Wednesday, 2016-07-20

*** dan_nguyen has quit IRC		00:07
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	00:08
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	00:12
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Adds password_expires_at to API docs https://review.openstack.org/336318	00:13
*** sdake_ has quit IRC		00:28
*** code-R has joined #openstack-keystone		00:34
*** spzala has quit IRC		00:35
*** code-R_ has joined #openstack-keystone		00:35
*** spzala has joined #openstack-keystone		00:35
*** tqtran has quit IRC		00:37
*** code-R has quit IRC		00:38
*** spzala has quit IRC		00:40
*** spzala has joined #openstack-keystone		00:44
*** dan_nguyen has joined #openstack-keystone		01:03
*** wangqun has joined #openstack-keystone		01:04
*** iurygregory_ has joined #openstack-keystone		01:32
*** haplo37_ has joined #openstack-keystone		01:34
*** harlowja has joined #openstack-keystone		01:37
*** EinstCrazy has joined #openstack-keystone		01:41
*** davechen has joined #openstack-keystone		01:43
*** wangqun has quit IRC		01:46
*** dan_nguyen has left #openstack-keystone		01:49
*** dan_nguyen has joined #openstack-keystone		01:49
*** dan_nguyen has left #openstack-keystone		01:49
*** ravelar159 has joined #openstack-keystone		02:02
*** simondodsley has quit IRC		02:03
*** wangqun has joined #openstack-keystone		02:04
*** ravelar159 has quit IRC		02:10
*** spzala has quit IRC		02:10
*** wangqun has quit IRC		02:13
*** ravelar159 has joined #openstack-keystone		02:15
*** jed56 has quit IRC		02:15
*** wangqun has joined #openstack-keystone		02:25
*** ravelar159 has quit IRC		02:26
*** wangqun has quit IRC		02:37
*** iurygregory_ has quit IRC		02:45
openstackgerrit	Andrew Liu proposed openstack/keystone: Added cache for id mapping manager https://review.openstack.org/328820	03:00
*** spzala has joined #openstack-keystone		03:01
*** spzala has quit IRC		03:06
*** wangqun has joined #openstack-keystone		03:07
*** kevinbenton has quit IRC		03:07
*** browne has quit IRC		03:09
*** kevinbenton has joined #openstack-keystone		03:11
*** vkmc has quit IRC		03:15
*** richm has quit IRC		03:19
*** fawadkhaliq has joined #openstack-keystone		03:20
*** vkmc has joined #openstack-keystone		03:21
*** EinstCrazy has quit IRC		03:22
*** EinstCrazy has joined #openstack-keystone		03:22
*** adu has quit IRC		03:26
*** jaosorior has joined #openstack-keystone		03:29
*** julim has quit IRC		03:32
*** chrisshattuck has joined #openstack-keystone		03:32
*** fawadkhaliq has quit IRC		03:34
*** henrynash has quit IRC		03:38
*** henrynash has joined #openstack-keystone		03:39
*** ChanServ sets mode: +v henrynash		03:39
*** woodster_ has quit IRC		03:39
openstackgerrit	Swapnil Kulkarni (coolsvap) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	03:44
*** david-lyle has joined #openstack-keystone		03:49
*** charz has quit IRC		03:50
*** charz has joined #openstack-keystone		03:51
*** davechen has quit IRC		03:57
*** spzala has joined #openstack-keystone		04:02
*** spzala has quit IRC		04:07
*** fawadkhaliq has joined #openstack-keystone		04:16
*** david-lyle_ has joined #openstack-keystone		04:19
*** david-lyle has quit IRC		04:19
*** fawadkhaliq has quit IRC		04:20
*** lamt has quit IRC		04:21
*** yarkot- has quit IRC		04:25
*** david-lyle_ has quit IRC		04:26
*** itisha has joined #openstack-keystone		04:36
*** yarkot1 has joined #openstack-keystone		04:40
*** samueldmq has joined #openstack-keystone		04:44
*** chrisshattuck has quit IRC		04:44
*** samueldmq has quit IRC		04:44
*** code-R has joined #openstack-keystone		04:45
*** code-R_ has quit IRC		04:45
*** d0ugal has quit IRC		04:46
*** d0ugal has joined #openstack-keystone		04:47
*** spzala has joined #openstack-keystone		05:00
*** jed56 has joined #openstack-keystone		05:00
*** spzala has quit IRC		05:06
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Lockout requirements https://review.openstack.org/340074	05:21
*** rcernin has quit IRC		05:44
*** haplo37_ has quit IRC		05:52
*** davechen has joined #openstack-keystone		05:54
*** d0ugal has quit IRC		05:58
*** spzala has joined #openstack-keystone		06:02
*** spzala has quit IRC		06:07
*** rcernin has joined #openstack-keystone		06:07
*** code-R has quit IRC		06:09
*** TxGVNN has joined #openstack-keystone		06:22
*** alex_xu has quit IRC		06:25
*** afazekas is now known as afazekas\|dentist		06:27
*** alex_xu has joined #openstack-keystone		06:27
*** jerrygb has quit IRC		06:29
*** wangqun has quit IRC		06:30
*** roxanaghe has joined #openstack-keystone		06:32
*** roxanaghe has quit IRC		06:37
*** d0ugal has joined #openstack-keystone		06:41
*** tesseract- has joined #openstack-keystone		06:50
*** d0ugal has quit IRC		06:51
*** belmoreira has joined #openstack-keystone		07:01
*** rdo has quit IRC		07:05
*** d0ugal has joined #openstack-keystone		07:07
*** rdo has joined #openstack-keystone		07:13
*** jed56 has quit IRC		07:25
*** jerrygb has joined #openstack-keystone		07:30
*** jerrygb has quit IRC		07:35
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the errors in params in api-ref for V3 region https://review.openstack.org/343250	07:45
