Tuesday, 2016-08-02

« Monday, 2016-08-01 Index Wednesday, 2016-08-03 »
*** spzala has quit IRC00:04
openstackgerritMerged openstack/keystoneauth: Correctly report available for ADFS plugin  https://review.openstack.org/34922400:04
*** r-daneel has quit IRC00:11
openstackgerritColleen Murphy proposed openstack/keystone: Skip middleware request processing for admin token  https://review.openstack.org/34449600:14
*** spzala has joined #openstack-keystone00:17
*** adriant has joined #openstack-keystone00:18
*** doug-fish has quit IRC00:29
stevemarnotmorgan: i can only imagine how dhellmann must feel when he still gets oslo questions :)00:35
stevemarnotmorgan: privilege of being ptl i suppose :P00:35
stevemaryou did too good of a job :P00:35
*** ravelar159 has quit IRC00:37
*** michauds has quit IRC00:39
*** jamielennox is now known as jamielennox|away00:49
*** code-R has joined #openstack-keystone00:58
*** code-R_ has joined #openstack-keystone01:00
*** gyee has quit IRC01:02
*** jamielennox|away is now known as jamielennox01:03
*** code-R has quit IRC01:03
*** spzala has quit IRC01:05
*** spzala has joined #openstack-keystone01:07
*** KevinE has quit IRC01:09
*** KevinE has joined #openstack-keystone01:10
*** KevinE has joined #openstack-keystone01:10
*** spzala has quit IRC01:11
*** sdake has quit IRC01:14
*** KevinE has quit IRC01:15
*** spedione|AWAY is now known as spedione01:23
*** iurygregory_ has joined #openstack-keystone01:28
*** spedione is now known as spedione|AWAY01:30
*** EinstCrazy has joined #openstack-keystone01:31
*** NanKe has joined #openstack-keystone01:32
*** jhesketh has quit IRC01:51
*** jhesketh has joined #openstack-keystone01:51
*** EinstCrazy has quit IRC01:53
*** davechen has joined #openstack-keystone01:55
openstackgerritMerged openstack/keystone: Added postgresql libs to developer docs  https://review.openstack.org/34968801:57
*** EinstCrazy has joined #openstack-keystone01:58
*** diazjf has joined #openstack-keystone02:13
stevemarjamielennox: last one i'm gonna bug you about: https://bugs.launchpad.net/keystonemiddleware/+bug/160535502:15
openstackLaunchpad bug 1605355 in keystonemiddleware "TypeError: string indices must be integers" [Undecided,New]02:15
stevemarthen i'm done02:15
stevemari've been looking at bugs for about 10 hours02:15
jamielennoxstevemar: oh, i have that open to look futher into, i havent seen it elsewhere or otherwise reproduced it02:16
jamielennoxthe traceback doesn't really tell me where things are coming from02:16
jamielennoxi mean it seems like it could  be  a problme02:18
jamielennoxbut off the top of my head i've no idea why02:18
jamielennoxbrb02:18
*** markvoelker has joined #openstack-keystone02:25
*** jamielennox is now known as jamielennox|away02:28
*** amitkqed has quit IRC02:30
*** EinstCrazy has quit IRC02:30
*** markvoelker_ has joined #openstack-keystone02:30
*** markvoelker has quit IRC02:30
*** amitkqed has joined #openstack-keystone02:30
*** EinstCrazy has joined #openstack-keystone02:30
*** lamt_ has quit IRC02:31
*** spzala has joined #openstack-keystone02:37
stevemari feel breton will make another remark about me spamming his inbox :P02:40
*** jamielennox|away is now known as jamielennox02:42
*** spzala has quit IRC02:43
*** spzala has joined #openstack-keystone03:02
*** dikonoor has joined #openstack-keystone03:06
*** spzala has quit IRC03:07
*** iurygregory_ has quit IRC03:19
*** diazjf has quit IRC03:33
*** dkehn_ has quit IRC03:46
*** bill_az has quit IRC03:46
*** dave-mccowan has quit IRC03:52
*** EinstCrazy has quit IRC03:53
openstackgerritMerged openstack/keystone: Add schema validation to create service in v2  https://review.openstack.org/34696203:56
*** dkehn_ has joined #openstack-keystone04:00
*** dan_nguyen has joined #openstack-keystone04:00
*** davechen has quit IRC04:13
*** markvoelker_ has quit IRC04:15
*** julim has quit IRC04:19
*** itisha has quit IRC04:20
*** KevinE has joined #openstack-keystone04:29
*** gagehugo_ has quit IRC04:34
*** crinkle has quit IRC04:35
*** crinkle has joined #openstack-keystone04:35
*** links has joined #openstack-keystone04:36
*** roxanagh_ has joined #openstack-keystone04:45
*** EinstCrazy has joined #openstack-keystone04:49
*** dan_nguyen has quit IRC04:54
*** spzala has joined #openstack-keystone05:02
*** spzala has quit IRC05:07
*** markvoelker has joined #openstack-keystone05:10
*** code-R has joined #openstack-keystone05:16
*** code-R_ has quit IRC05:16
*** markvoelker has quit IRC05:16
*** jaosorior has joined #openstack-keystone05:19
*** code-R_ has joined #openstack-keystone05:21
*** code-R has quit IRC05:25
*** barclaac has quit IRC05:28
*** barclaac has joined #openstack-keystone05:28
*** richm has quit IRC05:40
*** roxanagh_ has quit IRC05:42
*** zouyapeng has quit IRC05:42
*** davechen has joined #openstack-keystone05:51
*** maestropandy has joined #openstack-keystone05:53
*** adriant has quit IRC05:58
*** spzala has joined #openstack-keystone06:03
*** EinstCrazy has quit IRC06:06
*** markvoelker has joined #openstack-keystone06:06
*** spzala has quit IRC06:07
*** code-R_ has quit IRC06:09
*** EinstCrazy has joined #openstack-keystone06:13
*** markvoelker has quit IRC06:13
*** code-R has joined #openstack-keystone06:16
*** code-R_ has joined #openstack-keystone06:29
*** code-R has quit IRC06:32
*** EinstCrazy has quit IRC06:35
*** EinstCrazy has joined #openstack-keystone06:38
*** roxanagh_ has joined #openstack-keystone06:39
*** NanKe has quit IRC06:39
bretonindeed06:39
*** tesseract- has joined #openstack-keystone06:43
*** roxanagh_ has quit IRC06:44
*** KevinE has quit IRC06:46
*** code-R has joined #openstack-keystone06:47
*** code-R_ has quit IRC06:47
*** belmoreira has joined #openstack-keystone06:50
*** EinstCrazy has quit IRC06:56
openstackgerritAlvaro Lopez Garcia proposed openstack/keystoneauth: Improve authentication plugins documentation  https://review.openstack.org/34942306:58
