowja18:14
*** _cjones_ has joined #openstack-keystone18:19
*** rushiagr is now known as rushiagr_away18:19
*** thedodd has quit IRC18:21
*** atiwari has joined #openstack-keystone18:41
openstackgerritgordon chung proposed openstack/pycadf: add helper module  https://review.openstack.org/14970618:41
*** ajayaa has quit IRC18:42
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/14970818:42
*** ajayaa has joined #openstack-keystone18:44
*** david-lyle has quit IRC18:46
*** marg7175 has joined #openstack-keystone18:51
rodrigodsayoung, ping... available to chat about dynamic policies?18:52
*** marg7175 has quit IRC18:55
*** marg7175 has joined #openstack-keystone18:55
*** thedodd has joined #openstack-keystone19:08
rodrigodsmorganfainberg, topol nice!19:12
*** jasondotstar has quit IRC19:15
samueldmqtopol, congratulations o/19:17
*** jasondotstar has joined #openstack-keystone19:18
topolsamueldmq. Thanks!19:19
*** marg7175 has quit IRC19:28
*** booly-yam-4912_ has quit IRC19:36
*** marg7175 has joined #openstack-keystone19:37
*** MasterPieceF has joined #openstack-keystone19:39
MasterPieceFHi, I have a problem with authorization19:39
MasterPieceF$ keystone --os-tenant-name admin --os-username admin --os-password 45eb508575c19091b9a1 --os-auth-url http://controller:35357/v2.0 token-get19:39
MasterPieceFThe request you have made requires authentication. (HTTP 401)19:39
MasterPieceFCan anyone help me please?19:40
*** tellesnobrega_ has quit IRC19:44
*** vhoward has left #openstack-keystone19:47
raildomorganfainberg, hey, about the reseller spec, yesterday I talked with henrynash about the clashing name in the domains sql migration to Project table, and we're thinking that we can allow the names to clash and change the SQL unique constrains. something like project = name +project_id+ domain-ness flag19:57
raildoand domain = name + domain_id + domain-ness flag19:57
raildomorganfainberg, what do you think?19:57
morganfainbergraildo, the issue is that if a domain == project20:01
morganfainbergraildo, project name is nolonger unique in the constraint of a domain20:02
morganfainbergunless domain is not part of itself?20:02
raildomorganfainberg, I think the question is what can happens wrong if I have a project and a domain with the same name in just one table. IMO domain != project even in the same table.20:07
morganfainbergit's not within one table20:08
morganfainbergthe within one table isn't the issue20:08
morganfainbergwithin the API, is the domain owned by itself?20:08
raildomorganfainberg, I don't think so20:09
openstackgerritRodrigo Duarte proposed openstack/python-keystoneclient: Hierarchical multitenancy basic calls  https://review.openstack.org/11577020:10
morganfainbergand is the domain-project namespace unique to the domain20:10
morganfainbergthats the concern20:10
morganfainbergthe SQL side is an easy fix20:10
*** MasterPieceF has quit IRC20:10
raildomorganfainberg, correct20:10
morganfainbergit's just a question of when asking "all projects in domain X" is the project that represents domain X in that list20:10
morganfainbergif so, you run into unique naming constraints20:10
morganfainbergif not, then who cares.20:11
rodrigodsmorganfainberg, don't think so20:11
rodrigodsthey would be treated differently20:11
rodrigodsso... they might have the same name if are being different concepts?20:11
morganfainbergnow, [Domain X] which has project Y under it, cannot have a new domain named "y" added under it, because project == domain in the new world order20:11
morganfainbergrodrigods, domains are projects20:12
morganfainbergthey are not separate concepts going forward20:12
morganfainbergdomain is a "feature" of a project20:12
rodrigodsmorganfainberg, ok...20:12
morganfainbergnot domains exist and projects also exist20:12
rodrigodsnice description20:12
rodrigods"<morganfainberg> domain is a "feature" of a project" is the sentence that defines everything :)20:13
morganfainbergrodrigods, yeah that is largely what we've discussed20:13
morganfainbergand the discussion we had at the midcycle, the domain table is likely going to become a FK to the project table.20:13
*** aslaen has quit IRC20:14
raildomorganfainberg, so, we will not drop the domain table anymore?20:15
raildomorganfainberg, so the other proposal is change the project name...20:27
raildosince we can't change the domain name due the domain specific config files20:27
morganfainbergraildo, we are changing what the domain table is20:27
*** pnavarro has quit IRC20:36
*** henrynash has joined #openstack-keystone20:37
*** ChanServ sets mode: +v henrynash20:37
raildohenrynash, hey, I was discussed about the name clashing a few minutes ago and he define domains like  'domain is a "feature" of a project', so we can't allow the name clash even changing the unique constraint...20:40
