Thursday, 2015-09-24

« Wednesday, 2015-09-23 Index Friday, 2015-09-25 »
*** zzzeek has quit IRC00:04
*** roxanagh_ has quit IRC00:07
*** sirushti has quit IRC00:07
*** roxanagh_ has joined #openstack-keystone00:14
*** ankita_wagh has quit IRC00:21
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** gyee has quit IRC00:27
*** _fortis has quit IRC00:33
*** d0ugal has quit IRC00:35
*** d0ugal has joined #openstack-keystone00:40
*** d0ugal is now known as Guest6585300:40
*** kfox1111 is now known as kfox1111_away00:42
*** richm has quit IRC00:45
*** _fortis has joined #openstack-keystone00:45
*** hrou has joined #openstack-keystone00:46
*** edmondsw has quit IRC00:46
*** _hrou_ has quit IRC00:48
*** jecarey has joined #openstack-keystone00:48
*** boris-42 has quit IRC00:49
*** roxanagh_ has quit IRC00:58
*** sdake has joined #openstack-keystone01:03
*** mylu has joined #openstack-keystone01:05
*** su_zhang has quit IRC01:13
*** csoukup has joined #openstack-keystone01:22
*** roxanagh_ has joined #openstack-keystone01:26
*** davechen has joined #openstack-keystone01:30
*** davechen1 has joined #openstack-keystone01:37
*** davechen has quit IRC01:40
*** davechen has joined #openstack-keystone01:43
*** davechen1 has quit IRC01:46
*** roxanagh_ has quit IRC01:47
*** kiran-r has joined #openstack-keystone01:49
*** lhcheng_ has quit IRC01:49
*** kiran-r has quit IRC01:50
*** kiran-r has joined #openstack-keystone01:51
*** kiranr has joined #openstack-keystone01:52
*** davechen1 has joined #openstack-keystone01:55
*** davechen has quit IRC01:57
*** kiran-r has quit IRC01:59
*** mylu has quit IRC02:01
openstackgerritStanislaw Pitucha proposed openstack/pycadf: Add event name  https://review.openstack.org/22708202:01
*** roxanagh_ has joined #openstack-keystone02:03
*** mylu has joined #openstack-keystone02:06
*** sdake has quit IRC02:06
*** mylu has quit IRC02:07
*** mylu has joined #openstack-keystone02:08
*** mylu has quit IRC02:09
*** mylu_ has joined #openstack-keystone02:09
*** spandhe has quit IRC02:13
*** morgan changes topic to "Mitaka Development Cycle Open! Great Job Everyone! | All Liberty Feature Freeze -2 Holds Should be clear"02:15
openstackgerritDave Chen proposed openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/22454502:18
*** mylu_ has quit IRC02:23
*** mylu has joined #openstack-keystone02:24
*** hidekazu has joined #openstack-keystone02:25
openstackgerritStanislaw Pitucha proposed openstack/pycadf: Fix event example  https://review.openstack.org/22708702:26
openstackgerritDave Chen proposed openstack/keystone: Declares expected_status in method signatures  https://review.openstack.org/22674402:27
openstackgerritDave Chen proposed openstack/keystone: Fixes the way v3_admin is called to match its def  https://review.openstack.org/22674502:27
openstackgerritDave Chen proposed openstack/keystone: Fixes v3_authenticate_token calls - no default  https://review.openstack.org/22674602:27
*** mylu has quit IRC02:28
*** lhcheng has joined #openstack-keystone02:28
*** ChanServ sets mode: +v lhcheng02:28
*** r-daneel has quit IRC02:33
*** roxanagh_ has quit IRC02:35
*** roxanagh_ has joined #openstack-keystone02:35
*** woodster_ has quit IRC02:39
*** mylu has joined #openstack-keystone02:40
*** roxanagh_ has quit IRC02:43
*** roxanagh_ has joined #openstack-keystone02:43
*** ankita_wagh has joined #openstack-keystone02:45
*** ankita_wagh has quit IRC02:46
*** ankita_wagh has joined #openstack-keystone02:46
*** ericksonsantos has quit IRC02:47
*** gabriel-bezerra has quit IRC02:47
*** iurygregory has quit IRC02:47
mfischstevemar: nice W tonight02:50
mfischsad news on CADF though, I had to pull it02:50
*** akanksha_ has joined #openstack-keystone02:52
*** lhcheng has quit IRC02:52
openstackgerritSteve Martinelli proposed openstack/keystone: Uses constants for 5XX http status codes in tests  https://review.openstack.org/22674702:53
*** ericksonsantos has joined #openstack-keystone02:53
*** iurygregory has joined #openstack-keystone02:53
*** gabriel-bezerra has joined #openstack-keystone02:53
*** mylu has quit IRC02:54
stevemarmfisch: it was a nice W02:54
stevemarmfisch: oh no? wha happen?02:54
mfischstevemar: its out automation, it introduced a circular dep02:54
*** mylu has joined #openstack-keystone02:54
stevemarany takers on https://review.openstack.org/#/c/224545/ <-- ayoung dstanek jamielennox dolphm02:54
mfischkeystone now needs rabbit, rabbit runs on control, control requires keystone02:54
stevemaroh02:55
stevemarthats nobueno02:55
mfischkeystone doesnt just say "oh well" without rabbit02:55
morganstevemar... I might need some help on CADF things.02:55
mfischit gets pretty pissed02:55
morganstevemar: very soon.02:55
ayoungkeystone needs some way to send notifications02:55
morganayoung: yes.02:55
stevemarmorgan: well now you have mfisch for cadf too, he's an expert now02:55
mfischlol02:55
ayoungif not rabbit, then QPID or some other messaging service...Were going to be testing with Proton and Qpid here shortly02:56
morganstevemar: ooooooh voluntold!02:56
mfischI like that term02:56
morganstevemar: you have learned well.02:56
stevemarmorgan: see, i'm all ready for ptl!02:56
stevemarhehe02:56
mfischis the election over?02:56
morganmfisch: the only other better one has been voluntossingunderthebus02:57
morganmfisch: no, Friday02:57
morganmfisch: 23:59 UTC (~4pm i think Pacific)02:57
mfischI'm in Steamboat then, no openstack, only fun stuff02:57
*** roxanagh_ has quit IRC02:58
* morgan is legitimately curious who's going to be the next PTL02:58
ayoungmorgan, you think you are curious....02:58
*** mylu has quit IRC02:58
morganI don't think it's a foregone conclusion02:59
morganayoung: It's ok, mostly it's so I know who to give the final words of wisdom to.02:59
ayoungmorgan, how much conversation do you think about the end of voting time tomorrow?02:59
morganbefore abdicating and tossing them to the wolves^w^w^w^w^whelping them into the role03:00
*** csoukup has quit IRC03:00
morganayoung: voting time got extended to Friday03:00
ayoungI read that as Whelping them...03:00
morganayoung: http://lists.openstack.org/pipermail/openstack-dev/2015-September/075297.html03:01
morganso 5pm my time on friday03:01
*** roxanagh_ has joined #openstack-keystone03:01
morganDarn it. was hoping to have Friday to relax already :P03:02
ayoung1900 Hours Eastern if I can do simple math.03:02
morganI still have to pay attention to the RC stuff until it's announced03:02
morganFri 7:59 PM03:02
morganfor your time03:02
ayoungWorld clock has it at 4 AM in London now...5 hour time difference03:03
ayoungOr is that not UTC?03:04
morganhttp://www.timeanddate.com/worldclock/fixedtime.html?iso=20150925T2359 this is when it ends03:04
morgan2359 on Friday UTC03:04
morganso, 1659 mine, 1959 yours03:04
ayoung5 O Clock will have never been so sweet03:05
morgansadly it means I'm probably on the hook until sometime september 2803:06
*** mylu has joined #openstack-keystone03:09
mfischstevemar: is there a way to distinguish between getting a token and validating one with cadf?03:10
*** lhcheng has joined #openstack-keystone03:10
*** ChanServ sets mode: +v lhcheng03:10
ayoungstevemar, Im on it03:10
davechen1stevemar, ayoung: thanks for reviewing this patch (https://review.openstack.org/#/c/224545/), cannot wait to see who is the next PTL. :)03:15
ayoungdavechen1, that was mindnumbing03:18
stevemarmfisch: i don't fully grok what you're asking03:19
mfischstevemar: is the authenticate event for getting a token?03:20
*** davechen1 is now known as davechen03:20
mfischfor some reason I thought you said it was on token validation03:20
davechenayoung: i feel guilty, there is a lot of code changed but pretty straightforward.03:21
ayoungmfisch, they are two different API calls03:22
ayoungthey should emit two different notifications03:22
*** mylu has quit IRC03:22
mfischI agree03:22
