Monday, 2015-10-12

« Sunday, 2015-10-11 Index Tuesday, 2015-10-13 »
*** stevemar_ has joined #openstack-keystone00:00
*** ChanServ sets mode: +o stevemar_00:00
*** Daviey has quit IRC00:04
*** EinstCrazy has quit IRC00:05
*** mylu has joined #openstack-keystone00:16
*** su_zhang has joined #openstack-keystone00:19
lbragstadstevemar_ yeah, i know :-/00:22
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
lbragstadstevemar_ i was reviewing code on friday and noticed that the names contained status codes. Since we landed a recent refactor, I thought it would be useful to change those, too.00:23
lbragstadstevemar_ it was totally and "oh, squirrel!" moment00:24
lbragstads/and/an/00:24
*** dimsum__ has joined #openstack-keystone00:24
*** wwwjfy has joined #openstack-keystone00:26
lbragstadhttps://www.youtube.com/watch?v=SSUXXzN26zg00:26
*** hrou has joined #openstack-keystone00:28
*** akanksha_ has quit IRC00:28
*** akanksha_ has joined #openstack-keystone00:30
*** dimsum__ has quit IRC00:31
*** wwwjfy has quit IRC00:34
*** wwwjfy has joined #openstack-keystone00:39
*** diazjf has joined #openstack-keystone00:41
*** diazjf has left #openstack-keystone00:42
*** topol has joined #openstack-keystone00:49
*** ChanServ sets mode: +v topol00:49
*** chlong has joined #openstack-keystone00:51
*** diegows has quit IRC00:55
*** dimsum__ has joined #openstack-keystone00:57
*** topol has quit IRC00:57
*** mestery has quit IRC00:57
*** topol has joined #openstack-keystone00:58
*** ChanServ sets mode: +v topol00:58
*** ayoung has joined #openstack-keystone00:58
*** ChanServ sets mode: +v ayoung00:58
*** mylu_ has joined #openstack-keystone00:59
*** mylu has quit IRC00:59
*** dimsum__ has quit IRC01:00
*** topol has quit IRC01:02
*** EinstCrazy has joined #openstack-keystone01:03
*** gildub has joined #openstack-keystone01:13
*** dimsum__ has joined #openstack-keystone01:20
*** su_zhang has quit IRC01:25
*** tellesnobrega is now known as tellesnobrega_af01:25
*** dimsum__ has quit IRC01:27
*** dimsum__ has joined #openstack-keystone01:31
*** su_zhang has joined #openstack-keystone01:31
*** su_zhang has quit IRC01:34
*** ozialien has quit IRC01:37
*** ozialien has joined #openstack-keystone01:37
*** phalmos has joined #openstack-keystone01:41
*** wwwjfy has quit IRC01:42
*** csoukup has joined #openstack-keystone01:46
*** btully has quit IRC01:51
*** davechen has joined #openstack-keystone01:51
*** davechen1 has joined #openstack-keystone01:56
*** su_zhang has joined #openstack-keystone01:58
*** davechen has quit IRC01:58
*** davechen has joined #openstack-keystone02:00
*** davechen1 has quit IRC02:02
*** su_zhang has quit IRC02:03
*** su_zhang has joined #openstack-keystone02:04
*** phalmos has quit IRC02:05
*** davechen1 has joined #openstack-keystone02:07
*** davechen has quit IRC02:09
*** davechen has joined #openstack-keystone02:12
*** davechen1 has quit IRC02:15
*** mylu_ has quit IRC02:16
*** mylu has joined #openstack-keystone02:18
*** chlong has quit IRC02:18
*** GB21 has quit IRC02:24
*** david-ly_ has joined #openstack-keystone02:31
*** dimsum__ has quit IRC02:32
*** david-lyle has quit IRC02:33
*** diazjf has joined #openstack-keystone02:37
*** diazjf has left #openstack-keystone02:38
*** topol has joined #openstack-keystone02:44
*** ChanServ sets mode: +v topol02:44
*** wwwjfy has joined #openstack-keystone02:50
*** tobe has joined #openstack-keystone03:04
openstackgerritayoung proposed openstack/keystone: Strip admin roles from non-admin projects and domains  https://review.openstack.org/23348003:19
ayoungjamielennox, ^^ Oh yes I did.03:19
*** marzif has joined #openstack-keystone03:22
*** topol has quit IRC03:31
*** chlong has joined #openstack-keystone03:32
*** dimsum__ has joined #openstack-keystone03:32
*** roxanaghe has joined #openstack-keystone03:33
*** david-lyle has joined #openstack-keystone03:37
*** dimsum__ has quit IRC03:38
*** david-ly_ has quit IRC03:40
*** dimsum__ has joined #openstack-keystone03:40
*** diazjf has joined #openstack-keystone03:45
*** diazjf has left #openstack-keystone03:46
*** su_zhang has quit IRC03:47
*** roxanaghe has quit IRC03:48
stevemar_lbragstad: oh it's cool, run with it03:48
*** dimsum__ has quit IRC03:50
*** roxanaghe has joined #openstack-keystone03:50
jamielennoxayoung: interesting stop gap, will need to think about it some more03:52
stevemar_lbragstad: your chain is now gating03:53
stevemar_jamielennox: it is interesting03:53
jamielennoxstevemar_: it feels like a stop gap, and i'm wondering if it's a stop gap that is going to require configuration changes is there something more permanent we could do03:54
*** su_zhang has joined #openstack-keystone03:55
ayoungjamielennox, its also due to code inertia. And due to the fact that admin as a role was origianlly global, that is kindof how everyone thinks of it.03:56
ayoungBut,  THe other thing it does is (I think) frees us to split to scope check from the role check, so long as the role 'admin' is handled specifically, the exisint p[olicy files for nova nad neutorn work as a scope check only already03:57
ayoungso we can put the role check into middleware, and base it on the URL as opposed to the project03:57
ayoungThe existing policy files don't actually check any role aside from admin.  This lets that continue to work03:58
jamielennoxayoung: so essentially give in to the fact that 'admin' is a special role03:58
ayoungyep03:58
jamielennoxthat works ok for the people who set the config option03:58
ayoungjamielennox, and doesn't break people who don't03:58
jamielennoxi'm not sure cementing that assumption is a good idea if people don't03:58
ayoungI think I've tilted at this windmill long enough to know I am not going to defeat it03:59
stevemar_jamielennox: ayoung pose the question on the operations feedback etherpad03:59
jamielennoxwell it's going to take a really long time03:59
*** su_zhang has quit IRC03:59
stevemar_https://etherpad.openstack.org/p/TYO-ops-feedback-into-PWG04:00
ayoungjamielennox, time that, unfortunately, I can not afford to spend.  I need to work on things that will have actual effect.04:00
ayoungAnd, this sidsteps the issue04:00
jamielennoxso what i think would be cool is some proper policy testing to see if removing admin will even work04:00
ayoungstevemar_, what04:00
ayoungwhat's your gut reaction?04:00
