Wednesday, 2016-06-15

« Tuesday, 2016-06-14 Index Thursday, 2016-06-16 »
dstanekstevemar: how close is that hotel to the venue?00:02
*** edtubill has joined #openstack-keystone00:05
*** aratus has quit IRC00:06
*** rcernin has joined #openstack-keystone00:17
*** ddieterly has joined #openstack-keystone00:17
*** sdake has quit IRC00:18
*** rcernin has quit IRC00:22
*** rk4n has quit IRC00:22
*** rk4n has joined #openstack-keystone00:22
*** browne has quit IRC00:28
*** david-lyle has quit IRC00:32
*** tqtran has quit IRC00:33
*** edtubill has quit IRC00:34
*** ddieterly has quit IRC00:35
*** edtubill has joined #openstack-keystone00:45
*** edtubill has quit IRC00:46
*** rcernin has joined #openstack-keystone00:48
*** roxanagh_ has joined #openstack-keystone00:49
*** adrian_otto has quit IRC00:49
*** roxanagh_ has quit IRC00:53
*** rcernin has quit IRC00:53
*** roxanaghe has quit IRC00:55
notmorganlbragstad: https://review.openstack.org/#/c/273218/3 would be good to extract some basic data from the test run00:57
patchbotnotmorgan: patch 273218 - keystone - exception sensitive cache/audit changes00:57
notmorganlbragstad: for performance... also it reported twice00:57
lbragstadnotmorgan yeah - that was my bad... i had the scheduler running in two different places00:57
notmorganlbragstad: also pasteraw mangles the color coding00:57
lbragstadnotmorgan it does... i've added an issue to remove the dependency on pasteraw00:58
notmorganis there a rule against putting the output for both of those into the actual message?00:58
notmorganslash comment00:58
notmorganalso i think you want to post the data as CI data like jenkins does / 3rd party CI does.00:59
*** ddieterly has joined #openstack-keystone00:59
lbragstadnotmorgan no - there is no rule.00:59
lbragstadi just put the results in paste and left a link00:59
notmorganfor the log/runtime so it shows in the "jenkins check" area00:59
lbragstadi agree that it would be much better for the bot to actually determine the performance increase and leave a comment like "performance difference between master and patchset at <some-percentage>"01:00
notmorganlbragstad: so my comments are: post basic data in the comment, and post like jenkins does so it shows as a CI user01:00
notmorganand for an external link only 1 link with all the data, comparison at the top01:00
notmorgannot two outputs, if you can avoid it.01:00
* notmorgan is aiming for usability here.01:00
lbragstadagreed01:00
lbragstadhttps://github.com/lbragstad/keystone-performance/issues/501:00
notmorganhttps://github.com/lbragstad/keystone-performance/issues/1001:02
notmorganjust added that one01:02
lbragstad notmorgan sweet01:03
lbragstadnotmorgan as in a pass fail type output?01:03
notmorganit should show in a similar manner01:03
lbragstadnotmorgan what do we determine as pass/fail for performance tests?01:03
notmorgani *bet* you could make it show something (text-y) that says "performance difference <seconds> => <seconds>01:03
lbragstador maybe a certain percentage?01:04
notmorganif you look at the infra ci https://review.openstack.org/#/c/329376/01:04
patchbotnotmorgan: patch 329376 - openstack-infra/project-config - Add jobs for Monasca-Analytics01:04
lbragstad"performance degraded >5%, fail"01:04
notmorganJenkins XML output has changed. in 7m 57s (non-voting)01:04
*** rk4n has quit IRC01:04
notmorgannot a success/failure01:04
notmorganmaybe just a "Time (Patch): XXX, Time (POST): XXX"?01:05
*** rk4n has joined #openstack-keystone01:05
notmorganand have the link be to the full logs01:05
notmorgan(eventually pretty graphs too, but that is way down the line)01:05
*** rcernin has joined #openstack-keystone01:06
lbragstadi have that documented here too - https://github.com/lbragstad/keystone-performance/issues/801:06
notmorganright. i am thinking just the raw output published01:07
notmorganlong term actual trends for merged patches would be fantastic01:07
lbragstadok - that makes sense01:07
lbragstadagreed... that would be awesome01:07
notmorgantrigger on a merge event01:07
notmorganand run performance for the long-term thing, and store based on a SHA01:07
notmorganand then trending01:07
lbragstadwe could even map that01:08
lbragstadback to keystone inception01:08
lbragstadjust looping through each keystone sha back several releases and deploying with that sha01:08
*** rk4n has quit IRC01:09
lbragstader - how ever many releases OSA would go back01:09
*** rk4n has joined #openstack-keystone01:10
*** rcernin has quit IRC01:10
*** rk4n has quit IRC01:11
*** dan_nguyen has quit IRC01:11
*** ddieterly has quit IRC01:15
*** rk4n has joined #openstack-keystone01:16
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428401:20
notmorganlbragstad: ++01:25
*** sdake has joined #openstack-keystone01:28
*** tqtran has joined #openstack-keystone01:30
*** sdake has quit IRC01:32
*** tqtran has quit IRC01:34
*** rk4n has quit IRC01:35
*** BjoernT has joined #openstack-keystone01:37
*** raddaoui has quit IRC01:37
*** EinstCrazy has joined #openstack-keystone01:38
*** BjoernT has quit IRC01:43
*** links has joined #openstack-keystone01:54
*** jrist has quit IRC01:56
*** ddieterly has joined #openstack-keystone01:57
*** ddieterly is now known as ddieterly[away]01:57
*** ddieterly[away] is now known as ddieterly01:57
*** jrist has joined #openstack-keystone02:03
*** ddieterly has quit IRC02:12
*** browne has joined #openstack-keystone02:16
*** ddieterly has joined #openstack-keystone02:20
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428402:21
*** nkinder has quit IRC02:23
*** nkinder has joined #openstack-keystone02:23
*** EinstCrazy has quit IRC02:25
*** EinstCrazy has joined #openstack-keystone02:28
*** jinquan has joined #openstack-keystone02:29
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428402:29
*** EinstCrazy has quit IRC02:29
*** EinstCrazy has joined #openstack-keystone02:31
*** EinstCrazy has quit IRC02:33
*** ddieterly has quit IRC02:35
*** ddieterly has joined #openstack-keystone02:35
*** ddieterly has quit IRC02:35
*** rderose has quit IRC02:36
*** EinstCra_ has joined #openstack-keystone02:36
*** julim has joined #openstack-keystone02:38
*** EinstCra_ has quit IRC02:42
*** EinstCrazy has joined #openstack-keystone02:43
*** browne has quit IRC02:48
*** roxanaghe has joined #openstack-keystone02:50
*** roxanaghe has quit IRC02:55
*** links has quit IRC02:56
*** gyee has quit IRC02:59
*** iurygregory_ has quit IRC03:05
*** richm has quit IRC03:11
*** tqtran has joined #openstack-keystone03:31
*** sheel has joined #openstack-keystone03:34
*** tqtran has quit IRC03:36
*** EinstCrazy has quit IRC03:47
*** EinstCrazy has joined #openstack-keystone03:47
*** EinstCrazy has quit IRC03:55
*** julim has quit IRC04:04
*** links has joined #openstack-keystone04:05
*** david-lyle has joined #openstack-keystone04:06
*** GB21 has joined #openstack-keystone04:13
openstackgerritMerged openstack/keystone: Add cache invalidation for service providers  https://review.openstack.org/32541704:27