mfischjust trying to figure out which is which from this table http://docs.openstack.org/developer/keystone/event_notifications.html03:23
*** roxanagh_ has quit IRC03:25
ayoungmfisch, never trust the docs.  trust the code03:26
*** su_zhang has joined #openstack-keystone03:27
*** sirushti has joined #openstack-keystone03:27
*** roxanagh_ has joined #openstack-keystone03:29
*** mylu has joined #openstack-keystone03:29
*** ankita_wagh has quit IRC03:29
ayoungmfisch, I don't see notifications emitted for either03:29
mfischodd03:30
mfischI like the dont trust the docs line03:30
ayoungmfisch, If I really had to be sure, I would set up devstack with ceilomter and se what ceilometer actually rec'vs.  I think that is the only listener registered for evetns from Keystone03:31
*** kiran-r has joined #openstack-keystone03:31
ayoungand with that..I'm headed to bed03:31
mfischI've got my own listener now03:31
mfischbut its noisy, I'll try it in devstack with not much going on03:32
stevemarmfisch: oh - sry was doing other stuff03:32
stevemarmfisch: it happens when an authentication occurs03:32
*** roxanagh_ has quit IRC03:33
stevemarso even if it fails, its still emitted03:33
mfischyep I'm capturing the outcome field03:33
*** mylu has quit IRC03:33
*** roxanagh_ has joined #openstack-keystone03:34
stevemarmfisch: so it happens when something hits /v3/auth03:34
mfischmakes sense03:35
*** sirushti has quit IRC03:35
*** sirushti has joined #openstack-keystone03:35
mfischI need to figure out how I'm going to consume the events now03:35
mfischim pretty bummed out03:35
stevemarmfisch: oh noes03:36
davechenstevemar, dstanek, ayoung: i am thinking there might still some changes needed besides the testcases itself, then we can say we have cleaned all of them in keystone?03:37
davechenthe error code.03:37
stevemardavechen: propose a new patch :)03:37
davechenwill estimate how many we need to change.03:37
stevemardavechen: let these ones merge though, since they are all gating03:37
davechenstevemar: sure.03:38
*** kiran-r has quit IRC03:39
davechenlhcheng: will you be in Tokyo next month?03:41
lhchengdavechen: I think so, I just applied for my visa yesterday.03:42
lhchengdavechen: did you got approved to go?03:42
davechenlhcheng: just applied, will it catch up?03:43
davechenlhcheng, stevemar: won't see you then, hope you have a good trip.03:43
lhchengyeah, visa processing is just 5 days here03:43
davechenlhcheng: too quickly, it may need 1~2 months here, damn it.03:44
lhchengdavechen: that's weird. even in Manila, the Japanese visa processing is fast. Just a week.03:45
lhchengmaybe they need to send the application to a central embassy in China, that's why it takes so long? :(03:46
davechenlhcheng: i don't know, it needs even 1 month  for the visa of Canada.03:46
davechenlhcheng: i am applying my visa to texas.03:47
lhchengdavechen: bummer on Japanese visa..03:48
*** KarthikB has joined #openstack-keystone03:48
lhchengdavechen: During the ops mid-cycle they've been reminding people that if they haven't applied visa yet, it might be already too late for some.03:49
*** topol has joined #openstack-keystone03:49
*** ChanServ sets mode: +v topol03:49
lhchengdavechen: cool, when and where in Texas?03:49
davechenlhcheng: maybe in November.03:49
davechenlhcheng: seem more complicated for the L1 visa.03:50
davechenlcheng: just waiting... maybe longer than 1 month.03:50
davechenlhcheng: which state are you living?03:51
lhchengoh L1 visa, yeah the process for that is a bit longer03:51
*** roxanagh_ has quit IRC03:52
davechenlhcheng: New york?03:52
lhchengdavechen: if you're doing some work in Texas, yeah L1 is necessary.03:52
lhchengdavechen: Bay area in California03:53
davechenlhcheng: where is California, is it far away from Texas.03:53
lhchengdavechen: just 23 hrs drive according to google maps lol03:54
lhchengSunnyvale, CA03:54
davechenlhcheng: lol.03:55
*** Nirupama has joined #openstack-keystone03:55
dstanekdavechen: changes? you mean with status codes?03:56
davechendstanek: yes, more place to do in keystone besides testcase I think.03:56
lhchengdavechen: I have a friend that did a road trip from West to East, might be interesting to do some day...03:57
dstanekdavechen: yeah, i started by fixing wsgi and didn't get much past that03:57
davechenlhcheng:  I am afraid I will be lost in US. and need you rescuse me out. :)03:57
lhchengdavechen: are you going to be in Austin Texas?03:58
davechendstanek: the site of dstanek are working, not sure the exactly place.03:59
davechenlhcheng: the site of dstanek are working, not sure the exactly place.03:59
dstanekdavechen: ?03:59
lhchengdavechen: maybe you meant dolphm's office?04:00
*** mylu has joined #openstack-keystone04:00
davechendstanek: I will rotate to work in the site of Rackspace in Nov.04:00
davechendstanek: may see you then.04:00
dstanekdavechen: ah, i see. i'm only there a few times a year.04:00
davechenlhcheng: are they in the same place?04:00
davechendstanek: you told me before, I hope I can aslo WFH in the future.04:01
*** kiranr has quit IRC04:02
dstanekdavechen: dolphm is in the office a few times a week and i think lbragstad is there the majority of the time04:02
lhchengdavechen: dolph and lance are in San Antonio Texas, maybe you'll be heading in that office too04:02
davechenyep, yep. San Antonio Texas04:03
*** hrou has quit IRC04:04
*** mylu has quit IRC04:04
*** topol has quit IRC04:07
*** topol has joined #openstack-keystone04:08
*** ChanServ sets mode: +v topol04:08
lhchengdavechen: cool, at least you got your visa covered for the next summit ;)04:15
*** rajesht__ has quit IRC04:21
openstackgerritMerged openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/22454504:37
openstackgerritMerged openstack/keystone: Declares expected_status in method signatures  https://review.openstack.org/22674404:40
openstackgerritMerged openstack/keystone: Fixes the way v3_admin is called to match its def  https://review.openstack.org/22674504:40
openstackgerritMerged openstack/keystone: Fixes v3_authenticate_token calls - no default  https://review.openstack.org/22674604:42
stevemarlhcheng: you need a visa for japan?04:46
stevemardavechen: awww man, that's unfortunate :(04:47
lhchengstevemar: yeah, I still don't have a US passport04:47
stevemarlhcheng: ohhh, i had no idea04:48
*** ankita_wagh has joined #openstack-keystone04:49
*** roxanagh_ has joined #openstack-keystone04:51
*** fifieldt has joined #openstack-keystone04:52
openstackgerritMerged openstack/keystone: Uses constants for 5XX http status codes in tests  https://review.openstack.org/22674704:52
*** sdake has joined #openstack-keystone04:55
*** roxanagh_ has quit IRC04:56
stevemarlhcheng: you made me think I had forgotten a very critical step in my travel arrangements :)04:59
*** mylu has joined #openstack-keystone05:00
davechenstevemar: what's it? still don't have a Canada passport? :)05:04
stevemardavechen: i thought maybe i needed a visa for japan - but i don't :)05:04
*** mylu has quit IRC05:05
*** ankita_wagh has quit IRC05:05
*** ankita_wagh has joined #openstack-keystone05:06
lhchengstevemar: hahah05:07
lhchengstevemar: do you have plans to extend your stay in Japan?05:07
stevemarlhcheng: yep05:07
stevemarlhcheng: i'm thinking of getting there earlier, and staying for 3-4 extra nights05:07
stevemarthen 3-4 extra nights in HK05:07
*** kiran-r has joined #openstack-keystone05:08
davechenstevemar: HK? I think you have been there before.05:08
stevemardavechen: yep, but wife wasn't been, so thinking about stopping there before home05:09
stevemarhasn't*05:09
davechenstevemar: more convinent to communicate in english.05:09
lhchengstevemar: heading to Macau?05:09
stevemardavechen: for sure05:09
lhchengstevemar: if you haven't to South Korea, that's closer05:09
stevemarlhcheng: nah, i went last time at the summit, i wasn't too impressed05:09
lhchengstevemar: I would recommend South Korea instead of HK05:10
