Friday, 2015-11-06

*** jasonsb has quit IRC		00:01
*** jasonsb_ has quit IRC		00:02
*** richm has quit IRC		00:07
*** shaleh has quit IRC		00:08
*** shaleh has joined #openstack-keystone		00:08
*** shaleh has quit IRC		00:09
*** shaleh has joined #openstack-keystone		00:09
*** su_zhang has quit IRC		00:11
*** jasonsb has joined #openstack-keystone		00:12
*** topol has joined #openstack-keystone		00:17
*** ChanServ sets mode: +v topol		00:17
*** topol has quit IRC		00:20
*** ankita_w_ has joined #openstack-keystone		00:21
*** ankita_wagh has quit IRC		00:21
*** EinstCrazy has quit IRC		00:22
*** nkinder has quit IRC		00:25
*** tonytan4ever has joined #openstack-keystone		00:26
*** pg_ has joined #openstack-keystone		00:34
* pg_		00:37
*** pg_ has quit IRC		00:38
openstackgerrit	Merged openstack/keystone: Imported Translations from Zanata https://review.openstack.org/238789	00:39
*** su_zhang has joined #openstack-keystone		00:41
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	00:42
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	00:42
*** jamielennox is now known as jamielennox\|away		00:46
*** su_zhang has quit IRC		00:46
*** jamielennox\|away is now known as jamielennox		00:47
*** daemontool has quit IRC		00:48
*** daemontool has joined #openstack-keystone		00:48
*** dims has joined #openstack-keystone		00:52
*** flwang has quit IRC		00:55
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	00:56
*** jamielennox is now known as jamielennox\|away		00:58
*** EinstCrazy has joined #openstack-keystone		01:02
*** mylu has quit IRC		01:02
*** mylu has joined #openstack-keystone		01:02
*** flwang has joined #openstack-keystone		01:03
*** jamielennox\|away is now known as jamielennox		01:06
*** ankita_w_ has quit IRC		01:06
*** mylu has quit IRC		01:07
*** su_zhang has joined #openstack-keystone		01:10
*** dims has quit IRC		01:17
*** davechen has joined #openstack-keystone		01:22
*** arunkant_ has quit IRC		01:23
*** jasonsb has quit IRC		01:26
*** yangyapeng has joined #openstack-keystone		01:31
*** shaleh has quit IRC		01:40
*** ankita_wagh has joined #openstack-keystone		01:42
*** simondodsley has quit IRC		01:43
*** yangyapeng has quit IRC		01:45
samueldmq	gyee: hi	01:49
*** su_zhang has quit IRC		01:50
samueldmq	gyee: wanted to talk about change #241748, that adds an unique constraint to endpoints	01:50
*** tobe has joined #openstack-keystone		01:55
gyee	samueldmq, hi	01:56
gyee	actually I don't think we need to touch url at all	01:57
gyee	region, service_id, and interface should be good enough	01:58
davechen	do we have the case that region, service_id, and interface are all the same but url is different?	01:59
davechen	i get the comment that url may be needed for unique constrainst when i try to address the duplicated bug.	02:00
gyee	davechen, I don't think so	02:00
davechen	go through the comments on this patch (https://review.openstack.org/#/c/134095/), there are also comments ask for this.	02:02
gyee	if we make region, service_id, and interface primary keys that should do it	02:03
davechen	gyee: ++	02:04
samueldmq	gyee: so, that was my question earlier today to htruta and raildo	02:09
samueldmq	gyee: if we make (region, service_id, interface) unique, we would be able to have only 3 endpoints for a service in a region	02:10
samueldmq	gyee: and I couldn't say anything because I didn't know how it is used today	02:10
samueldmq	gyee: if someone needs more than that	02:10
gyee	that's correct, if they need more, use a different region	02:11
samueldmq	gyee: okay, cc raildo htruta ^	02:11
samueldmq	gyee: I am fine with that, but how do we migrate ?	02:11
gyee	make them primary keys	02:12
samueldmq	gyee: in any case migrating is hard, because we can easily get the uninque constraint violated	02:12
gyee	sure, but that's expected	02:12
samueldmq	gyee: how do we deal with that ? what do we do ? drop ?	02:13
gyee	if there are endpoints out there with the same region, service, interface, but different URL, they screwed anyway	02:13
davechen	samueldmq: but actually, i think we can remove these duplication to avoid violation in the migration code, it's not that hard to do this.	02:13
gyee	our client always pick the first one anyway	02:13
samueldmq	gyee: yes but that's hard to assume that for everyone, you agree?	02:13
gyee	then error out and make them fix their data :)	02:14
samueldmq	davechen: if they have 2 endpoints with different URLs but the same (service, region, interface), what do we do ? drop one ?	02:14
gyee	error out and make them fix the data	02:14
samueldmq	gyee: can be an option, making assumptions on how bds are is bad, imo	02:14
samueldmq	gyee: dbs*	02:15
davechen	only one is valid, why keep others?	02:15
samueldmq	davechen: which one we keep?	02:15
gyee	we can't make any assumptions	02:15
davechen	good question! :)	02:15
samueldmq	gyee: yeah that's true	02:15
samueldmq	gyee: and part of this I've learned from you :-)	02:16
samueldmq	gyee: I think that's why including URL is a good way to go	02:16
gyee	no need to include URL	02:17
gyee	besides, migration should be addition, not subtraction	02:17
samueldmq	gyee: if we don't, aren't we again making assumptions on the db ?	02:17
gyee	you can reduce a column without running into trouble anyway	02:17
gyee	s/can/can't/	02:18
gyee	what if somebody have a URL that is greater than 255	02:18
gyee	unlikely, but	02:18
samueldmq	yeah, we would break there too	02:18
davechen	if migration could show some warning, and some interaction similar with that, give some warning is good idea.	02:18
gyee	sure, warn is a good idea	02:19
samueldmq	migration can't be ran! fix your db and try again!	02:19
davechen	gyee: schema has enforce the url should no longer than 255	02:19
*** woodster_ has quit IRC		02:19
gyee	right, think about this, if we have two endpoints with same region, service_id, interface, but different URL	02:19
gyee	how the client is going to behave?	02:19
davechen	the length will be checked before the endpoint can be created.	02:19
samueldmq	gyee: endpoint filtering ?	02:20
gyee	say endpoint filtering yield more than one	02:20
gyee	client will always pick the first one	02:20
gyee	we an't filter on URL	02:20
gyee	can't	02:20
samueldmq	gyee: someone may have added a filter to endpoint 1 returned to project 1 and endpoint 2 to project 2	02:20
gyee	so the expectation is correct, as far as client is concerned	02:20
gyee	we can only filter on endpoint_id, region, service_id, service_type, and interface	02:21
openstackgerrit	guang-yee proposed openstack/keystonemiddleware: Enforce endpoint constraint https://review.openstack.org/177661	02:22
gyee	samueldmq, davechen, ^^^	02:22
samueldmq	gyee: yes, look: endpoint 1 = (service1, region1, public, url1) ; endpoint 2 = (service1, region1, public, url2)	02:22