*** diazjf has joined #openstack-keystone04:28
*** diazjf has quit IRC04:29
*** henrynash_ has quit IRC04:42
*** EinstCra_ has joined #openstack-keystone04:44
*** roxanaghe has joined #openstack-keystone04:51
*** roxanaghe has quit IRC04:54
*** roxanaghe has joined #openstack-keystone04:55
*** jaosorior has joined #openstack-keystone05:04
*** GB21 has quit IRC05:05
*** kursad_ has joined #openstack-keystone05:17
kursad_Hi, we face some problem while enabling federation in keystone using saml. Is there any one to help us?05:22
kursad_The final error that we get is the following: Could not map user while setting ephemeral user identity. Either mapping rules must specify user id/name or REMOTE_USER environment variable must be set05:22
*** EinstCra_ has quit IRC05:36
*** EinstCrazy has joined #openstack-keystone05:36
*** GB21 has joined #openstack-keystone05:37
*** EinstCrazy has quit IRC05:45
*** EinstCrazy has joined #openstack-keystone05:45
*** yolanda has joined #openstack-keystone06:13
*** yolanda_ has joined #openstack-keystone06:13
*** roxanaghe has quit IRC06:14
*** yolanda_ has quit IRC06:14
*** openstackgerrit has quit IRC06:18
*** openstackgerrit has joined #openstack-keystone06:18
*** rcernin has joined #openstack-keystone06:29
*** EinstCrazy has quit IRC06:50
*** EinstCrazy has joined #openstack-keystone06:50
*** belmoreira has joined #openstack-keystone06:51
*** GB21 has quit IRC06:53
*** EinstCrazy has quit IRC06:55
*** EinstCrazy has joined #openstack-keystone06:58
*** amoralej|off is now known as amoralej06:59
*** tesseract has joined #openstack-keystone07:03
*** rcernin has quit IRC07:04
*** rcernin has joined #openstack-keystone07:04
*** GB21 has joined #openstack-keystone07:05
*** EinstCrazy has quit IRC07:10
*** EinstCrazy has joined #openstack-keystone07:13
*** EinstCrazy has quit IRC07:16
*** EinstCrazy has joined #openstack-keystone07:17
*** dhellmann has quit IRC07:20
*** dhellmann has joined #openstack-keystone07:20
*** danpawlik has joined #openstack-keystone07:25
*** GB21 has quit IRC07:30
*** openstackgerrit has quit IRC07:33
*** openstackgerrit has joined #openstack-keystone07:33
*** EinstCrazy has quit IRC07:36
*** EinstCrazy has joined #openstack-keystone07:37
*** links has quit IRC07:39
*** EinstCrazy has quit IRC07:52
*** EinstCrazy has joined #openstack-keystone07:52
*** jaosorior is now known as jaosorior_brb07:53
*** links has joined #openstack-keystone07:56
*** EinstCrazy has quit IRC07:57
*** zzzeek has quit IRC08:00
*** EinstCrazy has joined #openstack-keystone08:00
*** zzzeek has joined #openstack-keystone08:03
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
openstackgerritAndrew Liu proposed openstack/keystone: Added cache for sql id mapping driver  https://review.openstack.org/32882008:14
*** dmk0202 has joined #openstack-keystone08:22
*** GB21 has joined #openstack-keystone08:24
*** henrynash_ has joined #openstack-keystone08:40
*** ChanServ sets mode: +v henrynash_08:40
*** jaosorior_brb has quit IRC08:40
*** jaosorior_brb has joined #openstack-keystone08:40
*** jaosorior_brb is now known as jaosorior08:41
*** henrynash_ has quit IRC08:45
*** tqtran has joined #openstack-keystone08:45
*** rk4n has joined #openstack-keystone08:46
*** EinstCrazy has quit IRC08:47
*** EinstCrazy has joined #openstack-keystone08:48
*** henrynash_ has joined #openstack-keystone08:48
*** ChanServ sets mode: +v henrynash_08:48
*** tqtran has quit IRC08:50
*** EinstCrazy has quit IRC08:50
*** EinstCrazy has joined #openstack-keystone08:50
*** TxGVNN has joined #openstack-keystone08:54
*** jaosorior has quit IRC08:57
*** nisha_ has joined #openstack-keystone08:58
*** TxGVNN has quit IRC09:07
*** mvk_ has quit IRC09:11
*** jaosorior has joined #openstack-keystone09:21
*** EinstCrazy has quit IRC09:23
*** EinstCrazy has joined #openstack-keystone09:23
*** dancn has quit IRC09:27
*** dancn has joined #openstack-keystone09:27
*** EinstCrazy has quit IRC09:28
*** EinstCrazy has joined #openstack-keystone09:30
*** Dinesh_Bhor has joined #openstack-keystone09:30
*** GB21 has quit IRC09:33
*** TxGVNN has joined #openstack-keystone09:37
*** EinstCrazy has quit IRC09:38
*** nisha_ has quit IRC09:38
*** EinstCrazy has joined #openstack-keystone09:39
*** nisha_ has joined #openstack-keystone09:39
*** TxGVNN has quit IRC09:43
*** EinstCrazy has quit IRC09:44
*** mvk_ has joined #openstack-keystone09:45
*** rk4n has quit IRC09:48
*** rk4n has joined #openstack-keystone09:51
*** rk4n has quit IRC09:51
*** rk4n has joined #openstack-keystone09:52
*** EinstCrazy has joined #openstack-keystone09:57
*** EinstCrazy has quit IRC09:58
*** EinstCrazy has joined #openstack-keystone09:58
*** permalac has joined #openstack-keystone09:58
odyssey4melbragstad back to icehouse in various forms... back to juno/kilo only for this particular repo but only kilo will work to deploy just keystone easily09:59
*** GB21 has joined #openstack-keystone10:01
*** jinquan has left #openstack-keystone10:03
openstackgerritLiam Young proposed openstack/keystone: Correct domain_id and name constraint dropping  https://review.openstack.org/32985510:07
openstackgerritAndrew Liu proposed openstack/keystone: Added named argument to response test functions  https://review.openstack.org/32890710:08
*** henrynash_ has quit IRC10:11
*** rk4n has quit IRC10:14
*** GB21 has quit IRC10:23
*** nisha_ has quit IRC10:32
*** nisha_ has joined #openstack-keystone10:32
*** henrynash_ has joined #openstack-keystone10:33
*** ChanServ sets mode: +v henrynash_10:33
*** jefrite has joined #openstack-keystone10:34
*** GB21 has joined #openstack-keystone10:48
Dinesh_Bhordolphm: Hi, Could you please take a look at it ? https://bugs.launchpad.net/keystone/+bug/153447310:49
openstackLaunchpad bug 1534473 in OpenStack Identity (keystone) "openstack service create allows duplicate names" [Undecided,Confirmed] - Assigned to Kanika Singh (kanikasingh-1490)10:49
