Monday, 2015-07-13

*** lhcheng has quit IRC00:11
*** geoffarnold has joined #openstack-keystone00:16
*** markvoelker has quit IRC00:32
*** dims has joined #openstack-keystone00:42
*** raildo_ has joined #openstack-keystone00:44
*** dims has quit IRC00:44
*** openstackgerrit has quit IRC00:51
*** openstackgerrit has joined #openstack-keystone00:52
*** samueldmq has quit IRC01:08
*** raildo_ has quit IRC01:08
*** iurygregory has quit IRC01:09
*** ericksonsantos has quit IRC01:09
*** gabriel-bezerra has quit IRC01:09
*** raildo has quit IRC01:10
*** dims has joined #openstack-keystone01:24
*** dims_ has joined #openstack-keystone01:28
*** dims has quit IRC01:31
*** geoffarnold has quit IRC01:34
*** geoffarnold has joined #openstack-keystone01:38
*** davechen has joined #openstack-keystone01:38
*** geoffarnold has quit IRC01:42
*** chenhong has joined #openstack-keystone01:58
*** lhcheng has joined #openstack-keystone01:59
*** ChanServ sets mode: +v lhcheng01:59
*** vilobhmm1 has quit IRC02:01
*** vilobhmm has joined #openstack-keystone02:02
*** hrou has joined #openstack-keystone02:03
*** lhcheng has quit IRC02:04
*** esp has joined #openstack-keystone02:22
*** tobe has joined #openstack-keystone02:29
*** chenhong has quit IRC02:55
*** chenhong has joined #openstack-keystone02:55
*** ankita_wagh has joined #openstack-keystone03:00
openstackgerritDave Chen proposed openstack/keystone: Show helpful message when request body is not provided
*** tobe has quit IRC03:01
*** tobe has joined #openstack-keystone03:03
*** vilobhmm has quit IRC03:05
*** vilobhmm has joined #openstack-keystone03:06
*** chenhong has quit IRC03:15
*** chenhong has joined #openstack-keystone03:16
*** chenhong has left #openstack-keystone03:33
*** chenhong has joined #openstack-keystone03:33
*** dims_ has quit IRC03:48
*** lhcheng has joined #openstack-keystone03:48
*** ChanServ sets mode: +v lhcheng03:48
*** mylu has joined #openstack-keystone03:50
*** lhcheng has quit IRC03:53
*** tobe has quit IRC03:55
*** tobe has joined #openstack-keystone03:56
*** ankita_wagh has quit IRC03:59
*** btully has joined #openstack-keystone04:08
*** ankita_wagh has joined #openstack-keystone04:10
*** lhcheng has joined #openstack-keystone04:13
*** ChanServ sets mode: +v lhcheng04:13
*** lhcheng has quit IRC04:17
jamielennoxany core here? can someone just +A this, it's a cherry-pick from ksc master for the mock issue,04:22
*** chenhong has quit IRC04:28
openstackgerritEric Brown proposed openstack/keystone: Add classifier for Python 3.4
openstackgerritEric Brown proposed openstack/keystone: Add classifier for Python 3.4
*** dims has joined #openstack-keystone04:48
*** spandhe has joined #openstack-keystone04:54
*** dims has quit IRC04:55
*** hrou has quit IRC04:57
*** pcaruana has quit IRC05:08
*** spandhe has quit IRC05:16
*** mylu has quit IRC05:29
*** crc32 has joined #openstack-keystone05:34
openstackgerritEric Brown proposed openstack/keystone: Replace reference of ksc with osc
*** chenhong has joined #openstack-keystone05:58
*** Kennan has joined #openstack-keystone06:03
*** Kennan2 has quit IRC06:03
*** spandhe has joined #openstack-keystone06:13
*** rwsu has joined #openstack-keystone06:14
*** rwsu has quit IRC06:16
*** hogepodge has quit IRC06:19
*** hogepodge has joined #openstack-keystone06:26
*** btully has quit IRC06:32
openstackgerritDave Chen proposed openstack/keystone: Region creation with id given also need schema validation
openstackgerritEric Brown proposed openstack/keystone: Deprecate LDAP assignment driver options
*** rm_work|away is now known as rm_work06:35
openstackgerritDave Chen proposed openstack/keystone: Show helpful message when request body is not provided
*** lhcheng has joined #openstack-keystone06:41
*** ChanServ sets mode: +v lhcheng06:41
*** pcaruana has joined #openstack-keystone06:42
*** henrynash has joined #openstack-keystone06:46
*** ChanServ sets mode: +v henrynash06:46
*** spandhe has quit IRC06:50
*** afazekas has quit IRC06:50
*** crc32 has quit IRC06:54
openstackgerritDeepti Ramakrishna proposed openstack/keystone: Reuse token_ref fetched in AuthContextMiddleware.
*** vilobhmm has quit IRC06:59
*** jaosorior has joined #openstack-keystone07:02
*** pnavarro has joined #openstack-keystone07:13
*** pnavarro has quit IRC07:18
marekdmorganfainberg: many thanks for pushing this:
*** browne has quit IRC07:22
marekdjamielennox: Approved.07:22
jamielennoxmarekd: cheers07:22
*** ankita_wagh has quit IRC07:27
*** chlong-weekend is now known as chlong-afk07:33
*** btully has joined #openstack-keystone07:34
*** afazekas has joined #openstack-keystone07:36
*** btully has quit IRC07:38
*** Kennan has quit IRC07:46
*** Kennan has joined #openstack-keystone07:46
*** christx2 has joined #openstack-keystone07:55
*** christx2 has quit IRC07:57
*** christx2 has joined #openstack-keystone07:57
*** jistr has joined #openstack-keystone08:02
*** mabrams has joined #openstack-keystone08:03
*** fhubik has joined #openstack-keystone08:03
*** fhubik is now known as fhubik_afk08:04
*** fhubik_afk is now known as fhubik08:09
*** odyssey4me has joined #openstack-keystone08:22
*** ajayaa has joined #openstack-keystone08:31
*** odyssey4me has quit IRC08:42
openstackgerritMarek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth
*** fhubik is now known as fhubik_afk08:43
*** fhubik_afk is now known as fhubik08:43
*** marzif__ has quit IRC08:45
*** jamielennox has quit IRC08:46
*** odyssey4me has joined #openstack-keystone08:50
*** henrynash has quit IRC08:50
*** henrynash has joined #openstack-keystone08:53
*** ChanServ sets mode: +v henrynash08:53
*** lhcheng has quit IRC08:55
openstackgerritMarek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth
*** odyssey4me_ has joined #openstack-keystone08:59
*** ajayaa has quit IRC08:59
*** odyssey4me has quit IRC09:00
*** odyssey4me_ is now known as odyssey4me09:01
*** aix has joined #openstack-keystone09:08
*** ajayaa has joined #openstack-keystone09:14
*** henrynash has quit IRC09:19
*** e0ne has joined #openstack-keystone09:19
*** fhubik is now known as fhubik_afk09:21
*** fhubik_afk is now known as fhubik09:24
*** lhcheng has joined #openstack-keystone09:32
*** ChanServ sets mode: +v lhcheng09:32
*** davechen has left #openstack-keystone09:36
*** e0ne is now known as e0ne_09:36
*** bdossant has joined #openstack-keystone09:38
*** odyssey4me has quit IRC09:39
*** odyssey4me has joined #openstack-keystone09:40
*** jamielennox has joined #openstack-keystone09:46
*** ChanServ sets mode: +v jamielennox09:46
*** ajayaa has quit IRC09:49
*** henrynash has joined #openstack-keystone09:53
*** ChanServ sets mode: +v henrynash09:53
*** dims has joined #openstack-keystone09:58
*** christx2 has quit IRC10:00
*** e0ne_ is now known as e0ne10:05
*** ajayaa has joined #openstack-keystone10:05
*** marzif has joined #openstack-keystone10:07
*** lhcheng has quit IRC10:08
*** marzif_ has joined #openstack-keystone10:10
*** christx2 has joined #openstack-keystone10:17
*** krykowski has quit IRC10:18
*** [BNC]krykowski has joined #openstack-keystone10:19
*** [BNC]krykowski is now known as krykowski10:21
*** henrynash has quit IRC10:29
*** henrynash has joined #openstack-keystone10:35
*** ChanServ sets mode: +v henrynash10:35
*** christx2 has quit IRC10:36
*** e0ne is now known as e0ne_10:43
*** e0ne_ is now known as e0ne10:43
*** chenhong has quit IRC10:43
*** aix has quit IRC10:44
*** browne has joined #openstack-keystone10:49
*** fhubik is now known as fhubik_afk10:54
*** christx2 has joined #openstack-keystone10:55
*** fhubik_afk is now known as fhubik10:55
*** browne has quit IRC10:58
*** fhubik has quit IRC10:58
*** e0ne is now known as e0ne_11:01
*** belmoreira has joined #openstack-keystone11:06
*** browne has joined #openstack-keystone11:08
*** aix has joined #openstack-keystone11:11
*** e0ne_ is now known as e0ne11:14
openstackgerritEric Brown proposed openstack/keystonemiddleware: Mismatched version of setup.cfg classifier