stevemarlhcheng: i wanted SK! but wife wanted HK over SK05:10
davechenstevemar: it take half hours if you want to stay in mainland China.05:10
davechenstevemar: from HK to mainland China.05:10
*** kiran-r has quit IRC05:10
davechenstevemar: so, your wife win. ;-)05:11
stevemardavechen: i don't think i have enough time for the visa for china :P05:11
stevemardavechen: she always wins05:11
davechenstevemar: don't know since never apply visa for china before.05:11
stevemardavechen: hehe, why would you!05:12
davechenstevemar: :)05:12
davechenlhcheng: have your ever been in Macau?05:12
lhchengdavechen: yeah, Guang, Lyle and I went there when we were in HK05:13
davechenlhcheng: I bet you need to take a lot of $. :)05:13
lhchengdavechen: lol05:13
lhchengno didn't gamble05:13
lhchengI don't have a good luck on gambling05:14
davechenlhcheng: is there anything else in Macau?05:14
stevemardavechen: not really05:14
*** spandhe has joined #openstack-keystone05:15
davechensmall city, but grow more fater than HK.05:15
*** roxanagh_ has joined #openstack-keystone05:15
lhchengdavechen: they have this: https://en.wikipedia.org/wiki/Ruins_of_St._Paul's05:15
stevemarlhcheng: i went there, not much to see =\05:16
lhchengdavechen: and this: https://en.wikipedia.org/wiki/Fortaleza_do_Monte05:16
lhchengstevemar: yeah, it was just a facade. And it was so crowded05:17
davechenlhcheng: looks great! but just saw them in the TV show. Sigh!05:17
lhchengstevemar: did you go to Lantau island to see the Buddha?05:17
stevemarlhcheng: yep, that was probably more fun than macau lol05:18
stevemarlots of hiking05:18
*** roxanagh_ has quit IRC05:18
lhchengstevemar: I think I was with dolph and morgan that time, and Guang is our translator05:18
morganI didn't go to macau05:19
morganbut I did go to lantau05:19
davechencrowded? have you ever got to Great Wall?05:19
*** roxanagh_ has joined #openstack-keystone05:19
stevemardavechen: i imagine that is *very* crowded05:20
morgandavechen: didn't make it outside of hk :( so no :(05:20
*** spandhe_ has joined #openstack-keystone05:20
lhchengmorgan: yeah, I mean for Lantau :)05:21
davechenyou will be scared. :)05:21
*** KarthikB has quit IRC05:21
lhchengdavechen: did you try the Toboggan sled in Great wall?05:22
*** spandhe has quit IRC05:22
*** spandhe_ is now known as spandhe05:22
davechenlhcheng: no, cannot image, you tried before?05:23
lhchengdavechen: It wasn't that fun, too many people so had to go down slow :(05:23
davechenhttps://en.wikipedia.org/wiki/Kyoto, this city looks great.05:26
*** lhcheng has quit IRC05:40
*** sdake has quit IRC05:40
*** roxanagh_ has quit IRC05:46
*** lhcheng has joined #openstack-keystone05:54
*** ChanServ sets mode: +v lhcheng05:54
*** annasort_ has joined #openstack-keystone05:58
*** annasort has quit IRC05:58
*** annasort_ is now known as annasort05:58
morganKyoto is supposed to be amazing06:02
davechenmorgan: yep, recommend you to go there although I have never been there before. :)06:03
morgan^_^06:05
davechenmorgan: there are some ancient chinese building in the city where you will see how the old old China looks like.06:05
morganoh cool06:05
*** mylu has joined #openstack-keystone06:05
*** mylu has quit IRC06:09
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/22682506:10
*** su_zhang has quit IRC06:12
*** ParsectiX has joined #openstack-keystone06:22
*** markvoelker has quit IRC06:27
*** Ephur has quit IRC06:28
*** spandhe has quit IRC06:31
*** spandhe has joined #openstack-keystone06:31
*** boris-42 has joined #openstack-keystone06:34
*** henrynash has joined #openstack-keystone06:36
*** ChanServ sets mode: +v henrynash06:36
*** spandhe has quit IRC06:36
*** spandhe_ has joined #openstack-keystone06:36
*** roxanagh_ has joined #openstack-keystone06:47
*** flaper87 has quit IRC06:47
*** flaper87 has joined #openstack-keystone06:47
*** roxanagh_ has quit IRC06:52
*** browne has quit IRC07:07
*** stevemar has quit IRC07:20
*** stevemar has joined #openstack-keystone07:21
*** ChanServ sets mode: +v stevemar07:21
*** ParsectiX has quit IRC07:24
*** stevemar has quit IRC07:24
*** lhcheng has quit IRC07:26
*** markvoelker has joined #openstack-keystone07:28
*** ParsectiX has joined #openstack-keystone07:31
*** markvoelker has quit IRC07:33
*** kiranr has joined #openstack-keystone07:34
*** lhcheng has joined #openstack-keystone07:45
*** ChanServ sets mode: +v lhcheng07:45
*** Navid_ has joined #openstack-keystone07:46
*** xiaolidi has joined #openstack-keystone07:46
*** kiran-r has joined #openstack-keystone07:47
*** lhcheng has quit IRC07:50
*** jamielennox is now known as jamielennox|away07:53
*** pnavarro has joined #openstack-keystone07:57
*** mylu has joined #openstack-keystone08:06
*** Guest65853 is now known as d0ugal08:08
*** d0ugal has quit IRC08:08
*** d0ugal has joined #openstack-keystone08:08
*** jaosorior has joined #openstack-keystone08:09
*** mylu has quit IRC08:10
openstackgerritMerged openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/22682508:11
*** cloud_zhanglei has joined #openstack-keystone08:11
*** rm_work has quit IRC08:14
*** zeus has quit IRC08:14
*** mjb has quit IRC08:14
*** zeus has joined #openstack-keystone08:15
*** zeus is now known as Guest687908:15
*** rm_work has joined #openstack-keystone08:16
*** mjb has joined #openstack-keystone08:17
*** ankita_wagh has quit IRC08:28
*** spandhe_ has quit IRC08:40
*** shoutm has joined #openstack-keystone08:41
*** pnavarro has quit IRC08:43
*** lifeless has quit IRC08:49
*** amakarov_away is now known as amakarov08:50
*** pnavarro has joined #openstack-keystone08:51
*** lifeless has joined #openstack-keystone09:03
*** markvoelker has joined #openstack-keystone09:29
*** aix has quit IRC09:29
*** markvoelker has quit IRC09:34
*** lhcheng has joined #openstack-keystone09:34
*** ChanServ sets mode: +v lhcheng09:34
*** kiran-r has quit IRC09:37
*** lhcheng has quit IRC09:39
*** davechen has left #openstack-keystone09:54
*** kiranr has quit IRC10:02
*** aix has joined #openstack-keystone10:02
*** urulama has quit IRC10:03
*** urulama has joined #openstack-keystone10:04
*** mylu has joined #openstack-keystone10:07
*** akanksha_ has quit IRC10:08
*** mylu has quit IRC10:11
*** kiran-r has joined #openstack-keystone10:22
*** e0ne has joined #openstack-keystone10:23
*** e0ne has quit IRC10:24
*** henrynash has quit IRC10:28
*** EinstCrazy has joined #openstack-keystone10:34
*** cloud_zhanglei has quit IRC10:50
*** stevemar has joined #openstack-keystone10:52
*** ChanServ sets mode: +v stevemar10:52
*** stevemar has quit IRC10:55
*** ParsectiX has quit IRC11:02
*** doug-fish has joined #openstack-keystone11:12
samueldmqmorning all11:14
*** ParsectiX has joined #openstack-keystone11:23
*** lhcheng has joined #openstack-keystone11:23
*** ChanServ sets mode: +v lhcheng11:23
*** lhcheng has quit IRC11:28
*** exploreshaifali has joined #openstack-keystone11:30
*** markvoelker has joined #openstack-keystone11:30
*** exploreshaifali has quit IRC11:32
*** markvoelker has quit IRC11:34
*** gordc has joined #openstack-keystone11:37
*** lhcheng has joined #openstack-keystone11:47
*** ChanServ sets mode: +v lhcheng11:47
*** roxanagh_ has joined #openstack-keystone11:50
*** lhcheng has quit IRC11:51
*** roxanagh_ has quit IRC11:55
*** doug-fish has quit IRC12:02
*** exploreshaifali has joined #openstack-keystone12:03
*** doug-fish has joined #openstack-keystone12:03
*** mylu has joined #openstack-keystone12:07
*** mylu has quit IRC12:12
*** exploreshaifali has quit IRC12:16
*** dims__ has quit IRC12:19
*** dims_ has joined #openstack-keystone12:20
*** Nirupama has quit IRC12:21
amakarovsamueldmq, hi!12:21
*** raildo-afk is now known as raildo12:29
*** markvoelker has joined #openstack-keystone12:31
*** edmondsw has joined #openstack-keystone12:32
samueldmqamakarov: hey, how are you doing ?12:34