Dinesh_BhorCan someone help me with the above bug ?10:54
Dinesh_Bhoris keystone allowing to create services with duplicate names purposely ?10:54
*** rk4n has joined #openstack-keystone10:55
*** dave-mccowan has quit IRC11:04
*** EinstCrazy has quit IRC11:07
*** EinstCrazy has joined #openstack-keystone11:07
*** rk4n has quit IRC11:08
*** dave-mccowan has joined #openstack-keystone11:20
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add domain functional tests  https://review.openstack.org/32959811:22
*** henrynash_ has quit IRC11:23
*** henrynash_ has joined #openstack-keystone11:25
*** ChanServ sets mode: +v henrynash_11:25
*** belmoreira has quit IRC11:33
*** rk4n has joined #openstack-keystone11:38
*** nisha__ has joined #openstack-keystone11:39
*** nisha_ has quit IRC11:43
*** rk4n has quit IRC11:43
*** rk4n has joined #openstack-keystone11:44
*** ddieterly has joined #openstack-keystone11:45
*** dave-mccowan has quit IRC11:47
*** henrynash_ has quit IRC11:50
*** aloga has quit IRC11:53
*** aloga has joined #openstack-keystone11:53
*** ddieterly is now known as ddieterly[away]12:08
*** pauloewerton has joined #openstack-keystone12:12
*** daemontool has joined #openstack-keystone12:16
*** GB21 has quit IRC12:24
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428412:25
*** raildo-afk is now known as raildo12:26
*** ddieterly[away] is now known as ddieterly12:27
*** frontrunner has joined #openstack-keystone12:31
*** ddieterly has quit IRC12:35
*** nisha__ is now known as nisha_12:42
*** edmondsw has joined #openstack-keystone12:43
*** tqtran has joined #openstack-keystone12:47
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833912:50
*** tqtran has quit IRC12:51
*** jsavak has joined #openstack-keystone12:51
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428412:55
*** rderose has joined #openstack-keystone12:58
*** julim has joined #openstack-keystone12:59
dstanekDinesh_Bhor: what about it?12:59
*** woodster_ has joined #openstack-keystone13:02
*** afred312 has quit IRC13:02
openstackgerritDavid Stanek proposed openstack/python-keystoneclient: WIP: Response objects from Manager methods  https://review.openstack.org/32991313:04
dstanekdolphm: ^13:13
*** rcernin has quit IRC13:14
*** ddieterly has joined #openstack-keystone13:16
*** amoralej is now known as amoralej|lunch13:16
*** richm has joined #openstack-keystone13:16
*** wasmum has joined #openstack-keystone13:22
*** nisha_ has quit IRC13:24
*** afred312 has joined #openstack-keystone13:28
Dinesh_Bhordstanek: Keystone allows to create services with duplicate names. is it done purposely ?13:28
*** rcernin has joined #openstack-keystone13:28
Dinesh_Bhorfor both v2.0 and v3 it is allowing.13:29
*** sdake has joined #openstack-keystone13:29
*** ebarrera has joined #openstack-keystone13:29
ebarreraHi all13:30
dstanekDinesh_Bhor: i don't know if we meant to allow it, but from what i see we do13:30
dstanekhi ebarrera13:31
*** lamt has quit IRC13:31
ebarreraI'm trying to configure keystone v3 domains but not with too much luck. Once I switch to domain admin I'm not able to create a project.13:32
ayoungebarrera, which policy file?13:33
ebarrerathis domain admin as role admin for the domain but anyway it says I'm not authorized (using the cli) it is  the v3sample.json13:33
Dinesh_Bhordstanek: so do we need to fix this issue ?13:34
ayoungebarrera, paste the config file you are using,. with passwords removed, please13:35
ayoungebarrera, the keystone rc file, that is13:35
dstanekDinesh_Bhor: probably? it looks like someone took ownership of that bug a few weeks ago and is presumably working on it13:35
ebarreraayoung, http://pastebin.com/d0B85aps13:37
ayoungebarrera, you need to set OS_DOMAIN_NAME to get a domain scoped token13:38
ayoungunset OS_DOMAIN_NAME  is messing you up13:38
*** ddieterly is now known as ddieterly[away]13:39
ayoungexport OS_DOMAIN_NAME=default  I think13:39
Dinesh_Bhordstanek: yes..because from openstackclient if we try to delete or show any service with duplicate names it is giving problem, so if this issue is fixed in keystone both problems will  be solved.13:39
dstanekDinesh_Bhor: if you are interested in fixing then i would say you should ask in the bug if it's currently being worked on13:40
*** sdake_ has joined #openstack-keystone13:42
Dinesh_Bhordstanek: ok , Thank you for your help13:42
dstanekDinesh_Bhor: np13:42
ebarreraayoung, it doesn't work neither... I removed the unset and I changed to export OS_DOMAIN_NAME=default instead of my_domain . Why default and not my_domain ? It still doesn't after reloadinv env vars13:43
ayoungwhatever your domain is13:43
ebarreraok, It already was there13:43
ebarreraits the last line... probably hidden13:43
ebarreraayoung, ^13:43
*** sdake has quit IRC13:45
*** ddieterly[away] is now known as ddieterly13:46
dstanekebarrera: also did you check the logs to see that it was policy that failed and not something else?13:46
*** rodrigods has quit IRC13:47
*** rodrigods has joined #openstack-keystone13:48
*** henrynash_ has joined #openstack-keystone13:48
*** ChanServ sets mode: +v henrynash_13:48
stevemarmorning keystoners13:50
henrynash_mornin’13:50
ayoungebarrera, next step is openstack --debug token issue13:50
ayounglook at the response to see what roles are in the token validation response13:50
dstanekmorning stevemar13:50
ebarreradstanek, yes... it fails on identity:create_project ... There is also another fail in the logs... It also fail on list_domains that it's extrange13:51
ayoungstevemar, I took over my last manager job (10 years ago) about 2 months before my first son was born....13:52
dstanekebarrera: k, i mentioned that because we have other checks (not policy related) that bail with a not authorized error13:52
ebarreradstanek, http://pastebin.com/Jk8A9uKu here you can find the logs13:52
ayoung'roles': [u'admin'], 'domain_id': u'2e25369784564c508fdb51903ce98368',13:53
ayoungthat should be sufficient13:53
ayoungthe rule is13:53
ebarrerau'2e25369784564c508fdb51903ce98368', is the id om my domain13:53
dstanekebarrera: does your user (and token) have the admin role on that domain?13:53
ebarreramy_domain13:53
*** rcernin has quit IRC13:54
ebarreradstanek, yes, they have...13:54
ayoungassuming  u'2e25369784564c508fdb51903ce98368',  is the domain name for u'domain_id': u'my_domain',13:54
ayoungwhich it is not13:54
dstanekalso noticed "Could not find domain: my_domain" in the log13:54
ayoungebarrera, what command line are you calling to create the project?13:55