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the errors in params in api-ref for V3 user https://review.openstack.org/342089	07:45
*** d0ugal has quit IRC		07:46
*** jhova has quit IRC		07:47
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the errors in params in api-ref for V3 user https://review.openstack.org/342089	07:55
*** zzzeek has quit IRC		08:00
*** zzzeek has joined #openstack-keystone		08:00
openstackgerrit	Alvaro Lopez Garcia proposed openstack/keystoneauth: oidc: implement client_credentials grant type https://review.openstack.org/344626	08:00
openstackgerrit	Alvaro Lopez Garcia proposed openstack/keystoneauth: oidc: add missing 'OidcAccessToken' to __all__ https://review.openstack.org/344628	08:03
*** d0ugal has joined #openstack-keystone		08:04
*** spzala has joined #openstack-keystone		08:04
*** d0ugal has quit IRC		08:04
*** d0ugal has joined #openstack-keystone		08:04
*** spzala has quit IRC		08:08
*** EinstCra_ has joined #openstack-keystone		08:08
*** code-R has joined #openstack-keystone		08:10
*** EinstCrazy has quit IRC		08:11
*** code-R has quit IRC		08:15
*** pnavarro has joined #openstack-keystone		08:16
*** roxanaghe has joined #openstack-keystone		08:21
*** roxanaghe has quit IRC		08:25
*** jerrygb has joined #openstack-keystone		08:31
*** EinstCrazy has joined #openstack-keystone		08:33
*** jerrygb has quit IRC		08:35
*** EinstCra_ has quit IRC		08:36
*** davechen has quit IRC		08:46
*** fawadkhaliq has joined #openstack-keystone		08:47
*** davechen has joined #openstack-keystone		08:47
*** fawadkhaliq has quit IRC		08:47
*** fawadkhaliq has joined #openstack-keystone		08:48
*** fawadkhaliq has quit IRC		08:48
*** fawadkhaliq has joined #openstack-keystone		08:50
*** fawadkhaliq has quit IRC		08:52
*** fawadkhaliq has joined #openstack-keystone		08:52
*** fawadkhaliq has quit IRC		08:56
*** jaosorior has quit IRC		08:58
*** jaosorior has joined #openstack-keystone		08:58
*** jaosorior is now known as jaosorior_lunch		09:00
*** spzala has joined #openstack-keystone		09:04
*** spzala has quit IRC		09:09
*** aastha has quit IRC		09:19
*** sdake has joined #openstack-keystone		09:21
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the V2 API for enabling a user https://review.openstack.org/344057	09:21
*** sdake has quit IRC		09:23
*** mvk has quit IRC		09:27
*** davechen has left #openstack-keystone		09:31
*** jerrygb has joined #openstack-keystone		09:32
*** jerrygb has quit IRC		09:36
*** TxGVNN has quit IRC		09:57
*** spzala has joined #openstack-keystone		10:05
*** roxanaghe has joined #openstack-keystone		10:09
*** spzala has quit IRC		10:10
*** roxanaghe has quit IRC		10:14
*** sdake has joined #openstack-keystone		10:14
*** sdake_ has joined #openstack-keystone		10:17
*** jaosorior_lunch is now known as jaosorior		10:19
*** sdake has quit IRC		10:19
*** sdake_ has quit IRC		10:22
*** sdake has joined #openstack-keystone		10:25
*** d0ugal has quit IRC		10:31
*** jerrygb has joined #openstack-keystone		10:33
*** TxGVNN has joined #openstack-keystone		10:37
*** sdake has quit IRC		10:38
*** jerrygb has quit IRC		10:39
*** raildo has joined #openstack-keystone		10:40
*** TxGVNN has quit IRC		10:41
*** sdake has joined #openstack-keystone		10:42
*** Murali has joined #openstack-keystone		10:44
*** mvk has joined #openstack-keystone		10:44
Murali	Hi Could some body help to come over this error http://pastebin.ubuntu.com/20160084/	10:45
Murali	I am using mitaka and I am seeing this when i try tacker	10:45
raildo	Murali, BadRequest: Expecting to find domain in project, sounds like you didn't setted properly the os_env, or the token are not scoped correctly	10:49
Murali	Raildo: I am able launch vm suceessfully	10:54
Murali	I see this error when I use tacker command	10:54
raildo	Murali, which version of keystoneclient are you using?	10:57
Murali	Raildo Its keystone v3	11:00
Murali	in mitaka	11:00
raildo	Murali, nice, so can you do an echo in $OS_PROJECT_ID and $OS_PROJECT_NAME? and verify if at least on of this have some value?	11:03
*** spzala has joined #openstack-keystone		11:06
*** spzala has quit IRC		11:11
*** sdake has quit IRC		11:12
openstackgerrit	Merged openstack/keystone: Clean up api-ref for domains https://review.openstack.org/343944	11:18
openstackgerrit	Yatin Kumbhare proposed openstack/keystonemiddleware: Add Python 3.5 classifier https://review.openstack.org/341066	11:21
*** rodrigods has quit IRC		11:26
Murali	Raildo: echo $OS_PROJECT_NAME having admin	11:33