*** ParsectiX has quit IRC12:35
openstackgerritAlexander Makarov proposed openstack/keystone: Materialized path mixin for hierarchical models  https://review.openstack.org/19841812:36
amakarovsamueldmq, I'm fine! ^^ :)12:36
*** nicodemos has joined #openstack-keystone12:37
*** jamielennox|away is now known as jamielennox12:37
amakarovsamueldmq, I have a question for you about dynamic policy: do you have UI to edit it?12:37
amakarovhorizon guys want to develop an editor based on Merlin project12:38
amakarovsamueldmq, do you go to the summit?12:39
*** kiran-r has quit IRC12:43
*** EinstCrazy has quit IRC12:46
*** stevemar has joined #openstack-keystone12:53
*** ChanServ sets mode: +v stevemar12:53
*** ParsectiX has joined #openstack-keystone12:55
*** stevemar has quit IRC12:57
*** ParsectiX has quit IRC12:58
*** ParsectiX has joined #openstack-keystone13:01
samueldmqamakarov: cool, yes I am going to the summit13:05
samueldmqamakarov: we will be discussing dynamic policy there too, not sure we will get policy distributed from Keystone in openstack13:05
*** richm has joined #openstack-keystone13:06
bknudsonquit focusing on keystone. put it in its own project.13:06
*** doug-fish has quit IRC13:06
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Don't cache signed tokens  https://review.openstack.org/19094113:06
amakarovbknudson, is there a name for that project already?13:07
*** larsks has quit IRC13:07
bknudsonamakarov: no... for some reason everybody wants to put everything in keystone... probably so they don't have to come up with another name.13:07
*** EinstCrazy has joined #openstack-keystone13:12
*** hrou has joined #openstack-keystone13:12
*** shoutm has quit IRC13:13
*** alejandrito has joined #openstack-keystone13:14
samueldmqbknudson, amakarov: yes, that's an option, although we'd need to keep the role list synchronized with the other project13:18
samueldmqamakarov: is mirantis interested in dynamic policies?13:18
amakarovsamueldmq, it offers a good UX and if augmented with good UI it'll be appreciated by customers' admins13:19
amakarovsamueldmq, Timur sufiev wanted to contact you on this matter13:20
amakarovsamueldmq, Timur Sufiev wanted to contact you on this matter13:20
samueldmqamakarov: is he from mirantis?13:20
amakarovyes, sitting just behind me :)13:21
samueldmqamakarov: nice13:21
*** su_zhang has joined #openstack-keystone13:34
*** roxanagh_ has joined #openstack-keystone13:38
*** Navid__ has joined #openstack-keystone13:42
*** roxanagh_ has quit IRC13:43
*** Navid_ has quit IRC13:45
*** topol has quit IRC13:53
*** doug-fish has joined #openstack-keystone13:57
*** EinstCrazy has quit IRC13:57
*** zzzeek has joined #openstack-keystone13:58
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: More specific error checking  https://review.openstack.org/22732314:00
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Finally remove the global except handler  https://review.openstack.org/22732414:00
*** geoffarnold has joined #openstack-keystone14:01
*** geoffarn_ has joined #openstack-keystone14:03
bknudsonjamielennox: Looks like a dup of https://review.openstack.org/#/c/217373/ & ?14:04
jamielennoxbknudson: very similar - trying to solve the same problem it would seem14:06
*** geoffarnold has quit IRC14:06
jamielennoxbknudson: i'm not sure why he's switching to serviceerrors in _identity14:07
*** fhubik_brb has joined #openstack-keystone14:07
*** dims__ has joined #openstack-keystone14:11
jamielennoxbknudson: i don't see how the RevocationListError ever gets up to there though14:11
*** j_king has quit IRC14:12
*** ParsectiX has quit IRC14:12
*** dims_ has quit IRC14:14
*** shoutm has joined #openstack-keystone14:16
*** tonytan4ever has joined #openstack-keystone14:19
*** amoturi has joined #openstack-keystone14:20
*** diazjf has joined #openstack-keystone14:21
*** KarthikB has joined #openstack-keystone14:22
*** marzif has joined #openstack-keystone14:26
*** jamielennox is now known as jamielennox|away14:26
*** jecarey has quit IRC14:29
*** pauloewerton has joined #openstack-keystone14:31
*** marzif_ has joined #openstack-keystone14:34
*** slberger has joined #openstack-keystone14:34
*** diazjf has quit IRC14:35
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848814:36
*** marzif has quit IRC14:37
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848814:37
*** jorge_munoz has joined #openstack-keystone14:39
*** EinstCrazy has joined #openstack-keystone14:40
*** su_zhang has quit IRC14:41
edmondswdoes the LDAP identity driver support AD domains/forests?14:51
*** kiran-r has joined #openstack-keystone14:51
*** topol has joined #openstack-keystone14:53
*** ChanServ sets mode: +v topol14:53
bknudsonedmondsw: LDAP identity doesn't know anything about AD14:53
bknudsonif AD uses standard LDAP then it'll work with keystone.14:53
*** diazjf has joined #openstack-keystone14:54
edmondswit does... that I've tried. But I've never tried with domains/forests before14:54
*** stevemar has joined #openstack-keystone14:54
*** ChanServ sets mode: +v stevemar14:54
morganbknudson: re translations. We will know next week if we need to backport14:56
bknudson morgan: so merge them?14:57
morganbknudson: to the rc branch. Basically next PTL needs to talk to AJaeger, ttx, and clarkb next week14:57
bknudson(to master)14:57
morganbknudson: i already approved the one to master last night14:57
bknudsonnext PTL is going to be busy14:57
morganBut yes14:57
morganGo ahead and merge them to master.14:57
*** browne1 has joined #openstack-keystone14:59
*** marzif_ has quit IRC15:03
*** fifieldt has quit IRC15:05
*** shoutm has quit IRC15:05
*** erhudy has joined #openstack-keystone15:06
*** marzif_ has joined #openstack-keystone15:07
*** geoffarn_ is now known as geoffarnoldX15:07
*** csoukup has joined #openstack-keystone15:08
*** KarthikB has quit IRC15:10
*** phalmos has joined #openstack-keystone15:10
dolphmlbragstad: have you run this one against tempest w/ fernet? https://review.openstack.org/#/c/227015/15:10
*** jorge_munoz has quit IRC15:14
*** annasort has quit IRC15:17
*** annasort has joined #openstack-keystone15:17
*** marzif_ has quit IRC15:18
*** jorge_munoz has joined #openstack-keystone15:19
lbragstaddolphm: no, I hit something strange...my results from yesterday's testing has changed...15:21
*** annasort has quit IRC15:22
*** jorge_munoz has quit IRC15:24
dolphmlbragstad: well yeah, they're transients...... right?15:24
*** KarthikB has joined #openstack-keystone15:25
*** tonytan4ever has quit IRC15:26
*** kfox1111_away is now known as kfox111115:26
*** shoutm has joined #openstack-keystone15:28
*** jorge_munoz has joined #openstack-keystone15:29
*** lsmola has quit IRC15:32
dolphmbknudson: just fyi, i'm -1'ing almost every patch related to bandit. every # nosec comment needs to be justified or this project is going to do more harm than good.15:36
*** KarthikB has quit IRC15:36
bknudsondolphm: ok, I'll add comments... or someone else can15:36
*** geoffarnoldX is now known as geoffarn_15:37
dolphmbknudson: no, they shouldn't merge without comments. it's a terrible precedent to add a security tool and then blindly ignore absolutely everything it highlights just because the code already existed that way15:37
*** fhubik_brb is now known as fhubik15:38
dolphmbknudson: further, whenever someone proposes a real security vulnerability down the line, we'll all be used to seeing # nosec comments without any justification or thought put into it, and it'll merge, so bandit will have accomplished nothing.15:38
bknudsondolphm: someone else can update the patch set before it merges, too15:39
dolphmbknudson: if you have no intention of proposing anything other than busy work for everyone else to review, then i'd suggest abandoning the entire series.15:40
dolphmit's a complete waste of time as-is, for everyone15:40
bknudsondolphm: if people think the bandit scan is a waste of time I'll abandon it.15:43