*** EinstCrazy has joined #openstack-keystone07:00
*** markvoelker has joined #openstack-keystone07:02
*** spzala has joined #openstack-keystone07:04
*** jpena|off is now known as jpena07:07
*** markvoelker has quit IRC07:08
*** spzala has quit IRC07:08
*** EinstCrazy has quit IRC07:13
*** EinstCrazy has joined #openstack-keystone07:16
*** EinstCrazy has quit IRC07:30
*** EinstCrazy has joined #openstack-keystone07:32
*** EinstCrazy has quit IRC07:34
*** EinstCrazy has joined #openstack-keystone07:35
*** pnavarro has joined #openstack-keystone07:37
*** EinstCrazy has quit IRC07:47
*** EinstCrazy has joined #openstack-keystone07:49
*** markvoelker has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** markvoelker has quit IRC08:04
*** spzala has joined #openstack-keystone08:04
*** tangchen_ has quit IRC08:08
*** spzala has quit IRC08:09
*** aastha has quit IRC08:09
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
*** jamielennox is now known as jamielennox|away08:10
*** jaosorior has quit IRC08:11
*** jaosorior has joined #openstack-keystone08:12
*** marekd2 has joined #openstack-keystone08:14
*** nk2527 has quit IRC08:17
*** mfisch has quit IRC08:17
*** jaosorior_ has joined #openstack-keystone08:18
*** sileht has quit IRC08:19
*** clenimar has quit IRC08:19
*** DuncanT has quit IRC08:19
*** DuncanT has joined #openstack-keystone08:20
*** tangchen_ has joined #openstack-keystone08:20
*** jaosorior has quit IRC08:21
*** sileht has joined #openstack-keystone08:21
*** fungi has quit IRC08:22
*** mfisch has joined #openstack-keystone08:22
*** mfisch has quit IRC08:22
*** mfisch has joined #openstack-keystone08:22
*** clenimar has joined #openstack-keystone08:23
*** TxGVNN has joined #openstack-keystone08:23
*** fungi has joined #openstack-keystone08:24
openstackgerrithenry-nash proposed openstack/keystone: Add the migration phase status table  https://review.openstack.org/34970308:24
*** links has quit IRC08:26
*** aloga has quit IRC08:28
*** code-R has quit IRC08:28
*** aloga has joined #openstack-keystone08:28
*** danpawlik has joined #openstack-keystone08:29
*** nk2527 has joined #openstack-keystone08:30
*** links has joined #openstack-keystone08:41
*** daemontool_ has joined #openstack-keystone08:51
*** markvoelker has joined #openstack-keystone08:54
*** daemontool__ has quit IRC08:54
*** EinstCrazy has quit IRC08:59
*** markvoelker has quit IRC09:00
*** EinstCrazy has joined #openstack-keystone09:02
*** EinstCrazy has quit IRC09:03
*** EinstCrazy has joined #openstack-keystone09:03
*** EinstCrazy has quit IRC09:04
*** EinstCrazy has joined #openstack-keystone09:04
*** EinstCra_ has joined #openstack-keystone09:05
*** EinstCra_ has quit IRC09:05
*** spzala has joined #openstack-keystone09:05
*** EinstCrazy has quit IRC09:05
*** EinstCra_ has joined #openstack-keystone09:06
*** EinstCra_ has quit IRC09:07
*** EinstCr__ has joined #openstack-keystone09:09
*** spzala has quit IRC09:10
*** EinstCr__ has quit IRC09:10
*** EinstCrazy has joined #openstack-keystone09:11
*** davechen has left #openstack-keystone09:11
*** EinstCrazy has quit IRC09:12
*** EinstCrazy has joined #openstack-keystone09:12
*** EinstCrazy has quit IRC09:13
*** EinstCra_ has joined #openstack-keystone09:15
*** EinstCr__ has joined #openstack-keystone09:16
*** EinstCr__ has quit IRC09:16
*** jaosorior_ is now known as jaosorior09:16
*** EinstCrazy has joined #openstack-keystone09:16
*** EinstCra_ has quit IRC09:17
*** EinstCra_ has joined #openstack-keystone09:17
*** EinstCrazy has quit IRC09:17
*** EinstCra_ has quit IRC09:17
*** EinstCrazy has joined #openstack-keystone09:18
*** EinstCrazy has quit IRC09:19
*** EinstCrazy has joined #openstack-keystone09:19
*** EinstCrazy has quit IRC09:19
*** EinstCrazy has joined #openstack-keystone09:20
*** EinstCrazy has quit IRC09:21
*** EinstCrazy has joined #openstack-keystone09:21
*** pnavarro has quit IRC09:21
*** mvk has quit IRC09:21
*** EinstCrazy has quit IRC09:21
*** EinstCrazy has joined #openstack-keystone09:23
*** EinstCrazy has quit IRC09:23
*** EinstCrazy has joined #openstack-keystone09:24
*** EinstCrazy has quit IRC09:24
*** EinstCrazy has joined #openstack-keystone09:26
*** EinstCrazy has quit IRC09:26
*** EinstCrazy has joined #openstack-keystone09:27
*** EinstCrazy has quit IRC09:27
*** EinstCrazy has joined #openstack-keystone09:27
*** links has quit IRC09:28
*** TxGVNN has quit IRC09:29
*** EinstCra_ has joined #openstack-keystone09:30
*** EinstCra_ has quit IRC09:32
*** EinstCrazy has quit IRC09:32
*** EinstCrazy has joined #openstack-keystone09:33
*** EinstCrazy has quit IRC09:33
*** EinstCrazy has joined #openstack-keystone09:36
*** links has joined #openstack-keystone09:40
*** mvk has joined #openstack-keystone09:48
*** markvoelker has joined #openstack-keystone09:49
*** markvoelker has quit IRC09:56
*** EinstCrazy has quit IRC09:58
*** EinstCrazy has joined #openstack-keystone10:00
*** spzala has joined #openstack-keystone10:06
*** richm has joined #openstack-keystone10:08
*** spzala has quit IRC10:11
*** EinstCrazy has quit IRC10:25
*** EinstCrazy has joined #openstack-keystone10:25
*** EinstCrazy has quit IRC10:30
*** ntpttr- has quit IRC10:30
*** EinstCrazy has joined #openstack-keystone10:32
*** rodrigods has quit IRC10:36
*** rodrigods has joined #openstack-keystone10:36
*** ntpttr- has joined #openstack-keystone10:39
*** tangchen_ has quit IRC10:42
*** EinstCrazy has quit IRC10:44
*** tangchen_ has joined #openstack-keystone10:44
*** markvoelker has joined #openstack-keystone10:45
*** EinstCrazy has joined #openstack-keystone10:45
*** EinstCrazy has quit IRC10:45
*** EinstCra_ has joined #openstack-keystone10:47
*** EinstCra_ has quit IRC10:48
*** EinstCrazy has joined #openstack-keystone10:49
*** EinstCrazy has quit IRC10:49
*** markvoelker has quit IRC10:51
*** EinstCrazy has joined #openstack-keystone10:52
openstackgerritAlexander Makarov proposed openstack/keystone: Remove unused config sample  https://review.openstack.org/34993310:53
openstackgerrithenry-nash proposed openstack/keystone: WIP Add support for rolling upgrades to keystone-manage  https://review.openstack.org/34971611:00
*** EinstCrazy has quit IRC11:03
*** EinstCrazy has joined #openstack-keystone11:03
*** samueldmq has joined #openstack-keystone11:05
*** ChanServ sets mode: +v samueldmq11:05
samueldmqmorning11:05