ebarreraopenstack project create --domain my_domain my_domain_project113:55
openstackgerritMerged openstack/keystone-specs: Drop Support for Driver Versioning  https://review.openstack.org/32408113:55
*** amoralej|lunch is now known as amoralej13:56
ebarreradstanek, true...13:56
*** links has quit IRC13:56
ebarreradstanek, but a domain admin as no right to list the domains13:57
ebarreradstanek, only cloud_admin13:57
*** jed56 has quit IRC14:01
*** jed56 has joined #openstack-keystone14:01
dolphmstevemar: when would the next openstackclient release be?14:01
ebarreraayoung, what do you mean with "which it is not" ?14:02
ebarrera| 2e25369784564c508fdb51903ce98368 | my_domain    |14:03
dstanekebarrera: line 26 of your paste http://pastebin.com/Jk8A9uKu14:05
dstanekebarrera: also line 4114:06
ebarreradstanek, do you mean that there is writen the domain name instead the domain_id ?14:07
ayoungebarrera, sorry...company all hands Openstack meeting now...hard to multiplex14:09
*** rcernin has joined #openstack-keystone14:09
ayoungebarrera, yes, it looks like the domain_id is set to the  domain_name14:10
ayoungebarrera,  --domain my_domain  should be looking up the domainname, but it is not14:10
ayoungthat might be abug14:10
ayoungtry14:10
ayoung openstack project create --domain 2e25369784564c508fdb51903ce98368  my_domain_project114:10
ebarreraok14:10
*** ddieterly is now known as ddieterly[away]14:11
ebarreraayoung, lol!!!!!!!!!! it worked14:11
ebarreraayoung++14:11
ayoungebarrera, the "id vs name" battle in Openstack is lingering14:11
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833914:14
stevemardolphm: we have a few things to clean up, but should be before newton-214:15
stevemarbefore newton-2 ends14:15
*** jaugustine has joined #openstack-keystone14:16
*** jaugustine has quit IRC14:17
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428414:18
*** rcernin has quit IRC14:18
*** sigmavirus24_awa is now known as sigmavirus2414:18
*** raddaoui has joined #openstack-keystone14:18
*** ddieterly[away] is now known as ddieterly14:19
stevemardolphm: you could hit up dtroyer for details14:20
stevemardolphm: itching to try things out with federated users? :)14:20
dolphmstevemar: no, i want to see this fixed https://bugs.launchpad.net/python-openstackclient/+bug/159206214:21
openstackLaunchpad bug 1592062 in python-openstackclient "An OS_PROJECT_* value is unnecessarily demanded, even if the user has a default project" [Undecided,New]14:21
dolphmstevemar: it's sort of a blocker when people don't know their project ID / name because they've never had to use it before14:22
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428414:23
stevemardolphm: oh, that wasn't on our list of things to fix for this upcoming release14:23
*** jrist has quit IRC14:23
*** lucas___ has joined #openstack-keystone14:24
stevemardolphm: blah...14:25
openstackgerritLiam Young proposed openstack/keystone: Correct domain_id and name constraint dropping  https://review.openstack.org/32985514:26
*** nisha_ has joined #openstack-keystone14:28
*** pushkaru has joined #openstack-keystone14:29
dolphmstevemar: it looks like it's doing a scope check on the options before it authenticates? and instead it should do that same check but after it's got a token14:29
stevemardolphm: right, we actually have a patch up to refactor that bit: https://review.openstack.org/#/c/318201/14:30
patchbotstevemar: patch 318201 - python-openstackclient - Refactor check_valid_auth_options function14:30
dolphmstevemar: should i test to see if that will fix this issue?14:31
stevemardolphm: the "required_scope" is true by default, and overridden in certain commands where no scope is possible, like getting a token or a catalog (like you reported in the bug)14:31
stevemardolphm: AFAICT it won't14:31
*** rcernin has joined #openstack-keystone14:31
stevemardolphm: you can certainly try14:31
*** catintheroof has joined #openstack-keystone14:32
stevemardolphm: but the refactor is just getting the opts from the auth plugin and if the plugin requires a project_id/name/etc... then it'll ask for one14:32
alogastevemar: do you have a second for https://bugs.launchpad.net/keystoneauth/+bug/1583961 ?14:32
openstackLaunchpad bug 1583961 in keystoneauth "OpenID Connect support for authorization code seems to be incomplete" [Undecided,New] - Assigned to Alvaro Lopez (aloga)14:32
stevemaraloga: for you, i have a minute14:33
stevemar:)14:33
alogastevemar: thanks :)14:33
*** jorge_munoz has joined #openstack-keystone14:33
dolphmstevemar: it actually does fix it!14:33
alogaI've been working a bit on the OIDC support, as you know, the problem comes with the authZ code grant_type14:33
dolphmstevemar: wait, no it doesn't14:33
dolphmstevemar: sorry, lol.14:34
alogathe authorization code, AFAIK, is a single use code14:34
*** jefrite has quit IRC14:34
*** jsavak has quit IRC14:34
stevemardolphm: :)14:34
alogaso the user cannot provide with it, but the client needs to get the code from the autorization_endpoint, then use the code with the token_endpoint to obtain the access_token, then get the keystone token14:34
alogas/provide with/provide/14:34
*** jsavak has joined #openstack-keystone14:35
dolphmstevemar: i'll look into a fix though. i suspect the answer IS to refactor that function - and separate authN checks (pre authentication) from authZ checks (post authentication)14:35
alogaso, it is needed an additional step (the one that gets the token)14:35
stevemardolphm: likely, please comment on the patch regardless and cite the bug14:35
dolphmstevemar: the fact that the required_scope argument is there sort of illustrates that the function is overloaded on behaviors / usage14:35
stevemardolphm: totes14:35
stevemaraloga: let me look at my oidc notes, i forget which one is authz code14:36
alogahowever, the authorization_endpoint may redirect the user to a login page (as google does), where the user enter his credentials and eventually authorize the client14:36
*** jrist has joined #openstack-keystone14:37
alogastevemar: sure :)14:37
alogastevemar: here it is nicely explained https://developers.google.com/identity/protocols/OpenIDConnect#server-flow14:40
stevemaraloga: haha, on there now14:40
*** danpawlik has left #openstack-keystone14:40
knikollao/14:41
stevemarknikolla: o/14:42
alogastevemar: the tricky part is that the user needs to authenticate with the idp14:42
alogastevemar: therefore, a browser is needed14:42
