Friday, 2016-03-25

« Thursday, 2016-03-24 Index Saturday, 2016-03-26 »
*** pgbridge has quit IRC00:00
stevemargyee: nah, its a stat holiday00:01
*** rderose has joined #openstack-keystone00:01
*** c_soukup has quit IRC00:02
*** fawadkhaliq has quit IRC00:07
*** fawadkhaliq has joined #openstack-keystone00:07
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663900:13
*** rderose has quit IRC00:14
*** rdo has quit IRC00:17
*** sdake_ has joined #openstack-keystone00:20
*** roxanaghe has quit IRC00:22
*** sdake has quit IRC00:22
*** arunkant_ has quit IRC00:26
knikollahttp://lists.openstack.org/pipermail/openstack-dev/2016-March/090422.html00:29
knikollaresults are out00:29
*** shoutm has quit IRC00:34
*** shoutm has joined #openstack-keystone00:36
*** fawadkhaliq has quit IRC00:38
*** fawadkhaliq has joined #openstack-keystone00:39
*** sheel has joined #openstack-keystone00:40
ayoungstevemar, Congrats!00:44
*** flaper87 has quit IRC00:45
*** flaper87 has joined #openstack-keystone00:46
*** fawadkhaliq has quit IRC00:47
*** fawadkhaliq has joined #openstack-keystone00:48
*** knikolla has quit IRC00:50
*** timcline has joined #openstack-keystone00:51
*** fawadkhaliq has quit IRC00:54
samueldmqstevemar: thanks for the update; same here :)00:54
samueldmqstevemar: enjoy this long weekend00:54
*** timcline has quit IRC00:55
*** shoutm_ has joined #openstack-keystone00:55
*** shoutm has quit IRC00:55
*** lhcheng_ has joined #openstack-keystone00:57
*** lhcheng has quit IRC01:00
*** jorge_munoz has quit IRC01:04
*** EinstCrazy has joined #openstack-keystone01:05
*** EinstCrazy has quit IRC01:07
*** EinstCrazy has joined #openstack-keystone01:09
*** pushkaru has quit IRC01:16
*** agrebennikov has quit IRC01:23
*** sdake_ has quit IRC01:27
*** fawadkhaliq has joined #openstack-keystone01:29
*** dan_nguyen has quit IRC01:47
*** timcline has joined #openstack-keystone01:52
*** lhcheng_ has quit IRC01:52
*** timcline has quit IRC01:56
*** itlinux_ has joined #openstack-keystone02:06
*** itlinux has quit IRC02:06
*** woodster_ has quit IRC02:07
*** edmondsw has quit IRC02:22
*** lhcheng has joined #openstack-keystone02:41
*** ChanServ sets mode: +v lhcheng02:41
*** timcline has joined #openstack-keystone02:53
*** gyee has quit IRC02:53
*** timcline has quit IRC02:54
*** timcline has joined #openstack-keystone02:54
*** sheel has quit IRC02:57
*** timcline has quit IRC02:59
*** fawadkhaliq has quit IRC03:03
*** sdake has joined #openstack-keystone03:07
openstackgerritAnh Tran proposed openstack/keystone: Removing redundant words  https://review.openstack.org/29749903:09
*** dave-mccowan has quit IRC03:10
*** chlong has quit IRC03:12
*** harlowja_at_home has quit IRC03:12
*** harlowja_at_home has joined #openstack-keystone03:12
*** dave-mccowan has joined #openstack-keystone03:13
*** fawadkhaliq has joined #openstack-keystone03:14
*** chlong has joined #openstack-keystone03:14
*** pgreg has joined #openstack-keystone03:15
*** shoutm_ has quit IRC03:18
*** shoutm has joined #openstack-keystone03:18
*** dave-mccowan has quit IRC03:20
*** roxanaghe has joined #openstack-keystone03:25
*** roxanaghe has quit IRC03:40
*** roxanaghe has joined #openstack-keystone03:41
*** jasonsb has joined #openstack-keystone03:42
*** timcline has joined #openstack-keystone03:55
*** timcline has quit IRC04:00
*** links has joined #openstack-keystone04:01
*** jasonsb has quit IRC04:04
*** EinstCra_ has joined #openstack-keystone04:05
*** EinstCrazy has quit IRC04:06
*** jasonsb has joined #openstack-keystone04:26
*** david_cu has quit IRC04:34
*** jasonsb_ has joined #openstack-keystone04:50
*** jasonsb has quit IRC04:50
*** timcline has joined #openstack-keystone04:56
*** timcline has quit IRC05:00
*** spandhe has joined #openstack-keystone05:05
*** shoutm_ has joined #openstack-keystone05:06
*** shoutm has quit IRC05:08
*** wasmum has joined #openstack-keystone05:11
openstackgerritMerged openstack/keystone: Removing redundant words  https://review.openstack.org/29749905:14