*** spzala has joined #openstack-keystone11:07
*** EinstCrazy has quit IRC11:09
*** EinstCrazy has joined #openstack-keystone11:09
*** spzala has quit IRC11:11
openstackgerrithenry-nash proposed openstack/keystone: WIP - Add contract migrations to keystone-manage  https://review.openstack.org/34993911:19
*** EinstCrazy has quit IRC11:26
*** sdake has joined #openstack-keystone11:27
*** sdake_ has joined #openstack-keystone11:30
openstackgerritLi Wei proposed openstack/oslo.policy: Delete H803 in flake8 ignore  https://review.openstack.org/34994311:31
*** sdake has quit IRC11:31
openstackgerritLi Wei proposed openstack/oslo.policy: Delete H803 in flake8 ignore  https://review.openstack.org/34994311:35
*** markvoelker has joined #openstack-keystone11:39
*** markvoelker_ has joined #openstack-keystone11:44
*** markvoelker has quit IRC11:44
*** Jehane has joined #openstack-keystone11:46
Jehanehi11:47
JehaneI have some trouble with setting up ldap authentication with keystone11:50
Jehaneeither my "local authentication" is working (admin account et services users) or my ldap authentication is working (but no openstack admin or services )11:50
Jehaneis there a way to have both working at the same time ?11:51
*** sdake_ is now known as sdake11:51
*** jpena is now known as jpena|lunch12:04
rodrigodsJehane, yes, by using domain specific backends: http://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers12:12
Jehanerodrigods: thanks12:12
Jehanean other question, will it do a lot of ldap query or is it reasonable ? it's to know if I need to setup a dedicated slave12:14
*** gordc has joined #openstack-keystone12:19
dstanekJehane: i think that is subjective. you should probably do a little testing and see what you think12:30
*** pauloewerton has joined #openstack-keystone12:33
*** ccard has joined #openstack-keystone12:36
*** samueldmq has quit IRC12:38
openstackgerritlilintan proposed openstack/keystoneauth: Don't include openstack/common in flake8 exclude list  https://review.openstack.org/34997812:39
*** adriant has joined #openstack-keystone12:44
lbragstado/12:44
Jehanedstanek: ok I will do that12:47
*** adriant is now known as adriant_is_away12:47
*** links has quit IRC12:48
*** ddieterly has joined #openstack-keystone12:49
*** ddieterly has quit IRC12:51
*** samueldmq has joined #openstack-keystone12:53
*** ChanServ sets mode: +v samueldmq12:53
*** maestropandy has left #openstack-keystone12:53
openstackgerritlilintan proposed openstack/keystone: Don't include openstack/common in flake8 exclude list  https://review.openstack.org/34998812:58
*** jpena|lunch is now known as jpena13:00
*** hwcomcn has joined #openstack-keystone13:01
*** hwcomcn has quit IRC13:01
*** jsavak has joined #openstack-keystone13:01
*** hwcomcn has joined #openstack-keystone13:02
*** Raildo has joined #openstack-keystone13:02
*** spzala has joined #openstack-keystone13:09
*** clenimar has quit IRC13:09
*** ericksonsantos has quit IRC13:09
*** pauloewerton has quit IRC13:09
*** iurygregory has quit IRC13:09
*** samueldmq has quit IRC13:10
*** clenimar has joined #openstack-keystone13:10
*** iurygregory has joined #openstack-keystone13:11
*** ericksonsantos has joined #openstack-keystone13:12
*** pauloewerton has joined #openstack-keystone13:12
*** spzala has quit IRC13:13
*** spzala has joined #openstack-keystone13:15
*** links has joined #openstack-keystone13:21
*** markvoelker_ has quit IRC13:23
*** julim has joined #openstack-keystone13:26
*** julim has quit IRC13:26
*** julim has joined #openstack-keystone13:33
*** ddieterly has joined #openstack-keystone13:36
*** narengan has joined #openstack-keystone13:39
*** thiagolib has joined #openstack-keystone13:40
*** itisha has joined #openstack-keystone13:46
*** code-R has joined #openstack-keystone13:49
*** code-R_ has joined #openstack-keystone13:52
*** thumpba has quit IRC13:52
*** adrian_otto has joined #openstack-keystone13:53
*** thumpba has joined #openstack-keystone13:53
*** code-R has quit IRC13:54
*** spedione|AWAY is now known as spedione13:56
*** thumpba has quit IRC13:57
*** code-R_ has quit IRC14:00
*** code-R has joined #openstack-keystone14:01
*** code-R has quit IRC14:02
*** code-R has joined #openstack-keystone14:02
*** markvoelker has joined #openstack-keystone14:02
*** bill_az has joined #openstack-keystone14:02
*** adrian_otto has quit IRC14:04
*** ametts has joined #openstack-keystone14:04
*** spedione is now known as spedione|AWAY14:06
*** spedione|AWAY is now known as spedione14:11
*** links has quit IRC14:12
*** edmondsw has joined #openstack-keystone14:13
*** dave-mccowan has joined #openstack-keystone14:14
*** tonytan4ever has joined #openstack-keystone14:17
*** richm has quit IRC14:19
*** samueldmq has joined #openstack-keystone14:23
*** ChanServ sets mode: +v samueldmq14:23
openstackgerritMerged openstack/keystone: Add token feature support matrix to documentation  https://review.openstack.org/31611814:27
*** jsavak has quit IRC14:32
dstanekhenrynash: you around?14:34
stevemarlbragstad: thanks for hitting up sdagues mailing list request14:37
lbragstadstevemar no worries14:38
lbragstadstevemar I need to take a step back from the revocation/caching stuff for a half a day (i've been fried on it all weekend)14:38
lbragstadstevemar I'm going to go back and review rderose's PCI reviews, then I should be able to get around to sdague's email14:39
*** ravelar159 has joined #openstack-keystone14:40
JehaneI got some questions about domain creation. I already have an admin user and various services users (created by packstack)14:41
Jehanewhat happen to them when I create the default domain14:41
Jehane?14:41
JehaneAre they put into it automatically ?14:41
*** adriant_is_away has quit IRC14:42
rderoselbragstad: :)14:43
rderoselbragstad: hold off on lockout, doing some more testing on that one14:43
rodrigodsJehane, the default domain is created automatically, you don't need to create it ( even using packstack). As such, all those users are in the default domain14:44
Jehanerodrigods: ok, thanks14:45