dolphmbknudson: the project may not be, but this patch series certainly has no value15:43
dolphmbknudson: if anything, this patch series presents a security *risk* by feigning security15:44
*** henrynash has joined #openstack-keystone15:44
*** ChanServ sets mode: +v henrynash15:44
bknudsondolphm: if you think it's busy-work to have to document why the #nosec is used then we might as well abandon it... submitters will always have to figure out why they need to #nosec.15:45
dolphmbknudson: and the WHY should be documented in an inline comment for everyone15:45
*** ParsectiX has joined #openstack-keystone15:47
*** _cjones_ has quit IRC15:51
*** KarthikB has joined #openstack-keystone15:52
*** annasort has joined #openstack-keystone15:52
*** wwwjfy has quit IRC15:56
*** kiran-r has quit IRC15:58
*** fhubik is now known as fhubik_brb15:59
*** thiagop has joined #openstack-keystone16:00
*** fhubik_brb is now known as fhubik16:02
*** marzif has joined #openstack-keystone16:03
*** pnavarro has quit IRC16:03
*** phalmos has quit IRC16:04
*** jaosorior has quit IRC16:05
*** jaosorior has joined #openstack-keystone16:06
*** jorge_munoz has quit IRC16:08
*** jorge_munoz has joined #openstack-keystone16:08
*** spandhe has joined #openstack-keystone16:09
*** _cjones_ has joined #openstack-keystone16:12
*** wwwjfy has joined #openstack-keystone16:13
*** phalmos has joined #openstack-keystone16:13
*** jorge_munoz has quit IRC16:13
*** pumaranikar has joined #openstack-keystone16:15
*** ankita_wagh has joined #openstack-keystone16:17
*** geoffarn_ has quit IRC16:18
*** ankita_wagh has quit IRC16:18
*** ankita_wagh has joined #openstack-keystone16:18
*** jorge_munoz has joined #openstack-keystone16:18
*** jorge_munoz has quit IRC16:19
*** c_soukup has joined #openstack-keystone16:20
*** markvoelker_ has joined #openstack-keystone16:21
*** wwwjfy_ has joined #openstack-keystone16:21
dstanekbknudson: you around?16:21
*** henrynash_ has joined #openstack-keystone16:22
*** ChanServ sets mode: +v henrynash_16:22
*** henrynash has quit IRC16:24
*** henrynash_ is now known as henrynash16:24
*** afazekas has quit IRC16:24
*** markvoelker has quit IRC16:24
*** gabriel-bezerra has quit IRC16:24
*** wolsen has quit IRC16:24
*** x58 has quit IRC16:24
*** wwwjfy has quit IRC16:24
*** csoukup has quit IRC16:24
*** nicodemos has quit IRC16:24
*** david8hu has quit IRC16:24
*** afazekas has joined #openstack-keystone16:24
*** x58 has joined #openstack-keystone16:24
*** wolsen has joined #openstack-keystone16:24
*** david8hu has joined #openstack-keystone16:25
*** gabriel-bezerra has joined #openstack-keystone16:25
*** nicodemos has joined #openstack-keystone16:25
*** jorge_munoz has joined #openstack-keystone16:25
*** pushkaru has joined #openstack-keystone16:27
*** pumarani__ has joined #openstack-keystone16:27
*** roxanagh_ has joined #openstack-keystone16:27
*** pushkaru has left #openstack-keystone16:27
*** pumarani__ has quit IRC16:28
*** lhcheng has joined #openstack-keystone16:28
*** ChanServ sets mode: +v lhcheng16:28
*** spandhe_ has joined #openstack-keystone16:31
*** spandhe has quit IRC16:33
*** spandhe_ is now known as spandhe16:33
*** roxanagh_ has quit IRC16:33
*** EinstCrazy has quit IRC16:34
*** henrynash_ has joined #openstack-keystone16:34
*** ChanServ sets mode: +v henrynash_16:34
*** henrynash has quit IRC16:35
*** henrynash_ is now known as henrynash16:35
*** fhubik has quit IRC16:42
openstackgerritMerged openstack/keystonemiddleware: Change ignore-errors to ignore_errors  https://review.openstack.org/22574216:43
*** raildo is now known as raildo-afk16:45
*** raildo-afk is now known as raildo16:48
*** browne1 has quit IRC16:49
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687716:51
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764716:51
*** mylu has joined #openstack-keystone16:53
openstackgerritLance Bragstad proposed openstack/keystone: Allow Fernet to return TokenNotFound  https://review.openstack.org/21984816:56
lbragstaddolphm: ^16:56
*** spandhe has quit IRC16:56
dolphmlbragstad: did you address previous comments or just rebase?16:57
lbragstaddolphm: I just rebased... addressing the comments now16:57
*** su_zhang has joined #openstack-keystone16:59
dolphmlbragstad: https://review.openstack.org/#/c/219848/ needs a new commit message or to be merged into an underlying patch17:00
openstackgerritMerged openstack/keystone: Correct comment to not be driver-specific  https://review.openstack.org/22699217:00
lbragstaddolphm: yeah, working on that now17:00
lbragstaddolphm: should have a bug associated to it - https://review.openstack.org/#/c/19687717:01
*** slberger1 has joined #openstack-keystone17:02
*** henrynash has quit IRC17:02
*** slberger has quit IRC17:03
*** marzif has quit IRC17:05
*** su_zhang has quit IRC17:05
*** marzif has joined #openstack-keystone17:05
*** su_zhang has joined #openstack-keystone17:05
lbragstaddolphm: here is the bug - https://bugs.launchpad.net/keystone/+bug/147760017:06
openstackLaunchpad bug 1477600 in Keystone kilo "Token Validation API returns 401 not 404 on invalid fernet token" [Medium,Fix committed] - Assigned to Dolph Mathews (dolph)17:06
openstackgerritMerged openstack/pycadf: Fix event example  https://review.openstack.org/22708717:06
bknudsondstanek: I'm here. Where would I go? (lunch)17:06
dstanekbknudson: i try to stay out of people's private lives17:07
*** su_zhang has quit IRC17:08
bknudsonoops, ossg meeting time.17:08
*** su_zhang has joined #openstack-keystone17:08
bknudsonalso, doing the oslo doc sprint if anyone's interested17:08
*** su_zhang has quit IRC17:09
*** su_zhang has joined #openstack-keystone17:09
*** shoutm has quit IRC17:11
dstanekbknudson: i was thinking of just duplicating the composites in the paste.ini to fix https://bugs.launchpad.net/keystone/+bug/149946217:15
openstackLaunchpad bug 1499462 in Keystone "Apache/WSGI configuration requires editing keystone-paste.ini" [Undecided,New]17:15
dstanekbknudson: doing a quick test now just to see what would need to change if we just changes the existing names17:16
bknudsondstanek: it's strange we need that... devstack didn't17:16
bknudsondstanek: https://review.openstack.org/#/c/194729/17:17
*** nicodemos has quit IRC17:17
dstanekbknudson: is there code somewhere that strips off keystone-wsgi?17:18
bknudsondstanek: here's what it's supposed to be calling http://git.openstack.org/cgit/openstack/keystone/tree/keystone/server/wsgi.py17:19
bknudsonso since it passes 'admin' and 'main' those are the pipelines that should be used17:19
dstanekoh, wait...hmmm17:19
bknudsonthis is also what keystone.py did: http://git.openstack.org/cgit/openstack/keystone/tree/httpd/keystone.py17:20
bknudsonexcept it calculated the name (admin or main) from the script name17:20
*** spandhe has joined #openstack-keystone17:23
*** raildo is now known as raildo-afk17:24
dstanekbknudson: i commented on the bug17:26
bknudsondstanek: you may be right that they copied the scripts instead of the ones generated by pbr17:27
*** su_zhang has quit IRC17:29
morganooh bknudson having +2 on oslo things...17:29
morganthis is a good thing ;)17:30
*** exploreshaifali has joined #openstack-keystone17:33
*** raildo-afk is now known as raildo17:34
*** mylu has quit IRC17:38
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848817:39
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation driver  https://review.openstack.org/20960017:39
dstanekmorgan: ++17:39
*** pumaranikar has quit IRC17:39
bknudsonas if I don't have enough reviews to do!17:39
*** browne has joined #openstack-keystone17:40
morganbknudson: you could run for TC while you're at it and PTL next cycle17:40
morganbknudson: You have plenty of time for all that right?17:40
bknudsonmorgan: don't go thinking I'm a dhellmann.17:41
*** geoffarnold has joined #openstack-keystone17:41
*** tonytan4ever has joined #openstack-keystone17:42
morganbknudson: hehe17:43