*** EinstCra_ has quit IRC05:30
*** roxanaghe has quit IRC05:32
*** EinstCrazy has joined #openstack-keystone05:33
*** roxanaghe has joined #openstack-keystone05:36
*** links has quit IRC05:43
*** roxanaghe has quit IRC05:47
*** spandhe has quit IRC05:50
*** sdake has quit IRC05:50
*** timcline has joined #openstack-keystone05:57
*** spandhe has joined #openstack-keystone05:58
*** timcline has quit IRC06:01
*** spandhe has quit IRC06:03
*** timcline has joined #openstack-keystone06:23
*** shoutm_ has quit IRC06:26
*** shoutm has joined #openstack-keystone06:27
*** timcline has quit IRC06:27
*** lhcheng has quit IRC06:30
*** EinstCrazy has quit IRC06:44
*** chlong has quit IRC06:45
*** EinstCrazy has joined #openstack-keystone06:48
*** e0ne has joined #openstack-keystone07:06
*** henrynash has joined #openstack-keystone07:08
*** ChanServ sets mode: +v henrynash07:08
*** rk4n has joined #openstack-keystone07:08
*** spandhe has joined #openstack-keystone07:10
*** rk4n has quit IRC07:11
*** EinstCrazy has quit IRC07:12
*** rk4n has joined #openstack-keystone07:12
*** e0ne has quit IRC07:15
*** rk4n has quit IRC07:17
*** fawadkhaliq has quit IRC07:17
*** EinstCrazy has joined #openstack-keystone07:21
*** timcline has joined #openstack-keystone07:24
*** rk4n has joined #openstack-keystone07:25
*** timcline has quit IRC07:28
*** shoutm_ has joined #openstack-keystone07:29
*** shoutm has quit IRC07:30
*** spandhe has quit IRC07:36
*** pcaruana has joined #openstack-keystone07:38
*** nisha has joined #openstack-keystone07:43
*** kyen has joined #openstack-keystone07:44
*** rk4n has quit IRC07:51
*** rk4n has joined #openstack-keystone07:56
*** rk4n has quit IRC08:00
*** nisha has quit IRC08:06
*** lhcheng has joined #openstack-keystone08:19
*** ChanServ sets mode: +v lhcheng08:19
*** lhcheng has quit IRC08:24
*** EinstCrazy has quit IRC08:24
*** timcline has joined #openstack-keystone08:25
*** timcline has quit IRC08:29
*** shoutm_ has quit IRC08:34
*** EinstCrazy has joined #openstack-keystone08:34
*** sheel has joined #openstack-keystone08:38
*** openstackstatus has joined #openstack-keystone09:08
*** ChanServ sets mode: +v openstackstatus09:08
*** EinstCra_ has joined #openstack-keystone09:16
*** EinstCrazy has quit IRC09:17
*** EinstCrazy has joined #openstack-keystone09:18
*** EinstCra_ has quit IRC09:19
*** real56 has joined #openstack-keystone09:20
*** EinstCrazy has quit IRC09:20
*** EinstCrazy has joined #openstack-keystone09:21
*** daemontool has joined #openstack-keystone09:22
*** EinstCrazy has quit IRC09:23
*** EinstCr__ has joined #openstack-keystone09:23
*** EinstCrazy has joined #openstack-keystone09:24
*** real56 has joined #openstack-keystone09:25
*** Einst____ has joined #openstack-keystone09:26
*** timcline has joined #openstack-keystone09:26
*** EinstCr__ has quit IRC09:27
*** EinstCrazy has quit IRC09:29
*** timcline has quit IRC09:30
*** real56_ has joined #openstack-keystone09:36
*** real56 has quit IRC09:39
*** real56_ is now known as real5609:39
*** kyen has quit IRC09:40
*** kfox1111 has quit IRC09:44
*** kfox1111 has joined #openstack-keystone09:44
*** xek has quit IRC09:48
*** xek has joined #openstack-keystone09:49
*** EinstCrazy has joined #openstack-keystone09:56
*** Einst____ has quit IRC09:59
*** e0ne has joined #openstack-keystone10:11
*** jed56 has quit IRC10:13
*** EinstCrazy has quit IRC10:14
*** timcline has joined #openstack-keystone10:26
*** timcline has quit IRC10:30
*** lhcheng has joined #openstack-keystone10:32
*** ChanServ sets mode: +v lhcheng10:32
*** lhcheng has quit IRC10:37
*** lmiccini has quit IRC10:39
*** lmiccini has joined #openstack-keystone10:40
*** rk4n has joined #openstack-keystone11:02