Jehaneso I just need to switch to the v3 api and add my custom domain to user multi-domain auth ?14:45
openstackgerritLance Bragstad proposed openstack/keystone: Use %()d for integer substitution  https://review.openstack.org/35006914:46
lbragstadrderose https://review.openstack.org/#/c/328339/43 looks good to me - I pushed ^ to address dstanek's comment14:46
patchbotlbragstad: patch 328339 - keystone - PCI-DSS Password history requirements14:46
*** slberger has joined #openstack-keystone14:46
*** ddieterly is now known as ddieterly[away]14:47
bknudsonsomething kind of strange -- identity.sql.Identity authenticate() calls self._get_user to get the user.14:50
bknudsonbut of course, the driver doesn't have any caching for the user info14:51
*** hwcomcn has quit IRC14:51
bknudsonbecause all the caching is done at the manager level.14:51
bknudsonand I'm guessing we can't put MEMOIZE on identity manager authenticate()14:52
bknudsonso should be able to improve authenticate performance by getting the user from the cache.14:52
*** michauds has joined #openstack-keystone14:53
*** ddieterly[away] is now known as ddieterly14:53
*** jsavak has joined #openstack-keystone14:54
*** diazjf has joined #openstack-keystone14:54
*** ddieterly has quit IRC14:55
*** samueldmq has quit IRC14:57
bknudsonhas anybody used any profiling tools against keystone?14:59
*** ddieterly has joined #openstack-keystone15:00
*** jsavak has quit IRC15:04
*** jsavak has joined #openstack-keystone15:05
*** richm has joined #openstack-keystone15:05
*** samueldmq has joined #openstack-keystone15:09
*** ChanServ sets mode: +v samueldmq15:09
*** nkinder has quit IRC15:16
*** nkinder has joined #openstack-keystone15:17
*** belmoreira has quit IRC15:21
openstackgerritMerged openstack/oslo.policy: Delete H803 in flake8 ignore  https://review.openstack.org/34994315:24
*** code-R has quit IRC15:26
*** diazjf has quit IRC15:28
*** thumpba has joined #openstack-keystone15:32
lbragstadbknudson i've followed dolphm's approach documented here a couple times - http://dolphm.com/performance-profiling-openstack-services-with-repoze-profile/15:32
*** thumpba has quit IRC15:32
*** thumpba has joined #openstack-keystone15:33
bknudsonlbragstad: neat, will take a look.15:36
openstackgerritMerged openstack/keystoneauth: Don't include openstack/common in flake8 exclude list  https://review.openstack.org/34997815:37
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Mapping API to its own file  https://review.openstack.org/35011715:39
*** pnavarro has joined #openstack-keystone15:39
*** code-R has joined #openstack-keystone15:41
*** dave-mcc_ has joined #openstack-keystone15:43
openstackgerritDolph Mathews proposed openstack/keystone: Introduce read-only mode for the database  https://review.openstack.org/34970015:43
*** dave-mccowan has quit IRC15:44
*** diazjf has joined #openstack-keystone15:44
*** lamt_ has joined #openstack-keystone15:46
*** lamt_ has quit IRC15:47
*** lamt_ has joined #openstack-keystone15:47
*** aastha has joined #openstack-keystone15:50
*** danpawlik has quit IRC15:50
*** jaosorior has quit IRC15:52
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Mapping API to its own file  https://review.openstack.org/35011715:52
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Service Provider API to its own file  https://review.openstack.org/35012815:53
*** jaosorior has joined #openstack-keystone15:54
*** brancal has joined #openstack-keystone15:58
*** adrian_otto has joined #openstack-keystone16:01
*** gokrokve has joined #openstack-keystone16:02
*** tangchen_ has quit IRC16:02
*** jsavak has quit IRC16:03
slbergerDoes anyone know if there is an open bug report for the issue with tempest and keystone using fernet tokens?16:03
bknudsonlbragstad: ^ ?16:04
bknudsonWe have a proposed change to devstack, but there's no bug for it: https://review.openstack.org/#/c/258650/16:04
lbragstadslberger the timing issue?16:04
patchbotbknudson: patch 258650 - keystone - [WIP]Make fernet default token provider16:04
dolphmslberger: what issue?16:04
*** jsavak has joined #openstack-keystone16:04
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Service Provider API to its own file  https://review.openstack.org/35012816:04
bknudsonoh, that change is for keystone and not devstack.16:05
bknudsonthe devstack change was merged and then reverted...16:05
slbergerlbragstad dolphm Someone had told me that tempest has issues or doesn't work with a keystone installation that uses fernet16:05
*** code-R_ has joined #openstack-keystone16:06
bknudsonHere's the devstack change: https://review.openstack.org/#/c/319489/16:06
patchbotbknudson: patch 319489 - openstack-dev/devstack - Switch fernet back as the default token provider16:06
bknudsonhttps://bugs.launchpad.net/keystone/+bug/157886616:06
openstackLaunchpad bug 1578866 in OpenStack Identity (keystone) "Race condition between token validation and revocation API causes intermittent gate failures." [High,Fix released] - Assigned to Lance Bragstad (lbragstad)16:06
dolphmslberger: definitely - we've had a couple of different problems with tempest on the topic16:06
bknudsonhttps://bugs.launchpad.net/keystone/+bug/157755816:06
openstackLaunchpad bug 1577558 in OpenStack Identity (keystone) mitaka "[OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)" [High,Fix released]16:06
bknudsonboth of those bugs are fix released.16:06
*** jaosorior has quit IRC16:06
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move List Projects and Domains API to its own file  https://review.openstack.org/35014316:07
bknudsonHere's the keystone change to make fernet the default: https://review.openstack.org/#/c/345688/516:07
patchbotbknudson: patch 345688 - keystone - Switch fernet to be the default token provider.16:08
*** ddieterly has quit IRC16:08
lbragstadhttps://review.openstack.org/#/c/345688/5 still uncovered some issues that we are tracking with https://bugs.launchpad.net/keystone/+bug/160755316:09
openstackLaunchpad bug 1607553 in OpenStack Identity (keystone) "Revocation event caching is broken across processes" [High,New]16:09