samueldmq	gyee: one creates a filter so that endpoint 1 is only returned to project X	02:22
samueldmq	gyee: and endpoint 2 is only returned to project Y	02:22
samueldmq	gyee: those filters were created based on the endpoint id	02:23
samueldmq	gyee: isn't that possible ?	02:23
*** browne has quit IRC		02:23
gyee	driving a car off a cliff is also possible :)	02:23
gyee	why would someone do something crazy like that	02:24
samueldmq	gyee: that's unlikely to happen, okay, but that's possible and we should care about it, right ? :)	02:25
gyee	I wouldn't care about that one	02:26
gyee	use (virtual) region to do the logical grouping of services and endpoints	02:26
openstackgerrit	ayoung proposed openstack/keystone: set `is_admin` on tokens for admin project https://review.openstack.org/240719	02:27
gyee	using URL to do the separation is dangerous and unmanageable	02:27
gyee	URL is arbitrary	02:27
openstackgerrit	ayoung proposed openstack/keystone-specs: is_admin_project https://review.openstack.org/242232	02:29
samueldmq	gyee: I agree, the point is how much we care about people who made bad choices for their catalog representation	02:30
samueldmq	gyee: and how we make them to fix it	02:30
gyee	samueldmq, sorry I have to run, lets talk later	02:31
gyee	I would say error out and make the fix the data if that happens	02:31
*** gyee has quit IRC		02:31
samueldmq	gyee: sure talk to you later	02:33
*** mylu has joined #openstack-keystone		02:35
*** klindgren has joined #openstack-keystone		02:49
klindgren	Hello - I have haing an issue with the logging_context_format_string Under kilo it seems like the context_format string is never used - just the default_format string. So you never see the request_ids or user_identity information in the log file	02:50
klindgren	was this something thats been fixed? or only works in apache + wsgi vs's eventlet?	02:51
*** hrou has joined #openstack-keystone		02:54
*** mylu has quit IRC		02:54
*** mylu has joined #openstack-keystone		02:55
*** btully has quit IRC		02:55
*** mylu has quit IRC		02:59
*** gb21_ is now known as GB21		03:00
*** jbell8 has joined #openstack-keystone		03:02
*** btully has joined #openstack-keystone		03:05
*** mylu has joined #openstack-keystone		03:07
jamielennox	marekd: i think it may be more trouble than it's worth	03:07
jamielennox	marekd: to make a full requests-ecp plugin. Requests internals are tricky, you don't get access to a request's session at the auth plugin level you get an adapter so it means custom redirect handling, cookie handling etc	03:08
*** lhcheng has quit IRC		03:11
*** mylu has quit IRC		03:17
*** mylu has joined #openstack-keystone		03:18
*** ankita_wagh has quit IRC		03:20
*** boris-42 has joined #openstack-keystone		03:24
*** browne has joined #openstack-keystone		03:24
*** mylu has quit IRC		03:32
*** mylu has joined #openstack-keystone		03:33
*** mylu has quit IRC		03:37
*** mylu has joined #openstack-keystone		03:39
*** klindgren_ has joined #openstack-keystone		03:41
*** klindgren has quit IRC		03:43
*** topol has joined #openstack-keystone		03:50
*** ChanServ sets mode: +v topol		03:50
*** flwang has quit IRC		03:53
*** klindgren_ is now known as klindgren		03:53
*** mylu has quit IRC		03:58
*** links has joined #openstack-keystone		03:59
*** topol has quit IRC		03:59
*** topol has joined #openstack-keystone		03:59
*** ChanServ sets mode: +v topol		03:59
*** topol has quit IRC		04:04
*** ankita_wagh has joined #openstack-keystone		04:09
*** hrou has quit IRC		04:11
openstackgerrit	Deepti Ramakrishna proposed openstack/keystone: Reject user creation using admin token without domain https://review.openstack.org/196942	04:13
*** mylu has joined #openstack-keystone		04:17
*** lhcheng has joined #openstack-keystone		04:17
*** ChanServ sets mode: +v lhcheng		04:17
*** lhcheng_ has joined #openstack-keystone		04:18
*** mylu has quit IRC		04:18
*** fawadkhaliq has joined #openstack-keystone		04:20
*** lhcheng has quit IRC		04:21
*** ajaya has joined #openstack-keystone		04:38
*** wuhg has joined #openstack-keystone		04:43
*** mylu has joined #openstack-keystone		05:07
*** btully has quit IRC		05:09
*** jerrygb_ has quit IRC		05:18
*** ajaya has quit IRC		05:20
jamielennox	marekd: how do i prevent REMOTE_USER coming through shib? i don't remember that being required	05:25
*** mylu has quit IRC		05:26
*** mylu has joined #openstack-keystone		05:27
*** urulama has quit IRC		05:30
*** lhcheng_ has quit IRC		05:30
*** lhcheng has joined #openstack-keystone		05:30
*** ChanServ sets mode: +v lhcheng		05:30
*** urulama has joined #openstack-keystone		05:30
*** mylu has quit IRC		05:31
*** zzzeek has quit IRC		05:34
davechen	jamielennox: remove REMOTE_USER directives from shibboleth2.xml as the doc tell us?	05:38
*** roxanagh_ has joined #openstack-keystone		05:38
jamielennox	davechen: yea, found thanks. doc says from attributes.xml and i couldn't find anything	05:38
davechen	should that from "shibboleth2.xml"? doc also says that is from shibboleth2.xml.	05:40
*** zzzeek has joined #openstack-keystone		05:42
*** zzzeek has quit IRC		05:47
*** zzzeek has joined #openstack-keystone		05:50
*** jaosorior has joined #openstack-keystone		05:52
*** btully has joined #openstack-keystone		05:53
*** ankita_wagh has quit IRC		05:57
*** zzzeek has quit IRC		05:58
*** lhcheng has quit IRC		06:04
*** ajaya has joined #openstack-keystone		06:15
openstackgerrit	Dave Chen proposed openstack/keystone: Functional tests for federation mapping CRUD https://review.openstack.org/231574	06:20
openstackgerrit	Dave Chen proposed openstack/keystone: Functional tests for federation mapping CRUD https://review.openstack.org/231574	06:27
openstackgerrit	Dave Chen proposed openstack/keystone: Functional tests for federation protocols CRUD https://review.openstack.org/233733	06:29
*** ankita_wagh has joined #openstack-keystone		06:29
jamielennox	marekd: this is what i've got: http://paste.openstack.org/show/478151/	06:30
*** openstackgerrit has quit IRC		06:31
jamielennox	marekd: there are some definite rough edges where i need to read the spec a bit closer, but i like how we essentially boil KSA plugins down to a wrapper around requests plugins	06:31
*** openstackgerrit has joined #openstack-keystone		06:32
*** david-lyle has joined #openstack-keystone		06:40
*** tonytan4ever has quit IRC		06:44
*** roxanagh_ has quit IRC		06:44
*** david-lyle has quit IRC		06:45
*** gildub has quit IRC		06:53
*** jamielennox is now known as jamielennox\|away		06:59
*** lsmola has joined #openstack-keystone		07:02
openstackgerrit	Hao Li proposed openstack/keystone-specs: Fix the link rot in identity-api-v3-os-inherit-ext https://review.openstack.org/242355	07:02