*** rk4n has quit IRC11:03
*** rk4n_ has joined #openstack-keystone11:03
*** wanghua has quit IRC11:24
*** timcline has joined #openstack-keystone11:27
*** timcline has quit IRC11:31
*** jsavak has joined #openstack-keystone11:32
*** pgreg has quit IRC11:32
*** jsavak has quit IRC11:52
*** pgreg has joined #openstack-keystone12:06
fundcorIt seems that gunicorn reads just the part of config that is under # sign (cmd is listed later). But it doesn't seem to read other config (uwsgi and apache2 mod_wsgi do it automatically it seems):  ~/keystone/venv/bin/gunicorn --paste /etc/keystone/keystone-paste.ini --paste /etc/keystone/keystone.conf --paste /etc/keystone/test2.ini#admin_service --bind 10.10.10.10:8001 --log-level debug  --access-logfile -12:13
fundcoras you can see additional --paste sections doesn't affect anything at all. How can I make gunicorn to read all the configs without hardcoding it in wsgi script?12:14
*** timcline has joined #openstack-keystone12:28
morganfundcor: unfortunately, this is not something we have spent a lot of time on. If you figure it out, I recommend making a blog post/contributing documentation.12:32
*** timcline has quit IRC12:32
morganfundcor: i do remember gunicorn had issues with configs not working right. it may require hard-coding, it may require other things, it also may be unsupportable.12:33
*** david-lyle has quit IRC12:45
*** flaper87 has quit IRC12:46
*** flaper87 has joined #openstack-keystone12:46
*** jsavak has joined #openstack-keystone12:47
*** jed56 has joined #openstack-keystone12:47
*** henrynash has quit IRC13:01
dstanekfundcor: why would you pass your keystone.conf on the command-line to gunicor?13:01
*** jsavak has quit IRC13:07
*** ninag has joined #openstack-keystone13:09
*** jsavak has joined #openstack-keystone13:10
*** edmondsw has joined #openstack-keystone13:10
*** jsavak has quit IRC13:15
*** jsavak has joined #openstack-keystone13:16
*** edmondsw has quit IRC13:16
*** edmondsw has joined #openstack-keystone13:21
*** timcline has joined #openstack-keystone13:28
*** pgreg has quit IRC13:29
*** timcline has quit IRC13:33
*** jaugustine has joined #openstack-keystone13:35
dstanekok, i'll officially stumped by oslo_config... might be time to call it a day already :-(13:44
*** ayoung has quit IRC13:44
*** pushkaru has joined #openstack-keystone13:48
*** kyen has joined #openstack-keystone13:53
*** sigmavirus24_awa is now known as sigmavirus2414:03
*** knikolla has joined #openstack-keystone14:04
openstackgerritBrant Knudson proposed openstack/keystone: Use ldap3 for DN comparison  https://review.openstack.org/26072114:17
*** spzala has joined #openstack-keystone14:18
*** knikolla has quit IRC14:19
*** nisha has joined #openstack-keystone14:20
*** edmondsw has quit IRC14:22
*** c_soukup has joined #openstack-keystone14:22
*** ayoung has joined #openstack-keystone14:26
*** ChanServ sets mode: +v ayoung14:26
*** henrynash has joined #openstack-keystone14:29
*** ChanServ sets mode: +v henrynash14:29
*** timcline has joined #openstack-keystone14:29
*** slberger has joined #openstack-keystone14:31
*** timcline has quit IRC14:34
*** edmondsw has joined #openstack-keystone14:37
*** sdake has joined #openstack-keystone14:41
*** knikolla has joined #openstack-keystone14:43
*** diazjf has joined #openstack-keystone14:44
*** dan_nguyen has joined #openstack-keystone14:45
*** timcline has joined #openstack-keystone14:46
*** diazjf1 has joined #openstack-keystone14:49
*** jorge_munoz has joined #openstack-keystone14:51
*** diazjf has quit IRC14:52
*** nisha has quit IRC14:53
*** c_soukup has quit IRC15:12
*** nisha has joined #openstack-keystone15:17
*** pumarani__ has joined #openstack-keystone15:19
*** pushkaru has quit IRC15:21
*** diazjf1 has quit IRC15:24
*** diazjf has joined #openstack-keystone15:24
*** spzala has quit IRC15:27
mfischdolphm: lbragstad G+ for our call today?15:29