stevemar_ayoung: i do feel like its a stop gap as well, i'm pretty sure folks do rely on the "admin" role heavily, so it could work04:01
jamielennoxmy gut reaction is that this is still an operator change, and if the operator is savvy enough to understand the option they should be able to manage their roles04:01
jamielennoxhaving said that04:01
jamielennoxi realize it hasn't happened yet04:01
ayoungjamielennox, the feedback we've gotten is that no one changes their policy files04:02
stevemar_ayoung: definitely not04:02
stevemar_i mean, i agree, they definitely do not change policy files04:02
ayoungI think this is the right approach.  In the future, we can do something smarter, but it requires a lot of infrastructure to get us there04:03
ayoungimplied roles, dynamic policy, all that won;t get adopted for 2+ cycles after it is merged at the earliest04:03
ayoungand this change is backportable04:03
jamielennoxyea, i'll think about it a bit more, and it's a bit annoying that it rules out using admin for project specific admin, but we might have burnt that bridge04:04
jamielennoxstevemar_: can you have a look at: https://review.openstack.org/#/c/227611/04:04
ayoungjamielennox, it means that project specific admin needs a different role name04:04
jamielennoxayoung: yep04:04
ayoungand I think that I would recommend that anyway04:04
jamielennoxayoung: well it's a misinterpration of the other projects (openstack projects) really04:05
jamielennoxhaving admin should still be specific to the scope they are in04:05
ayounggloabl roles were there first.  We were the ones that changed it.04:05
* ayoung not sure who it was.04:05
stevemar_hehe, so many random white space changes: https://review.openstack.org/#/c/233480/1/keystone/tests/unit/test_v3_assignment.py04:06
jamielennoxmaybe if i have some more self guided time in the future i can try and climb that mountain...04:06
stevemar_i think we could make this a bit slicker04:06
ayoungstevemar_, must be the autopep8...damnit04:07
stevemar_:)04:07
ayoungstevemar_, I had that happen on another changeset, too.  Is that a pep8 violation being fixed there?04:08
jamielennoxayoung: can i give you an easy couple as well: https://review.openstack.org/#/c/229161/ https://review.openstack.org/#/c/212344/04:08
stevemar_ayoung: nah, the code is currently pep8 compliant04:16
ayoungstevemar_, I bet that there is an exception in there, and autopep8 is not being run with that exception enabled04:17
ayoungstevemar_, but, no big deal. I can reverse those lines.  Just that the autopep -i approach makes the pep8 thing so much easier to deal with, it would be nice if we could make that work04:17
*** su_zhang has joined #openstack-keystone04:19
*** david_cu has joined #openstack-keystone04:28
*** david_cu has quit IRC04:36
stevemar_ayoung: gyee had some comments04:41
*** btully has joined #openstack-keystone04:44
*** chlong has quit IRC04:45
openstackgerritMerged openstack/keystone: Refactor: change 404 status codes in test names  https://review.openstack.org/23312404:48
*** dimsum__ has joined #openstack-keystone04:51
*** hrou has quit IRC04:51
*** dimsum__ has quit IRC04:54
*** chlong has joined #openstack-keystone04:57
openstackgerritMerged openstack/keystone: Refactor: change 400 status codes in test names  https://review.openstack.org/23312505:07
openstackgerritMerged openstack/keystone: Refactor: change 410 status codes in test names  https://review.openstack.org/23312605:07
*** roxanaghe has quit IRC05:10
*** marzif has quit IRC05:10
*** Nirupama has joined #openstack-keystone05:11
*** amakarov has joined #openstack-keystone05:13
*** tsufiev_ has joined #openstack-keystone05:13
openstackgerritMerged openstack/keystonemiddleware: Seperate standalone cache tests  https://review.openstack.org/21234405:20
openstackgerritMerged openstack/keystonemiddleware: Use request helpers for token_info/token_auth  https://review.openstack.org/22916105:25
*** roxanaghe has joined #openstack-keystone05:25
*** roxanaghe has quit IRC05:30
*** stevemar_ has quit IRC05:34
*** mylu has quit IRC05:40
*** jtomasek has joined #openstack-keystone05:50
*** su_zhang has quit IRC05:53
*** dimsum__ has joined #openstack-keystone05:54
*** stevemar_ has joined #openstack-keystone05:54
*** ChanServ sets mode: +o stevemar_05:54
*** gildub has quit IRC05:58
*** dimsum__ has quit IRC05:59
*** jaosorior has joined #openstack-keystone06:03
*** mflobo1 has left #openstack-keystone06:10
*** mflobo has joined #openstack-keystone06:11
*** mflobo has left #openstack-keystone06:14
*** roxanaghe has joined #openstack-keystone06:27
*** stevemar_ has quit IRC06:27
*** stevemar_ has joined #openstack-keystone06:28
*** ChanServ sets mode: +o stevemar_06:28
*** roxanaghe has quit IRC06:31
*** rudolfvriend has joined #openstack-keystone06:32
*** stevemar_ has quit IRC06:33
davechenlhcheng: here?06:41
*** dimsum__ has joined #openstack-keystone06:55
*** kiran-r has joined #openstack-keystone06:59
*** dimsum__ has quit IRC07:01
*** browne has quit IRC07:09
*** aix has joined #openstack-keystone07:10
*** flaper87 has quit IRC07:17
*** flaper87 has joined #openstack-keystone07:17
*** dixiaoli has joined #openstack-keystone07:21
*** dixiaoli has quit IRC07:23
*** ParsectiX has joined #openstack-keystone07:26
*** roxanaghe has joined #openstack-keystone07:28
*** akanksha_ has quit IRC07:28
*** btully has quit IRC07:29
*** stevemar_ has joined #openstack-keystone07:29
*** ChanServ sets mode: +o stevemar_07:29
*** roxanaghe has quit IRC07:32
*** stevemar_ has quit IRC07:34
*** kiran-r has quit IRC07:36
*** henrynash has quit IRC07:46
*** pnavarro|off has joined #openstack-keystone07:51
*** fhubik has joined #openstack-keystone07:55
*** rudolfvriend has quit IRC07:56
*** dimsum__ has joined #openstack-keystone07:57
*** pnavarro|off has quit IRC07:58
*** dimsum__ has quit IRC08:02
*** mjb has quit IRC08:03
*** rm_work has quit IRC08:03
*** mjb has joined #openstack-keystone08:05
*** urulama has joined #openstack-keystone08:05
*** rm_work has joined #openstack-keystone08:05
*** Guest2082 is now known as d0ugal08:09
*** d0ugal has joined #openstack-keystone08:09
*** btully has joined #openstack-keystone08:09
*** marzif has joined #openstack-keystone08:13
*** btully has quit IRC08:14
*** marzif has quit IRC08:14
*** marzif has joined #openstack-keystone08:15
*** marzif_ has joined #openstack-keystone08:16
*** marzif has quit IRC08:20
*** lhcheng has quit IRC08:20
*** e0ne has joined #openstack-keystone08:24
*** fmarco76 has joined #openstack-keystone08:32
*** fmarco76 has quit IRC08:33
jamielennoxmorgan, dolphm, bknudson: I'd really like to get this backport in if you can have a look https://review.openstack.org/#/c/225516/08:34