openstackgerrithenry-nash proposed openstack/keystone-specs: Provide config option to direct inheritance rules
*** christx2 has quit IRC11:20
*** chenhong has joined #openstack-keystone11:24
openstackgerritEric Brown proposed openstack/keystonemiddleware: Mismatched version of setup.cfg classifier
*** henrynash has quit IRC11:35
*** tobe has quit IRC11:36
openstackgerritEric Brown proposed openstack/keystoneauth: py34 not py33 is tested and supported
openstackgerritEric Brown proposed openstack/keystonemiddleware: py34 not py33 is tested and supported
*** marzif_ has quit IRC11:37
*** marzif_ has joined #openstack-keystone11:37
openstackgerritEric Brown proposed openstack/keystonemiddleware: py34 not py33 is tested and supported
openstackgerritEric Brown proposed openstack/keystoneauth: py34 not py33 is tested and supported
*** fhubik has joined #openstack-keystone11:46
openstackgerritEric Brown proposed openstack/keystoneauth-saml2: Update .gitreview to reflect actual project name
*** marzif_ has quit IRC11:49
openstackgerritEric Brown proposed openstack/keystoneauth-saml2: py34 not py33 is tested and supported
*** marzif_ has joined #openstack-keystone11:50
openstackgerritEric Brown proposed openstack/python-keystoneclient: py34 not py33 is tested and supported
*** LukeHinds has joined #openstack-keystone12:02
openstackgerritjiaxi proposed openstack/keystone: Invalid URLs are not suppressed when creating endpoint
*** bknudson has quit IRC12:14
*** hrou has joined #openstack-keystone12:16
*** bjornar has quit IRC12:16
*** ajayaa has quit IRC12:27
*** e0ne is now known as e0ne_12:33
*** edmondsw has joined #openstack-keystone12:36
*** gordc has joined #openstack-keystone12:38
*** Protux has joined #openstack-keystone12:38
*** mtecer has joined #openstack-keystone12:39
*** bknudson has joined #openstack-keystone12:40
*** ChanServ sets mode: +v bknudson12:40
*** e0ne_ is now known as e0ne12:46
*** bknudson has quit IRC12:46
*** mtecer has quit IRC12:52
*** dims has quit IRC12:55
*** jsavak has joined #openstack-keystone12:57
*** Guest33195 has joined #openstack-keystone12:57
*** Guest33195 is now known as dims_12:58
*** bknudson has joined #openstack-keystone12:59
*** ChanServ sets mode: +v bknudson12:59
*** christx2 has joined #openstack-keystone13:03
*** richm has joined #openstack-keystone13:05
*** TheIntern has joined #openstack-keystone13:14
*** belmoreira has quit IRC13:20
*** edmondsw has quit IRC13:25
*** chenhong has quit IRC13:26
*** edmondsw has joined #openstack-keystone13:32
*** ericksonsantos has joined #openstack-keystone13:33
*** raildo has joined #openstack-keystone13:33
*** iurygregory has joined #openstack-keystone13:33
*** bdossant_ has joined #openstack-keystone13:34
*** samueldmq has joined #openstack-keystone13:34
*** bdossant has quit IRC13:35
*** henrynash has joined #openstack-keystone13:38
*** ChanServ sets mode: +v henrynash13:38
*** raildo has quit IRC13:40
*** bdossant_ has quit IRC13:43
*** raildo has joined #openstack-keystone13:44
*** bjornar has joined #openstack-keystone13:49
*** jdandrea has joined #openstack-keystone13:50
*** gabriel-bezerra has joined #openstack-keystone13:55
*** jsavak has quit IRC13:56
*** jsavak has joined #openstack-keystone13:59
*** tellesnobrega has joined #openstack-keystone14:00
*** jecarey has joined #openstack-keystone14:08
*** marzif_ has quit IRC14:09
*** marzif_ has joined #openstack-keystone14:10
*** browne1 has joined #openstack-keystone14:11
*** browne has quit IRC14:11
*** sigmavirus24_awa is now known as sigmavirus2414:14
*** btully has joined #openstack-keystone14:16
jdandreaReality check Q: Are v2 tokens compatible with v3 but not the other way around, or are they not compatible at all?14:19
*** mylu has joined #openstack-keystone14:19
bknudsonjdandrea: if the token was made using v3 and it's not in the default domain then validating it using v2 will fail14:20
jdandreabknudson: Thanks. How about the other direction?14:20
bknudsonyou can validate v2 tokens using v3... I don't think there's any restrictions on that.14:20
jdandreabknudson: Thank you!14:21
*** zzzeek has joined #openstack-keystone14:31
*** markvoelker has joined #openstack-keystone14:33
*** stevemar has joined #openstack-keystone14:36
*** ChanServ sets mode: +v stevemar14:36
stevemaranyone have an opinion on ?14:37
stevemarseems like theres just a lot of moving around for the sake of moving around14:37
*** fhubik is now known as fhubik_afk14:38
bknudsonstevemar: rebuilding the token_model.KeystoneToken seems like a minor performance issue14:39
bknudsonand also error-prone14:40
stevemarbknudson: the token model rebuild is error prone?14:40
*** zzzeek has quit IRC14:40
bknudsonstevemar: the code needs to check for exception.TokenNotFound for some reason. Does it go to the database?14:42
*** markvoelker_ has joined #openstack-keystone14:42
*** browne has joined #openstack-keystone14:42
bknudsona function could be made to get the token out of the context rather than copy-pasting14:43
stevemaryeah, i was thinking of making a utility function14:43
stevemarlots o copy paste going on14:43
*** markvoelker has quit IRC14:44
*** browne1 has quit IRC14:45
*** zzzeek has joined #openstack-keystone14:45
*** chenhong has joined #openstack-keystone14:47
jdandreaNew reality check Q: Do tokens (v2 or v3) have tenant scope? That is, given a token can I find out the tenant that was in play when it was issued?14:48
*** ajayaa has joined #openstack-keystone14:48
chenhongdstanek: ping14:48
openstackgerritHenrique Truta proposed openstack/keystone: Add is_domain field in Project Table
openstackgerritHenrique Truta proposed openstack/keystone: Change project name constraint
*** htruta has joined #openstack-keystone14:49
*** fhubik_afk is now known as fhubik14:54
stevemarjdandrea: the project the token is capable of being used with should be in the token data14:55
openstackgerritMerged openstack/keystone: Replace reference of ksc with osc
marekdmorganfainberg: jamielennox: the proper way to import ksa is import keystoneauth1 not keystoneauth, right?14:59
morganfainbergmarekd: yes15:00
marekdmorganfainberg: thank you.15:00
morganfainbergFor the newest release15:00
marekdmorganfainberg: i like the latest and stuff  :-)15:00
morganfainbergWe need to remove Oslo.config from it and I think we are very close to done.15:01
morganfainbergI don't know how to do that though. Need to bug jamielennox15:01
jdandreastevemar: Thanks!15:01
jdandreaIf I understand correctly, I can't get the default tenant using v2 (given a token and nothing else), but I *can* get that in v3.15:07
*** ChanServ changes topic to "Keystone MidCycle this week, no IRC meeting."15:08
*** ankita_wagh has joined #openstack-keystone15:08
* marekd #yay15:09
dims_morganfainberg: is this the current etherpad for mid-cycle?