*** jerrygb has joined #openstack-keystone		11:35
breton	Murali: what about echo $OS_PROJECT_DOMAIN_NAME and echo $OS_PROJECT_DOMAIN_ID ?	11:35
Murali	Breton: echo $OS_PROJECT_DOMAIN_NAME having default	11:36
breton	Murali: for some reason this variable is not passed to keystoneclient	11:39
*** jerrygb has quit IRC		11:39
breton	also, the log is from tacker service, right? So maybe something is misconfigured in tacker itself?	11:40
Murali	Breton: I am facing this error only when I ran "tacker vim-register --config-file config.yaml --description ""sdfsdfs"	11:41
breton	i have no idea how tacker is configured	11:41
Murali	Here config.yaml should include the contents of adminrc looks like	11:41
Murali	Let me try to add the adminrc content to config.yaml and try	11:42
*** itisha has quit IRC		11:50
*** d0ugal has joined #openstack-keystone		12:03
*** anush_ has joined #openstack-keystone		12:04
*** anush_ has quit IRC		12:06
*** spzala has joined #openstack-keystone		12:07
*** jed56 has joined #openstack-keystone		12:10
*** spzala has quit IRC		12:12
*** rodrigods has joined #openstack-keystone		12:12
*** markvoelker_ has quit IRC		12:18
*** markvoelker has joined #openstack-keystone		12:23
*** dikonoor has joined #openstack-keystone		12:30
dikonoor	henrynash: Hi Henry. I have a query on fernet token. Who would be the right person to ask ?	12:31
*** julim has joined #openstack-keystone		12:31
dikonoor	it's about ferner rotation. I have a cron job that runs every few hours (3 hours for eg.) that calls keystone-manage fernet_token and rotates the keys.	12:32
dikonoor	The format of the cron job looks something like this >> 0 /3 * * meaning run every 3 hours..	12:33
dikonoor	and I'd assume that most people might use something similar in their environments	12:34
dikonoor	but the problem with the above is that the cron job does not actually run every 3 hours. It runs in multiples of 3..So if I enable the cronjob at 8am, it runs at 9am, 12pm, 3pm and so on..	12:35
dikonoor	meaning the period the fernet keys are going to be around is lesser than the period we want it to be (for eg. lesser than the token expiration period)	12:36
*** jerrygb has joined #openstack-keystone		12:36
dikonoor	bknudson_: probably henrynash is away..anyone who can answer the above	12:36
dikonoor	so the question is how do ppl generally automatically rotate their fernet keys..If they use cron , then wouldn;t they run into the above (or do they use some other format?)	12:38
*** jojden has quit IRC		12:39
dikonoor	dolphm: anyone around..perhaps everyone is having breakfast. I'll wait..	12:39
*** gordc has joined #openstack-keystone		12:39
*** jerrygb has quit IRC		12:41
*** pauloewerton has joined #openstack-keystone		12:44
*** jsavak has joined #openstack-keystone		12:56
*** TxGVNN has joined #openstack-keystone		13:00
*** edmondsw has joined #openstack-keystone		13:00
*** henrynash has quit IRC		13:03
*** richm has joined #openstack-keystone		13:04
*** spzala has joined #openstack-keystone		13:08
*** spzala has quit IRC		13:12
*** d0ugal has quit IRC		13:14
*** sdake has joined #openstack-keystone		13:21
*** spzala has joined #openstack-keystone		13:31
*** jerrygb has joined #openstack-keystone		13:37
*** code-R has joined #openstack-keystone		13:37
*** code-R_ has joined #openstack-keystone		13:41
*** jerrygb has quit IRC		13:41
*** d0ugal has joined #openstack-keystone		13:43
*** code-R has quit IRC		13:43
*** roxanaghe has joined #openstack-keystone		13:45
*** rdo has quit IRC		13:48
*** roxanaghe has quit IRC		13:49
*** itisha has joined #openstack-keystone		13:49
*** rdo has joined #openstack-keystone		13:50
*** spzala has quit IRC		13:51
openstackgerrit	Merged openstack/keystone: Run AuthTokenTests against fernet and uuid https://review.openstack.org/343812	13:51
*** jerrygb has joined #openstack-keystone		13:53
*** tonytan4ever has joined #openstack-keystone		13:58
breton	dikonoor: rotate less often	13:59
breton	dikonoor: once a day will be fine	13:59
*** ddieterly has joined #openstack-keystone		14:02
*** sdake_ has joined #openstack-keystone		14:02
*** roxanaghe has joined #openstack-keystone		14:02
breton	dikonoor: also, for situation described (8am and then 9am, with token expiration equal to 1 hour) use more keys. It is configurable in keystone.conf	14:03
*** sdake has quit IRC		14:03
*** sdake has joined #openstack-keystone		14:05
breton	dikonoor: [fernet_tokens]max_active_keys	14:05
dikonoor	breton: yeah..that makes sense	14:06
*** roxanaghe has quit IRC		14:06
dikonoor	breton: (I have been using token_expiration period / rotation frequewncy) + 2 to decide on the max_active_keys	14:06
*** jaugustine has joined #openstack-keystone		14:07
*** sdake_ has quit IRC		14:07
*** ddieterly has quit IRC		14:07
*** ddieterly has joined #openstack-keystone		14:08
dikonoor	breton: increasing the key count by 1 should solve the problem associated with what I was talking	14:08