*** edtubill has joined #openstack-keystone14:42
*** phalmos has joined #openstack-keystone14:43
*** henrynash_ has quit IRC14:43
alogastevemar: but noy only that, we need a listening HTTP endpoint where the callback will be redirected14:43
alogastevemar: so that we can obtain the access code14:43
*** gagehugo has joined #openstack-keystone14:45
*** anush__ has joined #openstack-keystone14:45
stevemaraloga: right, i had to go to https://accounts.google.com/o/oauth2/auth?scope=email%20profile&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=809841518623-rc1718nrf70tkvv44pddicuam4n7deqq.apps.googleusercontent.com to get an access code14:47
stevemaraloga: so that pin is only good for an hour or so, right?14:48
alogastevemar: I don't know about the duration, but this should be a single-use code14:48
*** gordc has joined #openstack-keystone14:50
stevemaraloga: hmm, to get the authz code, the client id is secret are needed14:51
stevemarshouldn't the exchange to get the authz code be handled by mod_auth_openidc ?14:51
*** phalmos has quit IRC14:52
alogastevemar: yes, the exchange works with mod_auth_openidc, but that would work only with websso, right?14:54
aloganot using openstackclient + keystoneauth14:54
*** phalmos has joined #openstack-keystone14:55
stevemaraloga: oh you're saying that after every osc command, the user will need to supply a new authz code?14:57
alogayes14:57
*** amakarov_away is now known as amakarov14:57
stevemarsince the session is terminated14:57
stevemarlol14:57
alogastevemar: I have some code working14:58
stevemarokay, i get the problem now, that's pretty funny14:58
alogawhere I fire up a browser so that the user authenticates14:58
alogabut the problem is that if you do 100 operations, you get 100 brand new tabs :)14:58
stevemaraloga: hehe14:58
*** jsavak has quit IRC14:58
*** tonytan4ever has joined #openstack-keystone14:58
stevemaraloga: gce has something similar14:58
amakarovnotmorgan, please review this CR: https://review.openstack.org/#/c/325242/ - it's a bug fix in oslo.cache14:59
patchbotamakarov: patch 325242 - oslo.cache - Handle empty memcache pool corner case14:59
*** jsavak has joined #openstack-keystone14:59
*** timcline has joined #openstack-keystone14:59
stevemaraloga: marekdenis was emailing me about this a few weeks ago15:01
stevemaraloga: refer to 3:39 at https://www.youtube.com/watch?v=gxZvofAvgHQ15:04
*** afred312_ has joined #openstack-keystone15:04
alogastevemar: I guess that they get the access_token15:05
alogastevemar: then they are reusing it15:05
alogastevemar: that's perfectly feasible15:05
*** afred312 has quit IRC15:05
stevemaraloga: yeah, i think it's saved somewhere and they keep reusing it15:05
alogastevemar: but we need to store the access_token somewhere15:05
stevemarright, and we can't do that in the session, cause the process is terminated! :O15:06
alogastevemar: oauth2client/tools.py:        webbrowser.open(authorize_url, new=1, autoraise=True)15:06
alogav3/oidc.py:        webbrowser.open(url)15:06
alogaso, I'm doing the same thing \o/15:06
*** catintheroof has quit IRC15:08
*** sdake_ has quit IRC15:08
*** sdake has joined #openstack-keystone15:10
alogastevemar: I have to leave, thanks for your input15:11
stevemaraloga: i'm trying to find out where they store the authz code15:11
stevemaraloga: storing in $HOME/.openstack/tmp_file is always a good option15:11
*** kursad_ has quit IRC15:11
*** sdake has quit IRC15:11
stevemari'm wondering if that's a security concern though...15:12
alogastevemar: I will submit the code that I have right now to see if it makes sense or not (assuming that we manage to store the credential somewhere)15:14
stevemaraloga: do it up15:14
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: WIP: fix OpenID Connect authorization code grant_type  https://review.openstack.org/33000615:15
*** jaugustine has joined #openstack-keystone15:15
alogastevemar: there you are :)15:15
alogastevemar: see you, thanks for your help!15:15
stevemaraloga: thank *you* for all your patches recently :)15:15
alogastevemar: you're welcome, it's a pleasure :)15:16
*** ktychkova has quit IRC15:18
*** EinstCrazy has quit IRC15:19
*** dan_nguyen has joined #openstack-keystone15:20
*** phalmos has quit IRC15:21
*** ebarrera has quit IRC15:21
*** diazjf has joined #openstack-keystone15:21
*** anush__ has quit IRC15:24
*** tonytan4ever has quit IRC15:24
*** phalmos has joined #openstack-keystone15:25
openstackgerritSteve Martinelli proposed openstack/keystoneauth: Use SAML2 requests plugin  https://review.openstack.org/25505615:25
*** sheel has quit IRC15:25
*** ktychkova has joined #openstack-keystone15:26
*** pushkaru has quit IRC15:26
*** jaugustine has quit IRC15:26
*** pushkaru has joined #openstack-keystone15:26
*** browne has joined #openstack-keystone15:27
*** ktychkova has quit IRC15:30
*** pushkaru has quit IRC15:31
*** ktychkova has joined #openstack-keystone15:31
*** dan_nguyen has left #openstack-keystone15:32
*** anush__ has joined #openstack-keystone15:32
*** jaugustine has joined #openstack-keystone15:34
*** rk4n has quit IRC15:34
*** anush__ has quit IRC15:37
*** ddieterly is now known as ddieterly[away]15:39
ayoungstevemar, do we have docs on how to tune the logging for different subsections to troubleshoot keystone?15:45
stevemarayoung: hmm? subsections? for more logging/tuning i normally flip some of these values: https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L19015:46
ayoungstevemar, yep, but we know what we are doing...I was wondering if we have a doc that says "here is how and why"  but I can start one.15:47
stevemarayoung: oh, i get what you mean, i thought you were asking me. tribal knowledge ftw!15:48
amakarovayoung, good day! Quick question: can a delegation issued for a group (not for user) be redelegated?15:49
*** ddieterly[away] is now known as ddieterly15:49
*** aratus has joined #openstack-keystone15:50
*** pcaruana has quit IRC15:50
ayoungstevemar, I'm specifically looking for LDAP debugging techniques.  We don;'t have an LDAP entry in that line.  Can one be added ?15:51
*** roxanaghe has joined #openstack-keystone15:51
ayoungThose are for the external libraries mostly, right?  amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN15:51
*** jrist has quit IRC15:52
*** dmk0202 has quit IRC15:52
*** rcernin has quit IRC15:53
stevemarayoung: correct, we could add pyldap in there15:53
ayoungfor the future15:53