bknudsonI wonder where I'm supposed to show up on Wed.15:13
bknudsonI'll be in the area, so I would just wander around15:13
dims_bknudson: i was going to ask the same question :)15:13
* morganfainberg points to ayoung15:13
dims_and what time do we start :)15:13
morganfainbergask him15:13
bknudsondims_: is there a good coffee shop around there?15:14
morganfainbergdims_: and yes that is the etherpad afaik15:14
lbragstadbknudson: dims_ I'd be up for some coffee15:14
*** afazekas has quit IRC15:15
*** jaosorior has quit IRC15:16
ayoungI got points?  Cool!15:16
dims_lbragstad: bknudson:
ayoungyes there is bknudson15:16
lbragstadoh, cool.. that's really close15:17
lbragstadwhen is everyone getting into Boston?15:17
dims_ayoung: we are all eagerly waiting for the location and time :)15:17
dims_lbragstad: am commuting :)15:18
lbragstadI'll be in town sometime tomorrow afternoon15:18
bknudsonlbragstad: me too15:19
morganfainbergi'll be landing tomorrow evening15:19
*** rwsu has joined #openstack-keystone15:19
bknudsonflight arrives at 1:4515:19
bknudsonassuming the weather is ok15:20
lbragstadbknudson: I land at 2:2815:20
lbragstadLogan Intl15:20
*** markvoelker has joined #openstack-keystone15:20
bknudsonlbragstad: I can wait around. what's the flight?15:20
lbragstadUS Airways 177815:21
bknudsonlbragstad: I'm on delta 818, in case you get there first15:21
lbragstadbknudson: noted15:22
lbragstadbknudson: what hotel?15:22
*** markvoelker_ has quit IRC15:22
lbragstadHyatt Regency Cambridge?15:22
ayoungshould we all plan on meeting up tomorrow night?15:22
bknudsonlbragstad: yep, that's it15:22
ayoung9 AM start time15:22
lbragstadbknudson: cool! maybe we can split a cab15:23
lbragstadI'd also wait around if anyone else is getting in around that itme'15:23
ayoungmorganfainberg, do you have an agenda, or do you want me to write it up?15:23
*** markvoelker has quit IRC15:23
morganfainbergayoung: I don't have an agenda15:23
lbragstadayoung: I'd be happy to meet up tomorrow night and start preparing15:23
morganfainbergthe agenda is "do things that we need"15:23
ayoungmeet in the hotel bar/restaurant in the Hyatt15:24
* morganfainberg isn't at the hyatt...they were out of rooms.15:24
lbragstadayoung: time, or are we just going to troll the twitter-sphere15:24
morganfainbergoh just tuesday... hm. maybe i should switch hotels after tuesday...15:26
morganfainbergthat hyatt is way less than the one i'm at...15:26
ayoungmorganfainberg, where are you staying Tuesday night?15:26
* morganfainberg facepalms, nope... prepaid teh hotel for the stya15:27
morganfainbergayoung: sheraton15:27
morganfainbergayoung: other side of the river - ~2mi from BU15:27
bknudsonmust be really fancy15:27
chenhongmorganfainberg: hi, it seems dstanek is not available now. Do you have time to review my two changs?15:27
morganfainbergbknudson: eh, it was about the same as everything in the HP travel system.15:27
*** jsavak has quit IRC15:27
ayoungmorganfainberg, Sheraton Boston, at the Hynes?15:27
morganfainbergayoung: uhm... think so15:28
* morganfainberg shrugs.15:28
morganfainbergi just booked the less expensive of the hotels.15:28
morganfainbergthat could do the entire tues->sat for me15:28
ayoungmorganfainberg, if the majhority of people are in the Hyatt Cambridge, lets meet up there.  Fewer moving pieces.  Dump your bags an either walk or T on over.  Let me look into Citi bike, too.15:29
morganfainbergayoung: was going to do either bike or uber over.15:29
dims_ayoung: how about wed morning?15:30
ayoungmorganfainberg, not worth Uber.  two stops on the Green Line (c I think)  and then walk across the bridge.  Bike is awesome, but not sure if iuts well established in Boston yet15:30
ayoungdims_, where are you coming in from?15:30
morganfainbergayoung: we'll see how lazy I am an how much uber costs :P15:30
morganfainbergi'm not there yet.15:30
dims_ayoung: Sharon, MA. far south. i'll take the commuter then green line over15:30
stevemarmorganfainberg: ayoung so we're having a team movie night on friday to watch ant man right?15:31
ayoungdims_, ah, excellent15:31
ayoungWe used to beat up the Sharon kids15:31
morganfainbergstevemar: uh... *shrug*15:31
marekdstevemar: ant man?15:31
* ayoung grew up in S-TOUGH-ton15:31
marekdstevemar: uh, i am leaving friday evening :/15:31
dims_hadn't heard that :)15:31
stevemarme too, but not til 10ish15:31
ayoungmorganfainberg, just bring your own helm15:31
marekdstevemar: i have flight at 9.30pm15:31
morganfainbergi was going to rend a road bike for the whole trip... but figured it wasn't worth it.15:32
morganfainberggoing to be indoors too much15:32
stevemarmarekd: oh wait, my flight departs at 8:5515:32
morganfainbergayoung: it's sad, the weather in boston is going to be less humid and cooler than the weather in pasadena15:32
*** thedodd has joined #openstack-keystone15:32
stevemarmarekd: looks like we'll be airport travel buddies!15:32
morganfainberg~80% humidity here :(15:32
marekdstevemar: couldn't ask for a better buddy (no sarcasm!)15:32
ayoungmorganfainberg, its really nice here right now.  Took the kids to an outdoor pool last two days.15:33
morganfainbergayoung: no doubt.15:33
ayoungmorganfainberg, looks like Hubway is da kine15:33
morganfainbergayoung: yeah i miht do hubway... i should buy an el-cheapo helmet though.15:34
ayoungThere are two near your hotel, and guessing that they will be full in the morning15:34
dims_ayoung: 111 Cummington Mall (MCS Building) on wed?15:34
morganfainbergi don't trust taking my nice helmet with me.15:34
ayoungmorganfainberg, temped to learn how to make my own.  Use that spray foam or something15:34
*** jsavak has joined #openstack-keystone15:34
ayoungdims_, yeah15:34
morganfainbergayoung: not worth it. if you miss on making it, you'll have a bad time in a crash15:35
ayoungdims_, trying to find the actual room, it is up on 5.  I'll print up some sings to direct people15:35
dims_guess we start around 9 AM?15:35
ayoungmorganfainberg, yeah15:35
morganfainbergayoung: and, lets be fair, we need you to be able to still program / think15:35
dims_ayoung: thanks!15:35
ayoungmorganfainberg, I'll be biking in from Arlington.  I'll have my real bike and Helmet.15:35
morganfainbergyou're not sitting on a transcon flight15:36
ayoungBut I need to borrow one in NYC last week15:36
morganfainbergif it wasn't a transcon i'd totally be doing a nice road bike there :(15:36
ayoungmorganfainberg, yeah...just not sure if there is such a thing as "el cheepo:"  when if comes to helms15:36
*** toddnni has quit IRC15:36
*** radez_g0n3 has quit IRC15:36
*** miguelgrinberg has quit IRC15:36
*** cinerama has quit IRC15:36
*** mordred has quit IRC15:36
*** lars1 has quit IRC15:36
*** Dave has quit IRC15:36
*** nonameentername has quit IRC15:36
*** mitz_ has quit IRC15:36
*** hugokuo has quit IRC15:36
*** mkoderer has quit IRC15:36
*** kragniz has quit IRC15:36
*** charz has quit IRC15:36
*** Zanatoz has quit IRC15:36
*** gsilvis has quit IRC15:36
*** chmouel has quit IRC15:36
*** cburgess has quit IRC15:36
*** telemonster has quit IRC15:36
*** tristanC has quit IRC15:36
*** 18VAACHA6 has quit IRC15:36
*** grantbow has quit IRC15:36
*** kragniz has joined #openstack-keystone15:37
ayoungmorganfainberg, want me to try and scare you up a real bike?15:37
*** Dave has joined #openstack-keystone15:37
*** gsilvis has joined #openstack-keystone15:37
*** Zanatoz has joined #openstack-keystone15:37
*** tristanC has joined #openstack-keystone15:37
*** lars1 has joined #openstack-keystone15:37
dims_ooo, netsplit15:37
*** telemonster has joined #openstack-keystone15:37
*** radez_g0n3 has joined #openstack-keystone15:37
*** dan_ has joined #openstack-keystone15:37
*** radez_g0n3 has quit IRC15:37
*** radez_g0n3 has joined #openstack-keystone15:37
*** nonameentername has joined #openstack-keystone15:37
*** mkoderer has joined #openstack-keystone15:37
*** mitz has joined #openstack-keystone15:37
*** cburgess has joined #openstack-keystone15:37
*** cinerama has joined #openstack-keystone15:37
*** mordred has joined #openstack-keystone15:37
*** miguelgrinberg_ has joined #openstack-keystone15:37
*** toddnni has joined #openstack-keystone15:37
*** dan_ is now known as Guest1054915:37
morganfainbergayoung: all bike helmets have the same crash rating [if they are certified]15:37
morganfainbergayoung: the cost just is about airflow / etc15:37
*** charz has joined #openstack-keystone15:37
*** chmouel has joined #openstack-keystone15:37
ayoungmorganfainberg, define "el cheapo" then, cuz I wasn't able to find anything belo $6015:38