chris_19another cache question17:48
chris_19I thought I read somewhere that you didn't want to have the regular cache and the token backend cache on the same server. Is that true, or did I make that up in my head?17:49
*** phalmos has quit IRC17:50
morganchris_19: you just don't want to use the memcache token driver at all17:50
bknudsonchris_19: some people like to make the token cache large enough so they never swap out17:50
* morgan looks forward to the day the memcache token driver dies.17:50
chris_19got it17:51
chris_19so, the next question is, why not?17:51
chris_19:)17:51
morganchris_19: if you're using fernet - because you don't have to17:52
morganchris_19: but if you're not using fernet because memcache is an inappropriate store for long-term data. While tokens are ephemeral, they need persistence.17:52
*** aix has quit IRC17:52
chris_19i see17:52
morganchris_19: and there is a whole mess of house keeping code that can't be made more efficient in that driver since we have no way to index / cross query17:53
morganchris_19: so you have 2 issues, 1) horrible code to work around limitations of memcache/key-value-store [and that you have hard limits on the maximum number of tokens per user because of page-allocation sizes], and 2) it's the wrong technology for the job17:53
chris_19morgan: hank you17:56
morganone of the main reasons fernet was designed to be persistent-less was to avoid unbounded token table (SQL) or bad design/wrong technology (memcache) just to hold onto the token data for validations. Keystone has all of the info, lets use that instead of relying on persistence. Now... we could simply cache fernet token responses [easy] and alleviate some of the cost but still be able to reconstruct if there is a cache miss (I think we do17:56
morgan most of this). Some things can be improved on this front too17:56
chris_19thank you, even17:56
morgan:)17:56
*** slberger1 has quit IRC17:56
*** su_zhang has joined #openstack-keystone17:56
* morgan maaaaaay have spent a lot of time mucking around in the token subsystems17:56
*** slberger has joined #openstack-keystone17:59
*** spandhe has quit IRC17:59
*** pumaranikar has joined #openstack-keystone18:00
dstanekwasn't there a want (maybe even a plan at some point) to get rid of domain scoped tokens?18:04
chris_19wot18:05
*** pumaranikar has quit IRC18:05
bknudsondstanek: we're getting rid of domains18:06
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation driver  https://review.openstack.org/20960018:06
chris_19why?18:08
bknudsonhierarchical multitenancy projects takes over domain function18:08
chris_19interesting18:09
dstanekbknudson: yeah, that's why i was wondering why we wanted to get rid of domain scoped tokens. even with HMT we seem to have them.18:10
chris_19"That's going to require some changes" -understated coworker18:10
*** su_zhang has quit IRC18:12
bknudsonit's going to take a while18:14
*** tonytan4ever has quit IRC18:15
*** roxanagh_ has joined #openstack-keystone18:15
dstanekso right now we scope to domain_id or project_id.... in the future we will scope to project_is and is_domain. so i wanted to see if that's also has the problems of domain scoped tokens.18:16
*** arunkant_ has joined #openstack-keystone18:16
bknudsondstanek: what problems does domain-scoped tokens have?18:18
dstanekbknudson: no idea, that's why i wanted to know if we did want to removed them. and if someone said yes i would have asked why :-)18:19
dstaneki remember hearing complaints about it at either a mid-cycle or summit18:19
bknudsonpeople think you're supposed to be able to use them outside of keystone to work on any object in a project in the domain18:20
*** tonytan4ever has joined #openstack-keystone18:20
morganbknudson: things like nova have no clue what a domain scope is18:20
morganbknudson: pretty much nothing in openstack except keystone does18:20
morganso the issue is you have a token that causes weird errors18:21
bknudsony, we didn't design it for other projects18:21
*** roxanagh_ has quit IRC18:21
morganso with the move to just everything is projects18:21
morgan(is_domain is transparent outside of keystone), no more weird errors18:21
morganor at least less weird errors18:21
openstackgerritEric Brown proposed openstack/keystone: Handle 16-char non-uuid user IDs in payload  https://review.openstack.org/22612118:22
bknudsonthat will be cleaner... we need to get this hmt stuff in18:23
*** jorge_munoz has quit IRC18:23
* morgan is seeing side benefits of the cleanup that HMT brings... but some of the other HMT stuff is ... well... *shrug*18:23
raildo:'(18:24
*** pumaranikar has joined #openstack-keystone18:25
*** jorge_munoz has joined #openstack-keystone18:25
chris_19huh18:26
*** su_zhang has joined #openstack-keystone18:29
*** phalmos has joined #openstack-keystone18:29
samueldmqayoung: ping o/18:30
samueldmqayoung: poicies ? what are the plans ..18:31
samueldmqtsufiev and amakarov suggested we could suggest a cross-project section at the summit18:31
*** ParsectiX has quit IRC18:36
stevemardstanek: reviewing osc patches now? :)18:36
dstanekstevemar: i've started reviewing a couple different projects that i wanted to start submitting patches to18:37
*** ParsectiX has joined #openstack-keystone18:37
*** r-daneel has joined #openstack-keystone18:37
dstanekstevemar: i was thinking it would be nicer to participate a little before i started checking code at people18:37
*** ankita_wagh has quit IRC18:37
morgandstanek: throw code!18:37
morgandstanek: refactor everything! don't take suggestions to fix it... oh wait no not that18:38
bknudsonwe need to get rid of v2... it's getting too complicated to support it alongside the new v3 features.18:38
stevemardstanek: i'll review any of your patches, i like you that much18:38
dstanekstevemar: thanks steve!18:38
dstanekmorgan: some things i want to do may be frightening to people....this is going to be fun18:39
morganbknudson: as soon as we have a v3-only gate job that works [with v2 disabled] we can 100% officially deprecate v218:39
bknudsonhalloween is coming up18:39
morganbknudson: then it's just a waiting game18:40
morganand documenting "how to turn V2 back on"18:40
morganfor longer tail support in deployments18:40
morganalso.. crap policy.json -> v3 policy.json needs a simple(ish) migration tool18:40
morganthat can take some inputs and provide a useful output unless someone has gone off and totally customized their policy which case *no warrantyâ„¢*18:41
morganbut the gate job is the important part...and should be close (I think there is an ironic fix and then some general cleanup needed)18:41
*** su_zhang has quit IRC18:43
*** ankita_wagh has joined #openstack-keystone18:45
*** amakarov is now known as amakarov_away18:47
*** pumaranikar has quit IRC18:49
*** pumaranikar has joined #openstack-keystone18:50
openstackgerritAndreas Jaeger proposed openstack/keystone: Cleanup of Translations  https://review.openstack.org/22747318:57
*** aix has joined #openstack-keystone19:01
*** Ephur has joined #openstack-keystone19:02
*** grantbow has quit IRC19:06
*** doug-fish has quit IRC19:07
*** chris_19 has left #openstack-keystone19:07
*** grantbow has joined #openstack-keystone19:07
*** grantbow has quit IRC19:22
*** ParsectiX has quit IRC19:22
*** ankita_wagh has quit IRC19:23
*** grantbow has joined #openstack-keystone19:24
*** grantbow has joined #openstack-keystone19:24
dstanekdolphm: if https://review.openstack.org/#/c/225373 doesn't merge will the bot keep proposing it?19:26
bknudsondstanek: if the bot keeps proposing the same change then it's broken19:27
dolphmdstanek: yeah, next time theres a new diff it'll use the same changeid19:27
*** ParsectiX has joined #openstack-keystone19:27
dstanekok, didn't know if that one got abandoned if it would think the change still needs to be made and propose again19:28