*** chlong has quit IRC08:35
*** jvarlamova has quit IRC08:36
*** pnavarro|off has joined #openstack-keystone08:36
*** pnavarro|off has quit IRC08:44
*** jistr has joined #openstack-keystone08:46
*** ParsectiX has quit IRC08:55
*** dimsum__ has joined #openstack-keystone08:58
*** aix has quit IRC08:58
*** dimsum__ has quit IRC09:04
*** fhubik is now known as fhubik_brb09:07
*** marzif_ has quit IRC09:08
*** marzif_ has joined #openstack-keystone09:09
*** wwwjfy has quit IRC09:10
*** aix has joined #openstack-keystone09:12
*** fhubik_brb is now known as fhubik09:15
*** breton has quit IRC09:19
*** ParsectiX has joined #openstack-keystone09:20
*** marzif_ has quit IRC09:21
openstackgerritMarek Denis proposed openstack/keystone: Adds a base class for functional tests  https://review.openstack.org/20314209:23
openstackgerritMarek Denis proposed openstack/keystone: Federation Identity Provider functional tests  https://review.openstack.org/20325809:25
openstackgerritMarek Denis proposed openstack/keystone: Functional tests for federation mapping CRUD  https://review.openstack.org/23157409:25
*** yuwen has joined #openstack-keystone09:33
*** kurtrao has joined #openstack-keystone09:36
*** ParsectiX has quit IRC09:41
*** fhubik is now known as fhubik_brb09:44
yuwenI want to ask some questions about Keystone Federation feature in Kilo.09:50
yuwenrefer to http://docs.openstack.org/developer/keystone/configure_federation.html,09:50
yuwenwe can config the keystone as an Identity Provider (IdP).09:50
yuwenin the doc, idp_sso_endpoint=https://keystone.example.com/v3/OS-FEDERATION/saml2/sso09:50
yuwenwhen SP single sign on the keystone, it occurs 404 https://keystone.example.com/v3/OS-FEDERATION/saml2/sso not found09:50
yuwenIs there any step missed in the http://docs.openstack.org/developer/keystone/configure_federation.html to config the IDP, in the section of [saml] of the keystone.conf09:50
*** chlong has joined #openstack-keystone09:50
yuwenwhat the basic steps of keystone IDP configuration?09:50
yuwenCan I use keystone(Kilo) IDP as a SAML2.0 Identity Provider?09:50
yuwenCan I use WSO2 Identity Server as a SP to integrate Keystone IDP?09:50
*** davechen has left #openstack-keystone09:54
*** topol has joined #openstack-keystone09:56
*** ChanServ sets mode: +v topol09:56
*** breton has joined #openstack-keystone09:58
*** marzif has joined #openstack-keystone09:58
*** dimsum__ has joined #openstack-keystone10:00
*** topol has quit IRC10:00
*** EinstCrazy has quit IRC10:01
*** andreykurilin has joined #openstack-keystone10:03
andreykurilinhi everyone! novaclient's functional tests are broken and fails related to keystone - http://logs.openstack.org/77/232677/1/check/gate-novaclient-dsvm-functional/2de31bc/logs/apache/keystone.txt.gz#_2015-10-12_08_52_48_073819 Does anyone can help me?10:03
*** urulama has quit IRC10:04
*** urulama has joined #openstack-keystone10:04
*** breton has quit IRC10:04
*** dimsum__ has quit IRC10:06
*** e0ne_ has joined #openstack-keystone10:06
*** wwwjfy has joined #openstack-keystone10:07
*** e0ne has quit IRC10:09
openstackgerritMarek Denis proposed openstack/keystone: Functional tests for federation mapping CRUD  https://review.openstack.org/23157410:11
*** fhubik_brb is now known as fhubik10:12
*** fhubik is now known as fhubik_brb10:13
*** e0ne_ has quit IRC10:14
*** yuwen has quit IRC10:14
openstackgerritMarek Denis proposed openstack/keystone: Adds a base class for functional tests  https://review.openstack.org/20314210:16
*** e0ne has joined #openstack-keystone10:19
samueldmqmorning10:19
openstackgerritMarek Denis proposed openstack/keystone: Federation Identity Provider functional tests  https://review.openstack.org/20325810:30
*** roxanaghe has joined #openstack-keystone10:33
openstackgerritMarek Denis proposed openstack/keystone: Functional tests for federation mapping CRUD  https://review.openstack.org/23157410:36
*** roxanaghe has quit IRC10:39
*** breton has joined #openstack-keystone10:45
*** ParsectiX has joined #openstack-keystone10:47
marekdbknudson: so, did you figure out what is going on with the functional tests? Some people had some objections about the way we are planning to do it today.10:54
*** EinstCrazy has joined #openstack-keystone10:58
*** dikonoor has joined #openstack-keystone10:58
*** EinstCrazy has quit IRC10:59
*** EinstCrazy has joined #openstack-keystone11:00
*** dimsum__ has joined #openstack-keystone11:01
*** fhubik_brb is now known as fhubik11:03
*** tobe has quit IRC11:06
*** tobe has joined #openstack-keystone11:06
*** dimsum__ has quit IRC11:07
*** Nirupama has quit IRC11:15
*** tobe has quit IRC11:15
*** tobe has joined #openstack-keystone11:16
*** dimsum__ has joined #openstack-keystone11:22
*** stevemar_ has joined #openstack-keystone11:31
*** ChanServ sets mode: +o stevemar_11:31
*** e0ne has quit IRC11:31
*** stevemar_ has quit IRC11:35
*** roxanaghe has joined #openstack-keystone11:36
*** fhubik is now known as fhubik_brb11:38
*** shaifali__ has joined #openstack-keystone11:41
*** roxanaghe has quit IRC11:42
*** fhubik_brb is now known as fhubik11:49
*** urulama has quit IRC11:53
*** urulama has joined #openstack-keystone11:54
*** su_zhang has joined #openstack-keystone12:00
*** fhubik is now known as fhubik_brb12:04
*** woodster_ has joined #openstack-keystone12:11
*** shaifali__ has quit IRC12:16
*** shaifali__ has joined #openstack-keystone12:17
*** jaosorior has quit IRC12:18
*** e0ne has joined #openstack-keystone12:19
*** shaifali__ is now known as exploreshaifail12:20
*** fhubik_brb is now known as fhubik12:22
*** nisha has joined #openstack-keystone12:24
*** Daviey has joined #openstack-keystone12:26
*** markvoelker has joined #openstack-keystone12:26
*** rha has joined #openstack-keystone12:32
*** edmondsw has joined #openstack-keystone12:36
*** roxanaghe has joined #openstack-keystone12:38
*** roxanaghe has quit IRC12:43
*** nisha has quit IRC12:45
*** fhubik is now known as fhubik_brb12:46
*** exploreshaifail has quit IRC12:53
*** hrou has joined #openstack-keystone12:58
*** mestery has joined #openstack-keystone13:06
*** jaosorior has joined #openstack-keystone13:09
*** alexpro has joined #openstack-keystone13:09
*** alexpro has quit IRC13:12
*** alexpro has joined #openstack-keystone13:13
*** alexpro has quit IRC13:13
*** njirap has joined #openstack-keystone13:16
*** annasort has joined #openstack-keystone13:17
*** alexpro has joined #openstack-keystone13:20
bknudsonmarekd: I don't know how we're planning to do it... is that written down somewhere?13:23