*** pcaruana has quit IRC15:38
*** hugokuo has joined #openstack-keystone15:38
dims_ayoung: google maps points to "Physics Research Bldg"15:39
*** rm_work is now known as rm_work|away15:39
ayoungdims_, it has many names15:39
dims_ah ok15:39
gsilvisit's the Physics Research Building, but also the Biology Research Building (conjoined)15:40
*** __morgan__ has joined #openstack-keystone15:41
__morgan__ok sooo...15:41
__morgan__irccloud just died.15:41
__morgan__ayoung: so helmets, the cheap ones (~$50?) are just less airflow than the pricy ones15:42
__morgan__they're really all the same protection15:42
morganfainberg... test ...15:43
ayoungmorganfainberg, what do we need to cover: spec reviews, malingering code reviews....15:43
*** christx2 has quit IRC15:43
__morgan__ayoung: i think mostly the malingering code stuff15:43
__morgan__specs for the key featuee things people are working on15:44
ayoung__morgan__, somewhere we have an attendence etherpad15:44
__morgan__ayoung: on the wiki15:44
__morgan__ayoung: afaik15:44
morganfainbergayoung: i can rent one easily15:49
*** __morgan__ has quit IRC15:49
*** __morgan__ has joined #openstack-keystone15:49
__morgan__ayoung: easy to rent one...15:50
__morgan__ayoung: just not sure if I want to worry about securing it etc.15:50
*** ankita_wagh has quit IRC15:51
*** morganfainberg has quit IRC15:51
*** morganfainberg has joined #openstack-keystone15:52
*** ChanServ sets mode: +v morganfainberg15:52
morganfainbergoh hey15:54
morganfainbergthis is working again15:55
*** fhubik has quit IRC15:56
*** jsavak has quit IRC15:56
*** diazjf has joined #openstack-keystone15:56
*** jsavak has joined #openstack-keystone15:57
lbragstadmarekd: around?15:58
marekdlbragstad: not for long, but yes15:59
*** mabrams has left #openstack-keystone15:59
lbragstadmarekd: alright, just a super quick question16:00
marekdlbragstad: sure.16:00
morganfainbergbrutal netsplit going on16:00
lbragstadmarekd: I can generate my metadata from my keystone service provider16:00
lbragstadmarekd:  those docs don't necessarily say how to upload that metadata to a Keystone IDP16:01
marekdlbragstad: we don't upload this to Keystone-IdP16:01
*** jsavak has quit IRC16:01
lbragstadmarekd: so this step wget --no-check-certificate -O <name of the file> ?16:01
lbragstadbecause the docs say 'Upload your Service Provider’s Metadata file to your Identity Provider. This step depends on your Identity Provider choice and is not covered here.'16:01
*** jsavak has joined #openstack-keystone16:02
ayoungtopol's on site16:03
marekdlbragstad: this is generally true when you setup your Keystone-SP and federate it with a 1-st class IdP (Shibboleth IdP, ADFS or so). Then you will very likely need to hand such metadata to the IdP. In case of K2K and Keystone-IdP we don't do this - Keystone-idp iis just not a fully fledged IdP.16:03
*** gyee has joined #openstack-keystone16:03
*** arunkant has joined #openstack-keystone16:03
*** ChanServ sets mode: +v gyee16:03
marekdlbragstad: but remember that even in K2K, you need Metadata generated by Keystone-idp, and you need to upload this to Keystone-sp.16:03
lbragstadmarekd: ok, so I have it backwards16:04
marekdlbragstad: normally it's two way metadata exvhange16:04
lbragstadI need to generate the metadata from the idp and then upload it to the sp16:04
marekdlbragstad: in k2k yes.16:04
lbragstadmarekd: in k2k it's only one way16:04
marekdlbragstad: yes.16:04
lbragstadmarekd: ok, cool. so on the keystone idp i do a `$ keystone-manage saml_idp_metadata > /etc/keystone/saml2_idp_metadata.xml`16:05
marekdnormal federation : sp->idp AND idp->sp16:05
marekdk2k: idp->sp16:05
lbragstadand then I place /etc/keystone/saml2_idp_metadata.xml on the keystone sp node16:05
marekdlbragstad: you can place it, very often sp just queries some URL that you specify, and this is also available on Keystone.16:06
marekdsuch link would be...(let me check)16:06
*** annasort has joined #openstack-keystone16:06
lbragstadmarekd: so I put that URL in the shibboleth2.xml file on the service provider16:07
marekdlbragstad: yep16:07
lbragstadmarekd: so the service provider knows where to get the metadata from the idp16:07
lbragstadmarekd: thanks for your help16:08
marekdlbragstad: no worries!16:08
marekdlbragstad: remember, that this week we fix fedfernet tokens :P16:08
lbragstadmarekd: let me give this a shot, I'm working on adding a federation branch to keystone deploy so we can test federated k2k from source16:08
lbragstadmarekd: ++, that's why I want to get this done before the midcycle so that we can use it16:08
marekdi will prepare some machines before i leave tomorrow. Hopefully the internet connectivity will be ok, as we will need to work on VMs in Europe.16:09
marekdok, need to run. cheers!16:09
lbragstadmarekd: sounds good!16:10
*** arunkant has quit IRC16:10
*** mylu has quit IRC16:10
chenhonghi, could somebody review my two changes. There are almost approved, but need core to review them.16:10
chenhong and
*** mylu has joined #openstack-keystone16:11
chenhonggyee: hi16:13
ayoungchenhong, can you get the typo
ayoungI'll look through the rest of it, but I assume it is just moving code?16:14
gyeechenhong, looking16:15
chenhongayoung: The first change need the assignment helper functions from test_v3_assignments16:15
ayoungchenhong, the first change is just a move, right?16:15
ayoungwondering how the type got in there16:16
chenhongayoung: So, dstanek suggested me to move them up. Yes, just move16:16
*** miguelgrinberg_ is now known as miguelgrinberg16:16
gyeechenhong, found a small typo on the first patch16:16
gyeeyou want to push another patch?16:16
ayoungand that is a new commnet.  Rest of the patch looks good16:16
chenhongayoung: That's a typo. I fix it now16:17
ayoungchenhong, thanks.  JHave to +2 and have it get dropped due to a typo16:17
chenhongayound: I will fix it right now. Can you look it again later?16:17
gyeeayoung, a non-technical question, are the Ts from airport running all night?16:17
ayounggyee, fairly late.  What time do you arrive?16:18
ayoungchenhong, just ping me when its fixed16:19
gyeeayoung, 10:30pm-ish16:19
chenhongayoung: thanks.16:20
*** mylu has quit IRC16:20
*** chenhong has quit IRC16:20
*** chenhong has joined #openstack-keystone16:21
chenhongwhat abount the second change? Is it all right?16:21
gyeesecond change looks good16:21
gsilvisgyee: the T runs a little past midnight, but not all night16:21
*** e0ne has quit IRC16:21
*** mgarza_ has joined #openstack-keystone16:22
gyeegsilvis, thanks for the info16:22
gsilvisgyee: no problem16:22
samueldmqayoung: hey16:23
* morganfainberg wonders if seat upgrade will happen for flight tomorrow.16:24
ayounggyee, you should be fine16:24
samueldmqayoung: this morning I got very excited when testing the patches for ksmiddleware + oslo.policy16:24
gyeemorganfainberg, first class huh? ^^16:24
ayoungsamueldmq, this morning has mee frantically preparintg for the midcycle, as well as trying to test federation with sssd16:24
samueldmqayoung: I do a change in a policy, update that in keystone, and that affects glance enforcement ;-)16:24
morganfainberggyee: i'm 3rd on the upgrade list atm - and 6 open seats16:24
ayoungsamueldmq, that is how it is supposed to work,  cool16:25
openstackgerritChenhong Liu proposed openstack/keystone: Centralizing build_role_assignment_* functions
samueldmqayoung: yeah, but for now I set middleware to fetch a policy by id .. since I can't do by endpoint_id (lack of support in ksclient)16:25
ayoungsamueldmq  its a start16:25
ayoungsamueldmq, but I kinda want ids to be immutable16:26
samueldmqayoung: aren't they today already ?16:26
morganfainberggyee: it's a 737 though, so really it's just businessclass upgrade not the super nice lay-flat 1st class thing16:26
ayoungI kinda want ids to be a sha25616:26
*** ankita_wagh has joined #openstack-keystone16:26
openstackgerritChenhong Liu proposed openstack/keystone: Add testcases for list_role_assignments of v3 domains
*** mylu has joined #openstack-keystone16:26
morganfainbergayoung: lets use a ASN1 signature /s16:27
morganfainbergayoung: as the id...16:27
ayoungmorganfainberg, I suspect you are not joking16:27
*** ankita_wagh has quit IRC16:27
morganfainbergayoung: i am joking16:28
morganfainbergayoung: it would be awful to use as an id.16:28
*** ankita_wagh has joined #openstack-keystone16:28
chenhongayoung: ping. The new patch sets are submitted16:28
ayoungmorganfainberg, I'd like to make is the SHA256, and that way we can: identity two different things that need the same policy as actually using the same policy16:28
ayoungchenhong, +2 on the first16:28