*** david-lyle has joined #openstack-keystone15:34
*** agrebennikov has joined #openstack-keystone15:34
*** spzala has joined #openstack-keystone15:34
*** agrebennikov has quit IRC15:37
*** agrebennikov has joined #openstack-keystone15:37
*** nisha has quit IRC15:38
*** david-lyle_ has joined #openstack-keystone15:38
*** spzala has quit IRC15:38
*** david-lyle has quit IRC15:38
*** woodster_ has joined #openstack-keystone15:39
*** henrynash has quit IRC15:39
*** david-lyle_ is now known as david-lyle15:39
*** pnavarro has joined #openstack-keystone15:41
*** spzala has joined #openstack-keystone15:44
*** jdennis has quit IRC15:47
*** spzala has quit IRC15:49
*** spzala has joined #openstack-keystone15:50
bretonin k2k there are attributes like openstack_user_domain or openstack_project in the SAML attribute. What is it for? Afaik we cannot set project dynamically in the mapping, can we?15:54
*** ebalduf has joined #openstack-keystone15:54
*** spzala has quit IRC15:55
*** gyee has joined #openstack-keystone15:55
*** ChanServ sets mode: +v gyee15:55
breton*what are they for?15:55
*** spzala has joined #openstack-keystone15:56
*** roxanaghe has joined #openstack-keystone15:57
*** gmmaha has joined #openstack-keystone16:00
gmmahaHi, i had a quick question.. I have an openstack multinode deployment and it fails with create new projects with the error "Error: Could not find defualt role "_member_" in Keystone16:01
*** spzala has quit IRC16:01
gmmahai found a bug https://bugs.launchpad.net/devstack/+bug/1421616 but it seems its an issue with devstack and not openstack itself..16:01
openstackLaunchpad bug 1421616 in devstack "Cannot create project using Horizon - Could not find default role "_member_"" [Undecided,Fix released] - Assigned to Attila Fazekas (afazekas)16:01
gmmahai also found that _member_ role doesnt exist in my isntalltion. http://paste.openstack.org/show/491910/16:02
*** rderose has joined #openstack-keystone16:02
gmmahashouldnt the _member_ role be created by default? Do I have to create it manually16:02
*** spzala has joined #openstack-keystone16:02
gmmahai believe this is upstream master code thats being deployed16:02
*** rk4n_ has quit IRC16:06
*** spzala has quit IRC16:06
bretonyes, you need to create it16:09
*** pcaruana has quit IRC16:11
*** spzala has joined #openstack-keystone16:11
*** roxanaghe has quit IRC16:15
*** spzala has quit IRC16:16
gmmahabreton: ohh.. i always thought that when keystone gets instantiated, both admin and _member_ get created by default..16:17
*** spzala has joined #openstack-keystone16:17
gmmahadid that change in the recent past or do i just have my know-how wrong.16:17
*** roxanaghe has joined #openstack-keystone16:18
bretongmmaha: i think the latter :)16:20
gmmahabreton: :) thanks for clarifying16:20
gmmahabreton: then maybe a small bug is in order? With user admin, when i try to create a new project/user it fails with _member_ role not available..16:22
*** spzala has quit IRC16:22
gmmahamaybe we should need it or if thts a need, maybe we create..16:22
gmmahaJust easier user exprience.. sorry if this has already been discussed16:22
*** roxanaghe has quit IRC16:22
*** spzala has joined #openstack-keystone16:23
*** roxanaghe has joined #openstack-keystone16:24
*** spzala has quit IRC16:28
*** spzala has joined #openstack-keystone16:29
*** jdennis has joined #openstack-keystone16:29
*** spzala has quit IRC16:33
*** mylu has joined #openstack-keystone16:33
*** spzala has joined #openstack-keystone16:35
*** spzala has quit IRC16:39
SamYaplequestion. can a user belong to multiple domains? if so how-to-do? I thought this was the case but cannot figure it out16:40
*** jsavak has quit IRC16:40
bretongmmaha: maybe16:41
*** jsavak has joined #openstack-keystone16:41
bretongmmaha: it won't hurt after all16:41