*** ravelar159 has joined #openstack-keystone		14:14
*** gagehugo has joined #openstack-keystone		14:16
*** spzala has joined #openstack-keystone		14:20
*** spzala_ has joined #openstack-keystone		14:21
*** spzala has quit IRC		14:24
*** phalmos has joined #openstack-keystone		14:27
*** phalmos_ has joined #openstack-keystone		14:28
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the errors in params in api-ref for V3 region https://review.openstack.org/343250	14:30
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the errors in params in api-ref for V3 user https://review.openstack.org/342089	14:30
*** julim has quit IRC		14:32
*** phalmos has quit IRC		14:32
*** dave-mccowan has joined #openstack-keystone		14:33
*** d0ugal has quit IRC		14:33
*** jsavak has quit IRC		14:37
*** jhova has joined #openstack-keystone		14:37
*** tonytan_brb has joined #openstack-keystone		14:38
*** jistr is now known as jistr\|mtg		14:39
openstackgerrit	Swapnil Kulkarni (coolsvap) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	14:39
*** d0ugal has joined #openstack-keystone		14:40
*** tonytan4ever has quit IRC		14:40
*** ravelar has joined #openstack-keystone		14:41
*** slberger has joined #openstack-keystone		14:43
*** jaugustine has quit IRC		14:43
*** dikonoor has quit IRC		14:44
*** anushkrishnamurt has joined #openstack-keystone		14:47
*** jhova has quit IRC		14:48
*** jsavak has joined #openstack-keystone		14:48
*** anushkrishnamurt has quit IRC		14:53
*** jed56 has quit IRC		14:55
*** jaosorior has quit IRC		14:57
*** amrith has left #openstack-keystone		14:58
*** jaugustine has joined #openstack-keystone		15:00
*** KevinE has joined #openstack-keystone		15:01
*** jhova has joined #openstack-keystone		15:02
*** haplo37_ has joined #openstack-keystone		15:04
*** rcernin has quit IRC		15:09
*** rcernin has joined #openstack-keystone		15:12
*** chrisshattuck has joined #openstack-keystone		15:15
*** belmoreira has quit IRC		15:18
*** spzala_ has quit IRC		15:21
*** rcernin has quit IRC		15:22
*** tesseract- has quit IRC		15:25
*** woodburn has joined #openstack-keystone		15:26
*** sdake has quit IRC		15:26
*** spzala has joined #openstack-keystone		15:27
*** code-R_ has quit IRC		15:28
*** code-R has joined #openstack-keystone		15:28
*** dave-mccowan has quit IRC		15:29
*** sdake has joined #openstack-keystone		15:29
*** krotscheck is now known as krotscheck_dcm		15:30
*** spzala has quit IRC		15:31
*** lucas__ has joined #openstack-keystone		15:38
*** spzala has joined #openstack-keystone		15:38
*** woodburn has quit IRC		15:39
*** mvk has quit IRC		15:40
*** jhova has quit IRC		15:41
*** jed56 has joined #openstack-keystone		15:41
*** dave-mccowan has joined #openstack-keystone		15:42
*** chrisshattuck has quit IRC		15:43
*** spzala has quit IRC		15:43
*** slberger has quit IRC		15:46
*** daemontool has joined #openstack-keystone		15:46
*** ravelar has quit IRC		15:48
*** ravelar_159 has joined #openstack-keystone		15:48
*** jistr\|mtg is now known as jistr		15:48
*** ravelar159 has quit IRC		15:49
*** spzala has joined #openstack-keystone		15:50
*** lamt has joined #openstack-keystone		15:50
*** code-R_ has joined #openstack-keystone		15:51
*** harlowja has quit IRC		15:52
*** code-R has quit IRC		15:54
*** spzala has quit IRC		15:55
*** lucas__ has quit IRC		15:57
*** slberger has joined #openstack-keystone		15:59
*** ravelar_159 has quit IRC		16:01
*** roxanaghe has joined #openstack-keystone		16:02
*** ravelar159 has joined #openstack-keystone		16:07
*** d0ugal has quit IRC		16:07
*** BjoernT has joined #openstack-keystone		16:08
*** spzala has joined #openstack-keystone		16:09
*** roxanaghe has quit IRC		16:11
openstackgerrit	Merged openstack/keystone: Handle Py35 fix of ast.node.col_offset bug https://review.openstack.org/337952	16:14
openstackgerrit	Merged openstack/keystone: Add Python 3.5 classifier https://review.openstack.org/343906	16:14
*** spzala has quit IRC		16:14
openstackgerrit	henry-nash proposed openstack/keystone: Fix up the api-ref request/response parameters for projects https://review.openstack.org/343340	16:16
*** roxanaghe has joined #openstack-keystone		16:17
*** roxanaghe has quit IRC		16:18
*** roxanaghe has joined #openstack-keystone		16:18
*** david-lyle has joined #openstack-keystone		16:19
lbragstad	link to the sprint etherpad: https://etherpad.openstack.org/p/keystone-newton-midcycle	16:20
openstackgerrit	henry-nash proposed openstack/keystone-specs: Support nested domains to provide additional project namespaces https://review.openstack.org/332940	16:21
*** ravelar159 has quit IRC		16:21
*** spzala has joined #openstack-keystone		16:21
openstackgerrit	henry-nash proposed openstack/keystone-specs: Gate inherited assignments from parent https://review.openstack.org/334364	16:21