*** Navid__ has quit IRC19:28
bknudsonif it's abandoned then I'd expect it to be re-proposed19:28
bknudsonwith a new change-id19:29
*** woodster_ has joined #openstack-keystone19:36
dstanekbknudson: that was my fear. so not merging means i have to keep looking at if or have it show up again as a new review19:37
dstanekbknudson: not trying to pile -1s on your bandit reviews, but i'm going -1 them so i don't see them in next-review anymore19:37
dolphmdstanek: just downvote it until it submits a new patchset19:38
dolphmdstanek: for proposalbot ^19:38
dstanekdolphm: ah, that's a good point - that's what i'm doing to the bandit reviews :-)19:39
dolphmdstanek: or, would this work? NOT label:Code-Review+0,self19:40
*** grantbow has quit IRC19:42
dstanekdolphm: i'm not even sure what that does :-)19:43
*** grantbow has joined #openstack-keystone19:43
dolphmdstanek: i was hoping it would filter out code reviews without votes (just ones with a comment)19:44
*** henrynash has joined #openstack-keystone19:44
*** ChanServ sets mode: +v henrynash19:44
dolphmdstanek: i can't get such a filter to work without a non-zero vote19:49
*** alejandrito has quit IRC19:53
openstackgerritJoshua Harlow proposed openstack/oslo.policy: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22751819:56
dolphmdstanek: ooh, i think i got it https://review.openstack.org/#/dashboard/?Not+Commented+On=NOT+label:Code-Review%253C%253D0+AND+NOT+label:Code-Review%253E%253D0+AND+is:watched+AND+is:open,n,z19:57
dolphmdstanek: so if you leave a comment without voting it'll be dropped from that list19:57
*** doug-fish has joined #openstack-keystone19:58
bknudsondstanek: no problem.20:07
*** su_zhang has joined #openstack-keystone20:07
ayoungsamueldmq, policies?  You mean DYnamic policy?  I'm going to purse getting the inferred roles working in Keystone itself first.  We'll circle back around on policies over time, but I want to get more buy-in at the Tokyo summit20:08
morgandolphm: can you make that query only work for reviews with the comments on the current patchset? [i admit i didn't look]20:09
morganso new patchset = review pops back up20:09
dolphmmorgan: that should be what it does by default20:09
samueldmqayoung: okay, so no cross-proj session for now20:09
dolphmmorgan: and you can't opt out of that behavior20:09
*** jaosorior has quit IRC20:10
dolphmmorgan: are you seeing a different behavior? i only tested the query with a single review20:10
ayoungNo, we want a cross-project session...did they put out the the signup for that yet?20:10
samueldmqayoung: http://odsreg.openstack.org/20:10
morgandolphm: i haven't checked20:11
*** su_zhang has quit IRC20:11
morgandolphm: but my last query that looked like that tended to show / not show if I had ever commented20:11
ayoungsamueldmq, I'm suggesting one now./ Thanks20:11
samueldmqayoung: ++20:11
samueldmqtsufiev: amakarov_away cc ^20:12
*** jaosorior has joined #openstack-keystone20:12
*** jorge_munoz has quit IRC20:13
openstackgerritHenrique Truta proposed openstack/keystone: Manager support for projects acting as domains  https://review.openstack.org/21344820:13
openstackgerritHenrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name  https://review.openstack.org/21060020:14
slbergeris any one familiar with how fernet tokens interact with a token persistence backend like memcache? Like if say in the keystone.conf you set under [token] provider=fernet and driver=memcache.  I would imagine not at all because they are non-persistent, but I am not sure.20:15
ayoungsamueldmq, http://odsreg.openstack.org/cfp/details/1220:15
morganslberger: nothing is stored in the backend20:15
morganslberger: fernet tokens bypass the persist-token-to-the-backend step20:16
slbergermorgan, thats what I thought, so it should have no effect20:16
*** KarthikB has quit IRC20:16
morganslberger: yeah, use SQL driver (default) though with fernet20:16
morganslberger: (don't set the value)20:16
slbergermorgan, any reason in particular as to why?20:17
slbergeroo ok20:17
morganslberger: less configs to set, less opportunity to get wonky20:17
dolphmand then you can run SELECT COUNT(*) FROM `token`; all day long and see zero results, it's really satisfying20:17
morgandolphm: you can technically do that even with the memcache driver and uuid tokens20:17
dolphmshh20:17
morgandolphm: *shiftyeyes*20:17
slbergermorgan, dolphm, thanks20:18
*** jorge_munoz has joined #openstack-keystone20:18
samueldmqayoung: nice20:19
ayoungsamueldmq, I think I am going to really push for the split of the policy into role section and scope section.20:20
samueldmqayoung: then two files ?20:23
samueldmqayoung: the role section is what rbac really is20:24
*** su_zhang has joined #openstack-keystone20:24
samueldmqayoung: i.e authz, however the scope section, I don't know what it is20:24
openstackgerritJoshua Harlow proposed openstack/pycadf: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22753820:24
*** diazjf has left #openstack-keystone20:25
*** c_soukup has quit IRC20:26
*** mylu has joined #openstack-keystone20:27
openstackgerritHenrique Truta proposed openstack/keystone: Change project name constraints  https://review.openstack.org/15837220:30
openstackgerritHenrique Truta proposed openstack/keystone: Replicate domain info in projects table  https://review.openstack.org/21117020:30
*** mylu has quit IRC20:30
*** gyee has joined #openstack-keystone20:34
*** ChanServ sets mode: +v gyee20:34
*** Navid__ has joined #openstack-keystone20:34
*** slDabbler has joined #openstack-keystone20:36
ayoungsamueldmq, scope is when  you have to fetch a VM entry out of the database before you can check that the project  on the  token matches the project  one the VM20:40
ayoungfiguring out how to match scope is object by object.20:41
*** exploreshaifali has quit IRC20:41
ayoungwe don;'t want people configuring that20:41
*** mylu has joined #openstack-keystone20:46
*** mylu has quit IRC20:50
*** mylu has joined #openstack-keystone20:51
*** jgriffith has quit IRC20:51
*** mylu has quit IRC20:55
*** ParsectiX has quit IRC20:55
*** ParsectiX has joined #openstack-keystone20:56
*** raildo is now known as raildo-afk20:56
*** edmondsw has quit IRC21:02
roxanaghestevemar, I'm trying to setup a websso with saml in horizon, but it seems like after I choose the IDP from the drop-down list I' redirected to an url of the form: http://<idp_host>/dashboard/auth/login/None/auth/OS_FEDERATION/websso/saml?origin=http://<idp_host>/dashboard/auth/websso/21:04
roxanaghestevemar, I'm thinking I'm redirected to a wrong url, you have any idea why?21:05
*** hrou has quit IRC21:07
*** roxanagh_ has joined #openstack-keystone21:09
dolphmroxanaghe: definitely the wrong URL! there's a None in there for some reason...21:11
*** phalmos has quit IRC21:14
*** roxanagh_ has quit IRC21:14
roxanaghedolphm, right... it seems like horizon doesn't seem to understand my federation protocol choice..21:15
dolphmroxanaghe: any idea what the None is supposed to be?21:17
*** ParsectiX has quit IRC21:17
dolphmroxanaghe: i can't find any such URL documented anywhere21:18
*** ParsectiX has joined #openstack-keystone21:18
roxanaghedolphm, basically the URL should be http://<idp_host>:5000/v3/auth/OS_FEDERATION/websso/saml?origin=http://<idp_host>/auth/websso/21:18
roxanagheI just don't know why I'm getting that dashboard junk and I'm not redirected to the :5000/v3 url21:19
dolphmroxanaghe: that's not even close...21:19
roxanaghedolphm, I know :)) I practically followed this wiki http://docs.openstack.org/developer/keystone/extensions/websso.html but obviously something is not right..21:20
dolphmstevemar: ping ^21:21
*** pauloewerton has quit IRC21:21
stevemarroxanaghe: ohhhh i know that one21:22
stevemardolphm: roxanaghe sorry, i was on a call21:22
stevemarroxanaghe: make sure you have the latest DOA installed21:22
roxanaghestevemar, no worries21:22