bretonSamYaple: no, user cannot belong to multiple domains. Why would you want that?16:42
bretonSamYaple: you can assign user roles on mulitple domains though16:42
SamYaplebreton: its not _that_ crazy. one user admining multiple domains where domains are seperate companies (multi-tenant cloud)16:43
SamYapleso if i assign roles for other domains to one user that should allow this, yes?16:43
gmmahabreton: thanks.. let me file a bug16:43
SamYaplei remeber being able to do this, just not hte details of how16:43
SamYapleroles sound like the answer16:44
bretonSamYaple: well, assign him roles. it doesn't mean that the user can control the domain by being in it16:44
SamYaplebreton: in this case its a bit more... not so cool. basically the goal is to have horizon view look like one project or another. so lets see if roles can solve that16:46
SamYapleone domain or another*16:46
gmmahabreton: commented on an existing bug.. https://bugs.launchpad.net/devstack/+bug/142161616:51
openstackLaunchpad bug 1421616 in devstack "Cannot create project using Horizon - Could not find default role "_member_"" [Undecided,Fix released] - Assigned to Attila Fazekas (afazekas)16:51
gmmahathanks for the help16:51
*** mylu has quit IRC16:51
*** edmondsw has quit IRC16:52
*** mylu has joined #openstack-keystone16:55
*** jsavak has quit IRC16:57
*** henrynash has joined #openstack-keystone16:58
*** ChanServ sets mode: +v henrynash16:58
openstackgerritAlexander Makarov proposed openstack/keystoneauth: Examples for migration from keystoneclient  https://review.openstack.org/29776416:58
*** rderose has quit IRC17:01
*** rderose has joined #openstack-keystone17:06
*** jorge_munoz has quit IRC17:09
openstackgerritTom Cocozzello proposed openstack/keystone: Allow Python 3 testing for `test_fernet_provider`  https://review.openstack.org/29776817:15
*** sigmavirus24 is now known as sigmavirus24_awa17:15
*** timcline has quit IRC17:17
*** timcline has joined #openstack-keystone17:18
*** e0ne has quit IRC17:19
*** timcline has quit IRC17:22
*** jdennis has quit IRC17:32
*** jsavak has joined #openstack-keystone17:44
*** ayoung has quit IRC17:47
*** jsavak has quit IRC17:48
*** timcline has joined #openstack-keystone17:48
*** jsavak has joined #openstack-keystone17:49
*** timcline has quit IRC17:51
*** timcline has joined #openstack-keystone17:51
*** rderose has quit IRC17:52
*** spzala has joined #openstack-keystone17:53
*** rk4n has joined #openstack-keystone17:55
*** spandhe has joined #openstack-keystone18:04
*** jasonsb_ has quit IRC18:06
*** sdake_ has joined #openstack-keystone18:07
*** sdake has quit IRC18:08
*** jorge_munoz has joined #openstack-keystone18:11
*** daemontool has quit IRC18:12
*** kyen has quit IRC18:14
*** edmondsw has joined #openstack-keystone18:15
*** pumarani__ has quit IRC18:15
*** pushkaru has joined #openstack-keystone18:15
dstanekgmmaha: so the fix to devstack didn't actually work in all cases?18:18
gmmahadstanek: not sure about devstack.. my setup is a multinode openstack install and i ran into the same issue18:19
gmmahaJust thought creating a new bug for the smae issue wasnt the best.. so added my comments to it18:20
*** pushkaru has quit IRC18:25
dstanekgmmaha: ah, i see. i think the resolution of that bug was that keystone isn't creating _member_ and that the deployment software should be doing it18:29
gmmahadstanek: but then if its an requirement that it needs to be created, why not just have it created by default?18:30
gmmahasorry just curious to understand the rationale behind needing that but not creating by default18:30
*** csoukup has joined #openstack-keystone18:32
*** jorge_munoz has quit IRC18:33
*** mylu has quit IRC18:33
*** ayoung has joined #openstack-keystone18:34
*** ChanServ sets mode: +v ayoung18:34
*** mylu has joined #openstack-keystone18:36
*** rk4n has quit IRC18:39
*** rk4n has joined #openstack-keystone18:39
*** jdennis has joined #openstack-keystone18:45
*** jdennis has quit IRC18:47
morgandstanek: _member_ was only used for migration purposes. New deployments shouldn't need it iirc.18:47