*** ajaya has quit IRC		07:02
*** josecastroleon has joined #openstack-keystone		07:05
*** e0ne has joined #openstack-keystone		07:10
*** fawadkhaliq has quit IRC		07:19
*** e0ne has quit IRC		07:21
*** ankita_wagh has quit IRC		07:30
*** fawadkhaliq has joined #openstack-keystone		07:34
marekd	jamielennox\|away: so i didn't get it eventually - you want to make a requests-saml plugin or not ?	07:45
*** urulama has quit IRC		07:50
*** urulama has joined #openstack-keystone		07:50
*** fawadkhaliq has quit IRC		07:52
*** lhcheng has joined #openstack-keystone		07:52
*** ChanServ sets mode: +v lhcheng		07:52
*** lhcheng has quit IRC		07:57
*** flwang has joined #openstack-keystone		07:58
*** fawadkhaliq has joined #openstack-keystone		07:58
*** josecastroleon has quit IRC		08:12
*** kiran-r has joined #openstack-keystone		08:27
*** btully has quit IRC		08:34
*** agireud has quit IRC		08:37
*** zigo has quit IRC		08:37
*** agireud has joined #openstack-keystone		08:37
*** jbell8 has quit IRC		08:39
*** zigo has joined #openstack-keystone		08:42
*** openstackstatus has quit IRC		08:42
*** jbell8 has joined #openstack-keystone		08:43
*** henrynash has quit IRC		08:43
*** browne has quit IRC		08:55
*** davechen has left #openstack-keystone		08:55
marekd	dolphm: what do you exactly mean by 'defederation' ?	08:55
*** fhubik has joined #openstack-keystone		08:59
*** flwang has quit IRC		09:00
*** dgonzalez has quit IRC		09:03
*** dgonzalez has joined #openstack-keystone		09:03
*** josecastroleon has joined #openstack-keystone		09:08
*** henrynash has joined #openstack-keystone		09:09
*** ChanServ sets mode: +v henrynash		09:09
*** links has quit IRC		09:11
*** jistr has joined #openstack-keystone		09:19
*** GB21 has quit IRC		09:25
*** e0ne has joined #openstack-keystone		09:27
*** fhubik is now known as fhubik_brb		09:28
*** jbell8 has quit IRC		09:39
*** lhcheng has joined #openstack-keystone		09:42
*** ChanServ sets mode: +v lhcheng		09:42
*** lhcheng has quit IRC		09:46
*** fhubik_brb is now known as fhubik		09:49
*** josecastroleon has quit IRC		09:55
*** tobe has quit IRC		09:55
*** josecastroleon has joined #openstack-keystone		09:56
*** bdossant has joined #openstack-keystone		10:01
*** lhcheng has joined #openstack-keystone		10:05
*** ChanServ sets mode: +v lhcheng		10:05
*** kiran-r has quit IRC		10:08
*** lhcheng has quit IRC		10:10
*** fawadkhaliq has quit IRC		10:10
*** mitz has quit IRC		10:12
*** mitz has joined #openstack-keystone		10:14
*** lhcheng has joined #openstack-keystone		10:17
*** ChanServ sets mode: +v lhcheng		10:17
*** gb21 has joined #openstack-keystone		10:20
*** flwang has joined #openstack-keystone		10:21
*** jaosorior has quit IRC		10:25
openstackgerrit	henry-nash proposed openstack/keystone: Provide storage for new inheritance assignment https://review.openstack.org/241301	10:39
*** EinstCrazy has quit IRC		10:41
*** jamielennox\|away is now known as jamielennox		10:49
openstackgerrit	Merged openstack/keystone: Enable try_except_pass Bandit test https://review.openstack.org/225738	10:52
*** henrynash has quit IRC		10:56
*** gildub has joined #openstack-keystone		10:59
*** lhcheng has quit IRC		11:04
*** flwang has quit IRC		11:07
*** gb21 has quit IRC		11:07
*** aix has quit IRC		11:07
*** flwang has joined #openstack-keystone		11:08
*** jaosorior has joined #openstack-keystone		11:10
*** jamielennox is now known as jamielennox\|away		11:11
openstackgerrit	Merged openstack/keystone: Keystone Spelling Errors in docstrings and comments https://review.openstack.org/239946	11:19
*** dims has joined #openstack-keystone		11:27
*** gb21 has joined #openstack-keystone		11:31
*** lhcheng has joined #openstack-keystone		11:37
*** ChanServ sets mode: +v lhcheng		11:37
*** iurygregory has left #openstack-keystone		11:38
*** urulama has quit IRC		11:40
*** urulama has joined #openstack-keystone		11:40
*** josecastroleon has quit IRC		11:42
*** iurygregory has joined #openstack-keystone		11:46
*** EinstCrazy has joined #openstack-keystone		11:53
*** jerrygb has joined #openstack-keystone		11:54
*** nisha has joined #openstack-keystone		11:57
*** gds has quit IRC		12:03
*** flwang has quit IRC		12:03
*** flwang has joined #openstack-keystone		12:04
*** josecastroleon has joined #openstack-keystone		12:06
*** fhubik is now known as fhubik_brb		12:08
openstackgerrit	Monty Taylor proposed openstack/keystoneauth: Remove mox https://review.openstack.org/242463	12:12
*** wuhg has quit IRC		12:31
*** zigo has quit IRC		12:36
*** zigo has joined #openstack-keystone		12:37
*** weihan has joined #openstack-keystone		12:38
*** fhubik_brb is now known as fhubik		12:39
*** weihan has quit IRC		12:51
*** boris-42 has quit IRC		12:58
*** lhcheng has quit IRC		13:00
*** gordc has joined #openstack-keystone		13:00
dolphm	marekd: it's not an option yet, but we're about 3 blueprints away (and 9 months) from it being a viable use case. basically, it's the process of establishing identity through a federation, having that user establish secondary credentials in keystone, and then disconnecting the federated association in favor of the local one.	13:01
dolphm	marekd: it's the opposite of account linking, but we need account linking first	13:01
*** gildub has quit IRC		13:02
marekd	dolphm: and whose idea is that?	13:03
marekd	dolphm: am i missing something?	13:03
dolphm	marekd: no lol. i just ran across it reading a whitepaper or something the other day	13:04
dolphm	marekd: i just want to see people's eyebrows in a couple releases when "Defederation" is a headline feature lol	13:04
marekd	dolphm: LOL	13:05
marekd	dolphm: if it's for peoples suprised faces I think we should start working on it asap.	13:06
dolphm	marekd: lol	13:06
marekd	dolphm: do you have the source depicting that 'defederation' ?	13:07
dolphm	marekd: totally going to submit a conference talk on "How to defederate your keystone"	13:07
dolphm	marekd: https://documentation.pingidentity.com/display/PF66/Account+Linking	13:07
dolphm	marekd: https://documentation.pingidentity.com/display/PF610/SP+Account+Linking	13:08
mordred	GAH RAGE RAGE RAGE	13:09
marekd	yy?	13:10
mordred	dolphm: you look awake - I think it's your turn to get the rage	13:10
* dolphm RAAAAAAAAGGEEEE		13:10
mordred	dolphm: keystoneclient.client.Client requires that you pass in an auth_url or an endpoint EVEN IF you pass in a Session already	13:10
* dolphm actual rage.		13:11
mordred	that makes it the only client in openstack that does not properly handle being passed a keystone session	13:11
* mordred cries		13:11
dolphm	mordred: latest version?	13:11
mordred	yah. in master even	13:11
mordred	because client.Client actually calls discover	13:11
mordred	keystoneclient.exceptions.DiscoveryFailure: Not enough information to determine URL. Provide either auth_url or endpoint	13:12
dolphm	so client.Client(session=session) is guaranteed to fail?	13:13
mordred	yes	13:13