stevemarhttps://pypi.python.org/pypi/django_openstack_auth21:22
stevemarit should be 2.0.021:22
*** ParsectiX has quit IRC21:22
roxanaghestevemar, oh ok - is it in the latest devstack?21:22
stevemarcheck pip freeze, you probably have an old one21:22
stevemarshould be, might it might not have auto updated for you21:23
roxanaghestevemar, ok let me check21:23
stevemarroxanaghe: yeah, i encountered that a while ago, and lhcheng told me to update DOA :)21:23
*** KarthikB has joined #openstack-keystone21:24
*** dims__ has quit IRC21:29
*** ayoung has quit IRC21:30
roxanaghestevemar, yay that worked, thanks :)21:31
*** henrynash has quit IRC21:31
stevemarroxanaghe: awesome!21:32
*** pumaranikar has quit IRC21:32
lhchengroxanaghe: \o/21:32
roxanaghestevemar, I still have dashboard in there for the origin url.. even though that doesn't seem to matter..at least for now..21:33
roxanaghelhcheng: good fix :)21:33
lhchengthe /dashboard depends on which web context horizon is running21:34
lhchengfor devstack setup, horizon defaults to the /dashboard context21:34
*** doug-fis_ has joined #openstack-keystone21:37
roxanaghelhcheng, ok so will I have a problem because my configured trusted_dashboard does not contain 'dashboard' in it?21:37
lhchengroxanaghe: it used to be just "/" before..21:40
*** doug-fish has quit IRC21:40
*** x58 has quit IRC21:40
*** marzif has quit IRC21:40
*** x58 has joined #openstack-keystone21:40
lhchengroxanaghe: how do you access your horizon instance?  the trusted_dashboard config must match that.21:41
*** alejandrito has joined #openstack-keystone21:41
lhchengroxanaghe: what is the URL you use to access horizon?21:42
roxanaghelhcheng, just http://host21:43
roxanaghelhcheng and then it redirects me to http://hostname/dashboard/auth/login/?next=/dashboard/21:44
lhchengroxanaghe: ah there's a URL redirection setup on the horizon apache config.21:46
lhchengfor your trusted_dashboard config, add the /dashboard too21:47
roxanaghelhcheng, oh I see the redirection config interesting :)21:48
*** KarthikB has quit IRC21:48
lhchengIt was added for backward compatability21:48
lhcheng:)21:48
lhchengso users won't be surprised why http://<hostname>/ suddenly stopped working21:49
*** spandhe has joined #openstack-keystone21:50
roxanaghelhcheng, so what's the recommended way to access horizon?21:50
openstackgerritEric Brown proposed openstack/keystone: Handle 16-char non-uuid user IDs in payload  https://review.openstack.org/22612121:51
lhchengfor devstack, http://<hostname>/dashboard21:51
*** jlvillal has quit IRC21:51
*** dims_ has joined #openstack-keystone21:52
*** tonytan4ever has quit IRC21:54
*** e0ne has joined #openstack-keystone21:56
*** ankita_wagh has joined #openstack-keystone21:57
*** jlvillal has joined #openstack-keystone21:57
*** ankita_wagh has quit IRC21:58
*** ankita_wagh has joined #openstack-keystone21:59
*** doug-fis_ has quit IRC22:00
dolphmlbragstad: got my first clean run of tempest without modifying tempest22:01
lbragstaddolphm: nice!22:01
lbragstaddolphm: any py27 failures?22:01
dolphmlbragstad: probably :P22:02
dolphmlbragstad: it seems we may have been modifying the wrong attribute in the revocation model http://cdn.pasteraw.com/nd590mzi05bddg1c0zzeg8ypz68dwk922:02
dolphmlbragstad: i'm running the tempest test repeatedly until it fails with this patch now, to ensure there's no transients22:03
*** annasort has quit IRC22:04
lbragstadgood deal... so issued_before is the only one to change22:04
*** topol has quit IRC22:04
dolphmlbragstad: yes22:09
*** doug-fish has joined #openstack-keystone22:10
dolphmlbragstad: ugh *facepalm* this is really just getting us back to square one.22:11
*** urulama has quit IRC22:11
*** ayoung has joined #openstack-keystone22:11
*** ChanServ sets mode: +v ayoung22:11
openstackgerritMerged openstack/oslo.policy: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22751822:12
*** urulama has joined #openstack-keystone22:12
dolphmlbragstad: shouldn't this patch re-introduce the security hole? tokens created shortly before a password change event will not be revoked now, right?22:13
*** slberger has left #openstack-keystone22:16
*** e0ne has quit IRC22:17
*** hrou has joined #openstack-keystone22:19
*** pnavarro has joined #openstack-keystone22:20
*** gordc has quit IRC22:22
*** amoturi has left #openstack-keystone22:25
*** roxanaghe_ has joined #openstack-keystone22:29
*** stevemar has quit IRC22:30
*** roxanaghe has quit IRC22:31
*** su_zhang has quit IRC22:37
*** zzzeek has quit IRC22:40
*** roxanaghe has joined #openstack-keystone22:41
*** roxanaghe has quit IRC22:46
*** slDabbler has quit IRC22:54
*** pnavarro has quit IRC23:00
*** alejandrito has quit IRC23:03
*** markvoelker_ has quit IRC23:04
*** dims_ has quit IRC23:05
*** su_zhang has joined #openstack-keystone23:07
*** ayoung has quit IRC23:07
openstackgerritMerged openstack/keystone: Cleanup of Translations  https://review.openstack.org/22747323:23
openstackgerritJoshua Harlow proposed openstack/pycadf: Include changelog/history in docs  https://review.openstack.org/22758523:29
*** stevemar has joined #openstack-keystone23:31
*** ChanServ sets mode: +v stevemar23:31
harlowjado u guys still want notifications about pycadf in here?23:32
* harlowja noticed they weren't getting sent to oslo channel (fixed @ https://review.openstack.org/227586 )23:32
harlowjabut i can remove from keystone channel if wanted to23:33
*** stevemar has quit IRC23:33
morganharlowja: pycadf is part of Keystone23:33
morganharlowja: and not oslo23:33
harlowjahmm23:33
harlowjaodd23:33
morganwas by choice23:33
harlowjak23:34
harlowjahttps://wiki.openstack.org/wiki/Oslo#pyCADF maybe shouldn't be there?23:34
morgansince almost all the reviews were by the keystone team at the time23:34
harlowjaidk23:34
harlowjalol, we are fixing up doc stuff for it anyway :-p23:34
harlowjahttps://etherpad.openstack.org/p/oslo-liberty-virtual-doc-sprint23:34
morgansure.23:34
morgani mean, I don't really have a vested interest23:34
morgan;)23:34
harlowja:-P23:34
morganFeel free to ask the next PTL if they want to continue to keep pycadf under keystone23:35
harlowjak23:35
harlowjafair nuff23:35
harlowjathx23:35
harlowjamorgan u are supposed to review https://review.openstack.org/#/c/209661/ also, lol23:36
harlowjaand/or http://odsreg.openstack.org/cfp/details/823:36
harlowjalol23:36
harlowjaif i have to i'll bore everyone trying to explain paxos, raft, zab, lol23:37
morganor you're going to have to .. you know it23:37
morgan:P23:37
*** topol has joined #openstack-keystone23:38
*** ChanServ sets mode: +v topol23:38
morganunfortunately I have very little bandwidth to review that stuff... until a week or so out23:38
*** erhudy has quit IRC23:39
*** agireud has quit IRC23:42
*** shoutm has joined #openstack-keystone23:45
*** lhcheng_ has joined #openstack-keystone23:53
*** topol has quit IRC23:54
*** nzeer has quit IRC23:55
*** ayoung has joined #openstack-keystone23:55
*** ChanServ sets mode: +v ayoung23:55
*** jamielennox|away is now known as jamielennox23:56
*** arunkant_ has quit IRC23:56
*** lhcheng has quit IRC23:56
*** mjb has quit IRC23:56
*** trey has quit IRC23:56
*** harlowja has quit IRC23:56
*** rm_work has quit IRC23:56
*** r-daneel has quit IRC23:57
*** darrenc has quit IRC23:57
*** gus has quit IRC23:57
*** briancline has quit IRC23:57
*** harlowja has joined #openstack-keystone23:57
*** darrenc_ has joined #openstack-keystone23:57
*** geoffarnold has quit IRC23:57
*** darrenc_ is now known as darrenc23:58
*** briancline has joined #openstack-keystone23:59
*** gus has joined #openstack-keystone23:59
*** r-daneel has joined #openstack-keystone23:59
*** trey has joined #openstack-keystone23:59
*** rm_work has joined #openstack-keystone23:59
*** nzeer has joined #openstack-keystone23:59
« Wednesday, 2015-09-23 Index Friday, 2015-09-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!