morganUnless outside software used it. / configs. Which case the deployment could create it.18:47
morgangmmaha: ^cc18:48
dstanekmorgan: yes, i believe that it what we discussed18:48
morgandstanek: so, SoCal is dry. :P18:48
gmmahamorgan: aah ..18:49
gmmahathis setup of mine is deploying master openstack using kolla..18:49
gmmahaso i am curious why i am running into the issue where i cannot create new projects/users from the admin account18:49
*** roxanaghe has quit IRC18:52
*** jdennis has joined #openstack-keystone18:54
*** sdake_ is now known as sdake18:56
knikollashould this be moved out of backlog and into ongoing? https://specs.openstack.org/openstack/keystone-specs/specs/backlog/ldap3.html19:01
*** jed56 has quit IRC19:03
*** mylu has quit IRC19:03
*** real56 has quit IRC19:06
stevemarlbragstad: hey, is dolphm around?19:14
lbragstadstevemar nope he is on vacation today19:14
stevemarlbragstad: ah okay19:14
stevemarlbragstad: i wanted to talk mfa, can you can about that instead of him :P19:15
lbragstadstevemar depends on the questions :019:15
lbragstadwhat's up?19:15
stevemarlbragstad: any plans for newton for MFA?19:15
stevemarlbragstad: not just TOTP19:15
lbragstadstevemar yeah - to the best of my knowledge I thought the plan was to make all auth plugins in keystone aware of the their authentication factor19:16
lbragstadand then expose that through the API19:16
lbragstadthen subsequent work to oslo.policy could enforce operations to have a minimum number of authentication factors19:17
lbragstadbut the next step, now that totp is implemented, would be to make all the authentication plugins aware of what kind of authentication factor they represent19:17
stevemarlbragstad: that last part sounds stretchy19:17
lbragstadI thought that was up-to-bat for N19:17
lbragstadstevemar I wouldn't expect the oslo.policy stuff to land until o19:18
stevemarlbragstad: y'all have notes on this stuff?19:18
lbragstadstevemar yeah it was written up in a spec somewhere19:18
stevemarlbragstad: wouldn't it also depends on where the user comes from?19:18
stevemarlbragstad: oh right, we broke up the spec into 4 pieces didn't we19:19
stevemari forgot about that19:19
lbragstadstevemar yeah - the entire MFA idea is strung across several specs19:19
stevemarright right19:19
lbragstadstevemar these were my notes on it https://review.openstack.org/#/c/272287/5/specs/backlog/multifactor-authentication.rst19:19
patchbotlbragstad: patch 272287 - keystone-specs - Add spec for multifactor authentication19:19
*** e0ne has joined #openstack-keystone19:20
lbragstadstevemar that spec only details exposing the factors through the API19:20
lbragstadstevemar how we want to "enforce" multifactor after that is still a discussion worth having19:20
lbragstadbecause there are probably a few different ways we could do that19:21
lbragstadenforcing in oslo.policy is just one of them19:21
lbragstadwhich is the example in the spec at line #8519:22
lbragstadstevemar is that a topic we want to put on the discussion board for the summit19:25
lbragstad?19:25
dstaneklbragstad: i think it would a good idea19:26
lbragstadI'd definitely want to hear what the oslo folks think about enforcing it in oslo.policy19:26
*** spzala has quit IRC19:27
stevemarlbragstad: you betcha19:32
*** spzala has joined #openstack-keystone19:35
stevemarlbragstad: so i'm wondering how much support for 'mfa' we can state now, given that totp is merged19:35
stevemarwe need client and auth support19:35
stevemarbut there's nothing that actually uses it now? could i enable totp with horizon now?19:36
stevemar(just talking aloud)19:36