*** jamielennox\|away is now known as jamielennox		16:23
*** dikonoor has joined #openstack-keystone		16:25
*** dikonoor has quit IRC		16:25
*** spzala has quit IRC		16:26
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: DO NOT MERGE: Remove cache from revoke subsystem https://review.openstack.org/343875	16:26
*** samueldmq has joined #openstack-keystone		16:27
*** spzala has joined #openstack-keystone		16:28
*** jsavak has quit IRC		16:28
*** jsavak has joined #openstack-keystone		16:29
*** ddieterly is now known as ddieterly[away]		16:37
openstackgerrit	Mikhail Nikolaenko proposed openstack/keystone: Retry revocation on MySQL deadlock https://review.openstack.org/344924	16:37
*** ayoung has joined #openstack-keystone		16:38
*** ChanServ sets mode: +v ayoung		16:38
ayoung	jdennis1, at the Keystone Midcycle	16:39
ayoung	video has not been enabled...	16:39
*** harlowja has joined #openstack-keystone		16:40
*** ddieterly[away] is now known as ddieterly		16:40
*** phalmos_ has quit IRC		16:42
*** david-lyle has quit IRC		16:42
*** daemontool_ has joined #openstack-keystone		16:42
*** karthikb has joined #openstack-keystone		16:43
*** code-R_ has quit IRC		16:45
*** daemontool has quit IRC		16:45
*** d0ugal has joined #openstack-keystone		16:47
*** jsavak has quit IRC		16:49
*** spzala has quit IRC		16:50
*** edmondsw has quit IRC		16:51
*** edmondsw has joined #openstack-keystone		16:52
*** phalmos has joined #openstack-keystone		16:52
*** daemontool_ has quit IRC		16:53
*** ddieterly has quit IRC		16:55
*** jsavak has joined #openstack-keystone		17:03
*** ddieterly has joined #openstack-keystone		17:03
*** code-R has joined #openstack-keystone		17:04
*** sdake has quit IRC		17:07
*** ddieterly has quit IRC		17:08
*** ddieterly has joined #openstack-keystone		17:10
*** sdake has joined #openstack-keystone		17:11
*** ravelar159 has joined #openstack-keystone		17:12
*** zzzeek has quit IRC		17:13
*** sdake has quit IRC		17:16
*** spzala has joined #openstack-keystone		17:17
openstackgerrit	Monty Taylor proposed openstack/keystoneauth: Add tests for YamlJsonSerializer https://review.openstack.org/344943	17:17
*** spzala has quit IRC		17:17
*** spzala has joined #openstack-keystone		17:17
*** gagehugo has quit IRC		17:17
*** ddieterly has quit IRC		17:21
*** ravelar159 has quit IRC		17:23
mordred	stevemar: ^^ added tests :)	17:23
*** pcaruana has quit IRC		17:27
lbragstad	dolphm example of a migration that fails until data is migrated - https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/migrate_repo/versions/330_enforce_mitaka_online_migrations.py#L19	17:29
lbragstad	dolphm another example - https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/migrate_repo/versions/267_instance_uuid_non_nullable.py#L51-L57	17:32
dolphm	lbragstad: so they have validation before running migrations, that's cool	17:33
dolphm	lbragstad: but how are they exposing the --force-complete type behavior to operators?	17:33
lbragstad	trying to find the nova-manage command that finishes the data migration	17:33
lbragstad	dolphm https://github.com/openstack/nova/blob/bae1d9cc21dd2dc9559b10cc1650045e6bcbeaf5/nova/cmd/manage.py#L811	17:34
*** TxGVNN has quit IRC		17:34
*** code-R has quit IRC		17:36
*** dave-mccowan has quit IRC		17:37
*** zzzeek has joined #openstack-keystone		17:37
*** dan_nguyen has joined #openstack-keystone		17:39
*** hoonetorg has quit IRC		17:40
*** code-R has joined #openstack-keystone		17:40
*** phalmos has quit IRC		17:47
*** timcline has joined #openstack-keystone		17:47
*** timcline_ has joined #openstack-keystone		17:49
*** timcline has quit IRC		17:52
*** gagehugo has joined #openstack-keystone		17:52
*** hoonetorg has joined #openstack-keystone		17:54
*** gordc has quit IRC		17:56
*** dave-mccowan has joined #openstack-keystone		17:57
*** michauds has joined #openstack-keystone		18:01
notmorgan	hope everyone is enjoying their time at the midcycle so far	18:03
samueldmq	notmorgan: o/	18:04
*** tqtran has joined #openstack-keystone		18:05
*** woodster_ has joined #openstack-keystone		18:12
*** harlowja has quit IRC		18:19
openstackgerrit	Merged openstack/keystonemiddleware: Add Python 3.5 classifier https://review.openstack.org/341066	18:20
*** gordc has joined #openstack-keystone		18:22
*** tonytan_brb is now known as tonytan4ever		18:22
*** phalmos has joined #openstack-keystone		18:29
samueldmq	#success Keystone now supports Python 3.5 (see https://review.openstack.org/341066)	18:31
openstackstatus	samueldmq: Added success to Success page	18:31