raildohe = morganfainberg  :P20:41
henrynashraildo: but remember name is not unique in the project table…it only has to be unique within projects within a domain (I.e. UNIQUE = (projectname,project.domain_id)20:42
henrynashraidlo: so what value will project.domain_id have for projects which are a domain?20:43
henrynashraildo: answer: null (I think?)20:43
rodrigodshenrynash, raildo, yes... but the project which has the domain feature is still a project of that domain20:44
rodrigodsor not?20:44
raildohenrynash, we thinking and repeat the project_id20:44
henrynashso won’t UNIQUE = (project.name, project.domain_id) still be unque even if a domain name clashes with project name20:44
raildos/and/in20:44
henrynashahh, ok… I was assuming it would be null….hence that would (I think) make the uniquess constraint still work20:45
rodrigodshenrynash, can't I get a domain scoped token by passing the domain_name?20:46
henrynashraildo: hmm, ok, I see what you mean…althouh we can distinuish between the two, it would still break the API…damn20:46
henrynashrodigods: yes20:46
henrynashrodigods: or domain_id, either will work20:46
rodrigodshenrynash, so having a project (not domain) and another project (domain) with the same name20:46
rodrigodsin the same domain20:47
rodrigodswould open security breaches20:47
raildohenrynash, so, i'm thinking and stay with the other proposal to change the project name, when we find some clash name...20:49
henrynashrodigods: no, that wouldn’t since we would know whether we were lookig for a domain or not - and (in henry’s naive model) projects that were domains would have project.domain_id = null, so you could distinquish20:49
henrynashthe problem, however, is that I had forgotten that if you list projects in a domain…you want to return the project that represents the domain as well as all the pojects therein…and THAT would might show up the project name20:51
henrynash(issue)20:51
rodrigodshenrynash, yep...20:51
henrynashI had been thinking that if you listed all projects in a domain you wouldn;t return teh project that represented the domain…but that kind of spoils the while idea that a domain is a project20:51
henrynash:-)20:52
henrynashif you weren’t going to do that, then we’d be OK20:52
rodrigodshenrynash, so change the project name anyways? giving a nice warning to operators? :)20:53
*** marg7175 has quit IRC20:53
henrynashrodigods: that’s certainly the simplest…even though it is likely to have most impact....20:54
henrynashi’ll think about it a little more over the next hour, then come back to you20:54
*** henrynash has quit IRC20:54
raildohenrynash, I think that we need to return this project represented the domain... since we are implementing "domain is a project" (or domain is a feature of project)20:55
*** raildo has quit IRC20:56
*** samueldmq has quit IRC21:01
morganfainberghm.21:05
*** marg7175 has joined #openstack-keystone21:10
*** booly-yam-6140 has joined #openstack-keystone21:12
*** topol has quit IRC21:13
*** hichtakk has joined #openstack-keystone21:16
*** Samolo has quit IRC21:24
*** ajayaa has quit IRC21:24
*** ajayaa has joined #openstack-keystone21:26
*** booly-yam-6140 has quit IRC21:27
atiwariall any one can help me on tox related issue?21:29
*** ajayaa has quit IRC21:33
morganfainbergatiwari, what is the issue?21:35
*** stevemar has joined #openstack-keystone21:35
*** ChanServ sets mode: +v stevemar21:35
*** amerine has quit IRC21:36
*** abhirc has quit IRC21:36
*** abhirc has joined #openstack-keystone21:36
atiwarimorganfainberg, I am running fox -e py27 and it kind of hang at ""21:37
atiwari{PYTHON:-python} -m subunit.run discover -t ./ ./keystone/tests21:37
atiwarino error21:37
atiwariany idea?21:37
atiwarisorry fox21:37
atiwaritox21:37
atiwarimy bad21:37
*** amerine has joined #openstack-keystone21:38
*** kfox1111 has quit IRC21:38
*** jasondotstar has quit IRC21:38
morganfainbergatiwari, uhm. not sure.21:39
atiwarinp, sorry I think I should replace my keyboard :)21:42
*** abhirc_ has joined #openstack-keystone21:44
*** abhirc has quit IRC21:47
morganfainbergatiwari, i'm also in a meeting so hard to context switch21:47
dstanekatiwari: are you still having problems?21:48
atiwaridstanek, yes21:48
dstanekatiwari: what happens exactly?21:48
morganfainbergayoung, dstanek, stevemar, jamielennox|away, ayoung, dolphm, I have a proposal for something we need (in Keystone) i'll bug you when i'm out of this meeting, but this is regarding some clear drawings of our complete architecture21:48
dstanekmorganfainberg: bug away21:49