mordred	also, while I'm raging, if you do want to pass a version, it has to be a tuple, rather than a number - but the fact that it's not required makes me happy, so you get a pass on that one	13:14
dolphm	mordred: lol	13:15
dolphm	mordred: and it doesn't matter what plugin you're using or anything? i'm looking to reproduce now	13:16
mordred	dolphm: nope. not at all	13:17
mordred	(although I'm using password auth plugin fwiw)	13:17
mordred	ah - ksc._discover.Discover takes a mandatory url as a param	13:18
dolphm	mordred: http://cdn.pasteraw.com/8fg3wmc0f8suuv4wzcz9qqboqwsvuok	13:19
dolphm	mordred: (latest version is 1.8.1)	13:20
mordred	dolphm: python-keystoneclient==1.8.1 # git sha 6fce93d	13:20
mordred	yeah. that's what I've got installed	13:20
mordred	should I try downgradin to 1.7.1 and see if it works for me?	13:20
dolphm	mordred: with 1.8.1 http://cdn.pasteraw.com/ambu73bk1gdgjlboq0hwq9mt9111zwx	13:22
dolphm	mordred: what are you doing differently?	13:22
mordred	lemme get you a paste - one sec	13:22
dolphm	mordred: v2, unversioned url, etc?	13:23
dolphm	k	13:23
*** nisha has quit IRC		13:24
mordred	dolphm: keystoneauth1.identity.generic.password.Password	13:25
mordred	is the auth plugin I'm using	13:25
dolphm	ahh hmm	13:25
mordred	http://paste.openstack.org/show/478180	13:25
mordred	I'm going to try your example explicitly	13:25
mordred	oh!	13:26
mordred	dolphm: you're using keystoneclient.v3.Client	13:26
mordred	I'm talking about keystoneclient.client.Client	13:26
*** NM has quit IRC		13:28
dolphm	alright, let me try that. generic password plugin worked too http://cdn.pasteraw.com/3vifojietvpnka0o1eiij6hxkt6qjqh	13:28
*** NM has joined #openstack-keystone		13:28
mordred	yah. - versioned client constructors work	13:28
mordred	it's the discovery constructor that does not	13:29
*** aix has joined #openstack-keystone		13:29
dolphm	(but first tested keystoneauth1 1.2.0 and that worked)	13:30
dolphm	okay, that makes a little more sense	13:30
dolphm	i mean, still terribly broken, but	13:30
dolphm	yay! repro'd	13:32
dolphm	mordred: ^	13:32
mordred	woot!	13:32
*** edmondsw has joined #openstack-keystone		13:32
*** henrynash has joined #openstack-keystone		13:32
*** ChanServ sets mode: +v henrynash		13:32
dolphm	so if this works: http://cdn.pasteraw.com/3vifojietvpnka0o1eiij6hxkt6qjqh	13:32
*** richm has joined #openstack-keystone		13:32
dolphm	then this should too: http://cdn.pasteraw.com/p4qm50pve3izne0xe2dwvj2g4yzq5mi	13:32
dolphm	so, there's your bug report	13:33
mordred	dolphm: I _think_ I may have a patch for you ...	13:33
dolphm	o?	13:33
mordred	yah - because you can get the endpoint from the session with session.get_endpoint(interface=plugin.AUTH_INTERFACE)	13:33
henrynash	samueldmq: ping	13:34
*** bdossant has quit IRC		13:37
*** bdossant has joined #openstack-keystone		13:37
*** mflobo has joined #openstack-keystone		13:38
*** mflobo has left #openstack-keystone		13:38
*** josecastroleon has quit IRC		13:38
*** josecastroleon has joined #openstack-keystone		13:38
*** NM has quit IRC		13:39
*** ericksonsantos has quit IRC		13:41
mordred	ok. my first attempt did not work: https://bugs.launchpad.net/python-keystoneclient/+bug/1513839	13:42
openstack	Launchpad bug 1513839 in python-keystoneclient "discovery constructor fails with only session parameter" [Undecided,New]	13:42
henrynash	gyee: ping	13:46
openstackgerrit	henry-nash proposed openstack/keystone: Provide storage for new inheritance assignment https://review.openstack.org/241301	13:46
*** tellesnobrega has quit IRC		13:46
*** ericksonsantos has joined #openstack-keystone		13:47
*** tellesnobrega has joined #openstack-keystone		13:47
dolphm	mordred: https://bugs.launchpad.net/python-keystoneclient/+bug/1513839/comments/1	13:51
openstack	Launchpad bug 1513839 in python-keystoneclient "discovery constructor fails with only session parameter" [High,Confirmed]	13:51
mordred	dolphm: for some reason, in ksc, session.get_endpoint(interface=auth.AUTH_INTERFACE) is giving me None	13:51
mordred	dolphm: but with ksa, I get an endpoint out of the session properly	13:52
*** e0ne has quit IRC		13:55
mordred	while I'm poking humans	13:55
mordred	version = tuple(str(float(version)).split('.'))	13:55
mordred	is just silly	13:55
*** e0ne has joined #openstack-keystone		13:56
dolphm	wtf	13:56
openstackgerrit	Marek Denis proposed openstack/keystone: Move federation extension into keystone core https://review.openstack.org/214775	13:57
*** hrou has joined #openstack-keystone		13:59
openstackgerrit	henry-nash proposed openstack/keystone: Remove manager-driver assignment metadata construct https://review.openstack.org/148995	13:59
openstackgerrit	Marek Denis proposed openstack/keystone: Move federation extension into keystone core https://review.openstack.org/214775	14:00
*** njohnston is now known as nate_gone		14:04
dolphm	mordred: what's the url for the upcoming code search tool?	14:05
mordred	http://codesearch.openstack.org/	14:05
dolphm	should have guessed.	14:05
mordred	dolphm: also, the other thing is because keystoneclient discovery constructor takes the version as a tuple	14:05
mordred	not as a string	14:05
openstackgerrit	Monty Taylor proposed openstack/python-keystoneclient: Split version string into a tuple for the user https://review.openstack.org/242491	14:07
mordred	dolphm: ^^ but there you go. that fixes that :)	14:07
dolphm	mordred: curl http://cdn.pasteraw.com/p0vurdqcrd6aaie54rfe7gututux6c3 \| git apply :)	14:08
dolphm	mordred: oh different patch lol	14:08
mordred	heh	14:08
mordred	no - I have not yet figured out why my patch for fixing the session thing does not dowk	14:09
mordred	work	14:09
openstackgerrit	Marek Denis proposed openstack/keystone: Move federation sql migrations to common https://review.openstack.org/234537	14:09
*** NM has joined #openstack-keystone		14:10
*** ninag has joined #openstack-keystone		14:13
openstackgerrit	Monty Taylor proposed openstack/python-keystoneclient: Pull the endpoint from the Session https://review.openstack.org/242495	14:13
mordred	dolphm: this does not work ^^	14:14
mordred	:)	14:14
openstackgerrit	Marek Denis proposed openstack/keystone: Move oauth1 extension into core https://review.openstack.org/234598	14:14
*** diazjf has joined #openstack-keystone		14:21
openstackgerrit	Marek Denis proposed openstack/keystone: Move oauth1 sql migrations to common https://review.openstack.org/235121	14:22
dolphm	mordred: well, to be fair, you ARE unconditionally raising the exception after attempting to fix the missing url	14:24
mordred	dolphm: oops	14:24
dolphm	mordred: but i still can't make that test pass	14:25
mordred	yah	14:25
dolphm	mordred: i assume you meant this? http://cdn.pasteraw.com/pedw64y46472sgcu0huwa1zlvddf3lz	14:25