*** dan_nguyen has quit IRC		18:32
*** dan_nguyen has joined #openstack-keystone		18:34
*** rakhmerov has quit IRC		18:38
*** tsufiev has quit IRC		18:39
*** ravelar159 has joined #openstack-keystone		18:39
*** roxanaghe has quit IRC		18:46
*** karthikb has quit IRC		18:46
*** Gorian_ has joined #openstack-keystone		18:47
*** Gorian_ has quit IRC		18:47
*** Gorian_ has joined #openstack-keystone		18:48
*** pcaruana has joined #openstack-keystone		18:48
*** ravelar_159 has joined #openstack-keystone		18:49
*** ravelar159 has quit IRC		18:50
*** ravelar_159 has quit IRC		18:51
*** Gorian_ has quit IRC		18:51
*** Gorian_ has joined #openstack-keystone		18:51
*** Gorian_ has quit IRC		18:52
*** Gorian_ has joined #openstack-keystone		18:52
*** pnavarro has quit IRC		19:07
*** dan_nguyen has quit IRC		19:07
*** phalmos has quit IRC		19:07
*** amakarov has joined #openstack-keystone		19:09
*** tqtran is now known as tqtran-afk		19:10
*** roxanaghe has joined #openstack-keystone		19:13
*** harlowja has joined #openstack-keystone		19:19
*** ravelar159 has joined #openstack-keystone		19:19
*** jsavak has quit IRC		19:31
*** jsavak has joined #openstack-keystone		19:32
*** harlowja has quit IRC		19:36
*** haneef_ has quit IRC		19:36
*** ravelar159 has quit IRC		19:37
*** ravelar159 has joined #openstack-keystone		19:38
*** sdake has joined #openstack-keystone		19:38
*** rakhmerov has joined #openstack-keystone		19:41
*** dan_nguyen has joined #openstack-keystone		19:44
*** tsufiev has joined #openstack-keystone		19:46
*** sdake has quit IRC		19:47
*** raildo has quit IRC		19:51
*** dan_nguyen has quit IRC		19:59
*** anushkrishnamurt has joined #openstack-keystone		20:00
*** dan_nguyen has joined #openstack-keystone		20:00
*** jsavak has quit IRC		20:01
*** jsavak has joined #openstack-keystone		20:01
*** julim has joined #openstack-keystone		20:02
openstackgerrit	Gage Hugo proposed openstack/keystone: Add schema validation to create_user in v2 https://review.openstack.org/345022	20:04
openstackgerrit	Merged openstack/oslo.policy: Adds debug logging for policy file validation https://review.openstack.org/341446	20:07
openstackgerrit	Alex Xu proposed openstack/oslo.policy: Add note about not all APIs support policy enforcement by user_id https://review.openstack.org/325645	20:11
openstackgerrit	henry-nash proposed openstack/keystone: Fix up the api-ref request/response parameters for projects https://review.openstack.org/343340	20:12
*** spzala has quit IRC		20:17
*** spzala has joined #openstack-keystone		20:18
ayoung	amakarov, do you wantus to try and set up audio?	20:20
amakarov	ayoung: good idea, what are the options?	20:20
ayoung	amakarov, talking to our hosts here to find out. Would a dial in number work for you?	20:21
*** spzala has quit IRC		20:22
*** spzala has joined #openstack-keystone		20:22
amakarov	ayoung: not sure it's a good idea considering local providers prices )) Hangout maybe?	20:22
jamielennox	amakarov: i've found in the past for me that hangouts dialer lets you call for free into the US	20:25
jamielennox	i'm not sure where hangouts dialer is available though	20:26
amakarov	jamielennox: yes, hangout works fine	20:26
jamielennox	hangouts dialer is a seperate thing that lets you make phone calls	20:26
jamielennox	and it's free within US and for making US calls from outside	20:27
ayoung	amakarov, probably be webex	20:30
amakarov	ayoung: ok	20:30
openstackgerrit	Merged openstack/keystone: Cleanup trusts controller https://review.openstack.org/341969	20:33
*** ravelar159 has quit IRC		20:35
openstackgerrit	Merged openstack/keystone: Remove get_user_id in trust controller https://review.openstack.org/341970	20:35
amakarov	ayoung, jamielennox: /me awaiting instructions :)	20:43
*** jaugustine has quit IRC		20:43
ayoung	amakarov, we're waiting for an answer from hosts	20:45
amakarov	ack	20:45
*** dan_nguyen has quit IRC		20:46
*** dan_nguyen has joined #openstack-keystone		20:47
ayoung	amakarov, not looking too good	20:47
amakarov	ayoung: sent you an invitation to hangout - let's thy if it allow an outsider into Mirantis :P	20:51
amakarov	*try	20:51
*** pcaruana has quit IRC		20:53
ayoung	amakarov, what account did you send it to?	20:55
amakarov	ayoung@redhat.com	20:55
ayoung	amakarov, ah...ok, I have two accounts..let me check that	20:55
*** code-R has quit IRC		20:56
*** jerrygb has quit IRC		20:56
*** anushkrishnamurt has quit IRC		20:59
*** gyee has joined #openstack-keystone		21:00
*** ChanServ sets mode: +v gyee		21:00
*** jerrygb has joined #openstack-keystone		21:02
ayoung	amakarov, try adam.m.young@gmail.com	21:03
*** jsavak has quit IRC		21:05
*** jdennis has joined #openstack-keystone		21:05
*** gordc has quit IRC		21:05
*** jdennis1 has quit IRC		21:08
*** arunkant has quit IRC		21:13
*** ebalduf has joined #openstack-keystone		21:16
samueldmq	notmorgan: ping - you around ?	21:22
*** tqtran-afk is now known as tqtran		21:22
*** gyee has quit IRC		21:22
samueldmq	notmorgan: I am getting keystone gates working again with fernet enabled with https://review.openstack.org/#/c/343875/	21:23