patchbotlbragstad: patch 345688 - keystone - Switch fernet to be the default token provider.16:09
*** code-R has quit IRC16:09
lbragstadlooks like there are still some issues with revocation event caching16:09
*** nishaYadav has joined #openstack-keystone16:15
*** tangchen_ has joined #openstack-keystone16:16
*** gokrokve has quit IRC16:17
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Federation Auth API to its own file  https://review.openstack.org/35015116:18
*** dikonoor has quit IRC16:19
*** browne has joined #openstack-keystone16:25
*** krotscheck is now known as krot_sickleave16:27
*** marekd2 has quit IRC16:28
*** marekd2 has joined #openstack-keystone16:28
*** marekd2 has quit IRC16:33
*** martinus- has quit IRC16:34
*** dikonoor has joined #openstack-keystone16:36
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to create user v2  https://review.openstack.org/34853116:37
*** dikonoor has quit IRC16:42
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Move Assertion API to its own file  https://review.openstack.org/35015816:43
openstackgerritGage Hugo proposed openstack/keystone: Add schema validation to update user v2  https://review.openstack.org/34502216:43
samueldmqstevemar: ^ the remaining ones ( in the move of fed docs )16:43
*** thumpba has quit IRC16:44
*** diazjf has quit IRC16:49
*** tesseract- has quit IRC16:51
stevemarsamueldmq: thanks boss16:55
*** KevinE has joined #openstack-keystone16:55
samueldmqstevemar: sure sir16:57
*** chlong has quit IRC16:58
*** jpena is now known as jpena|off16:59
*** adrian_otto has quit IRC17:01
*** julim has quit IRC17:02
*** mvk has quit IRC17:06
*** julim has joined #openstack-keystone17:06
*** jsavak has quit IRC17:08
*** jsavak has joined #openstack-keystone17:08
*** chlong has joined #openstack-keystone17:12
*** ametts has quit IRC17:12
*** samueldmq has quit IRC17:12
*** thumpba has joined #openstack-keystone17:13
*** ametts has joined #openstack-keystone17:13
*** crinkle has quit IRC17:17
*** thumpba_ has joined #openstack-keystone17:23
*** narengan has quit IRC17:23
*** thumpba has quit IRC17:25
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 ec2  https://review.openstack.org/35017317:27
*** jsavak has quit IRC17:27
*** code-R_ has quit IRC17:28
*** jsavak has joined #openstack-keystone17:28
*** tqtran has joined #openstack-keystone17:31
*** maestropandy has joined #openstack-keystone17:36
*** Gorian_ has joined #openstack-keystone17:37
*** code-R has joined #openstack-keystone17:38
*** maestropandy has left #openstack-keystone17:43
stevemarso much on the meeting agenda again :O17:44
*** adriant has joined #openstack-keystone17:45
*** narengan has joined #openstack-keystone17:46
*** narengan1 has joined #openstack-keystone17:47
*** narengan has quit IRC17:51
lbragstadstevemar lots to talk about :)17:54
*** narengan1 has quit IRC17:57
*** mvk has joined #openstack-keystone17:58
* notmorgan escapes meetings.17:58
* stevemar waves bye to notmorgan17:59
bretonnotmorgan: wat17:59
bretonnotmorgan: we need you there!17:59
*** crinkle has joined #openstack-keystone18:00
notmorgannope, you all can handle it w/o me :)18:00
notmorgani have faith in the keystone team18:00
*** jamielennox|away is now known as jamielennox18:01
*** amakarov has quit IRC18:04
*** amakarov has joined #openstack-keystone18:04
*** amakarov has quit IRC18:04
*** alexander__ has joined #openstack-keystone18:05
*** adrian_otto has joined #openstack-keystone18:09
*** itisha has quit IRC18:10
*** daemontool_ has quit IRC18:12
*** diazjf has joined #openstack-keystone18:23
*** brancal has quit IRC18:23
*** jrist has quit IRC18:27
*** jrist has joined #openstack-keystone18:28
*** julim has quit IRC18:29
*** jrist has quit IRC18:30
*** julim has joined #openstack-keystone18:31
openstackgerritJamie Lennox proposed openstack/keystone: Move audit initiator creation to request  https://review.openstack.org/34265818:34
openstackgerritMerged openstack/keystone: Fix python{3,}-all-dev depends in deb based  https://review.openstack.org/34101018:36
*** marekd2 has joined #openstack-keystone18:44
dstanekhenrynash: if this is correct then i don't see why #4 and #5 are dirfferent steps http://paste.openstack.org/show/545718/18:48
*** brancal has joined #openstack-keystone18:49
*** marekd2 has quit IRC18:49
openstackgerritMerged openstack/keystone-specs: Add rolling upgrade steps to keystone-manage  https://review.openstack.org/33768018:49
*** aastha has quit IRC18:49
henrynashdstanek: so we only read the database flag at startup, so they'll be some nodes that have seen the new flag,some that haven't18:51
dstanekhenrynash: ah, it looked like you would be managing the state in the DB itself. so you have to run the manage commands on every node?18:52
henrynashdstanek: no....but I was persuaded that we don't want to check the DB flag on every access...so only check on reboot18:53
henrynashi orgigionally had 4 and 5 as one step, but xek pointed out the problem18:54
dstanekhenrynash: in #2 why not write to both columns then?18:54
jamielennoxhenrynash: steve just +Aed that but i had a comment or two18:55
*** Raildo has quit IRC18:55
jamielennoxhenrynash: why do we need that migration tsatus flag ?18:55
*** maestropandy1 has joined #openstack-keystone18:58
henrynashdstanek: I'll try and go through this again, add addendum write up and see if we can simplify....18:58
*** maestropandy1 has left #openstack-keystone18:59
dstaneki think stevemar is trigger happy18:59
stevemardstanek: just being courteous to our infra team18:59
dstanek:-)18:59
stevemar:)18:59
lbragstadgotta refill coffee18:59
stevemaradriant: so ...19:00
henrynashdstanek: but I've been through it a few times and come back to this solution19:00
dstanekhenrynash: cool. i just don't see the extra step. new code can automatically write the both columns and then needs something to tell it to start reading there too19:00
jamielennoxwhich is my question - why do we need the status flag instead of the two migration counters we already have19:01