*** dimsum__ is now known as dims13:27
*** dims is now known as Guest282113:27
*** fhubik_brb is now known as fhubik13:27
marekdbknudson: there are some reviews that i started to work on.13:28
bknudsonI don't get why we're adding functional tests when the ones we have now don't get run13:29
marekdbknudson: for instance https://review.openstack.org/#/c/203258/ and13:30
marekdbknudson: which tests do we have now?13:31
marekdbknudson: which *functional* tests do we have today13:31
*** stevemar_ has joined #openstack-keystone13:32
*** ChanServ sets mode: +o stevemar_13:32
*** timcline has joined #openstack-keystone13:33
*** timcline has quit IRC13:35
*** Guest2821 is now known as dims__13:35
*** su_zhang has quit IRC13:36
*** stevemar_ has quit IRC13:36
*** csoukup has quit IRC13:38
*** topol has joined #openstack-keystone13:42
*** ChanServ sets mode: +v topol13:42
*** wwwjfy has quit IRC13:47
*** nate_gone is now known as njohnston13:50
*** wwwjfy has joined #openstack-keystone13:50
*** ngupta has joined #openstack-keystone13:52
*** brad[] has joined #openstack-keystone13:53
*** diazjf has joined #openstack-keystone13:58
*** dims__ has quit IRC14:01
*** ParsectiX has quit IRC14:02
*** dims__ has joined #openstack-keystone14:02
*** fhubik is now known as fhubik_brb14:04
*** csoukup has joined #openstack-keystone14:06
*** btully has joined #openstack-keystone14:07
*** ngupta has quit IRC14:09
*** fhubik_brb is now known as fhubik14:10
marekddstanek: would be nice if you could take a look at a first pass on idp,mapping and protocols tests. Chain starts here: https://review.openstack.org/#/c/203258/14:13
*** krotscheck has joined #openstack-keystone14:16
*** tobe has quit IRC14:16
*** tobe has joined #openstack-keystone14:19
*** ngupta has joined #openstack-keystone14:19
*** sigmavirus24_awa is now known as sigmavirus2414:20
*** davechen has joined #openstack-keystone14:20
*** davechen has left #openstack-keystone14:20
*** topol has quit IRC14:23
*** topol has joined #openstack-keystone14:24
*** ChanServ sets mode: +v topol14:24
*** exploreshaifali_ has joined #openstack-keystone14:24
*** phalmos has joined #openstack-keystone14:28
*** topol has quit IRC14:29
*** timcline has joined #openstack-keystone14:31
*** richm has joined #openstack-keystone14:32
*** breton has quit IRC14:33
*** breton has joined #openstack-keystone14:34
*** breton has left #openstack-keystone14:34
*** breton has joined #openstack-keystone14:34
*** mestery has quit IRC14:34
*** su_zhang has joined #openstack-keystone14:35
*** tonytan4ever has joined #openstack-keystone14:36
*** jsavak has joined #openstack-keystone14:38
*** browne has joined #openstack-keystone14:44
*** timcline has quit IRC14:44
*** timcline has joined #openstack-keystone14:44
*** dikonoor has quit IRC14:45
*** ngupta has quit IRC14:47
*** edmondsw has quit IRC14:49
*** edmondsw has joined #openstack-keystone14:53
*** fhubik is now known as fhubik_brb14:54
*** fhubik_brb is now known as fhubik14:57
*** slberger has joined #openstack-keystone14:59
*** phalmos has quit IRC15:00
*** phalmos has joined #openstack-keystone15:01
*** HenryG_ is now known as HenryG15:03
*** topol has joined #openstack-keystone15:08
*** ChanServ sets mode: +v topol15:08
*** fhubik is now known as fhubik_brb15:08
*** ngupta has joined #openstack-keystone15:14
*** hrou has quit IRC15:15
*** hrou has joined #openstack-keystone15:15
*** fhubik_brb is now known as fhubik15:20
openstackgerritayoung proposed openstack/keystone: Strip admin roles from non-admin projects and domains  https://review.openstack.org/23348015:20
*** zz_john5223 is now known as john522315:24
*** urulama has quit IRC15:28
openstackgerritayoung proposed openstack/keystone: Strip admin roles from non-admin projects and domains  https://review.openstack.org/23348015:28
*** urulama has joined #openstack-keystone15:28
*** exploreshaifali_ has quit IRC15:33
openstackgerritBrant Knudson proposed openstack/keystone: Fix use of TokenNotFound  https://review.openstack.org/22700415:35
*** mylu has joined #openstack-keystone15:37
*** roxanaghe has joined #openstack-keystone15:39
*** tobe has quit IRC15:40
bknudsonrequirements change to bump oslo.cache: https://review.openstack.org/#/c/233689/15:42
*** kiran-r has joined #openstack-keystone15:42
*** BAKfr has quit IRC15:43
*** BAKfr has joined #openstack-keystone15:46
bknudsonanyone else having problems running tox -e py27?15:49
openstackgerritBoris Bobrov proposed openstack/keystone: Use search_ext_s instead of search_s in ldap  https://review.openstack.org/23299515:49
openstackgerritBoris Bobrov proposed openstack/keystone: Make @truncated common for all backends  https://review.openstack.org/23306915:49
openstackgerritBoris Bobrov proposed openstack/keystone: Use @truncated in ldap  https://review.openstack.org/23307015:49
bknudsonpkg_resources.ContextualVersionConflict: (requests 2.8.0 (/opt/stack/keystone/.tox/py27/lib/python2.7/site-packages), Requirement.parse('requests!=2.8.0,>=2.5.2'), set(['oslo.policy']))15:53
*** BAKfr has quit IRC15:55
*** su_zhang has quit IRC15:56
*** BAKfr has joined #openstack-keystone15:58
*** su_zhang has joined #openstack-keystone15:58
*** fhubik is now known as fhubik_brb16:02
*** fhubik_brb is now known as fhubik16:02
*** fhubik has quit IRC16:02
*** pumaranikar has joined #openstack-keystone16:03
*** slberger1 has joined #openstack-keystone16:04
*** slberger has quit IRC16:04
*** mylu has quit IRC16:04
*** blogan_ is now known as blogan16:14
openstackgerritMerged openstack/keystone: Refactor: change 403 status codes in test names  https://review.openstack.org/23312716:19