openstackgerrit	Monty Taylor proposed openstack/python-keystoneclient: Pull the endpoint from the Session https://review.openstack.org/242495	14:26
mordred	dolphm: yup	14:26
dolphm	mordred: or another elif on the conditional above	14:26
mordred	so - the question is - why is get_endpoint returning None there :(	14:26
mordred	well, we want what you did - because if the session.get_endpoint returns None, we definitely want to throw that error and not fall through to the discover error	14:26
mordred	the other one is ugly traceback yuck	14:27
*** petertr7_away is now known as petertr7		14:27
dolphm	mordred: when i run that test though, the failure i get is that the session has no auth plugin?	14:29
*** diazjf has quit IRC		14:29
mordred	dolphm: hrm	14:31
mordred	is that just because of how we're mocking things?	14:31
*** jsavak has joined #openstack-keystone		14:32
*** btully has joined #openstack-keystone		14:36
openstackgerrit	Lance Bragstad proposed openstack/keystone: Add caching to role assignments https://review.openstack.org/215715	14:37
*** jsavak has quit IRC		14:37
dolphm	mordred: i don't think so	14:38
openstackgerrit	Lance Bragstad proposed openstack/keystone: Expose method list inconsistency in federation api https://review.openstack.org/229125	14:40
*** jsavak has joined #openstack-keystone		14:42
openstackgerrit	Merged openstack/keystoneauth: Remove mox https://review.openstack.org/242463	14:43
openstackgerrit	Brant Knudson proposed openstack/keystoneauth: Switch saml2 from lxml to built-in xml https://review.openstack.org/242512	14:43
*** nate_gone is now known as njohnston		14:44
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user https://review.openstack.org/242513	14:44
openstackgerrit	Lance Bragstad proposed openstack/keystone: Add caching to role assignments https://review.openstack.org/215715	14:48
openstackgerrit	Marek Denis proposed openstack/keystone: Move revoke extension into core https://review.openstack.org/235704	14:49
*** diazjf has joined #openstack-keystone		14:49
openstackgerrit	Marek Denis proposed openstack/keystone: Move revoke sql migrations to common https://review.openstack.org/235712	14:49
openstackgerrit	Brant Knudson proposed openstack/keystoneauth: Switch saml2 from lxml to built-in xml https://review.openstack.org/242512	14:55
*** zqfan_afk has quit IRC		14:56
*** NM1 has joined #openstack-keystone		14:58
*** NM has quit IRC		14:58
*** pumaranikar has joined #openstack-keystone		14:59
openstackgerrit	Dolph Mathews proposed openstack/python-keystoneclient: Pull the endpoint from the Session https://review.openstack.org/242495	14:59
dolphm	mordred: amaze at the ghetto ^	15:00
mordred	I'm not going to enjoy looking at tihs am I?	15:00
dolphm	mordred: depends on whether you're in a timezone that permits drinking	15:02
mordred	dolphm: ok. that's not as gross as I thought	15:04
*** alejandrito has joined #openstack-keystone		15:04
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Change tests that are setting incorrect Distinguished Names https://review.openstack.org/241378	15:06
dolphm	mordred: and it works in the land of devstack	15:07
mordred	dolphm: woot!	15:08
*** Ephur has quit IRC		15:08
*** Ephur has joined #openstack-keystone		15:09
*** pietervanw has joined #openstack-keystone		15:10
openstackgerrit	ayoung proposed openstack/keystone: set `is_admin` on tokens for admin project https://review.openstack.org/240719	15:12
openstackgerrit	ayoung proposed openstack/keystone: Updated Cloudsample https://review.openstack.org/240720	15:14
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get assignments by role_id https://review.openstack.org/242529	15:16
openstackgerrit	Fernando Diaz proposed openstack/keystone: Add Mapping Combinations for Keystone to Keystone Federation https://review.openstack.org/237673	15:20
*** NM1 has quit IRC		15:20
*** NM has joined #openstack-keystone		15:20
*** pietervanw has left #openstack-keystone		15:22
*** topol has joined #openstack-keystone		15:25
*** ChanServ sets mode: +v topol		15:25
henrynash	anyone fancy executing the coup-de-grace on the old kvs-inspired metadata assignment structures? https://review.openstack.org/#/c/148995/	15:26
*** sileht has quit IRC		15:32
*** jorge_munoz has quit IRC		15:34
*** NM has quit IRC		15:36
*** tonytan4ever has joined #openstack-keystone		15:37
*** dave-mccowan has quit IRC		15:39
*** e0ne has quit IRC		15:46
*** jorge_munoz has joined #openstack-keystone		15:46
*** topol has quit IRC		15:48
*** topol has joined #openstack-keystone		15:49
*** ChanServ sets mode: +v topol		15:49
*** ayoung has joined #openstack-keystone		15:53
*** ChanServ sets mode: +v ayoung		15:53
*** dave-mccowan has joined #openstack-keystone		15:53
*** jsavak has quit IRC		16:02
*** jsavak has joined #openstack-keystone		16:04
*** woodster_ has joined #openstack-keystone		16:05
*** phalmos has joined #openstack-keystone		16:07
*** zzzeek has joined #openstack-keystone		16:08
*** zzzeek has quit IRC		16:09
*** zzzeek has joined #openstack-keystone		16:10
*** jorge_munoz_ has joined #openstack-keystone		16:12
*** jorge_munoz has quit IRC		16:12
*** jorge_munoz_ is now known as jorge_munoz		16:12
*** pumaranikar has quit IRC		16:13
*** pumaranikar has joined #openstack-keystone		16:14
*** petertr7 is now known as petertr7_away		16:14
*** bdossant has quit IRC		16:16
*** phalmos has quit IRC		16:16
lbragstad	mfisch clayton i have an action item to follow up with both of you on nginx configs, is now a good time to do that?	16:17
lbragstad	specifically, nginx configs for keystone	16:18
lbragstad	i believe it was from the keystone deprecations session where we wanted to have some more documentation around running keystone in apache/nginx before removing eventlet	16:19
breton	yep, because some people had problems with running keystone with apache in containers	16:20
lbragstad	yes	16:20
openstackgerrit	ayoung proposed openstack/keystone: Updated Cloudsample https://review.openstack.org/240720	16:20
* breton is still in Tokyo		16:20
*** phalmos has joined #openstack-keystone		16:25
clayton	lbragstad : I think mfisch is busy moving things between data centers atm ;)	16:28
clayton	but I'm mostly around	16:28
openstackgerrit	ayoung proposed openstack/keystone: set `is_admin` on tokens for admin project https://review.openstack.org/240719	16:29
*** jvarlamova_ has joined #openstack-keystone		16:32
*** jaosorior has quit IRC		16:35
openstackgerrit	ayoung proposed openstack/keystone-specs: is_admin_project https://review.openstack.org/242232	16:36
*** petertr7_away is now known as petertr7		16:36
*** HenryG has quit IRC		16:37
*** e0ne has joined #openstack-keystone		16:38
*** HenryG has joined #openstack-keystone		16:39
*** jsavak has quit IRC		16:39
*** jsavak has joined #openstack-keystone		16:40
*** sileht has joined #openstack-keystone		16:41
*** su_zhang has joined #openstack-keystone		16:45
*** su_zhang has quit IRC		16:47
openstackgerrit	Tom Cocozzello proposed openstack/keystonemiddleware: Define entry points for filter factories for Paste Deployment https://review.openstack.org/233839	16:49