*** tesseract has quit IRC15:55
ayoungstevemar, would keystone.common.ldap=DEBUG work?15:55
*** tonytan4ever has joined #openstack-keystone15:56
*** ma9 has joined #openstack-keystone16:02
*** afred312 has joined #openstack-keystone16:03
*** jsavak has quit IRC16:04
*** jsavak has joined #openstack-keystone16:04
ma9Hi, I would like to configure Keystone and Swift in such a way: users can log into a host via SSH, with SSHKeys or with Password. Kerberos can be enables, but Kerberos does not generate a token if SSH Keys are used so it does not help in this case. Once the user is in, I would like to grant him the rights to push files into Swift, without the need to authenticate again or type his password. How can I do it with Keystone? We nee16:04
nisha_stevemar, how should reply back in the review itself, in the patch I submitted16:04
*** afred312_ has quit IRC16:04
nisha_stevemar, when I use the reply option at top, it adds me too as one of the reviewers16:05
*** sdake has joined #openstack-keystone16:05
*** shewless has quit IRC16:09
*** krotscheck is now known as krotscheck_dcm16:09
*** jsavak has quit IRC16:09
*** jsavak has joined #openstack-keystone16:10
*** aratus has quit IRC16:10
*** lucas___ has quit IRC16:11
*** lucas has joined #openstack-keystone16:12
raildonisha_: and this is the correct way :)16:12
raildonisha_: just review with 0 and add a comment16:13
nisha_oh, alright16:13
nisha_raildo, thanks16:13
raildonisha_: yw16:13
*** shaleh has joined #openstack-keystone16:13
*** henrynash_ has joined #openstack-keystone16:13
*** ChanServ sets mode: +v henrynash_16:13
*** aratus has joined #openstack-keystone16:14
*** tonytan4ever has quit IRC16:14
*** lucas has quit IRC16:14
*** lucas has joined #openstack-keystone16:14
nisha_raildo, one more thing, If I want to add an inline comment, then it is getting saved as a draft16:15
nisha_raildo, how can i post it?16:15
*** ddieterly is now known as ddieterly[away]16:16
raildonisha_: when you review, gerrit will post the inline comments.16:16
nisha_oh, thanks again :)16:16
raildonisha_: every draft comment will be a public comment16:16
shalehnisha_: welcome to the chaos :-)16:16
nisha_raildo, that's nice16:16
openstackgerritMikhail Nikolaenko proposed openstack/keystone: Validate impersonation in trust redelegation  https://review.openstack.org/33004516:17
raildonisha_: btw, I suggest take a look on gertty :D https://github.com/openstack/gertty16:17
*** rderose has quit IRC16:17
*** rderose has joined #openstack-keystone16:18
nisha_raildo, on it :D16:18
*** lucas has quit IRC16:18
*** tonytan4ever has joined #openstack-keystone16:19
*** phalmos has quit IRC16:19
*** EinstCrazy has joined #openstack-keystone16:20
*** jaosorior has quit IRC16:20
*** phalmos has joined #openstack-keystone16:20
*** ddieterly[away] is now known as ddieterly16:21
*** timcline has quit IRC16:21
*** timcline has joined #openstack-keystone16:21
*** Guest5 has joined #openstack-keystone16:22
*** lucas has joined #openstack-keystone16:22
*** Guest5 has left #openstack-keystone16:24
*** EinstCrazy has quit IRC16:25
*** tonytan4ever has quit IRC16:26
*** lucas has quit IRC16:26
*** timcline has quit IRC16:26
*** henrynash_ has quit IRC16:27
*** nisha_ has quit IRC16:28
*** henrynash_ has joined #openstack-keystone16:31
*** ChanServ sets mode: +v henrynash_16:31
*** nisha_ has joined #openstack-keystone16:31
*** jaugustine has quit IRC16:31
dolphmstevemar: https://review.openstack.org/#/c/330057/16:31
patchbotdolphm: patch 330057 - python-openstackclient - Do not prompt for scope options with default scope...16:31
*** sdake has quit IRC16:42
*** shaleh is now known as shaleh|away16:43
*** yolanda has quit IRC16:46
*** ddieterly is now known as ddieterly[away]16:47
*** lucas has joined #openstack-keystone16:51
*** lucas has quit IRC16:52
*** lucas___ has joined #openstack-keystone16:52
*** browne has quit IRC16:53
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833916:53
*** lucas has joined #openstack-keystone16:54
*** lucas___ has quit IRC16:54
*** lucas___ has joined #openstack-keystone16:55
*** lucas has quit IRC16:55
*** lucas has joined #openstack-keystone16:57
*** sheel has joined #openstack-keystone16:58
*** lucas has quit IRC16:58
*** lucas has joined #openstack-keystone16:59
*** lucas___ has quit IRC16:59
*** woodster_ has quit IRC16:59
*** woodster_ has joined #openstack-keystone17:00
*** ma9 has quit IRC17:01
*** timcline has joined #openstack-keystone17:04
*** lucas has quit IRC17:04
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833917:07
notmorgandolphm: i like py3 so much more than py2.717:08
notmorgandolphm: it's... fantastic17:08
*** mvk_ has quit IRC17:08
*** ddieterly[away] is now known as ddieterly17:08
dolphmnotmorgan: super random but ++ lol17:09
notmorgandolphm: i've been doing a lot of py3 conversion work and also enjoyed pycon recently17:09
notmorgandolphm: i wish we could drop py2 from keystone :P17:09
dolphmsomeday!17:10
*** lucas has joined #openstack-keystone17:10
notmorgandolphm: hehe. actually reminds me i need to reach out to sean (python-memcached person) and fnish the import into gerrit17:10
*** amoralej is now known as amoralej|off17:10
*** lucas___ has joined #openstack-keystone17:11
*** lucas___ has quit IRC17:12
*** luca_____ has joined #openstack-keystone17:12
*** lucas has quit IRC17:14
*** luca_____ has quit IRC17:15
*** lucas has joined #openstack-keystone17:15
*** jsavak has quit IRC17:16
*** jsavak has joined #openstack-keystone17:16
*** tonytan4ever has joined #openstack-keystone17:17
*** lucas___ has joined #openstack-keystone17:19
*** lucas has quit IRC17:19
*** lucas has joined #openstack-keystone17:20
*** pcaruana has joined #openstack-keystone17:21
*** henrynash_ has quit IRC17:22
*** luca_____ has joined #openstack-keystone17:23
*** lucas___ has quit IRC17:23
*** lucas has quit IRC17:24
*** luca_____ has quit IRC17:26
*** lucas has joined #openstack-keystone17:26
*** afred312 has quit IRC17:29
*** tqtran has joined #openstack-keystone17:31
*** jaugustine has joined #openstack-keystone17:32
*** jsavak has quit IRC17:32
*** jaugustine has quit IRC17:33
*** jaugustine has joined #openstack-keystone17:34
openstackgerritLance Bragstad proposed openstack/keystone: Move project scoped tests to TokenAPITests  https://review.openstack.org/33011617:35
*** tqtran has quit IRC17:35
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add domain functional tests  https://review.openstack.org/32959817:37