*** lhcheng has joined #openstack-keystone19:36
*** spzala has quit IRC19:38
*** spzala has joined #openstack-keystone19:38
openstackgerritAlexander Makarov proposed openstack/keystoneauth: Examples for migration from keystoneclient  https://review.openstack.org/29776419:41
*** gyee has quit IRC19:42
*** e0ne has quit IRC19:44
*** e0ne has joined #openstack-keystone19:46
dstanekstevemar: did the client support not merge?19:52
*** mylu has joined #openstack-keystone20:00
openstackgerritTom Cocozzello proposed openstack/keystone: WIP Allow Python 3 testing for `test_fernet_provider`  https://review.openstack.org/29776820:01
dstanektjcocozz: take a look at https://review.openstack.org/#/c/207526 and see if any of that stuff still needs to be done20:05
dstanektjcocozz: i'm going to abandon it in favor of your review20:07
tjcocozzdstanek, preasure is on.  haha can you give the low down on what bug you were hitting?20:08
*** pushkaru has joined #openstack-keystone20:08
*** spzala has quit IRC20:09
tjcocozzdstanek, thanks for the heads up i will take a look!20:10
dstanektjcocozz: no bug. the the that concerns me about you patch is that i want to make sure that the source of the data is the same type and not just type check in order to make the tests pass20:10
tjcocozzdstanek, that is my exact concern.  Which is why they are wip.  I am getting different results when running these test: https://review.openstack.org/#/c/294797/ then the tests in the patch above20:12
patchbottjcocozz: patch 294797 - keystone - Run federation tests under Python 320:12
*** spzala has joined #openstack-keystone20:13
*** sdake_ has joined #openstack-keystone20:14
*** e0ne has quit IRC20:14
*** tqtran has joined #openstack-keystone20:14
tjcocozzdstanek, i am going to add more tests.  I am assuming the tests are trying to test the correct functionality, i couldn't find anyother way of working around the problem i was facing when i was hitting bytes then to type check.  do you have a different sudgestion? or are you saying in production i probably won't be hitting it as bytes?20:15
*** sdake has quit IRC20:17
*** jorge_munoz has joined #openstack-keystone20:18
*** spzala has quit IRC20:18
tjcocozzdstanek, lets talk more on monday. have a good weekend :)20:19
*** rdo has joined #openstack-keystone20:19
dstanektjcocozz: i'll be on vacation Monday!20:20
dstanektjcocozz: i'm wondering if the data itself needs to be different. why is it bytes when it gets to that point?20:21
*** spzala has joined #openstack-keystone20:21
dstanektjcocozz: maybe something can be done to always make it bytes?20:21
dstanekon the other hand, i haven't looked into your patch other than a quick glance so that may be the best place for it20:21
*** roxanaghe has joined #openstack-keystone20:22
*** spzala has quit IRC20:26
*** spzala has joined #openstack-keystone20:27
*** spzala has quit IRC20:31
*** spzala has joined #openstack-keystone20:33
*** jaugustine has quit IRC20:34
*** spzala has quit IRC20:37
*** spzala has joined #openstack-keystone20:38
*** spzala has quit IRC20:43
*** ebalduf has quit IRC20:43
*** spzala has joined #openstack-keystone20:47
*** spzala has quit IRC20:47
*** spzala has joined #openstack-keystone20:48
*** spzala has quit IRC20:49
*** spzala has joined #openstack-keystone20:52
*** spzala has quit IRC20:56
*** dan_nguyen has quit IRC21:01
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609021:05
*** david-lyle_ has joined #openstack-keystone21:08
*** david-lyle has quit IRC21:08
*** david-lyle has joined #openstack-keystone21:13
*** pushkaru has quit IRC21:14
*** pumarani__ has joined #openstack-keystone21:14
*** david-lyle_ has quit IRC21:14
*** spzala has joined #openstack-keystone21:15
stevemardstanek: i didn't think so?21:17
stevemardstanek: nope: https://review.openstack.org/#/c/281086/21:19