*** Raildo has joined #openstack-keystone19:01
stevemaradriant: maybe trying to get MFA in time for N is a bit risky. let's keep fine tuning the spec and hopefully it'll land in O19:01
*** Raildo has quit IRC19:01
jamielennoxdon't the migration counters provide a max and minimum of what columns we need to support19:01
stevemaradriant: i get the impression that folks are stretched thin and can't provide enough review time for this subject19:01
jamielennox(obviously not exactly max/min as they are independant counters)19:02
adriantstevemar: not a problem, was expecting as much. Code was mainly being worked on to try some ideas out.19:02
henrynashjamielennox: because we can't use sqlalchemy migration control for on-the-fly data migration or tidy-up, since you need to re-run them multiple times potentially (e.g. only want to for mirgation 100 rows at a time)19:02
dstanekhenrynash: jamielennox: hmmmm....maybe because of the stop writing to old columns19:02
stevemaradriant: glad to have you working on the code and spec. FWIW i think it's great and should be in, but i'm only 1 vote ;)19:02
henrynashjamielennox: we use alchemy migrate repos for the actual scheme changes (expacnd and contract)19:02
adriantstevemar: I'll also write and test an edit of v2 for MFA, but the worry is how to make the totp part optional19:03
rodrigodsadriant, know the feeling of having stuff postponed and even with that, it landed with some fundamental problems19:03
rodrigodsaka HMT19:03
jamielennoxhenrynash: so rerunning is an odd problem i'm not sure about - i wasn't thinking we'd suppot that19:03
*** diazjf1 has joined #openstack-keystone19:03
henrynashjamielennix: (and in Newton for data migration sicne that is part of expand), but with on-the-fly migrations there is no data migration in teh exapnd phase19:03
stevemarrodrigods: that's back on the agenda for next week ;)19:03
rodrigodsstevemar, fair enough :)19:04
* rodrigods will hide in the corner19:04
henrynashjamielennox: the request from teh midcycle was to support the standard phases (even if we don't need them yet)...19:04
jamielennoxhenrynash: do we support that case? expand and migrate seperate19:04
dstanekhenrynash: ok, i think that's what i was missing. step #2 can start writing to both. then you need to tell it to start reading from new. ...then you need to tell it to not update or read old19:04
*** julim has quit IRC19:04
*** diazjf has quit IRC19:05
*** jsavak has quit IRC19:05
jamielennoxi wasn't thinking of that, however i'm still not sure why the max/min counters don't tell the code what columns to write19:05
henrynashdstanek: yes step 2 *could* write to both, althogh I'm not sure it gains you much...but yes, the key is to know when to start reading from both19:06
bknudsonis keystone going to query a table on every operation? If so that's going to slow things considerably19:06
*** julim has joined #openstack-keystone19:06
*** jsavak has joined #openstack-keystone19:06
henrynashbknudson: no19:07
*** fifieldt has quit IRC19:07
*** samueldmq has joined #openstack-keystone19:07
rodrigodsstevemar, think bknudson has a point on requiring features to have tempest tests (in keystone's plugin or in tempest itself)19:07
henrynashbknudson: that's why we have the extra phases, to allow us only to read on startup19:07
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 ec2  https://review.openstack.org/35017319:07
bknudsonok, so it's just like the config file.19:07
bknudsonbut keystone-manage can write to it19:07
bknudsonworks for me.19:08
henrynashbknudson: actually a database status row19:08
henrynashblnudson: but same princple19:08
henrynashbknudson: yep19:08
bknudsonhenrynash: doesn't tab completion work for you?19:08
henrynashno!19:08
henrynashbugger!19:08
henrynashbknudson: must get the working!19:08
bknudsonhenrynash: your fingers will wear out.19:09
henrynashall teh time I'd have saved if I took the time to fix it19:09
bknudsonor we need shorter nicks.19:09
henrynashbknudson: we each grab a letter? I'll take 'h'19:10
rodrigodslol19:10
bknudsonthat should work.19:10
bknudsonwe'll be getting a lot of notifications.19:10
*** KevinE has quit IRC19:12
*** nishaYadav has quit IRC19:13
*** narengan has joined #openstack-keystone19:13
*** samueldmq has quit IRC19:15
*** samuel_ has joined #openstack-keystone19:17
*** samuel_ has quit IRC19:17
*** nishaYadav has joined #openstack-keystone19:17
*** nishaYadav is now known as Guest5394119:17
*** samueldmq has joined #openstack-keystone19:17
*** ChanServ sets mode: +v samueldmq19:17
*** fifieldt has joined #openstack-keystone19:18
*** maestropandy has joined #openstack-keystone19:19
*** maestropandy has left #openstack-keystone19:19
bretonguyses19:23
bretoni think i've mixed something up with trusts validation19:23
bretonbut not only me!19:23
bretonlbragstad: i can validate trust-scoped fernet tokens in v2.0 too!19:23
*** narengan has quit IRC19:24
*** KevinE has joined #openstack-keystone19:28
*** roxanaghe has quit IRC19:30
*** narengan has joined #openstack-keystone19:32
*** maestropandy1 has joined #openstack-keystone19:33
*** maestropandy1 has left #openstack-keystone19:33
*** adriant has quit IRC19:33
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add ec2 functional tests  https://review.openstack.org/35024519:34
*** jsavak has quit IRC19:36
*** jsavak has joined #openstack-keystone19:37
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007419:41
*** maestropandy has joined #openstack-keystone19:42
*** maestropandy has left #openstack-keystone19:47
stevemarbreton: trusts amirite19:49
stevemarbreton: what did you find?19:49
*** aastha has joined #openstack-keystone19:50
*** diazjf1 has quit IRC19:50
*** code-R has quit IRC19:56
*** jrist has joined #openstack-keystone19:58
*** diazjf has joined #openstack-keystone19:59
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331420:00
*** julim has quit IRC20:04
openstackgerritEric Brown proposed openstack/keystone: Improve domain configuration API docs  https://review.openstack.org/34859120:05