morganfainbergdstanek, yeah. i have some information we can pull in, but i need this meeting to end before i can spend real time on proposing what i'd like to see (and likely something i'll be doing a bunch of)21:49
atiwaridstanek, I am setting up new dev env on ubuntu (on MAC) and running the tox first time.21:50
atiwariit is hanging on ${PYTHON:-python} -m subunit.run discover -t ./ ./keystone/tests21:50
atiwarino error no thing21:50
dstanekatiwari: what happens when you run 'testr list-tests'21:51
dstanekatiwari: or it may be 'PYTHON=.tox/py27/bin/python .tox/py27/bin/testr list-tests' for your env21:51
atiwarilet me see21:51
atiwaritestr list-tests is listing all the tests21:52
dstanekatiwari: when it prints the command being run is it the same as the one that is failing?21:53
atiwariyes21:54
dstanekwhat happens if you run that command manually?21:55
atiwariSorry dstanek it is not printing any thing after "${PYTHON:-python} -m subunit.run discover -t ./ ./keystone/tests21:57
atiwari"21:57
atiwariwhen I run fox -e py2721:57
morganfainbergmakes me wonder if your venv is healthy21:57
atiwarihm21:58
atiwarilet me clean it21:58
dstanekatiwari: don't run the tox command - i want to know what happens when you run the subunit command manually21:58
morganfainbergatiwari, yeah that feels like a venv thingish issue first.21:58
morganfainbergatiwari, but do what dstanek  is asking first21:58
dstanekor it could be a busted tox install21:59
atiwariok21:59
morganfainbergatiwari, dstanek, don't forget to activate the venv21:59
atiwaridstanek, can you provide me a manual command?22:00
morganfainbergatiwari, ^ activate the venv and run that command22:00
atiwariok22:00
morganfainbergatiwari: "${PYTHON:-python} -m subunit.run discover -t ./ ./keystone/tests22:00
morganfainbergmight be a missing quote or such22:00
*** mattfarina has quit IRC22:01
*** jsavak has quit IRC22:05
*** gyee has joined #openstack-keystone22:07
*** ChanServ sets mode: +v gyee22:07
atiwariseems the manual command is running the tests. but not sure why it is printing binary characters too in the console :)22:15
*** sriram has quit IRC22:16
dstanekatiwari: that command isn't actually running any tests - that just lists them - does it complete?22:20
atiwarinot yet22:21
atiwaribinary is expected?22:22
dstanekdo you have something strange in your directory structure? a cyclic link or anything like that?22:22
dstanekyes, it print subunit format which is binary22:23
atiwariok22:24
*** chlong has joined #openstack-keystone22:24
atiwarinot sure about cyclic link. I have one link for JDK but should not be cyclic22:25
atiwarimay be I should recreate pyenv and venv?22:26
dstanekyou have a jdk link in your keystone checkout?22:26
morganfainbergjdk?!22:27
atiwariits is Java but not in keystone checkout22:29
atiwariit is way above keystone22:29
dstanekatiwari: sounds like you have something borked, but i'm not sure what that could be22:32
dstanekatiwari: if recreating you env doesn't work you will probably have to debug subunit22:32
atiwaridstanek, let me recreate first and then I will try to debug subunit.22:33
atiwarithanks for your time dstanek morganfainberg22:33
dstanekwhat OS are you running?22:33
*** topol has joined #openstack-keystone22:57
*** ChanServ sets mode: +v topol22:58
*** carlosmarin has quit IRC22:59
richmso we seem to have found a strange problem with using the ldap identity backend with user_id_attribute=uidNumber23:04
richmthis causes the json returned from keystone to be "id": 1000 instead of "id": "1000"23:05
richmin ldap uidNumber has Integer syntax, as opposed to DirectoryString used by cn, sn, uid, etc.23:05
richmthe problem is with requests to change the project e.g.23:06
*** david-ly_ has joined #openstack-keystone23:07
richmPUT /v2.0/users/1000/OS-KSADM/tenant -d '{"user": {"id": 1000, "tenantId": "887e3dfaba27444e87f260b6bdad9bd7"}}'23:07
richmnote that the "id": 1000 is a json/python integer, not a string23:07
richmthis returns the error: Cannot change user ID (HTTP 400)23:07
richmhowever, using "id": "1000" works23:07
richmquestion: in keystone requests, is "id" always supposed to be a json string?23:08
*** abhirc_ has quit IRC23:08
*** david-ly_ is now known as david-lyle23:11
*** raildo has joined #openstack-keystone23:11
*** raildo has quit IRC23:27
*** gyee has quit IRC23:32
*** marg7175 has quit IRC23:32
*** dimsum__ has quit IRC23:34
*** marg7175 has joined #openstack-keystone23:44
*** thedodd has quit IRC23:48
*** abhirc has joined #openstack-keystone23:55
*** packet has quit IRC23:56
« Thursday, 2015-01-22 Index Saturday, 2015-01-24 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!