*** su_zhang has quit IRC16:20
*** gyee has joined #openstack-keystone16:22
*** ChanServ sets mode: +v gyee16:22
*** pumaranikar has quit IRC16:23
*** aix has quit IRC16:31
*** jistr has quit IRC16:42
*** amit213 has quit IRC16:45
*** amit213 has joined #openstack-keystone16:46
openstackgerritBoris Bobrov proposed openstack/keystone: Use @truncated in ldap  https://review.openstack.org/23307016:47
bretonbknudson: in the gates16:49
bretonhttps://jenkins01.openstack.org/job/gate-keystone-python27/739/consoleFull16:50
*** ozialien has quit IRC16:56
*** wwwjfy has quit IRC16:56
*** kiran-r has quit IRC16:57
*** geoffarnold has joined #openstack-keystone16:57
*** doug-fish has quit IRC16:58
*** geoffarn_ has joined #openstack-keystone16:58
*** tonytan4ever has quit IRC16:59
*** stevemar_ has joined #openstack-keystone17:02
*** ChanServ sets mode: +o stevemar_17:02
*** geoffarnold has quit IRC17:02
*** doug-fish has joined #openstack-keystone17:02
*** browne has quit IRC17:02
*** su_zhang has joined #openstack-keystone17:03
*** doug-fish has quit IRC17:07
openstackgerritMarek Denis proposed openstack/keystone: Functional tests for federation protocols CRUD  https://review.openstack.org/23373317:07
*** stevemar_ has quit IRC17:07
*** doug-fish has joined #openstack-keystone17:09
*** spandhe has joined #openstack-keystone17:10
*** hrou has quit IRC17:13
*** doug-fish has quit IRC17:13
marekdbknudson: ^^ this is one example of functional tests. Are you thinking we should reuse old code and simply make them talk to a remote real keystone?17:16
*** tonytan4ever has joined #openstack-keystone17:17
marekddstanek: ^^ same17:19
*** njirap has quit IRC17:19
*** geoffarn_ has quit IRC17:19
*** geoffarnold has joined #openstack-keystone17:19
*** doug-fish has joined #openstack-keystone17:21
*** lhcheng has joined #openstack-keystone17:24
*** ChanServ sets mode: +v lhcheng17:24
*** doug-fish has quit IRC17:25
ayoungdavid8hu, pleaseremove -1 from https://review.openstack.org/#/c/23348017:32
david8huayoung,  Only if you buy beer in Tokyo :)17:33
ayoungDon't -1 just because you have a question:  I'll be sure to answer all questions before merge, but a -1 just keeps people from looking at it17:33
ayoungdavid8hu, I'll buy beer anyway17:33
ayoungdavid8hu, I also have an additional copy of the t-shirt for the person that makes the biggest contribution to closing the bug17:34
david8huayoung, sure, will remove it for the beer; )17:34
*** jasonsb has joined #openstack-keystone17:34
ayoungremove because you want the bug fixed. THe beer is a given17:34
ayoungdavid8hu, this is a real "acceptance of things I cannot change" patch17:35
ayoungI've tried all the harder ways, and those paths are closed.  I have some ideas of things we can do after this that do not require changes in the other projects.17:36
*** doug-fish has joined #openstack-keystone17:36
david8huayoung, Our best friend Jenkins also gave a -1.  BTW, how does it solve the admin-ness problem since glance admin should not have the super admin role.17:37
ayoungdavid8hu, you can always make the policy stricter for glance.  This does not change that.  It just keeps "I got admin on a project and now I am admin everywhere" from happening17:38
ayoungsplitting glance from nova from neutron...byond the scope, but still solvable problems17:38
ayoungdavid8hu, But understand that wanting to split based on service is only one of many ways to split.  Wanna hear my real plan for world domination?17:39
david8huayoung, I am listening.17:39
ayoungdavid8hu, OK...leave the policy in the remote service  alone.  Its job is going to be just the scope match17:40
ayoungThe role match is a separate layer.  We do that first, and in middleware17:40
ayoungSo there are two checks:  a dynamic policy check, and a static policy check17:40
*** geoffarn_ has joined #openstack-keystone17:41
ayoungSolving the glance  vs nova will be done with dynamic policy17:41
*** geoffarnold has quit IRC17:41
david8hudynamic check == role chk?17:41
david8hustatic check == scope chk?17:42
*** browne has joined #openstack-keystone17:42
ayoungdavid8hu, yep17:43
ayoungdavid8hu, so we grandfather 'admin' in as an artifact17:43
ayoungits a bypass:17:44
ayoungbut we'll limit it only to the special project/domain where it is used to unsick a sick system17:44
ayounggyee, ^^ read up my conversation with david8hu as it applies to you too17:44
ayoungyour question too, I should say17:45
david8huayoung, cloud_admin rule is already doing that today with admin domain.  Addiing admin project check to cloud_admin is a straight forward policy change.  What am I missing here?17:47
*** pnavarro|off has joined #openstack-keystone17:47
ayoungdavid8hu, the fact that *no one* changes policy.json17:47
ayoungIt is considered code, and they are not allowed to by, ehem, policy17:47
ayoungdavid8hu, add into that the fact that there is a serious amount of wrokflow here;17:48
ayoungwe don't by default define an admin domain17:48
ayoungcloud_admin is not a default rule17:48
ayounger role17:48
ayoungand  making that work would require templatizing every single policy file for every service and distributing them via puppet, ansible, cfengine, or carrie pidgeon, whatever they use for config management17:49
ayoungIts why I was pushing dynamic policy, but I can;'t get headway on it17:49
ayoungso...we ignore the other projects and solve it in Keystone, or we leave the bug as "will not fix"17:49
*** diazjf has quit IRC17:49
*** jasonsb has quit IRC17:50
*** jasonsb_ has joined #openstack-keystone17:50
lifelessayoung: eh, I thought we knew that folk *do* change it17:54
ayounglifeless, very very very few17:54
ayounglifeless, this:  https://review.openstack.org/#/c/23348017:54
lifelessayoung: I'm moderately sure (would need to ask to confirm) that HP cloud changes it17:54
ayounglifeless, it won't affect them if they opt out17:55
ayounglifeless, its a config option that has to be explicitly enabled, just reduces "who" gets the admin token17:55
lifelessyeah17:55
lifelessso it seems reasonable, if policy files aren't editable17:56
lifelessthough I think I'd like to see us have consensus on that17:56
lifelesslike - if editing them is a use case, we should go back to these orgs that aren't editing and tell them they should17:56
lifelessbut I'll freely admit I'm not across all the policy discussions - I've been lurking on those threads17:57