patchbotstevemar: patch 281086 - keystoneauth - Support TOTP auth plugin21:19
*** jorge_munoz has quit IRC21:19
*** spzala has quit IRC21:20
*** dan_nguyen has joined #openstack-keystone21:26
*** timcline has quit IRC21:33
*** jsavak has quit IRC21:34
*** sdake has joined #openstack-keystone21:41
*** sdake_ has quit IRC21:44
*** roxanaghe has quit IRC21:44
*** roxanaghe has joined #openstack-keystone21:47
*** slberger has left #openstack-keystone21:55
*** mylu has quit IRC21:59
*** lhcheng has quit IRC22:02
*** ninag has quit IRC22:03
*** lhcheng has joined #openstack-keystone22:08
*** agrebennikov has quit IRC22:13
openstackgerritMerged openstack/keystone: Simplify repetitive unequal checks  https://review.openstack.org/28130522:20
*** markvoelker has quit IRC22:21
openstackgerritBrant Knudson proposed openstack/keystone: Correct _populate_default_domain in tests  https://review.openstack.org/29787922:27
*** dan_nguyen has quit IRC22:27
*** fawadkhaliq has joined #openstack-keystone22:33
dstanekstevemar: that's unfortunate22:36
*** sheel has quit IRC22:37
*** dan_nguyen has joined #openstack-keystone22:41
*** pumarani__ has quit IRC22:42
stevemardstanek: no time like the present for another review!22:43
dstanekstevemar: that's what i was thinking22:44
*** sdake_ has joined #openstack-keystone22:44
*** diazjf has quit IRC22:45
stevemardstanek: i'm still not clear on how we're going to enable mfa for folks22:45
dstanekstevemar: what do you mean?22:46
stevemardstanek: i guess the shadowed user will have another attribute (mfa-enabled) that they can enable in settings...22:46
dstanekstevemar: ah i see what you mean. in my test deployment any user was allowed to use mfa22:46
stevemardstanek: i guess, if i'm a deployer, how can i take advantage of totp today22:46
stevemarmaybe i should re-read the spec :)22:47
*** sdake has quit IRC22:47
dstanekstevemar: you just enable the totp auth method22:48
dstanekif you just take your existing keystone deployment and add a shared secret for the user, they could use google authenticator to get a token from keystone22:49
stevemardstanek: right, that's just logging in once (with your google authenticator) and you get your token22:50
stevemartheres no multi-login / mfa yet22:50
stevemar*yet*22:51
stevemari feel awful today, i should just stop while i'm ahead22:52
*** fawadkhaliq has quit IRC22:53
*** mylu has joined #openstack-keystone22:54
*** pushkaru has joined #openstack-keystone22:56
*** fawadkhaliq has joined #openstack-keystone22:56
*** mylu has quit IRC22:59
*** pushkaru has quit IRC23:01
*** pushkaru has joined #openstack-keystone23:02
*** fawadkhaliq has quit IRC23:05
*** agrebennikov has joined #openstack-keystone23:06
*** csoukup has quit IRC23:06
*** browne has quit IRC23:07
*** mylu has joined #openstack-keystone23:12
*** fawadkhaliq has joined #openstack-keystone23:12
*** fawadkhaliq has quit IRC23:12
*** fawadkhaliq has joined #openstack-keystone23:13
*** lhcheng has quit IRC23:14
*** knikolla has quit IRC23:18
*** markvoelker has joined #openstack-keystone23:21
*** spandhe has quit IRC23:21
*** lhcheng has joined #openstack-keystone23:24
*** lhcheng has quit IRC23:24
*** dhellmann has quit IRC23:24
*** lhcheng has joined #openstack-keystone23:24
*** pushkaru has quit IRC23:25
*** fawadkhaliq has quit IRC23:26
*** markvoelker has quit IRC23:26
*** fawadkhaliq has joined #openstack-keystone23:26
*** rderose has joined #openstack-keystone23:30
*** lhcheng has quit IRC23:34
dstanekstevemar: yeah, mfa in on the roadmap for N i think23:40
*** fawadkhaliq has quit IRC23:41
*** fawadkhaliq has joined #openstack-keystone23:41
*** edmondsw has quit IRC23:45
*** fawadkhaliq has quit IRC23:47
*** fawadkhaliq has joined #openstack-keystone23:47
*** hockeynut has quit IRC23:59
« Thursday, 2016-03-24 Index Saturday, 2016-03-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!