*** edmondsw has quit IRC16:29
ayounggyee, care to kick that one is trivial16:29
morganfainbergayoung: sure.16:29
ayoungand a good refactoring ,suggested by dstanek16:29
gyeeayoung, yes, waiting on jenkins16:29
morganfainbergayoung: and it at least is something we can "know" before upload16:29
morganfainbergso covers my concern16:29
ayounggyee, no need to wait on jenkis.  If Jenkins doesn;t like it, it will reject it.16:29
gyeeayoung, k16:29
chenhongThanks to all of you.16:29
ayoungand we are not in crazy merge deadlines right now16:29
gyeemorganfainberg, you staying in the Hyatt too?16:30
morganfainberggyee: no16:30
ayoungchenhong, did we really not have any tests for these>?16:31
morganfainberggyee: they were booked up =/16:31
morganfainberggyee: staying at the sheraton.16:31
gyeelooks like it will be rain most of next week16:31
gyeewalking in the rain will be fun :)16:31
chenhongayoung: When I wrote these test cases in early June, we didn't have any.16:31
lbragstad\o/ gyee that's a good thing16:31
*** _cjones_ has joined #openstack-keystone16:31
lbragstadthen i can use my awesome openstack rain jacket from Vancouver16:32
*** grantbow has joined #openstack-keystone16:32
*** grantbow has joined #openstack-keystone16:32
gyeelbragstad, good idea!16:32
ayoungchenhong, the tests are good, but I bet you looked in the wrong place.16:32
lbragstadgyee: it was like it was planned!16:32
chenhongayoung: As I always following review in keystone, we still have none.16:32
ayoungwilling to let these go in anyway, but let me see...16:32
morganfainbergayoung: i was pondering doing a rental from:
morganfainbergayoung: but that gets pricy for just "wandering" aroudn the city16:32
morganfainbergayoung: i think the one you linked (citybike equiv) before is the best bet16:33
ayoungmorganfainberg, there are bike racks/ locks right outside the Physics building16:33
morganfainbergayoung: but $100/day is pricy for ~2mi16:33
gyeelbragstad, all in the grand plan16:33
ayoungHub bikes are clunky, but they will get you around16:33
morganfainbergi don't think i'll get a real ride in16:33
ayoungmorganfainberg, when do you flee?16:33
morganfainbergayoung: sat. morning16:33
morganfainbergi think16:33
* morganfainberg checks16:33
lbragstadI'm tempted to try and get a run in16:33
chenhongayoung: Does any other place have these test cases?16:33
ayoungmorganfainberg, ooooh, we can get you a bike ride in, then16:33
morganfainbergyeah 750am saturday16:34
lbragstadayoung: any recommendations? ^16:34
ayounglbragstad, for bike rides?16:34
*** krykowski has quit IRC16:34
ayounglbragstad, for run, esplanade16:34
lbragstadayoung: just running16:34
ayounglbragstad, along the river, north or south,  good run routes16:34
morganfainbergayoung: i wont get my ~100mi of riding in this week :( but i'll get at least 20 today16:34
lbragstadayoung: ++ thanks!16:34
*** jsavak has quit IRC16:35
*** kiran-r has joined #openstack-keystone16:35
samueldmqmorganfainberg: ayoung actually ... if we keep the policy by endpoints (it doesn't matter if we get the id by look up with the URL), the deployer'd need the id to associate the policy to the endpoint :(16:35
morganfainbergayoung: but if you think there would *actually* be time for a real ride i'll pack my shoes and other things.16:35
*** jsavak has joined #openstack-keystone16:35
ayounglbragstad, see up where is says fresh pond?  That is where I will be coming from16:35
lbragstadayoung: oh man...16:35
samueldmqayoung: morganfainberg I meant policy by endpoint id16:35
ayoungmorganfainberg, Friday night, after the closing ceremonies.  Big loop around the river16:36
ayoungsamueldmq, so, on endpoint ID, ... I think we can calculate, based one the URL.   What if we do this:16:36
lbragstadayoung: this is perfect, thanks16:36
morganfainbergayoung: hm.. i'll toss my shoes in the bag. prob should toss the pedals in too.16:36
ayoungadmin user queries the entire service catalog from Keystone, once16:36
ayounglooks through the endpoints, pulls out the URLS16:36
ayoungand looks for one that gives a"python string startswith" match of the current URL16:37
gyeelbragstad, what's your pace? 8min/mile?16:37
lbragstadgyee: depends on if I'm training for anything ;)16:37
ayoungmorganfainberg, I have a bigger bike map somewhere, too16:37
* morganfainberg needs to start running...16:37
lbragstadgyee: wanna join?16:38
samueldmqayoung: that's not covering morgan's requirement .. we still need to look up the ids at keystone this way16:38
gyeeI am about 10min/mile16:38
gyeegettin old16:38
lbragstadgyee: that works for me16:38
* morganfainberg wonders if convincing lbragstad to do a 70.3 would be possible.16:38
*** anhhuynx has joined #openstack-keystone16:38
samueldmqayoung: and we'll always need if we do policy by endpoint_id16:38
*** raildo has quit IRC16:38
morganfainberggyee: whats a 10min/mile pace like?16:38
lbragstadmorganfainberg: maybe after a beer or two you could talk me into it16:38
morganfainbergi've not been running in a looong time16:38
ayoungsamueldmq, what requreiment?16:38
gyeemorganfainberg, snaily16:38
lbragstadgyee: I'll start training for the SA half in about 8 weeks16:39
morganfainberglbragstad: the question is could i convince you and would i just need to keep feeding you beer to keep you convinced?16:39
samueldmqayoung: to be able to configura the dynamic policy based on an info known a priori, like URL16:39
morganfainberglbragstad: and do you cycle/swim at all16:39
openstackgerritSolomon proposed openstack/keystone: Adds script that checks for etc/keystone.conf
lbragstadmorganfainberg: nope, been looking at bikes but haven't pull the trigger yet.16:39
lbragstadmorganfainberg: just lots of running...16:39
morganfainberglbragstad: 1.2-mile swim, 56-mile bike ride, 13.1 mile run16:40
openstackgerritFernando Diaz proposed openstack/keystone: Adding Documentation for Mapping Combinations
morganfainberglbragstad: (in that order)16:40
lbragstadmorganfainberg: so a half iron man16:40
*** christx2 has joined #openstack-keystone16:40
morganfainberglbragstad: yep16:40
lbragstadmorganfainberg: I'd do that16:40
morganfainberglbragstad: 70.3 miles16:40
*** TheIntern has quit IRC16:40
morganfainberglbragstad: nice. my goal is to pick one to sign up for towards the end of this year16:40
gyeesomebody call an ambulance for me at about 20 miles in :)16:41
morganfainbergthe entrance fees are pricy.16:41
morganfainberglike $300-50016:41
ayoungsamueldmq, this is all known A-priori...16:41
lbragstadmorganfainberg: yeah, they are...16:41
*** chenhong has quit IRC16:41
lbragstadgyee: that's where I usually start to give out...16:41
ayoungsamueldmq, if a request makes it through the middleware, it will be the right URL16:41
*** chenhong has joined #openstack-keystone16:41
morganfainberglbragstad: i just bought my tri bike ;)16:41
lbragstadmorganfainberg: nice!16:41
ayoungso, lets say that the CMS, once it registers the endpoint with Keystone, just needs to do a wget of the discovery URL:16:42
samueldmqayoung: the fetch will be automatic .. but the OS-ENDPOINT-POLICY tells us we need endpoint_ids to associate16:42
*** christx2 has quit IRC16:42
*** christx2 has joined #openstack-keystone16:42
ayoungwith that URL, passed in to keystone middleware,  we can select the endpoint16:42
morganfainberglbragstad: ^^16:42
ayoungmorganfainberg, is ^^ right?16:42
morganfainbergayoung: reading16:43
ayoungmorganfainberg, if a user hits the endpoint,  will the "*right*  URL be passed in?16:43
lbragstadmorganfainberg: <3 awesome16:43
gyeenice bike!16:43
morganfainberglbragstad: haven't put the 404s on it yet or the electronic shifters.16:43
morganfainberglbragstad: but it's awesome.16:43
ayoungso, say it does a request for  http://nova:port/someurl  and that is protected by auth token middleware, would ATM get http://nova:port/someurl16:43
ayoungeven if it is through a load balancer, etc?16:43
morganfainbergayoung: yeah we might have an issue there16:44
ayoungmorganfainberg, do the URLs get rewritten?16:44
morganfainbergayoung: so, the request URL shouldn't be rewritten in most cases, but there is no guarantee16:44
ayoungI mean, the user requests that, I would think that the load balancer might mcuk with the IP address.16:44
morganfainbergayoung: depends on the loadbalancer16:44
ayoungbut not the Hostname16:44
morganfainbergayoung: hostname might be mucked with too16:44
morganfainbergthink non-reverse proxy16:45
anhhuynxmorganfainberg: I'm having an issue with this bug where the test script is doing it correctly but you cannot do it the normal method16:45