*** NM has joined #openstack-keystone		16:50
*** gyee has joined #openstack-keystone		16:52
*** ChanServ sets mode: +v gyee		16:52
*** petertr7 is now known as petertr7_away		16:53
*** mylu has joined #openstack-keystone		16:53
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_endpoint_ref consistently https://review.openstack.org/237758	16:55
openstackgerrit	Brant Knudson proposed openstack/keystoneauth: Switch saml2 from lxml to built-in xml https://review.openstack.org/242512	16:56
*** fhubik has quit IRC		16:57
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	16:59
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	16:59
*** diazjf has quit IRC		16:59
*** shaleh has joined #openstack-keystone		16:59
*** topol has quit IRC		17:00
*** jsavak has quit IRC		17:02
openstackgerrit	henry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242564	17:03
*** roxanagh_ has joined #openstack-keystone		17:03
openstackgerrit	henry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242564	17:15
*** browne has joined #openstack-keystone		17:15
samueldmq	henrynash: ping - I am around now	17:15
*** mylu has quit IRC		17:16
*** mylu has joined #openstack-keystone		17:16
henrynash	samueldmq: hi….I want to resurectsome of the things you did in https://review.openstack.org/#/c/155733/ - so if it’s OK I’ll be posting a series of patches - some of which will take code from there - I’ll make you co-author on this…	17:19
*** mylu has quit IRC		17:21
henrynash	samueldmq: I want to push these in before I start messing with bringing inheritance into core and changing the semantcis	17:21
*** mylu has joined #openstack-keystone		17:21
*** e0ne has quit IRC		17:21
samueldmq	henrynash: please do it!	17:22
henrynash	samueldmq: ok, thanks	17:22
samueldmq	henrynash: I am sorry I didn't get time to submit those again, actually I had forgot :/	17:22
henrynash	samueldmq: np…I’m going to really fix up all teh methods so ideal we ONLY use list_role_assignments	17:23
samueldmq	henrynash: exactly, that's the idea, so we have a central point of soundness (specially for all the expansions: group/inheritance)	17:24
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	17:24
henrynash	samueldmq: exactly	17:24
samueldmq	henrynash: yes and fix things like this ^	17:24
henrynash	yep!	17:24
samueldmq	henrynash: thanks for taking time for working on this :)	17:25
*** lhcheng has joined #openstack-keystone		17:25
*** ChanServ sets mode: +v lhcheng		17:25
henrynash	samueldmq: np	17:25
*** roxanagh_ has quit IRC		17:26
*** roxanagh_ has joined #openstack-keystone		17:29
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	17:29
samueldmq	henrynash: chain starts at https://review.openstack.org/#/c/148995/ ?	17:29
henrynash	samueldmq: yes	17:29
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	17:31
samueldmq	henrynash: nice, will keep my eyes on them!	17:32
henrynash	samueldmq: thanks…doing them piecemeal to make them more consumable (reviewable)	17:32
samueldmq	henrynash: ++	17:32
henrynash	gyee: hi…fancy shooting some old code in the head? https://review.openstack.org/#/c/148995/	17:34
*** jvarlamova_ has quit IRC		17:36
openstackgerrit	Brant Knudson proposed openstack/keystone: Remove keystoneclient tests https://review.openstack.org/240474	17:36
*** diazjf has joined #openstack-keystone		17:37
samueldmq	henrynash: that's a great change, removing tons of code and re-using that list_role_assignments :)	17:38
henrynash	samueldmq: getting out the axe….cut cut cut	17:38
samueldmq	:)	17:39
*** jbell8 has joined #openstack-keystone		17:40
gyee	henrynash, yes sir	17:45
henrynash	gyee: let’s say goodbye to that old role metadata! https://review.openstack.org/#/c/148995/	17:47
gyee	henrynash, nice cleanup!	17:47
henrynash	gyee: thx….well overdue, that one	17:48
boltR	is there a way to hide admin URLs from normal users?	17:49
boltR	i found a bug report and commit that had keystone hide it by default	17:49
boltR	https://launchpad.net/bugs/854104	17:49
openstack	Launchpad bug 854104 in OpenStack Identity (keystone) "add ability to obscure internal and admin endpoints from standard users" [High,Fix released] - Assigned to Yogeshwar (yogesh-srikrishnan)	17:49
boltR	but seems like it's no longer in use?	17:50
gyee	boltR, with endpoint filtering you can hide any endpoints	17:50
samueldmq	henrynash: gyee: oh wait, I have a -1 there (https://review.openstack.org/#/c/148995/)	17:50
samueldmq	henrynash: please check if it makes sense before merging	17:51
openstackgerrit	ayoung proposed openstack/keystone-specs: Implied Roles https://review.openstack.org/125704	17:51
henrynash	sameudmq: hmm, yes, let me check that….	17:51
gyee	samueldmq, isn't henrynash have a spec on assigning role on the "special project" and have it inherited down?	17:52
gyee	future proof perhaps?	17:52
*** petertr7_away is now known as petertr7		17:53
samueldmq	gyee: yes.. in this case he's replacing old methods with the new list_role_assignments, but I believe the behavior is changed in that case	17:53
*** jistr has quit IRC		17:54
henrynash	gyee: I thnk perhaps we had better pull the +A while I investigate	17:54
boltR	gyee: thanks for pointing me in the right direction	17:56
boltR	do you know if this is compatible with v2?	17:56
*** tonytan4ever has quit IRC		17:58
gyee	boltR, endpoint filtering APIs themselves are V3, but it will impact the V2 catalog	17:58
gyee	you can setup the endpoint-project/tenant relationship using V3 APIs, and all token requests will only see the filtered catalog	17:59
*** tonytan4ever has joined #openstack-keystone		18:00
*** henrynash has quit IRC		18:01
gyee	anteaya, around?	18:02
*** su_zhang has joined #openstack-keystone		18:02
*** su_zhang has quit IRC		18:03
*** su_zhang has joined #openstack-keystone		18:04
dolphm	lbragstad: http://cdn.pasteraw.com/nu278pbntid1wfy3vbl8e7c1vvpgbcs	18:04
dstanek	tjcocozz: hi	18:05
tjcocozz	hey dstanek	18:05
dstanek	tjcocozz: i just commented on that review again. let me know what you think. i'd like to get that one +2ed before i leave for the weekend	18:06
shaleh	dstanek: thanks for the rebase earlier.	18:07
dstanek	shaleh: np. i had work that i based on it so i needed to get it up to date	18:08
shaleh	with this morning's update hopefully I can get that series buttoned down	18:09
shaleh	stupid no whitespace after the function docstring check hung me up	18:09
*** diazjf has quit IRC		18:09
shaleh	I seriously do not understand hacker's hatred of whitespace	18:09
shaleh	hackers'	18:10
shaleh	bah	18:10