*** Guest53941 has quit IRC20:09
*** brancal has quit IRC20:14
*** roxanaghe has joined #openstack-keystone20:18
*** KevinE has quit IRC20:18
*** adrian_otto has quit IRC20:26
*** itisha has joined #openstack-keystone20:33
*** openstackgerrit_ has joined #openstack-keystone20:35
*** daemontool has joined #openstack-keystone20:35
*** openstackgerrit_ has quit IRC20:36
*** daemontool has quit IRC20:42
*** ametts has quit IRC20:44
*** tonytan4ever has quit IRC20:46
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331420:51
*** diazjf has quit IRC20:52
*** marekd2 has joined #openstack-keystone20:55
*** notmyname has quit IRC20:55
lbragstadbreton ?20:59
lbragstadbreton I'm working on a patch now to make uuid and fernet behave the same when it comes to trusts validation and v2.020:59
lbragstadbreton i'm running tests now20:59
*** marekd2 has quit IRC21:00
*** thumpba_ has quit IRC21:01
bretonlbragstad: how do they differ?21:02
*** diazjf has joined #openstack-keystone21:02
lbragstadbreton after doing a pile of digging21:02
lbragstadbreton I think something got changed in the refactor I did a while back to make fernet use the same path as uuid21:03
lbragstadbreton according to the original code, you should get a 403 Forbidden when trying to get a new scoped token with a trust scoped token21:03
lbragstadFernet wasn't honoring that21:03
bretonlbragstad: ok. should i be able to validate trust-scoped token now with fernet in 2.0?21:05
lbragstadbreton yep - i'm almost done.21:05
bretonlbragstad: no, i mean with master21:05
lbragstadbreton you shouldn't be https://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/token/providers/common.py#L83-L8621:06
*** narengan1 has joined #openstack-keystone21:18
*** narengan1 has quit IRC21:18
mfischstevemar: we're also hitting this bug in M21:18
mfischhttps://bugs.launchpad.net/keystone/+bug/160039321:18
openstackLaunchpad bug 1600393 in OpenStack Identity (keystone) "AttributeError: 'list' object has no attribute 'items'" [High,New]21:18
mfischdigging into logs today showed its happening occassionally21:18
brownemfisch:  oh good.  i'm not crazy then21:19
brownewe had to completely turn off the cache21:19
stevemarmfisch: damn, was hoping browne was crazy21:19
mfischwe're running a container built off mitaka yesterday21:19
*** code-R has joined #openstack-keystone21:19
mfischbrowne: middleware cache or keystone cache?21:19
brownelol21:19
brownethe global cache keystone setting21:20
bretonlbragstad: http://paste.openstack.org/show/545754/ the script21:20
*** pauloewerton has quit IRC21:20
mfischbrowne: and it goes away?21:20
*** narengan has quit IRC21:20
brownemfisch: we use stable/mitaka keystone with eventlet, memcache, fernet21:20
mfischmemcache fernet + docker/uwsgi21:20
brownemfisch: yep, it goes away. performance probably sucks now21:21
mfischgood thing mitaka is only in the lab21:21
*** diazjf has quit IRC21:21
jamielennoxmfisch: do you have any ideas where that's coming from yet?21:21
bretonlbragstad: "checking v3 token on v2"21:21
mfischsomeone is making a v3 API call, unsure who21:21
jamielennoxmfisch: i haven't gone a long way but i haven't been able to reproduce21:21
bretonlbragstad: fails with 40121:22
brownemfisch:  keep in mind that oslo.cache also has a bug in mitaka, you also have to set the driver to the cache no-op driver otherwise it doesn't really turn off21:22
mfischwe see calls from Swift21:22
mfischbrowne: have a link?21:22
mfischand also monasca21:22
lbragstadbreton hmm - strange because we have this in the tests... https://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/token/providers/common.py#L83-L8621:22
mfischjamielennox: its weird21:23
mfischit looks like the cache gets in a weird state21:23
*** vinsh has joined #openstack-keystone21:24
bretonlbragstad: the same behavior on uuid21:24
brownemfisch:  https://review.openstack.org/#/c/304688/21:24
patchbotbrowne: patch 304688 - oslo.cache - If caching is globally disabled force dogpile to u... (MERGED)21:24
bretonlbragstad: so now fernet behaves the same way as uuid21:24
jamielennoxyea, once its in cache it's really hard to figure out because it may be the result of a code update21:24
lbragstadbreton with what?21:25
bretonlbragstad: with trusts21:25
brownemfisch: jamielennox from what i observed, it seemed somehow related to v2 and v3 mixed with invalid caching.  seemed like many times it would get v2 data for a v3 request and vice versa.  i know i saw a v3 token with a v2 service catalog21:27
lbragstadbreton i mean with master?21:27
vinshbreton: ACK. following for mfisch. He stepped out for the day.21:27
bretonlbragstad: that's with master21:28
jamielennoxbrowne: yuk21:28
*** diazjf has joined #openstack-keystone21:28
lbragstadbreton that's confusing because the code specifically says to raise a 40121:28
lbragstadwhen validation trust scoped tokens against v2.021:28
brownebtw, our deployment is also two keystones using ha-proxy to load-balance if that matters21:28
vinshSame. haproxy here21:29
lbragstadbreton how does this pass? https://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/tests/unit/test_v3_auth.py#L119021:30
*** code-R_ has joined #openstack-keystone21:31
bretonlbragstad: it takes v3 token and tries to validate it on v2.021:33
bretonlbragstad: it fails for me too21:33
*** code-R has quit IRC21:33
lbragstadbreton so we *do* have a bug21:34
*** pnavarro has quit IRC21:34
bretonchecking v2 token on v221:36
breton20021:36
bretonchecking v2 token on v321:36
breton20021:36
bretonchecking v3 token on v221:36
breton40121:36
bretonchecking v3 token on v321:36
breton20021:36
bretonthat's fernet21:36
bretonthe same happens with uuid on master21:36
bretonis it a bug?21:36
lbragstadbreton I thought the original bug was that you couldn't validate a trust-scoped token on v2.0 period?21:37
bretonlbragstad: it seems that i was wrong on that one and that i actually can21:38
lbragstadbreton that's so weird - because we apparently have tests that explicitly test that we shouldn't be able to do that21:39
bretonlbragstad: for example? and what is "that"?21:39
lbragstadhttps://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/tests/unit/test_v3_auth.py#L119021:39
lbragstadwhich you were able to duplicate21:40