openstackLaunchpad bug 1473489 in Keystone "Identity API v3 does not accept more than one query parameter" [Medium,Triaged] - Assigned to Anh Huynh (anhx-huynh)16:45
morganfainberganhhuynx: that is the challenge with some of these bugs :(16:45
ayoungmorganfainberg, "non-reverse proxy" would actually rewrite the contents of the HTTP request, not just the packet Header?16:45
anhhuynxmorganfainberg: why would the test do it correctly?16:45
anhhuynxmorganfainberg: do the tests run on separate methods?16:46
morganfainbergayoung: it wouldn't proxy the request - it would make a new request to [backend_host]/<back_end_path>16:46
morganfainbergayoung: people do L7 load balancing all the time16:46
morganfainbergayoung: esp. if SSL is terminated at the LB16:46
stevemartheres a random "please describe" field when registering for summit16:46
morganfainberganhhuynx: it could run through a slightly different code path16:46
morganfainberganhhuynx: this is why we're trying to move to "functional" testing16:46
morganfainbergrather than trying to wedge the whole server into the test framework as well16:47
ayoungmorganfainberg, so in those cases, the original URL requested is not preserved?  That seems like it violates a spec or two16:47
gyeestevemar, yeah, just put some random shit in there16:47
morganfainberganhhuynx: we(you and the rest of us) are going to also need to debug the tests.16:47
stevemargyee: yeah, i did16:47
lbragstadstevemar: you bringing your shoes to Boston?16:47
morganfainbergayoung: nope, totally valid to terminate the user request and make a new request to the backend16:47
stevemari wasn't planning on going barefoor16:47
morganfainbergayoung: you can do any level of rewriting at that point.16:48
ayoungmorganfainberg, yeah, that is true.  Just unfriendly16:48
gyeestevemar, heh16:48
morganfainbergayoung: and people do it.16:48
morganfainbergayoung: so you're 100% spot on, can't assume URL is sane unless we just hard-code the URL into the config and pass that as the "get-policy" identifier16:48
morganfainbergs/hard code/specify16:48
lbragstadstevemar: damn...16:48
ayoungmorganfainberg, so, we could do autodiscovery of endpoint in the normal case, and fallback to requireing URL as a config value in the reverse proxy case16:49
stevemarlbragstad: lol what were you referring to? i'm lost16:49
lbragstadstevemar: running shoes?16:49
morganfainbergayoung: reverse proxy should be mostly ok, it's when you do full L7 balancing/termination+new request16:49
stevemarlbragstad: are we all running? is that a thing we're trying to organize?16:49
gyeestevemar, I actually do zero-drop these days16:50
ayoungmorganfainberg, so lets start with the reverse proxy working case, and fall back to explicit url?16:50
morganfainbergayoung: yeah thats fine.16:50
anhhuynxmorganfainberg: you think it's better for me to try and fix my bug without messing with the tests?16:50
morganfainbergayoung: direct access/reverse proxy|explicit url16:50
lbragstadstevemar: I was thinking about going for one, ayoung had a map of some cool trails16:50
stevemarlbragstad: i'm slow AF16:51
morganfainberganhhuynx: you're going to need tests anyway - so we can fix the bug, but we need to ensure we don't regress16:51
stevemari'll bring a pair, we can try for tuesday?16:51
lbragstadstevemar: sure!16:51
stevemarget ready for some heavy breathing and old man slowness16:51
*** raildo has joined #openstack-keystone16:52
lbragstadstevemar: lol, i'm just excited because it's not texas heat16:52
stevemartrue that16:52
samueldmqayoung: what do you need to put me as a speaker of the policy thing at the summit as well ?16:52
samueldmqayoung: is it just my profile in ? (
ayoungsamueldmq, I think so...let me see16:53
morganfainberglbragstad: i'll toss in a pair of running shoes as well. just expect my running fitness to be *bad* compared to cycling.16:53
anhhuynxmorganfainberg: how can we use the tests against regression if they have bugs in them?16:54
stevemarmorganfainberg: i expect my any fitness to be bad compared to anything16:54
stevemarunless we're playing baseball, then i'll school you all :P16:55
morganfainbergstevemar: see i don't play baseball... so I'm safe there16:55
gyeeyou mean video game? :)16:55
ayoungsamueldmq, what is your current title and affiliation?16:56
morganfainberganhhuynx: figuring out why the test don't behave the same way is just as important as fixing the bugs. then we can confirm no regressions16:56
samueldmqayoung: not sure we have specific titles .. just put 'Software Engineer' and affiliation 'HP / Distributed Systems Laboratory'16:58
samueldmqayoung: is that something that can be updated later ?16:58
samueldmqmorganfainberg: about the sfe for dynamic policies ? what is the next step ?16:59
*** spandhe has joined #openstack-keystone16:59
samueldmqmorganfainberg: have to have a vote in the meeting ? wait to be decided in the midcycle ?17:00
morganfainbergsamueldmq: having the cores respond to the email and say "yes/no"17:00
morganfainbergsamueldmq: or voice concerns17:00
samueldmqmorganfainberg: k I will do a request for votes in the meeting tomorrow .. since nobody responded so far17:00
samueldmqsounds right ?17:00
morganfainbergwont be a meeting tomorrow :P17:00
morganfainbergpoke the cores today! :)17:01
samueldmqso I guess I won't ask at the meeting tomorrow17:01
morganfainbergmost of us are travelling tomorrow17:01
samueldmqayoung: editing right now .. thanks a ton17:02
*** tqtran-afk has joined #openstack-keystone17:05
*** topol has joined #openstack-keystone17:05
*** ChanServ sets mode: +v topol17:05
*** vilobhmm has joined #openstack-keystone17:05
*** tqtran-afk is now known as tqtran17:05
anhhuynxmorganfainberg: there's this weird behavior with the test script where if I run pdb on it long enough just looking at stuffs and not modifying anything the script would actually fail17:06
samueldmqayoung: am I presenting 'Using Kerberos in OpenStack' as well ?17:07
dstanekchenhong: hi17:08
chenhongdstanek: hi.17:09
chenhongdstanek: I looked for you to review my changes. But ayoung and gyee already reviewed them. Are you back from vacation?17:10
ayoungsamueldmq, did I put you on the wrong one?17:10
samueldmqayoung: you've put me on both17:10
ayoungsamueldmq, you want to talk about Kerberos?17:10
*** jsavak has quit IRC17:11
samueldmqayoung: if I can learn what it is until tokyo I'd be happy to practice my presentation skills17:11
ayoungsamueldmq, nah, I asked marekd if he wants to, but jhe hasn't responded yet17:12
samueldmqayoung: k wfm17:12
samueldmqand now that's time!17:12
samueldmqkeystone cores: could you please place your vote on the SFE for Dynamic Policies request by responding to ?17:12
ayoungsamueldmq, I think you are only on the one, now.  Let me see if it added you to the lab as well17:12
samueldmqdolphm: ayoung bknudson dstanek gyee henrynash jamielennox marekd morganfainberg  stevemar topol ^^ please vote on the SFE for dynamic policies17:13
dstanekchenhong: yeah, my vacation was just i've been closing open loops because I'll be traveling to Boston tomorrow17:13
*** TheIntern has joined #openstack-keystone17:13
*** marzif_ has quit IRC17:13
chenhongdstanek: You all going to Boston for mid cycle sprint17:13
chenhongwith all you of have enjoy the sprint17:14
chenhongwith all of you enjoy the sprint17:15
ayoungGAH, openstack meetup is Thursdan, not Wednesday.17:15
*** ankita_w_ has joined #openstack-keystone17:16
*** ankita_wagh has quit IRC17:16
*** jsavak has joined #openstack-keystone17:17
gyeesamueldmq, morganfainberg, how do I vote? just do a reply all?17:17
morganfainberggyee: yes.17:18
morganfainberggyee: plus comments/concerns/etc17:18
gyeemeet-up starts on Thursday?!17:18
*** browne has quit IRC17:18
gyeejust Thursday and Friday then?17:18
gyeewhat's the difference between SFE and FFE?17:20
samueldmqgyee: Spec Freeze Exception is keystone internal .. we've decided to adopt that17:21
dstanekchenhong: yep, mid-cycling.17:21
*** jkomg has joined #openstack-keystone17:21
samueldmqgyee: FFE is something defined by the foundation for all the projects I think17:21
*** afaranha has joined #openstack-keystone17:21
samueldmqgyee: that's as far as I can tell you :-)17:21
*** afaranha has left #openstack-keystone17:21
gyeesamueldmq, yeah, I just saw the email17:22
stevemarayoung: whats this now? thursday and friday?17:22
* gyee still catching up17:22
samueldmqgyee: :)17:22
gyeeWed is clam chowder tasting day!17:22
morganfainbergstevemar: friday is "we swear we're not goofing off" day17:23
zzzeekmorganfainberg: heya, do you have any immediate insight on where I should look regarding this failure?