lifeless(EBANDWIDTH)17:57
lifelessso if we already have consensus that they aren't editable, and that the folk doing so are unsupported...17:57
lifelessthen great17:57
gyeeayoung, yes17:58
gyeelifeless, yes, we do customize policy to suite the product needs17:58
ayounggyee, so you guys probably have a wreckaround for 968696 anyway, right?17:59
david8huayoung, taking care of in the stock default policy is more consistent with v3sample.  Unless, of course, you are thinking of removing "domain_id:admin_domain_id" from v3sample polocy and have admin_domain_id populated through keystone.conf?17:59
ayoungdavid8hu, huh?17:59
gyeedavid8hu is wreckarounding it17:59
gyee:)18:00
david8hulol18:00
*** doug-fish has quit IRC18:00
*** pumaranikar has joined #openstack-keystone18:01
*** doug-fish has joined #openstack-keystone18:01
*** pnavarro|off has quit IRC18:01
*** geoffarn_ has quit IRC18:01
*** geoffarnold has joined #openstack-keystone18:02
ayoungMy new hobby:  pretending to be messed up by autocorrect18:03
ayoungI actually mistyped it and liked the newer version better18:03
*** doug-fis_ has joined #openstack-keystone18:03
david8huayoung,  In your proposal, there is going to be a admin_domain_id in keystone.conf?  For those deploying policy.v3cloudsample.json, admin_domain_id is defined in the policy file.18:04
david8huayoung, It is a bit of inconsistency18:04
ayoungdavid8hu, you can get away without setting it in the config file, and then things work as before18:04
ayoungIts why I made them vary indepednantly .18:04
*** geoffarnold is now known as geoffarnoldX18:05
ayoungThere is a gap, though;  if you don't set the domain token, I think that you can actually sent a domain scoped token to nova with admin in the scope and then it will match the policy check and pass18:05
*** doug-fish has quit IRC18:05
*** henrynash has joined #openstack-keystone18:06
*** ChanServ sets mode: +v henrynash18:06
bknudsonopened a bug for the unit test failures https://bugs.launchpad.net/keystone/+bug/150532618:06
openstackLaunchpad bug 1505326 in Keystone "Unit tests failing with requests 2.8.0" [Undecided,New]18:06
ayoungbknudson, thanks18:08
*** chrisshattuck has joined #openstack-keystone18:11
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799518:11
bknudsonlooks like it's keystoneclient is the culprit18:13
*** su_zhang has quit IRC18:16
odyssey4mebknudson yeah, we just hit that - everything was fine this morning, then this afternoon it all blew up :/18:20
cloudnull^ ++18:20
ayoungdavid8hu, but, essentially, this closes the hole on a default install, which is what we really need.18:23
*** geoffarnoldX has quit IRC18:23
*** geoffarnold has joined #openstack-keystone18:23
bknudsonhere's the release proposal: https://review.openstack.org/#/c/233761/18:24
*** su_zhang has joined #openstack-keystone18:24
*** diazjf has joined #openstack-keystone18:25
bknudsonI guess it's a holiday in canada so no PTL18:26
bknudsonthey have a lot of holidays18:27
*** su_zhang has quit IRC18:31
dolphm#success stevemar takes his first holiday as keystone PTL18:35
openstackstatusdolphm: Added success to Success page18:35
*** jsavak has quit IRC18:37
*** diazjf has left #openstack-keystone18:38
david8huayoung,  I am not a big fan of going through keystone.conf and tell keystone which role is admin.  It should be a policy thing. But, I do understand what you are trying to accomplish.  That is why I think we should make the policy.v3cloudsample.json the default keystone policy.18:38
*** jsavak has joined #openstack-keystone18:38
ayoungdavid8hu, we can't18:38
ayoungI wish we could...but the problem is not a Keystone problem18:39
ayoungKeystone is unique; it could look in its config file to find out what is the admin project/domain18:39
ayoungbut we need to keep that value in sync across all of the remote services18:39
ayoungand I could not even get the Keystone core team to agree on the absolute basics of dynamic policy, never mind the remote projects...it just won't happen18:40
ayoungso, I through being a purist:  lets fix the bug and move on with our lives18:40
*** doug-fis_ is now known as doug-fish18:41
bknudsonkeystonemiddleware release proposal: https://review.openstack.org/#/c/233763/18:41
*** geoffarn_ has joined #openstack-keystone18:44
*** geoffarnold has quit IRC18:45
*** diazjf has joined #openstack-keystone18:49
*** wwwjfy has joined #openstack-keystone18:53
*** pumaranikar has quit IRC18:54
bknudsonit's columbus day here so what am I doing18:54
bknudsonoops, indigenous peoples day.18:55
*** wwwjfy has quit IRC18:55
*** pumaranikar has joined #openstack-keystone18:56
*** tsymancz1k has quit IRC18:57
*** tsymancz4k has quit IRC18:57
*** tsymancz1k has joined #openstack-keystone18:57
morganHm.18:57
openstackgerritLance Bragstad proposed openstack/keystone: Refactor: Don't hard code 409 Conflict error codes  https://review.openstack.org/23312819:00
*** geoffarn_ has quit IRC19:04
morganayoung: commented on your policy/admin patch19:06
*** geoffarnold has joined #openstack-keystone19:06
*** amakarov is now known as amakarov_away19:06
*** john5223 is now known as zz_john522319:06
morganayoung: i think you are on the right path at least fkr keystone purposes19:06
ayoungmorgan all I know is I am on the path of least resistance19:07
bknudsonit would be interesting to find out why there's so much resistance19:07
ayoungBut I don't think we have a choice.  Updating policy is a non-starter19:07
ayoungbknudson, I'll be willing to wax poetic over that in TOkyo over libations19:07
ayoungits not entirely unjustified;  there are really no good solutions the way the problem is currently defined19:08
morganI am just saying it is def. an easy win and solves a glaring hole even with full dynamic policy with little added code19:09
bknudsonI don't think what's proposed here is going to work. The service users need admin19:09
morganbknudson: not in v3 (with a proper policy). We could also make the service tenant have admin rights19:09
*** doug-fish has quit IRC19:09
bknudsonright, the problem is improper policy... but we're saying we can't change policy19:10
*** doug-fish has joined #openstack-keystone19:10
morganWell in v2 we dont really use policy19:10
bknudsonnot sure where v2 came from?19:10
morganBut anyway19:10
morganThis is not an unreasonable approach nor far off the mark imo19:11