*** diazjf has quit IRC21:40
bretontest_v2_validate_trust_scoped_token == "checking v3 token on v2"21:40
bretonand it failes for me21:40
lbragstadhttps://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/tests/unit/test_auth.py#L133321:40
lbragstadbreton yep21:41
bretonok, i stopped understanding :)21:41
bretontest_v2_validate_trust_scoped_token checks that 401 is returned, and my test shows that 401 is returned indeed21:42
lbragstadyep - so that is consistent21:42
*** diazjf has joined #openstack-keystone21:43
bretontest_delete_trust_revokes_token is ... weird.21:43
lbragstadbreton yeah21:43
lbragstadbreton I want to rewrite that test because it's hardcoded to assert against a persistent token backend21:44
*** tonytan4ever has joined #openstack-keystone21:47
*** tonytan4ever has quit IRC21:52
*** markvoelker has quit IRC21:54
*** diazjf has quit IRC22:10
harlowjasoooo quick question, well probably not quick22:13
harlowjaif we have a IDP (SSO) that we use internally (called okta) and that is SAML compliant, then it should be pretty easy to plug keystone into using that (to act as the identiyy provider?)22:14
*** jsavak has quit IRC22:17
*** edmondsw has quit IRC22:17
lbragstadbreton i think https://github.com/openstack/keystone/blob/7a160c258917afb4194ec7c19a90ddec051c1e9c/keystone/tests/unit/test_v3_auth.py#L1190 raises an exception because the trustee isn't in the default domain22:18
*** jsavak has joined #openstack-keystone22:20
lbragstadbreton https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L70322:21
*** gordc has quit IRC22:22
*** jsavak has quit IRC22:23
openstackgerritEric Brown proposed openstack/keystone: Bump API version number and date  https://review.openstack.org/35028922:28
stevemarbrowne: you're the only one that remembers to bump that22:37
stevemarharlowja: "pretty easy" is relative22:38
stevemar:)22:38
harlowjastevemar sure ;)22:38
*** sdake has quit IRC22:40
stevemarharlowja: just a heads up though, setting up SSO is pretty do-able, but CLI stuff will be flakey until osc 3.0.022:40
harlowjakk22:40
harlowjamakes sense22:40
openstackgerritMerged openstack/keystoneauth: Improve authentication plugins documentation  https://review.openstack.org/34942322:43
*** ravelar159 has quit IRC22:45
*** david-lyle has quit IRC22:50
*** david-lyle has joined #openstack-keystone22:51
*** michauds has quit IRC22:52
*** spzala has quit IRC22:56
brownestevemar: haha, just stumbled onto that version by accident and happened to remember the other 3.7 change22:56
*** spzala has joined #openstack-keystone22:57
browneanyone here the maintainer of keystone's launchpad page (https://launchpad.net/keystone)?22:59
stevemarbrowne: i could try22:59
stevemarwhats up22:59
brownei noticed the Downloads link is out-dated.  still version 822:59
browneliberty, not mitaka22:59
bretonharlowja: yes23:00
*** slberger has left #openstack-keystone23:00
bretonharlowja: i configured keystone for okta and it worked great23:00
harlowjacool23:01
bretonharlowja: the only issue is that they don't have ecp23:01
harlowjawhats ecp?23:01
*** spzala has quit IRC23:01
bretonharlowja: so you won't be able to use federation with cli23:01
jmloweharlowja: isn't that the thingy that lets you get redirected to auth then redirect back?23:02
*** code-R_ has quit IRC23:02
harlowjaprob something like that :-P23:02
bretonyes, kinda that23:02
*** dave-mcc_ has quit IRC23:02
bretonbut for cli23:03
*** spedione is now known as spedione|AWAY23:03
*** julim has joined #openstack-keystone23:03
bretonalso in Okta you'll have to create custom attributes for users23:03
breton(or i haven't figured out how to use standard)23:04
harlowjacool, where u at breton ?23:04
harlowjamight be interesting to chat if u in the bay area :)23:05
*** vinsh has quit IRC23:05
*** ravelar159 has joined #openstack-keystone23:05
bretonharlowja: i am in Moscow, Russia23:05
harlowjaoh durn23:06
harlowjaha23:06
harlowjau should move, ha23:06
bretoni'd love to :)23:06
stevemarbrowne: no idea how to update it, just tried for 10 minutes23:07
stevemari gave up23:07
*** marekd2 has joined #openstack-keystone23:07
brownestevemar:  oh well, np23:07
stevemarharlowja: you'd have to fight dims if you steal away breton23:08
harlowjalol23:08
*** spzala has joined #openstack-keystone23:11
*** marekd2 has quit IRC23:12
*** ravelar159 has quit IRC23:12
*** sdake has joined #openstack-keystone23:15
*** ravelar159 has joined #openstack-keystone23:16
*** sdake_ has joined #openstack-keystone23:17
rodrigodsstevemar, harlowja did a lot of testing this week for federation23:19
rodrigodsbut some stuff in rodrigods.com, again23:19
rodrigodsput*23:19
*** sdake has quit IRC23:20
*** sdake_ is now known as sdake23:21
*** ravelar159 has quit IRC23:21
stevemarrodrigods: good, we need more testing of it :)23:21
rodrigodsstevemar, seems to work pretty well23:21
stevemarmaybe harlowja can create some nifty automation for it like he does with *literally everything*23:21
rodrigodsonly the ecp stuff in osc is a bit wonky23:22
rodrigodsstevemar, maybe we can have https://review.openstack.org/#/c/324769/ landing in O23:22
patchbotrodrigods: patch 324769 - keystone - WIP: Federated authentication via ECP functional t...23:22
stevemarrodrigods: that can land at any time23:34
rodrigodsstevemar, needs the devstack plugin23:35
* breton ducks23:35
bretondevstack plugin is almost ready too btw23:36
rodrigodsbreton, ++23:36
bretoni plan to tackle it this week23:36
rodrigodsbreton, what time is it in russia?23:36
rodrigodsis already late in Brazil23:36
bretonrodrigods: 02:36 am23:37
rodrigodsbreton, long day in the office? heh23:37
bretonrodrigods: 40+% of time i am keystoning from home :p23:37
rodrigodsbreton, ++23:39
*** sigmavirus is now known as sigmavirus_away23:41
*** bill_az has quit IRC23:44
*** Gorian_ has quit IRC23:47
*** ravelar159 has joined #openstack-keystone23:51
*** roxanaghe has quit IRC23:52
*** code-R has joined #openstack-keystone23:55
*** code-R_ has joined #openstack-keystone23:57
*** ravelar159 has quit IRC23:59
« Monday, 2016-08-01 Index Wednesday, 2016-08-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!