*** roxanaghe has quit IRC17:41
*** ddieterly is now known as ddieterly[away]17:41
*** roxanaghe has joined #openstack-keystone17:42
*** nisha_ has quit IRC17:42
*** jaugustine has quit IRC17:42
*** jsavak has joined #openstack-keystone17:45
*** henrynash_ has joined #openstack-keystone17:45
*** ChanServ sets mode: +v henrynash_17:45
openstackgerritRon De Rose proposed openstack/keystone: Update driver versioning documentation  https://review.openstack.org/33011817:47
openstackgerritRon De Rose proposed openstack/keystone: Update driver versioning documentation  https://review.openstack.org/33011817:47
*** mvk_ has joined #openstack-keystone17:49
stevemardolphm: danke17:56
stevemarayoung: that should work, did it?17:56
ayoungstevemar, no idea.  I told someone else to try it17:57
ayoungI'm in the middle of a redeploy17:57
ayounginstaller churn is the best17:57
stevemarraildo: thanks for answering nisha's question :)17:57
stevemarah17:57
raildostevemar: np :)17:58
*** daemontool has quit IRC17:59
dolphmstevemar: the patch i uploaded works, yes. just revised it with a release note18:00
*** jsavak has quit IRC18:03
samueldmqraildo: thanks for helping nisha18:04
notmorgandolphm, stevemar: interesting read - http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html18:04
*** tonytan4ever has quit IRC18:04
*** adrian_otto has joined #openstack-keystone18:05
raildosamueldmq: just doing our job here :D18:05
samueldmq:)18:06
raildosamueldmq: a long time ago in a galaxy far far  away, it was us asking for help here :P18:06
dolphmnotmorgan: the redirect attack is pretty scary18:07
notmorgandolphm: right?18:07
stevemarraildo: ++ for paying it forward18:10
*** mwheckmann has joined #openstack-keystone18:11
*** tqtran has joined #openstack-keystone18:13
*** tonytan4ever has joined #openstack-keystone18:16
*** browne has joined #openstack-keystone18:17
*** aratus has quit IRC18:18
stevemardolphm: thanks for the patch!18:18
*** tonytan4ever has quit IRC18:19
*** adrian_otto has quit IRC18:20
*** EinstCrazy has joined #openstack-keystone18:22
*** adrian_otto has joined #openstack-keystone18:25
*** aratus has joined #openstack-keystone18:26
*** EinstCrazy has quit IRC18:27
*** pnavarro has joined #openstack-keystone18:29
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428418:31
notmorgandolphm: btw, who do i send an email to at Rax to say more good things about lbragstad ?18:33
notmorgandolphm: :P18:33
stevemardolphm: ++18:33
stevemarken savich?18:33
dolphmnotmorgan: chris laco!18:34
notmorganstevemar: dude. GPG-ssh is awesome.18:34
notmorganstevemar: just sayin'18:34
notmorgandolphm: oh.. that means i need to talk to claco... nvm :P [j/k]18:34
stevemardolphm: oh i can twitter that18:34
lbragstadlol18:35
notmorganstevemar: exactly :)18:35
dolphmstevemar: ++18:35
lbragstadclaco and i hold one-on-ones via twitter18:35
lbragstadit's the perfect tool, meetings in 140 characters or less18:35
notmorganlbragstad: as long as you don't use DMs ... cause those are like 10k letters18:36
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password history requirements  https://review.openstack.org/32833918:37
notmorganstevemar: lol i just saw your tweet18:37
notmorganalmost the same as mine18:37
*** jaugustine has joined #openstack-keystone18:39
stevemar:)18:42
*** ddieterly[away] has quit IRC18:43
*** jaugustine is now known as jaugustine_18:44
*** ddieterly has joined #openstack-keystone18:44
*** jaosorior has joined #openstack-keystone18:44
*** jaugustine_ is now known as jaugustine18:44
*** jed56 has quit IRC18:45
*** aratus has quit IRC18:49
*** jaugustine has quit IRC18:54
*** henrynash_ has quit IRC18:54
*** henrynash_ has joined #openstack-keystone18:58
*** ChanServ sets mode: +v henrynash_18:58
notmorganstevemar: omg real office chair > couch and hurting back.18:59
stevemarnotmorgan: i use my dining room table and chair19:01
notmorganstevemar: i was doing that for a bit, but sinc ei'm setting up a real desk...19:01
notmorgani bought a real office chair19:01
notmorganit was the low end herman miller mirra2, but it's so muhc more comfortable than the dining room chair.19:01
notmorgani figure i sit in the chair enough i should get one i know is comfortable19:02
samueldmqraildo: yes, it's important to pay it forward in the community19:02
bknudsonI got an aeron for the house.19:02
notmorganbknudson: yeah i looked at the aeron, but i didn't want to spend $500 more than i already did19:02
bknudsoncouple years ago now19:02
*** jsavak has joined #openstack-keystone19:02
bknudsonshould last forever19:03
notmorganbknudson: and i know the mirra works for me, so went with the less pricy option. had i not used a mirra before, i'd have sprung for the aeron19:03
* lbragstad is rocking whatever was on sale at costco19:03
notmorganbknudson: no question. and with a 12yr warranty... yeah it better last damn near forever ;)19:03
notmorganbknudson: but hermann miller chairs are pretty darn awesome19:04
*** diazjf has left #openstack-keystone19:05
openstackgerritLance Bragstad proposed openstack/keystone: Move project scoped catalog tests to TokenAPITests  https://review.openstack.org/33016119:05
*** sheel has quit IRC19:05
openstackgerritLance Bragstad proposed openstack/keystone: Move more project scoped behavior tests to TokenAPITests  https://review.openstack.org/33016219:05
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate domain token tests into TokenAPITests  https://review.openstack.org/33016319:05
*** afred312 has joined #openstack-keystone19:05
*** mkrcmari__ has joined #openstack-keystone19:08
*** tonytan4ever has joined #openstack-keystone19:09
*** mvk_ has quit IRC19:11
*** tonytan4ever has quit IRC19:14
*** timcline has quit IRC19:25
*** timcline has joined #openstack-keystone19:26
*** timcline has quit IRC19:28
*** timcline has joined #openstack-keystone19:28
*** timcline_ has joined #openstack-keystone19:29
*** timcline_ has quit IRC19:29
*** timcline has quit IRC19:30
*** timcline has joined #openstack-keystone19:30
*** deberon has joined #openstack-keystone19:31
*** ddieterly has quit IRC19:31
deberonDoes anyone know of any documentation on getting an API v2 endpoint in mitaka?19:32