ayounggyee, I think that is appropriate17:24
morganfainbergzzzeek: that is an old version of oslo_config i think17:24
zzzeekmorganfainberg: OK so…why is a brand new tox getting it?17:24
morganfainbergzzzeek: oh wait17:24
morganfainbergthat is a config option hasn't been registered yet17:25
morganfainbergand someone is trying to reference it17:25
zzzeekmorganfainberg: i suspect a different test is setting this up and because im only running a handful of tests, it isn there17:25
zzzeeke.g. bug17:25
*** chenhong has quit IRC17:25
morganfainbergzzzeek: we have some issues where tests are not... well setup.17:25
morganfainbergit's a WIP to fix them all17:25
*** vilobhmm has left #openstack-keystone17:25
zzzeekmorganfainberg: this started appearing in the past couple of weeks17:25
zzzeekmorganfainberg: OK so i can post a launchpad bug at least17:26
morganfainbergzzzeek: =/ not sure off the top of my head, but i'd say it's likely that a test isnt isolated and not doing the proper setup17:27
morganfainbergzzzeek: yean LP bug for sure.17:27
*** iamjarvo has joined #openstack-keystone17:31
*** jistr has quit IRC17:31
samueldmqayoung: would be something like 'release immediately' for a policy be useful17:32
*** ayoung is now known as ayoung-onfire17:33
ayoung-onfiresamueldmq, just got pulled into something17:33
samueldmqayoung: then we'd include a specific header for tokens which include endpoints that use that policy17:33
samueldmqayoung-onfire: sure :)17:33
*** geoffarnold has joined #openstack-keystone17:34
stevemarbknudson: ping17:34
stevemarbknudson: make sure you remember to bring the keystone dev jacket, we need to swap!17:34
morganfainbergstevemar: did you guys swap jackets by accident?17:35
stevemarmorganfainberg: yep!17:35
stevemari think it was in the mixup of the last day in the keystone half day17:35
stevemarthere were a lot of bags there17:35
stevemari need to write my name on a tag, like my parents did when i was a kid17:36
*** geoffarnold has quit IRC17:37
stevemarthere are like 10 jackets that look the exact same!17:37
*** chlong-afk has quit IRC17:38
*** crc32 has joined #openstack-keystone17:38
*** geoffarnold has joined #openstack-keystone17:40
*** lhcheng has joined #openstack-keystone17:42
*** ChanServ sets mode: +v lhcheng17:42
*** kiran-r has quit IRC17:46
*** jk|osx has joined #openstack-keystone17:49
morganfainbergstevemar: i tried to get IRC nicks on the sleeves...17:51
morganfainbergit didn't work out17:51
bknudsonstevemar: the jacket is in my bag17:51
stevemarbknudson: <317:52
*** jkomg has quit IRC17:53
*** edmondsw has joined #openstack-keystone17:53
lbragstadrodrigods: what config option were you missing here?
openstackLaunchpad bug 1384382 in Keystone "GET /OS-FEDERATION/saml2/metadata does not work" [High,Fix released] - Assigned to Lance Bragstad (lbragstad)17:59
*** browne has joined #openstack-keystone17:59
*** jsavak has quit IRC18:02
*** jsavak has joined #openstack-keystone18:04
openstackgerritBoris Bobrov proposed openstack/keystone: Use migration_cli for db migrations
*** aix has quit IRC18:11
*** shaleh has joined #openstack-keystone18:15
*** __morgan__ has quit IRC18:16
*** geoffarnold has quit IRC18:17
jdandreaIs PKI or UUID the default in Kilo?18:19
*** tellesmvn has joined #openstack-keystone18:19
*** tellesnobrega has quit IRC18:20
*** tellesmvn is now known as tellesnobrega18:20
jdandreagyee: Thx. Did that change from PKI back in ... Icehouse?18:21
morganfainbergjdandrea: yeah. PKI had a lot of issues.18:22
morganfainbergjdandrea: especially around setup and size of tokens18:23
jdandreamorganfainberg: *nodnod*18:23
morganfainbergjdandrea: so, we reverted to uuid default.18:23
jdandreamorganfainberg: Aye, and appreciated!18:23
* jdandrea is doing a bit of historical research. ;)18:23
*** jaosorior has joined #openstack-keystone18:27
*** miguelgrinberg has quit IRC18:28
*** rwsu has quit IRC18:29
*** miguelgrinberg has joined #openstack-keystone18:29
*** miguelgrinberg has quit IRC18:29
*** geoffarnold has joined #openstack-keystone18:29
*** miguelgrinberg has joined #openstack-keystone18:30
jdandreagyee: Ahh, I remember this one now. Thank you!18:35
*** jsavak has quit IRC18:35
*** jsavak has joined #openstack-keystone18:36
*** jk|osx has quit IRC18:38
*** jk|osx has joined #openstack-keystone18:39
*** rm_work|away is now known as rm_work18:54
topolwhere do we vote on the SFE for dynamic policies? here or on the mailing list?18:54
lbragstadwondering if anyone else can reproduce this, I'm trying this on the latest master and I've followed all the steps in the docs, but that call seems to always throw a 40418:54
gyeetopol, mailing list, per morganfainberg18:55
gyeelbragstad, what's your apache keystone conf looks like18:55
*** ekarlso has quit IRC18:56
*** henrynash has quit IRC18:58
*** ekarlso has joined #openstack-keystone18:58
lbragstadgyee: when I hit the idp endpoint, this is what I get
lbragstadgyee: so I'm assuming ssl and all that is set up correctly18:59
gyeelbragstad, check your keystone-paste.ini to make sure federation_extension is in the pipeline18:59
lbragstadgyee: it's in there for [pipeline:api_v3]19:00
lbragstadgyee: so I should be able to access it with https://<idp-ip>/v3/OS-FEDERATION/19:00
gyeeyou getting 404 in which API call?19:01
*** topol has quit IRC19:01
lbragstadgyee: smh...19:02
*** e0ne has joined #openstack-keystone19:02
* lbragstad hangs head... 19:03
lbragstadgyee: thanks19:03
lbragstadlet me see if the tests i have work now19:04
*** ankita_w_ has quit IRC19:05
*** ankita_wagh has joined #openstack-keystone19:07
*** e0ne is now known as e0ne_19:08
*** jk|osx has quit IRC19:08
*** jsavak has quit IRC19:09
*** mylu has quit IRC19:10
*** jsavak has joined #openstack-keystone19:12
*** mylu has joined #openstack-keystone19:14
*** jk|osx has joined #openstack-keystone19:15
*** e0ne_ is now known as e0ne19:22
*** anhhuynx has quit IRC19:25
*** iamjarvo has quit IRC19:29
*** _cjones_ has quit IRC19:37
*** _cjones_ has joined #openstack-keystone19:37
*** petertr7 has joined #openstack-keystone19:44
*** edmondsw has quit IRC19:46
openstackgerritMerged openstack/keystone: Mask passwords in debug log on user password operations
*** marzif_ has joined #openstack-keystone19:52
*** edmondsw has joined #openstack-keystone19:54
*** rwsu has joined #openstack-keystone19:55
*** woodster_ has joined #openstack-keystone19:56
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
*** jkomg has joined #openstack-keystone20:04
*** e0ne is now known as e0ne_20:04
*** e0ne_ is now known as e0ne20:04
stevemarehhh look at my little robot guy, proposing updates20:04
bknudsonstevemar: you should get credit for those20:05
stevemarbknudson: i should!20:05
stevemarshould add  co-authored-by line in the git message!20:05
stevemarit'll ensure i get a summit pass forever20:05
bknudsonthere must have been a release of oslo.messaging ?20:05
jdandreaTrying to use the v3 endpoint to AuthN a v3 token. Suspecting pilot error. Clues/hints welcomed:
stevemarbknudson: just today20:06
stevemarbknudson: dims has been releasing oslo.* today20:06
*** jk|osx has quit IRC20:07
*** mylu has quit IRC20:07
*** mylu has joined #openstack-keystone20:08
stevemarjdandrea: the port is a little funny20:10