dstanek	shaleh: i think it's more that a way was picked and we want to be consistent	18:13
boltR	gyee: i see, good to know	18:13
shaleh	dstanek: I get it, I will follow it. Does not mean I agree with it or like :-)	18:14
dstanek	i feel the same was about only importing modules :-)	18:15
boltR	thanks for the help!	18:15
shaleh	dstanek: seriously	18:15
shaleh	dstanek: ++ right there with ya	18:15
shaleh	we only have 78 chars to type yet we need to ensure every identifier is as long as possible. Talk about rigged for failure.	18:16
dstanek	:-)	18:16
bknudson	shorten symbol names locally by renaming them	18:16
*** tonytan_brb has joined #openstack-keystone		18:17
*** browne has quit IRC		18:17
shaleh	bknudson: yeah, I know the tricks. Does not make the need for them ok.	18:17
*** tonytan_brb has quit IRC		18:17
dstanek	bknudson: you can, but that can get silly	18:17
tjcocozz	dstanek, responed	18:19
*** tonytan4ever has quit IRC		18:19
tjcocozz	dstanek, responded	18:20
dstanek	i guess we should just make a standard section after the imports for shortening identifiers - i need to research the rationale behind module only	18:20
dstanek	tjcocozz: not seeing it	18:20
shaleh	dstanek: the usual rationale is disambiguation of identifiers	18:20
*** e0ne has joined #openstack-keystone		18:21
*** lsmola has quit IRC		18:21
shaleh	dstanek: which FOoException are we using for instance.	18:21
dstanek	shaleh: bah. if i import the module and 4 lines later pull something out of the module then it's no different	18:21
shaleh	dstanek: concur, but that is usually the reason i have seen elsewhere. Can't speak for Keystone and OpenStack.	18:22
dstanek	shaleh: the only time i've need to do that is when i wanted to replace things in a module and have the rest of the system get those changes, but in that case you couldn't shorted the name anyway	18:22
shaleh	when using external libs, I have had cases for there were multiple "ValidationException" types defined.	18:23
shaleh	but use the tool when you need it. Otherwise you are sliding down towards Hungarian stupidity	18:24
bknudson	there's been some discussion about swagger on the -dev ml recently... has anybody looked at it for keystone?	18:24
bknudson	I wonder if we couldn't add a bit to the JSONHome generator to make it generate a swagger doc	18:24
tjcocozz	dstanek, sorry I forgot to publish that comment.	18:25
*** topol has joined #openstack-keystone		18:25
*** ChanServ sets mode: +v topol		18:25
dstanek	bknudson: the API framework?	18:25
bknudson	dstanek: swagger is a specification, and I guess it can be a framework, too	18:26
bknudson	http://swagger.io/getting-started/	18:26
dstanek	tjcocozz: bknudson: i think the name check for the entry points is enough to test that they are registered	18:27
dstanek	bknudson: yep, that's the one	18:27
bknudson	dstanek: do we need to check that the entrypoints are defined correctly in the setup.cfg ?	18:27
dstanek	bknudson: i've used that for green field dev when i didn't have existing APIs to support	18:27
bknudson	dstanek: tjcocozz: I'm fine with it either way. If people keep messing up their setup.cfg we can add it back in easy enough.	18:29
*** topol has quit IRC		18:29
dstanek	bknudson: the set comparison will do that	18:30
shaleh	bknudson, dstanek: so would Keystone need to emit YAML definitions that are consumed by a swagger tool?	18:31
bknudson	shaleh: keystone could emit yaml or json swagger doc	18:32
openstackgerrit	Tom Cocozzello proposed openstack/keystonemiddleware: Define entry points for filter factories for Paste Deployment https://review.openstack.org/233839	18:32
tjcocozz	dstanek, bknudson ^^	18:32
shaleh	bknudson: could this be a way to have more accurate API specs?	18:33
shaleh	code -> specs instead of the other way around	18:33
bknudson	(the spec is always accurate)	18:33
bknudson	but yes, some other projects are looking to generate their specs somehow.	18:34
bknudson	from the routes or something	18:34
*** wanghua_ has quit IRC		18:34
*** wanghua_ has joined #openstack-keystone		18:35
dstanek	i still think of swagger as a hipster/startup thing that hasn't caught on yet	18:39
shaleh	dstanek: there is always the initial buy in period	18:40
shaleh	dstanek: basically it looks like people who miss SOAP	18:40
shaleh	aka help for lost Java devs	18:40
bknudson	sounds like the docs team wants to change the api docs page to be swagger based	18:40
shaleh	bknudson: are they implementing it :-)	18:41
bknudson	we do need to reinvent all the ws-* specs	18:41
shaleh	dstanek: how goes the test reorg?	18:45
dstanek	shaleh: i based it off of your work now since i did have to make a few changes involving new_*	18:47
shaleh	ah, sorry to get in the weay	18:47
*** mylu has quit IRC		18:47
shaleh	dstanek: project and user I am saving until the end. They are the thorny ones.	18:49
shaleh	I am finishing up domain right now	18:50
*** diazjf has joined #openstack-keystone		18:55
*** browne has joined #openstack-keystone		18:59
*** diazjf has quit IRC		19:00
openstackgerrit	Dolph Mathews proposed openstack/python-keystoneclient: Pull the endpoint from the Session https://review.openstack.org/242495	19:00
*** su_zhang has quit IRC		19:02
*** e0ne has quit IRC		19:08
*** e0ne has joined #openstack-keystone		19:12
*** aix has quit IRC		19:15
*** tonytan4ever has joined #openstack-keystone		19:17
*** mylu has joined #openstack-keystone		19:25
*** dave-mccowan has quit IRC		19:30
*** mylu has quit IRC		19:31
*** openstackstatus has joined #openstack-keystone		19:35
*** ChanServ sets mode: +v openstackstatus		19:35
*** mylu has joined #openstack-keystone		19:39
-openstackstatus- NOTICE: Gerrit will be offline at 20:00-20:15 UTC today (starting 20 minutes from now) for scheduled project rename maintenance		19:40
shaleh	yay	19:41
*** phalmos has quit IRC		19:43
*** mylu has quit IRC		19:44
*** mylu has joined #openstack-keystone		19:45
*** dave-mccowan has joined #openstack-keystone		19:46
*** spandhe has joined #openstack-keystone		19:46
*** mylu has quit IRC		19:47
*** mylu_ has joined #openstack-keystone		19:47
openstackgerrit	Merged openstack/keystone: [rally] remove deprecated arg https://review.openstack.org/240251	19:47
*** mylu_ has quit IRC		19:47
*** daemontool has quit IRC		19:47
*** mylu has joined #openstack-keystone		19:48
openstackgerrit	Merged openstack/keystone: Add Mapping Combinations for Keystone to Keystone Federation https://review.openstack.org/237673	19:50
*** mylu has quit IRC		19:52
*** phalmos has joined #openstack-keystone		19:52
*** e0ne has quit IRC		19:54
openstackgerrit	ayoung proposed openstack/keystone: implied roles https://review.openstack.org/242614	19:55
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	19:57
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_endpoint_ref consistently https://review.openstack.org/237758	19:57