*** openstackgerrit has quit IRC19:33
*** openstackgerrit has joined #openstack-keystone19:33
*** jsavak has quit IRC19:34
*** jsavak has joined #openstack-keystone19:35
*** sdake has joined #openstack-keystone19:36
*** sdake_ has joined #openstack-keystone19:40
*** sdake has quit IRC19:42
*** jaosorior has quit IRC19:57
*** EinstCrazy has joined #openstack-keystone19:57
*** henrynash_ has quit IRC19:58
*** jaugustine has joined #openstack-keystone19:59
*** krotscheck_dcm is now known as krotscheck20:00
*** EinstCrazy has quit IRC20:02
*** jaugustine has quit IRC20:03
*** sdake_ has quit IRC20:07
*** sdake has joined #openstack-keystone20:07
*** sdake_ has joined #openstack-keystone20:11
*** jaugustine has joined #openstack-keystone20:11
*** phalmos has quit IRC20:11
*** sdake has quit IRC20:12
raildodeberon: v2.0 was deprecated, so anything changes on v2 endpoint api in mitaka, it will be the same doc as other previous releases20:14
deberonSo if I just follow the libery release docs for setting up the identity endpoint I should be all set?20:15
raildodeberon: I think so, if you're using v2..20:17
deberonIs it possible for v3 and v2 to live side by side?20:19
deberonWe have a couple integration libraries that haven't migrated to the v3 auth url yet.20:20
raildodeberon: hum... that a trick question :P I think it's possible with some incompatibilities...20:21
*** shewless has joined #openstack-keystone20:22
deberonI figured there would be some :). Incompatibilties with system libraries I'm assuming?20:22
raildodeberon: i believe so and other thinks like v3 features and api calls, that doesn't work on v220:24
shewlessHi dstanek: I remember at one point you said a 404 error during SSO may indicate that the mapping file is incorrect? Is that right?20:24
*** timcline_ has joined #openstack-keystone20:24
*** sdake_ has quit IRC20:27
*** timcline has quit IRC20:28
*** aratus has joined #openstack-keystone20:35
*** julim has quit IRC20:39
*** aratus has quit IRC20:43
ayoungnotmorgan, ldapsearch -Y gssapi -H ldap://ldap.corp.redhat.com -b 'dc=redhat,dc=com' 'cn=Monty Taylor' 'employeeType'20:54
*** raildo is now known as raildo-afk21:01
notmorganayoung: did you not see the twitterstorm?21:01
notmorgan:)21:01
ayoungnotmorgan, I saw the twitterstorm.  I've been running that LDAP query for weeks, and it finally returns something21:01
notmorganlol21:03
*** jsavak has quit IRC21:04
*** jsavak has joined #openstack-keystone21:05
*** jsavak has quit IRC21:05
*** jsavak has joined #openstack-keystone21:05
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password SQL model changes  https://review.openstack.org/31428421:06
openstackgerritLance Bragstad proposed openstack/keystone: Move negative domain scope test to TokenAPITests  https://review.openstack.org/33021521:07
openstackgerritLance Bragstad proposed openstack/keystone: Move unscoped token test to TokenAPITests  https://review.openstack.org/33021621:07
openstackgerritLance Bragstad proposed openstack/keystone: Move negative token tests to TokenAPITests  https://review.openstack.org/33021721:07
openstackgerritLance Bragstad proposed openstack/keystone: Move cross domain/group/project auth tests  https://review.openstack.org/33021821:07
openstackgerritLance Bragstad proposed openstack/keystone: Move more project scoped token behavior to TokenAPITests  https://review.openstack.org/33021921:07
openstackgerritLance Bragstad proposed openstack/keystone: Remove test_validate_v2_unscoped_token_with_v3_api  https://review.openstack.org/33022021:07
openstackgerritLance Bragstad proposed openstack/keystone: Refactor test_validate_v2_scoped_token_with_v3_api  https://review.openstack.org/33022121:07
openstackgerritLance Bragstad proposed openstack/keystone: Move external auth and bind test to TokenAPITests  https://review.openstack.org/33022221:07
*** spandhe has joined #openstack-keystone21:08
ayoungjamielennox, can I assign this to you: https://bugzilla.redhat.com/show_bug.cgi?id=134688621:09
openstackbugzilla.redhat.com bug 1346886 in python-keystoneclient "Keystone is not properly looking up the domain_id" [Unspecified,Assigned] - Assigned to ayoung21:09
*** dan_nguyen has joined #openstack-keystone21:11
*** pauloewerton has quit IRC21:11
*** walharthi has joined #openstack-keystone21:14
*** ayoung has left #openstack-keystone21:15
*** spandhe has quit IRC21:16
*** spandhe has joined #openstack-keystone21:16
*** gagehugo has quit IRC21:22
*** walharthi has quit IRC21:30
*** jaugustine has quit IRC21:32
openstackgerritMerged openstack/keystone: Add service providers integration tests  https://review.openstack.org/30350221:38
openstackgerritMerged openstack/keystone: Add mapping rules integration tests  https://review.openstack.org/30544421:39
openstackgerritMerged openstack/keystone: Add protocols integration tests  https://review.openstack.org/30750821:39
*** pnavarro has quit IRC21:41
*** aratus has joined #openstack-keystone21:42
*** gyee has joined #openstack-keystone21:42
*** ChanServ sets mode: +v gyee21:42
*** dan_nguyen has quit IRC21:49
*** deberon has quit IRC21:50
*** aratus has quit IRC21:53
openstackgerritLance Bragstad proposed openstack/keystone: Move last few TestAuth tests to TokenAPITests  https://review.openstack.org/33023921:54
openstackgerritLance Bragstad proposed openstack/keystone: Remove TestAuth  https://review.openstack.org/33024021:54
*** edtubill has quit IRC21:58
*** mwheckmann has quit IRC22:02
*** EinstCrazy has joined #openstack-keystone22:02
*** jsavak has quit IRC22:02
*** openstackgerrit has quit IRC22:02
*** aratus has joined #openstack-keystone22:04
*** catintheroof has joined #openstack-keystone22:04
*** openstackgerrit has joined #openstack-keystone22:05
*** EinstCrazy has quit IRC22:07
*** timcline_ has quit IRC22:08
*** adrian_otto1 has joined #openstack-keystone22:20
*** adrian_otto has quit IRC22:23
*** roxanaghe has quit IRC22:26
*** adrian_otto1 has quit IRC22:26
*** adrian_otto has joined #openstack-keystone22:27
*** roxanaghe has joined #openstack-keystone22:28
*** roxanaghe has quit IRC22:30
*** roxanaghe has joined #openstack-keystone22:30
*** frontrunner has quit IRC22:31
*** aratus has quit IRC22:37
*** edmondsw has quit IRC22:40
*** catintheroof has quit IRC22:41
*** aratus has joined #openstack-keystone22:53
*** woodburn has quit IRC22:53
*** woodburn has joined #openstack-keystone22:55
*** henrynash_ has joined #openstack-keystone22:55
*** ChanServ sets mode: +v henrynash_22:55
openstackgerritColleen Murphy proposed openstack/keystoneauth: Fix kerberos available property  https://review.openstack.org/33026522:56
crinklejamielennox: ^22:57
« Tuesday, 2016-06-14 Index Thursday, 2016-06-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!