patchbot	samueldmq: patch 343875 - keystone - DO NOT MERGE: Remove cache from revoke subsystem	21:23
*** pauloewerton has quit IRC		21:26
*** gyee has joined #openstack-keystone		21:26
*** ChanServ sets mode: +v gyee		21:26
*** haplo37_ has quit IRC		21:27
*** jerrygb has quit IRC		21:32
*** timcline_ has quit IRC		21:37
notmorgan	samueldmq: hmm?	21:40
samueldmq	notmorgan: so our caching for revoke seems to be broken	21:40
notmorgan	what is broken.	21:41
*** iurygregory_ has joined #openstack-keystone		21:41
*** darrenc is now known as darrenc_afk		21:41
samueldmq	notmorgan: maybe dogpile region.invalidate() is broken, OR it's our custom _RevokeEventHandler	21:41
notmorgan	removing the cache without documentation as to why is silly.	21:41
samueldmq	notmorgan: I don't know what exactly, but by removing the revoke region (what my patch above did), keystone gates with fernet in devstack work agian	21:42
notmorgan	i mean, honestly do what you need.	21:42
notmorgan	i wont block -1 or -2 it	21:42
openstackgerrit	Monty Taylor proposed openstack/keystoneauth: Add tests for YamlJsonSerializer https://review.openstack.org/344943	21:42
lbragstad	that kinda sounds like an issue with revocation cache invalidation?	21:42
notmorgan	probably	21:42
mordred	notmorgan: ^^ amazingly enough, adding tests actually found a bug	21:43
mordred	notmorgan: when is the last time _that_ happened	21:43
notmorgan	mordred: hah this is why i like tests	21:43
notmorgan	mordred: yesterday? it's not all that uncommon	21:43
notmorgan	:P	21:43
samueldmq	mordred: yay cool :)	21:43
* notmorgan stops being snarky		21:43
mordred	samueldmq: :)	21:43
* mordred hands notmorgan a snark stick		21:43
notmorgan	OOOOOOOOOH	21:43
* notmorgan waves snark stick around widly, watchout someone's eye is going to be poked out		21:44
*** markvoelker has quit IRC		21:45
notmorgan	oh not supposed to be unicodE?	21:45
* notmorgan scratches head.		21:45
notmorgan	oh is that because it becomes a u'' ? mordred ^ with default=unicode?	21:46
*** code-R has joined #openstack-keystone		21:47
mordred	notmorgan: yah. but also, hten I read what default=unicode does, and I don't think we want it anyway	21:47
notmorgan	ok	21:47
notmorgan	wfm	21:47
openstackgerrit	Jamie Lennox proposed openstack/keystone: Move audit initiator creation to request https://review.openstack.org/342658	21:50
*** josdotso has joined #openstack-keystone		21:51
josdotso	Q: Is it possible for a common user (e.g. jdoe) to choose between two auth methods (e.g. MySQL traditional and SSO)? In this way, a user could access the cloud on CLI without OIDC yet the same user could use OIDC at Horizon.	21:52
josdotso	(same user)	21:52
josdotso	Keystone password becomes like an API key	21:53
josdotso	(external IDP)	21:53
notmorgan	josdotso: as an FYI most of the keystone fokls are at the midcycle right now, so you might have a delayed response.	21:54
josdotso	Thanks notmorgan. That's helpful.	21:54
notmorgan	josdotso: i'd ask stevemar and dolphm about this, they will be able to fill you in on the modern-state-of-federation-and-local-user-y-things	21:54
openstackgerrit	Gage Hugo proposed openstack/keystone: Add schema validation to create/update user in v2 https://review.openstack.org/345022	21:54
openstackgerrit	Lance Bragstad proposed openstack/keystone: Use freezegun to increment clock in test_v3_assignment https://review.openstack.org/343860	21:55
josdotso	Ok cool. I'll take a note to ask them in email if it doesn't get answered here. Thanks!	21:55
openstackgerrit	Lance Bragstad proposed openstack/keystone: Refactor TestAuthExternalDomain to not inherit tests https://review.openstack.org/343886	21:55
openstackgerrit	Lance Bragstad proposed openstack/keystone: Don't run TokenCacheInvalidation with Fernet https://review.openstack.org/343932	21:56
openstackgerrit	Lance Bragstad proposed openstack/keystone: Run AuthWithToken against all token providers https://review.openstack.org/343935	21:56
*** code-R_ has joined #openstack-keystone		21:57
*** code-R has quit IRC		22:00
18VAA56T6	stevemar: want to push this in (before something else chanegs underneath it again): https://review.openstack.org/#/c/343340/	22:06
patchbot	18VAA56T6: patch 343340 - keystone - Fix up the api-ref request/response parameters for...	22:06
*** mvk has joined #openstack-keystone		22:09
*** harlowja has joined #openstack-keystone		22:11
*** harlowja has quit IRC		22:11
dolphm	josdotso: today - not through the API, but part of our roadmap for the shadow users effort in mitaka & newton is to add "account linking"	22:15
josdotso	dolphm: Awesome. Thanks! yeah I found the wiki page on shadow users, so cool	22:16
dolphm	josdotso: the reality is that you could modify the local user ID for either your federated_user or your local_user to point to the same (shadow) user ID, and you'll have two authentication methods for the same user. we just need to expose that process to the API.	22:16