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	19:57
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_domain_ref consistently https://review.openstack.org/242615	19:57
*** tonytan4ever has quit IRC		19:57
*** urulama has quit IRC		19:58
*** pauloewerton has joined #openstack-keystone		19:59
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/python-keystoneclient: List federated projects from keystoneauth https://review.openstack.org/242616	20:00
*** mylu has joined #openstack-keystone		20:01
-openstackstatus- NOTICE: Gerrit is offline until 20:15 UTC today for scheduled project rename maintenance		20:02
*** ChanServ changes topic to "Gerrit is offline until 20:15 UTC today for scheduled project rename maintenance"		20:02
*** mylu has quit IRC		20:04
*** mylu has joined #openstack-keystone		20:05
*** diazjf has joined #openstack-keystone		20:06
*** roxanagh_ has quit IRC		20:13
*** mylu has quit IRC		20:19
*** mylu has joined #openstack-keystone		20:19
*** mylu_ has joined #openstack-keystone		20:21
*** mylu has quit IRC		20:21
*** roxanagh_ has joined #openstack-keystone		20:26
*** ninag has quit IRC		20:31
*** topol has joined #openstack-keystone		20:35
*** ChanServ sets mode: +v topol		20:35
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Fix some nits inside validation/config.py https://review.openstack.org/242622	20:36
*** ChanServ changes topic to "Liberty is Out yay!! \o/ \| Etherpads for summit https://wiki.openstack.org/wiki/Design_Summit/Mitaka/Etherpads#Keystone"		20:36
*** dims is now known as dimsum__		20:37
*** Guest88047 is now known as jdg		20:43
*** jdg is now known as jgriffith		20:44
*** mylu_ has quit IRC		20:49
*** daemontool has joined #openstack-keystone		20:52
*** gordc has quit IRC		20:53
pauloewerton	hi, everyone. I'm trying to create a new api call '/projects/{id}/cascade' and I've added the following code to resource/routers: http://paste.openstack.org/show/478224/	20:55
pauloewerton	but it gives me: Project field is required and cannot be empty.	20:55
*** mylu has joined #openstack-keystone		20:55
pauloewerton	although I've already created a new resource/controllers call	20:55
*** harlowja_ has joined #openstack-keystone		20:56
*** harlowja has quit IRC		20:56
*** openstackgerrit has quit IRC		21:01
pauloewerton	dstanek, hi. have you ever seen any thing like that?	21:01
pauloewerton	^	21:02
*** su_zhang has joined #openstack-keystone		21:02
*** openstackgerrit has joined #openstack-keystone		21:02
*** pauloewerton has quit IRC		21:04
*** raildo is now known as raildo-afk		21:04
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	21:05
*** su_zhang has quit IRC		21:06
*** NM has quit IRC		21:07
*** roxanagh_ has quit IRC		21:10
*** jrist has quit IRC		21:13
*** petertr7 is now known as petertr7_away		21:14
*** petertr7_away is now known as petertr7		21:15
*** jrist has joined #openstack-keystone		21:16
*** shaleh is now known as shaleh\|away		21:22
*** su_zhang has joined #openstack-keystone		21:24
*** mylu has quit IRC		21:25
*** mylu has joined #openstack-keystone		21:25
openstackgerrit	Fernando Diaz proposed openstack/keystone: Make K2K Mapping Attribute Examples for visible https://review.openstack.org/242639	21:26
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	21:26
openstackgerrit	Fernando Diaz proposed openstack/keystone: Make K2K Mapping Attribute Examples for visible https://review.openstack.org/242639	21:28
openstackgerrit	Fernando Diaz proposed openstack/keystone: Make K2K Mapping Attribute Examples more visible https://review.openstack.org/242639	21:30
*** roxanagh_ has joined #openstack-keystone		21:34
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Change tests that are setting incorrect Distinguished Names https://review.openstack.org/241378	21:37
*** njohnston has left #openstack-keystone		21:38
*** tonytan4ever has joined #openstack-keystone		21:39
*** phalmos has quit IRC		21:41
*** akanksha_ has joined #openstack-keystone		21:46
*** jerrygb has quit IRC		21:46
*** jerrygb has joined #openstack-keystone		21:47
*** topol has quit IRC		21:47
*** lhinds has joined #openstack-keystone		21:50
*** jerrygb has quit IRC		21:51
*** mylu has quit IRC		21:54
*** henrynash has joined #openstack-keystone		21:55
*** ChanServ sets mode: +v henrynash		21:55
*** alejandrito has quit IRC		21:56
*** jasonsb has joined #openstack-keystone		21:57
*** dave-mccowan has quit IRC		21:57
ryanpetrello	ayoung: any chance you've had time to look at https://review.openstack.org/#/c/241346/ ?	21:59
ryanpetrello	or is there anybody else I should add to the review?	21:59
*** tellesnobrega is now known as tellesnobrega_af		22:02
*** petertr7 is now known as petertr7_away		22:05
*** jasonsb has quit IRC		22:05
*** jerrygb has joined #openstack-keystone		22:09
*** jerrygb_ has joined #openstack-keystone		22:10
*** mylu has joined #openstack-keystone		22:13
*** jerrygb has quit IRC		22:14
*** topol has joined #openstack-keystone		22:15
*** ChanServ sets mode: +v topol		22:15
*** mylu has quit IRC		22:20
*** boris-42 has joined #openstack-keystone		22:21
*** topol has quit IRC		22:27
*** jbell8 has quit IRC		22:34
*** doug-fish has quit IRC		22:40
*** su_zhang has quit IRC		22:57
*** jbell8 has joined #openstack-keystone		22:57
*** diazjf has quit IRC		23:09
*** hrou has quit IRC		23:12
*** RichardRaseley has joined #openstack-keystone		23:14
openstackgerrit	Merged openstack/keystonemiddleware: Define entry points for filter factories for Paste Deployment https://review.openstack.org/233839	23:16
RichardRaseley	I have questions about the 'user_name_attribute' and 'user_id_attribute'. I have an LDAP backend that is populated with users. Previously we had 'user_name_attribute' set to 'cn' and 'user_id_attribute' set to 'uid'. When attempting to auth against Keystone using python-openstackclient, I passed the 'uid' as the '--os-username', when in reality it was requiring the 'cn'. Is this expected?	23:22
RichardRaseley	I would expect the user_id_attribute to be used for authentication and the user_name_attribute to be used for friendly display name, but maybe that is just some cognitive bias imposed by our internal schema.	23:23
*** su_zhang has joined #openstack-keystone		23:25
*** RichardRaseley has quit IRC		23:26
*** pumaranikar has quit IRC		23:27
*** topol has joined #openstack-keystone		23:27
*** ChanServ sets mode: +v topol		23:27
*** topol has quit IRC		23:32
*** jbell8 has quit IRC		23:32
*** tonytan4ever has quit IRC		23:33
*** RichardRaseley has joined #openstack-keystone		23:47
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_domain_ref consistently https://review.openstack.org/242615	23:51
*** dimsum__ has quit IRC		23:52
*** jerrygb_ has quit IRC		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!