*** roxanaghe has quit IRC19:11
*** spandhe_ has joined #openstack-keystone19:11
morganMaybe we just need a way to specify service tenant too or something. This is a wuick fix that solves the immediate issue.19:11
morganAnd allows us to do less "big bang" to get the rest done down the line19:12
*** tsymancz4k has joined #openstack-keystone19:12
*** spandhe has quit IRC19:12
*** spandhe_ is now known as spandhe19:12
*** zz_john5223 is now known as john522319:14
*** john5223 is now known as zz_john522319:15
*** zz_john5223 is now known as john522319:20
*** arunkant has joined #openstack-keystone19:27
ayoungbknudson, service users can have admin in the admin project.  What is the problem?19:32
bknudsonservice users get a token scoped to the service project19:33
ayoungis that the devstack setup?19:33
bknudsony, that's how devstack sets it up19:33
ayoungbknudson, I was trying to avoid making it a list, but we could do that.19:33
bknudsonnova and neutron get admin role19:33
ayoungis that just to validate tokens?19:34
bknudsonnope, they use the service user to also do some kind of notification19:34
odyssey4mebknudson so here's a funny - the requests issue for me is coming up in L, not M19:35
bknudsonodyssey4me: :( we've got a lot of work to do.19:36
bknudsonwe'll probably have to release new versions of all the libs in L with new reqs updates19:36
bknudsonwe can't even do releases now because the docs fail to build19:36
*** spandhe_ has joined #openstack-keystone19:37
odyssey4mebknudson :( even if I introduce a global pin for openstack-ansible, I get issues somewhere else19:38
ayoungbknudson, could we make the services project the admin project?19:39
odyssey4meit would seem that perhaps some libraries have released new versions today, so all hell is breaking loose while we try to finalise a liberty release :/19:39
*** spandhe has quit IRC19:39
*** spandhe_ is now known as spandhe19:39
bknudsonayoung: I don't see why not.19:39
bknudsonodyssey4me: I don't think the openstack releases are breaking anything? that shouldn't cause problems19:41
bknudsonotherwise we'll have to go back and cap all the openstack libs in stable/liberty, too19:42
*** hrou has joined #openstack-keystone19:42
*** harlowja has quit IRC19:44
*** spandhe has quit IRC19:47
*** spandhe has joined #openstack-keystone19:48
*** geoffarnold has quit IRC19:48
*** geoffarnold has joined #openstack-keystone19:48
lbragstaddolphm responded - https://review.openstack.org/#/c/201742/19:49
*** jsavak has quit IRC19:49
dolphmlbragstad: you can check that the fix was backported to all branches here https://review.openstack.org/#/q/Ia87fc785afe624fde0ad191cc6f031eb7605096e,n,z19:52
dolphmlbragstad: i've never backported through branches sequentially unless there's a merge conflict or test failure as a result of the backport. then the rewritten patch should be backported further. there's no reason to do that here.19:52
lbragstaddolphm works for me, thanks for the explanation19:53
*** diazjf has quit IRC19:55
*** spandhe_ has joined #openstack-keystone19:55
*** stevemar_ has joined #openstack-keystone19:56
*** ChanServ sets mode: +o stevemar_19:56
*** spandhe has quit IRC19:57
*** spandhe_ is now known as spandhe19:57
*** diazjf has joined #openstack-keystone19:58
*** stevemar_ has quit IRC19:59
*** jtomasek has quit IRC20:04
*** su_zhang has joined #openstack-keystone20:12
*** njohnston is now known as nate_gone20:16
*** exploreshaifali has joined #openstack-keystone20:18
openstackgerritBrant Knudson proposed openstack/keystone: Remove oslo.policy implementation tests from keystone  https://review.openstack.org/23380020:20
*** jaosorior has quit IRC20:20
*** geoffarn_ has joined #openstack-keystone20:22
*** geoffarnold has quit IRC20:23
*** pnavarro|off has joined #openstack-keystone20:24
*** harlowja has joined #openstack-keystone20:24
*** roxanaghe has joined #openstack-keystone20:26
*** pnavarro|off has quit IRC20:30
*** geoffarn_ is now known as geoffarnold20:33
*** geoffarnold is now known as geoffarnoldX20:34
*** pnavarro|off has joined #openstack-keystone20:43
*** geoffarnold has joined #openstack-keystone20:43
*** geoffarnoldX has quit IRC20:43
*** e0ne has quit IRC20:48
*** diazjf has quit IRC20:53
*** wwwjfy has joined #openstack-keystone20:54
*** diazjf has joined #openstack-keystone20:55
*** wwwjfy has quit IRC20:59
*** ngupta has quit IRC21:00
*** edmondsw has quit IRC21:01
*** stevemar_ has joined #openstack-keystone21:04
*** ChanServ sets mode: +o stevemar_21:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/23382021:07
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/23382121:07
*** nate_gone is now known as njohnston21:07
*** ngupta has joined #openstack-keystone21:11
*** pnavarro|off has quit IRC21:15
*** geoffarnold has quit IRC21:17
*** geoffarn_ has joined #openstack-keystone21:17
*** zhiyan has quit IRC21:20
*** jraim has quit IRC21:21
*** serverascode has quit IRC21:21
*** briancurtin has quit IRC21:22
*** ctracey has quit IRC21:22
stevemar_dolphm: thanks for rewriting the bug description for the version package21:24
*** nzeer has quit IRC21:25
stevemar_ayoung: you should like this change https://review.openstack.org/#/c/203262/1021:28
stevemar_theres a lot less cruft in the top level keystone directory now21:28
stevemar_\o/21:28
ayoungstevemar_, works for me21:28
stevemar_bknudson: oh damn, oslo.policy broke up a bit eh21:29
openstackgerritTom Cocozzello proposed openstack/keystonemiddleware: Configure filter factories for PasteDeploy  https://review.openstack.org/23383921:29
lbragstadstevemar_ bknudson  yeah i think https://github.com/openstack/keystone/commit/6f5fce4937584297d810453f9290d69cf58aa644  did something?21:29
bknudsonstevemar_: y, it broke neutron too, I guess.21:29
bknudsonthe release of requests also broke keystone unit tests.21:30
stevemar_bknudson: and sphinx release broke releases21:30
stevemar_everything is broken!21:30
bknudsonI think it's because the broken requests gets pulled in by keystoneclient and keystonemiddleware21:30
lbragstadyep; http://logs.openstack.org/28/233128/2/check/gate-keystone-python27/2a4f717/testr_results.html.gz21:30
bknudsonbecause the released versions of keystoneclient and ksm don't have requests!=2.8.021:31
bknudsonso I proposed new releases of ksc and ksm.21:31