stevemarbut the body looks fine20:11
stevemarand thats the right URL20:11
jdandreastevemar: It sure is. That's how the admins set it up. I would have thought 5000.20:11
stevemarjdandrea: yeah, shouldn't be a big deal though20:12
jdandreastevemar: I'm glad to know the body looks good. We just did a token-get to get that but, when we put it back in ... hmm.20:12
jdandreastevemar: Oh! Does the endpoint have to be in keystone's endpoint repository?20:12
jdandrea... because I see that it isn't.20:12
stevemarkeystone's endpoint?20:12
jdandreastevemar: Yes. I only see v2 endpoints listed.20:13
jdandrea(even though I can clearly get at the v3 endpoint)20:13
stevemarthat should be fine too20:13
jdandreaNot sure if that matters. In the past I've had issues with heat and this. Ah, ok. Well now I'm *really* puzzled. :)20:13
jdandreastevemar: Plus notice the error. Could not find token: *47e9ef58909267c90b82f5c081d7c189*20:14
stevemarthe error is def. weird20:14
*** rwsu has quit IRC20:16
*** geoffarnold has quit IRC20:18
*** alex_xu has quit IRC20:18
raildoAnyone know where is the correct place to take my doubts out about tempest tests? I didn't find a tempest channel here =/20:19
*** lifeless has quit IRC20:20
*** alex_xu has joined #openstack-keystone20:21
*** lifeless has joined #openstack-keystone20:21
*** geoffarnold has joined #openstack-keystone20:21
bknudsonraildo: the openstack-qa channel20:22
raildobknudson: thanks :)20:22
*** jamiec has quit IRC20:23
*** jamiec has joined #openstack-keystone20:26
*** dguerri` is now known as dguerri20:27
*** rwsu has joined #openstack-keystone20:29
*** geoffarn_ has joined #openstack-keystone20:31
*** LukeHinds has quit IRC20:32
*** jsavak has quit IRC20:32
*** jsavak has joined #openstack-keystone20:33
*** geoffarnold has quit IRC20:33
*** fangzhou has joined #openstack-keystone20:41
*** geoffarnold has joined #openstack-keystone20:46
jdandreastevemar: Agreed. I'm at a complete loss as to what's going on there. All of the clusters I use locally have UUID token AuthN. This one particular cluster is not in my purview and uses PKI. :/20:48
*** geoffarn_ has quit IRC20:48
*** tellesnobrega has quit IRC20:50
*** tellesmvn has joined #openstack-keystone20:50
*** jsavak has quit IRC20:50
*** tellesmvn is now known as tellesnobrega20:52
*** jkomg has quit IRC20:55
*** jkomg has joined #openstack-keystone20:55
dolphmanyone know why some python unittest tools require a colon between modules and class names, some support periods, and some support both?20:59
stevemarjdandrea: i'm guessing its something PKI related20:59
stevemarjdandrea: file a bug?20:59
*** guest123 has joined #openstack-keystone21:00
dolphmjdandrea: why is there a trailing bracket on your token ID in the request?21:00
*** dguerri is now known as dguerri`21:00
dolphmjdandrea: i suspect your token is invalid, and keystone is failing to look it up by hash21:01
*** tellesnobrega has left #openstack-keystone21:03
*** geoffarn_ has joined #openstack-keystone21:03
*** tellesnobrega has joined #openstack-keystone21:03
*** geoffarnold has quit IRC21:04
*** tellesnobrega has quit IRC21:04
*** tellesnobrega has joined #openstack-keystone21:05
*** raildo has quit IRC21:08
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements
*** geoffarn_ has quit IRC21:10
*** jkomg has quit IRC21:12
openstackgerritSteve Martinelli proposed openstack/keystone: Use oslo.utils intead of home brewed tempfile
*** diazjf has quit IRC21:14
stevemarbknudson: ^21:17
bknudsonstevemar: didn't we just switch to home-brewed template?21:18
stevemarbknudson: yeah, it was an oversight. i thought only keystone was using tempfile - turns out ceilometer and others use it too21:18
stevemarso i put it back in fileutils21:18
bknudsonstevemar: so this requires oslo.utils 1.9.0 ?21:19
bknudsonbut global requirements has 1.6.021:19
bknudsonI mean keystone requirements has 1.6.021:20
stevemaryeah, bknudson someone already proposed a GR upgrade, waiting for that to come down the pipeline21:20
bknudsonstevemar: you can use Depends-On in your patch21:21
openstackgerritSteve Martinelli proposed openstack/keystone: Use oslo.utils intead of home brewed tempfile
openstackgerritSteve Martinelli proposed openstack/keystone: Use oslo.utils instead of home brewed tempfile
*** diazjf has joined #openstack-keystone21:22
*** mylu has quit IRC21:24
*** topol has joined #openstack-keystone21:27
*** ChanServ sets mode: +v topol21:27
*** gordc has quit IRC21:30
*** jkomg has joined #openstack-keystone21:31
*** dims___ has joined #openstack-keystone21:34
*** e0ne has quit IRC21:35
*** dims_ has quit IRC21:35
*** mylu has joined #openstack-keystone21:44
*** diazjf has left #openstack-keystone21:50
openstackgerritguang-yee proposed openstack/keystonemiddleware: Enforce endpoint constraint
*** tsymanczyk has joined #openstack-keystone21:57
openstackgerritBrant Knudson proposed openstack/keystone: Register fatal_deprecations before use
*** mylu has quit IRC21:58
*** albertom has quit IRC21:58
openstackgerritBrant Knudson proposed openstack/keystone: Register fatal_deprecations before use
*** guest123 has quit IRC21:58
*** christx2 has quit IRC21:59
*** petertr7 is now known as petertr7_away22:03
*** albertom has joined #openstack-keystone22:04
openstackgerritguang-yee proposed openstack/keystonemiddleware: Enforce endpoint constraint
*** browne has quit IRC22:10
*** edmondsw has quit IRC22:20
*** bknudson has quit IRC22:23
openstackgerritMerged openstack/keystone: Centralizing build_role_assignment_* functions
*** markvoelker has joined #openstack-keystone22:27
*** markvoelker has quit IRC22:27
*** markvoelker has joined #openstack-keystone22:27
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file
*** hrou has quit IRC22:29
*** dims_ has joined #openstack-keystone22:32
*** stevemar has left #openstack-keystone22:33
*** bradjones has quit IRC22:33
*** dims___ has quit IRC22:35
*** dims__ has joined #openstack-keystone22:46
*** rm_work is now known as rm_work|away22:46
*** thedodd has quit IRC22:49
*** dims_ has quit IRC22:49
*** marzif_ has quit IRC22:50
*** rwsu has quit IRC22:52
*** jecarey has quit IRC22:55
*** dims__ has quit IRC22:56
*** sigmavirus24 is now known as sigmavirus24_awa22:57
openstackgerritMerged openstack/python-keystoneclient: Fixes modules index generated by Sphinx
*** browne has joined #openstack-keystone22:58
*** ankita_wagh has quit IRC22:58
*** TheIntern has quit IRC23:00
*** ankita_wagh has joined #openstack-keystone23:01
*** hrou has joined #openstack-keystone23:03
*** mgarza_ has quit IRC23:12
*** chlong-afk has joined #openstack-keystone23:18
*** darrenc is now known as darrenc_afk23:19
*** thedodd has joined #openstack-keystone23:20
*** jkomg has quit IRC23:31
*** chlong-afk has quit IRC23:36
*** topol has quit IRC23:37
gyeewhen did ubuntu one asking for 2-factor auth code?23:40
*** dims_ has joined #openstack-keystone23:42
*** darrenc_afk is now known as darrenc23:42
*** jdennis has quit IRC23:52
*** _cjones_ has quit IRC23:56
*** shaleh has quit IRC23:58
*** bradjones has joined #openstack-keystone23:58
*** bradjones has quit IRC23:58
*** bradjones has joined #openstack-keystone23:58

Generated by 2.14.0 by Marius Gedminas - find it at!