dolphm	cc- rderose	22:16
josdotso	dolphm: So today it's possible via MySQL calls, but not using the API?	22:17
openstackgerrit	Lance Bragstad proposed openstack/keystone: refactor: inherit AuthWithRemoteUser for other providers https://review.openstack.org/345075	22:17
dolphm	josdotso: should be!	22:17
josdotso	dophm: Excellent. Thanks again	22:18
rderose	josdotso: what's the link for the wiki on shadow users?	22:18
dolphm	josdotso: we designed the SQL schema to accomidate the use case. if there are any caveats to doing it "manually" today, rderose would know	22:18
josdotso	https://specs.openstack.org/openstack/keystone-specs/specs/mitaka/shadow-users.html (okay so not wiki)	22:18
rderose	josdotso: if you do account linking via sql, it should work	22:18
rderose	josdotso: ah, the spec	22:19
josdotso	rderose: Nice	22:19
josdotso	If backing system is LDAP, could the account linking be done there?	22:19
josdotso	via LDAP protocol	22:20
rderose	josdotso: shadowing ldap is being done in Newton	22:20
rderose	josdotso: there is a new nonlocal_user table that will be used to map LDAP	22:20
josdotso	Okay, so it's users in MySQL + SSO == shadow possible today.... and users in LDAP + SSO == shadow possible later (in Newton)?	22:21
rderose	josdotso: correct	22:21
josdotso	Perfect.. Thansk	22:21
josdotso	*Thanks	22:21
rderose	josdotso: np	22:21
*** darrenc_afk is now known as darrenc		22:24
*** ebalduf has quit IRC		22:30
*** josdotso has quit IRC		22:31
*** slberger has left #openstack-keystone		22:32
*** jerrygb has joined #openstack-keystone		22:33
stevemar	18VAA56T6: you need a more obvious username :P	22:33
18VAA56T6	I know…us brits are now undercover	22:34
18VAA56T6	.	22:34
18VAA56T6	damn bouncer	22:35
stevemar	thanks dolphm for answering ^	22:35
stevemar	18VAA56T6: oh nash?	22:35
18VAA56T6	guilty	22:36
*** amakarov has quit IRC		22:37
*** KevinE has quit IRC		22:38
*** jerrygb has quit IRC		22:39
openstackgerrit	Dolph Mathews proposed openstack/keystone: Increase the default token lifespan https://review.openstack.org/345083	22:44
*** markvoelker has joined #openstack-keystone		22:45
*** itisha has quit IRC		22:50
*** markvoelker has quit IRC		22:50
*** spzala has quit IRC		22:51
*** markvoelker has joined #openstack-keystone		22:51
*** spzala has joined #openstack-keystone		22:51
*** catintheroof has joined #openstack-keystone		22:52
*** spzala has quit IRC		22:56
*** harlowja has joined #openstack-keystone		23:00
*** harlowja has quit IRC		23:03
*** michauds has quit IRC		23:03
openstackgerrit	Lance Bragstad proposed openstack/keystone: refactor: make TestAuthKerberos test pki/pkiz/uuid https://review.openstack.org/345089	23:05
openstackgerrit	Lance Bragstad proposed openstack/keystone: Only run TestAuthExternalDefaultDomain uuid/pki/pkiz https://review.openstack.org/345090	23:05
openstackgerrit	Lance Bragstad proposed openstack/keystone: refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz https://review.openstack.org/345090	23:06
*** harlowja has joined #openstack-keystone		23:07
*** harlowja has quit IRC		23:12
openstackgerrit	Dolph Mathews proposed openstack/keystone: Return expired tokens within a grace period https://review.openstack.org/345092	23:15
*** BjoernT has quit IRC		23:16
openstackgerrit	Merged openstack/keystonemiddleware: Remove the _is_v2 and _is_v3 helpers https://review.openstack.org/338686	23:18
dstanek	ls	23:19
*** timcline has joined #openstack-keystone		23:20
samueldmq	dstanek: api-ref CONTRIBUTING.rst examples keystone keystone_tempest_plugin other-requirements.txt releasenotes setup.py tox.ini	23:22
*** arunkant has joined #openstack-keystone		23:23
*** timcline has quit IRC		23:24
stevemar	samueldmq: lol	23:28
openstackgerrit	Merged openstack/keystoneauth: oidc: add missing 'OidcAccessToken' to __all__ https://review.openstack.org/344628	23:29
*** Gorian_ has quit IRC		23:33
openstackgerrit	Lance Bragstad proposed openstack/keystone: refactor: make TestFetchRevocationList test uuid https://review.openstack.org/345099	23:34
*** roxanaghe has quit IRC		23:35
*** jerrygb has joined #openstack-keystone		23:35
*** ayoung has quit IRC		23:39
*** jerrygb has quit IRC		23:41
18VAA56T6	cc	23:44
18VAA56T6	test	23:47
18VAA56T6	hello	23:49
18VAA56T6	test	23:49
breton	18VAA56T6: test passed	23:49
18VAA56T6	tahnks	23:49
stevemar	^_^	23:49
stevemar	-_-	23:50
breton	how's the weather in San Jose?	23:50
stevemar	breton: chilly at night	23:51
openstackgerrit	Gage Hugo proposed openstack/keystone: Add schema validation to create/update user https://review.openstack.org/345022	23:53
openstackgerrit	Lance Bragstad proposed openstack/keystone: Use freezegun in OSRevokeTests https://review.openstack.org/345104	23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!