lbragstadbknudson do you have links?21:31
bknudsonlbragstad: https://review.openstack.org/#/c/233761/ and https://review.openstack.org/#/c/233763/21:32
odyssey4mebknudson it also concerns me that the blocking of requests 2.8.0 has been held back from stable/liberty: https://review.openstack.org/23291721:34
bknudsonodyssey4me: I'm going to give stable/liberty tox -e py27 a try.21:36
bknudsonyep, it fails21:36
odyssey4mebknudson :/21:36
bknudsonsame as master21:36
odyssey4meso stable/liberty is more like drunk/liberty right now :p21:36
stevemar_odyssey4me: hehe21:37
bknudsonit's really stable since we can't merge anything21:37
*** geoffarn_ has quit IRC21:38
*** geoffarnold has joined #openstack-keystone21:39
*** pumaranikar has quit IRC21:41
lbragstadso, what's the process for back-porting dependency fixes?21:41
*** phalmos has quit IRC21:41
*** tonytan4ever has quit IRC21:42
jamielennoxbknudson: i had heard of a problem with requests 2.8.0 but i haven't done anything about it, most of the other projects reacted and fixed it21:42
bknudsonlbragstad: there's stable/ branches in openstack/requirements and the proposal bot will update.21:42
*** doug-fish has quit IRC21:42
jamielennoxdid they release a new requests with a fix?21:43
bknudsonjamielennox: how'd they fix it?21:43
jamielennoxsome did some mocking to there unit tests, but i thought they were blacklisting the release and fixing upstream21:43
*** doug-fish has joined #openstack-keystone21:43
bknudsonjamielennox: it's blacklisted but keystone pulls in the latest release due to keystoneclient and ksm.21:44
bknudsonthe latest release is 2.8.0 and broken21:44
lbragstadbknudson ah, makes sense21:44
*** doug-fis_ has joined #openstack-keystone21:46
*** diazjf has left #openstack-keystone21:46
*** doug-fi__ has joined #openstack-keystone21:47
*** tsymancz4k has quit IRC21:47
*** tsymancz1k has quit IRC21:47
*** doug-fish has quit IRC21:48
bknudsonall the tests pass on stable/kilo21:48
bknudsonwe capped dependencies in stable/kilo21:48
*** doug-fish has joined #openstack-keystone21:50
*** doug-fis_ has quit IRC21:50
*** doug-fi__ has quit IRC21:51
*** csoukup has quit IRC21:53
*** doug-fish has quit IRC21:54
*** topol has quit IRC21:57
*** nzeer has joined #openstack-keystone21:59
*** geoffarnold has quit IRC21:59
*** geoffarnold has joined #openstack-keystone22:00
*** tsymancz1k has joined #openstack-keystone22:02
*** doug-fish has joined #openstack-keystone22:02
*** urulama has quit IRC22:02
*** tsymancz2k has joined #openstack-keystone22:02
*** urulama has joined #openstack-keystone22:03
*** jraim has joined #openstack-keystone22:03
jamielennoxstevemar_, bknudson: can you have a look at https://review.openstack.org/#/c/225516/ - there's not many people with stable privs22:04
bknudsonjamielennox: not much point since it's already +W22:04
bknudsonyou want me to stop it?22:04
jamielennoxbknudson: wow, no22:05
jamielennoxbknudson: must have cached an older version...? no idea, but it only had 2 +1s when i looked - thanks anyway22:05
bknudsonI thought stable/kilo was frozen (according to the -dev ml)22:07
*** doug-fish has quit IRC22:07
jamielennoxwhy?22:07
bknudsonjamielennox: http://lists.openstack.org/pipermail/openstack-dev/2015-October/076159.html22:07
bknudsonfreeze before release22:07
*** sigmavirus24 is now known as sigmavirus24_awa22:09
*** dims_ has joined #openstack-keystone22:09
jamielennoxthere doesn't seem to be a resolution there22:09
bknudsonjamielennox: I guess that was the wrong link, here's the latest http://lists.openstack.org/pipermail/openstack-dev/2015-October/076408.html22:09
bknudsonsays stable/kilo is frozen22:09
bknudsonrelease tomorrow22:09
jamielennoxbah, i was really ohping this would be in it22:10
*** su_zhang has quit IRC22:11
*** dims__ has quit IRC22:11
*** timcline has quit IRC22:12
*** ctracey has joined #openstack-keystone22:13
*** ngupta has quit IRC22:14
jamielennoxlbragstad: replied to https://review.openstack.org/#/c/229751/22:19
ayoungjamielennox, bummer.  Federation is pretty broke without that22:19
ayoungjamielennox, we can still apply it to RDO, though.22:20
*** serverascode has joined #openstack-keystone22:21
lbragstadjamielennox perfect, thanks for the follow up22:21
*** geoffarn_ has joined #openstack-keystone22:21
*** geoffarnold has quit IRC22:21
*** stevemar_ has quit IRC22:23
*** geoffarn_ is now known as geoffarnoldX22:24
*** slberger1 has left #openstack-keystone22:24
*** zhiyan has joined #openstack-keystone22:25
*** stevemar_ has joined #openstack-keystone22:27
*** ChanServ sets mode: +o stevemar_22:27
*** gildub has joined #openstack-keystone22:41
*** su_zhang has joined #openstack-keystone22:41
*** briancurtin has joined #openstack-keystone22:41
*** geoffarnoldX has quit IRC22:42
*** geoffarnold has joined #openstack-keystone22:42
*** _hrou_ has joined #openstack-keystone22:43
*** stevemar_ has quit IRC22:47
*** stevemar_ has joined #openstack-keystone22:47
*** ChanServ sets mode: +o stevemar_22:47
*** hrou has quit IRC22:47
*** su_zhang has quit IRC22:48
*** su_zhang has joined #openstack-keystone22:51
*** tsymancz1k has quit IRC23:00
*** tsymancz2k has quit IRC23:01
*** david-ly_ has joined #openstack-keystone23:01
*** david-lyle has quit IRC23:02
*** geoffarnold has quit IRC23:03
*** geoffarnold has joined #openstack-keystone23:04
*** david-lyle has joined #openstack-keystone23:04
*** david-ly_ has quit IRC23:04
*** tsymancz2k has joined #openstack-keystone23:10
*** geoffarnold has quit IRC23:24
*** geoffarnold has joined #openstack-keystone23:25
*** tsymancz4k has joined #openstack-keystone23:25
*** stevemar_ has quit IRC23:33
openstackgerritMerged openstack/keystonemiddleware: Remove auth headers in AuthProtocol  https://review.openstack.org/22975123:45
*** geoffarnold has quit IRC23:46
*** geoffarnold has joined #openstack-keystone23:46
openstackgerritJamie Lennox proposed openstack/python-keystoneclient-kerberos: Use optional authentication  https://review.openstack.org/23386423:49
*** stevemar_ has joined #openstack-keystone23:56
*** ChanServ sets mode: +o stevemar_23:56
openstackgerritSteve Martinelli proposed openstack/keystone: Create a version package  https://review.openstack.org/20326223:59
« Sunday, 2015-10-11 Index Tuesday, 2015-10-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!