Thursday, 2017-01-12

*** spzala has joined #openstack-keystone		00:02
openstackgerrit	Gage Hugo proposed openstack/keystone: Allow user to change own expired password https://review.openstack.org/404022	00:20
*** ayoung has joined #openstack-keystone		00:25
*** ChanServ sets mode: +v ayoung		00:25
*** asettle has joined #openstack-keystone		00:35
*** asettle has quit IRC		00:38
*** asettle has joined #openstack-keystone		00:38
*** asettle has quit IRC		00:44
*** jamielennox is now known as jamielennox\|away		00:50
*** stewie925 has quit IRC		00:53
*** phalmos has joined #openstack-keystone		00:53
*** thorst_ has joined #openstack-keystone		00:53
*** thorst_ has quit IRC		00:58
*** hoangcx has joined #openstack-keystone		01:00
*** liujiong has joined #openstack-keystone		01:12
*** jose-phillips has quit IRC		01:15
*** thorst_ has joined #openstack-keystone		01:17
*** jamielennox\|away is now known as jamielennox		01:21
*** spzala has quit IRC		01:27
*** tqtran has quit IRC		01:30
*** browne has quit IRC		01:48
*** adrian_otto has quit IRC		01:53
*** phalmos has quit IRC		02:07
*** markvoelker has quit IRC		02:38
*** thorst_ has quit IRC		02:38
*** kjdeepthi has joined #openstack-keystone		02:39
*** thorst_ has joined #openstack-keystone		02:39
*** markvoelker_ has joined #openstack-keystone		02:41
*** thorst_ has quit IRC		02:43
*** spzala has joined #openstack-keystone		02:51
*** markvoelker_ has quit IRC		02:56
*** hoangcx_ has joined #openstack-keystone		03:10
*** hoangcx has quit IRC		03:10
*** hoangcx_ is now known as hoangcx		03:12
*** adrian_otto has joined #openstack-keystone		03:15
*** adrian_otto has quit IRC		03:15
*** adrian_otto has joined #openstack-keystone		03:16
*** adrian_otto has quit IRC		03:22
*** spzala has quit IRC		03:26
*** kjdeepthi has quit IRC		03:28
*** links has joined #openstack-keystone		03:39
*** markvoelker has joined #openstack-keystone		03:57
stevemar	crinkle_: guten morgen	04:00
stevemar	crinkle_: can you review https://review.openstack.org/#/c/390948/ again when you get a minute, i think it's finally oK?	04:01
stevemar	crinkle_: i thought i knew our LDAP code, turns out i didn't	04:01
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add anonymous bind to get_connection method https://review.openstack.org/407561	04:02
*** spzala has joined #openstack-keystone		04:08
*** nicolasbock has quit IRC		04:11
*** spzala has quit IRC		04:12
stevemar	gerrit is slow tonight	04:21
*** adrian_otto has joined #openstack-keystone		04:28
*** adrian_otto has quit IRC		04:28
*** adriant has quit IRC		04:47
*** dikonoor has joined #openstack-keystone		04:48
*** voelzmo has joined #openstack-keystone		05:07
*** voelzmo has quit IRC		05:11
*** sc68cal has quit IRC		05:18
*** sc68cal has joined #openstack-keystone		05:20
*** edtubill has joined #openstack-keystone		05:30
*** thorst_ has joined #openstack-keystone		05:40
*** thorst_ has quit IRC		05:44
openstackgerrit	Steve Martinelli proposed openstack/keystone: Fix keystone-manage mapping_engine tester https://review.openstack.org/418165	05:50
*** diazjf has joined #openstack-keystone		06:02
*** itisha has quit IRC		06:02
*** andrewbogott has quit IRC		06:04
*** andrewbogott has joined #openstack-keystone		06:04
*** diazjf has quit IRC		06:05
*** thorst_ has joined #openstack-keystone		06:40
*** lucas__ has joined #openstack-keystone		06:42
*** richm has quit IRC		06:43
*** thorst_ has quit IRC		06:45
*** hoangcx_ has joined #openstack-keystone		06:57
*** hoangcx has quit IRC		07:00
*** lucas__ has quit IRC		07:08
*** tesseract has joined #openstack-keystone		07:14
*** hoangcx has joined #openstack-keystone		07:49
*** hoangcx_ has quit IRC		07:51
*** chrome0 has quit IRC		08:05
*** chrome0 has joined #openstack-keystone		08:05
*** haplo37_ has quit IRC		08:05
*** guoshan has joined #openstack-keystone		08:08
*** haplo37_ has joined #openstack-keystone		08:09
*** aloga has quit IRC		08:12
*** aloga has joined #openstack-keystone		08:15
*** thorst_ has joined #openstack-keystone		08:41
*** thorst_ has quit IRC		08:46
*** zzzeek has quit IRC		09:00
*** zzzeek has joined #openstack-keystone		09:00
*** david-lyle has quit IRC		09:01
*** mvk has quit IRC		09:18
*** david-lyle has joined #openstack-keystone		09:24
*** aloga has quit IRC		09:37
*** aloga has joined #openstack-keystone		09:38
*** asettle has joined #openstack-keystone		09:41
*** aloga has quit IRC		09:50
*** aloga has joined #openstack-keystone		09:51
*** mvk has joined #openstack-keystone		09:51
*** liujiong has quit IRC		10:13
*** AlexeyAbashkin has joined #openstack-keystone		10:17
*** thiagolib has joined #openstack-keystone		10:22
*** hoangcx has quit IRC		10:27
*** mvk has quit IRC		10:36
*** thorst_ has joined #openstack-keystone		10:42
*** thorst_ has quit IRC		10:47
*** mvk has joined #openstack-keystone		10:48
*** stingaci has joined #openstack-keystone		10:50
*** guoshan has quit IRC		10:59
*** richm has joined #openstack-keystone		11:13
openstackgerrit	Xuepeng Ji proposed openstack/keystonemiddleware: Removes unnecessary utf-8 coding https://review.openstack.org/419420	11:18
*** nicolasbock has joined #openstack-keystone		11:34
*** crinkle_ is now known as crinkle		11:38
crinkle	stevemar: lgtm!	11:38
*** voelzmo has joined #openstack-keystone		11:41
*** voelzmo has quit IRC		11:47
*** voelzmo has joined #openstack-keystone		11:48
breton	crinkle: your reviews of that patch are super appreciated	11:50
*** voelzmo has quit IRC		11:52
*** masber has quit IRC		11:56
crinkle	breton: :)	11:58
*** guoshan has joined #openstack-keystone		11:59
*** voelzmo has joined #openstack-keystone		12:00
*** guoshan has quit IRC		12:04
*** voelzmo has quit IRC		12:05
*** links has quit IRC		12:13
*** dave-mccowan has joined #openstack-keystone		12:13
*** sheel has joined #openstack-keystone		12:19
*** voelzmo has joined #openstack-keystone		12:22
*** voelzmo has quit IRC		12:26
*** thorst_ has joined #openstack-keystone		12:46
openstackgerrit	Boris Bobrov proposed openstack/keystone: Drop type in filters https://review.openstack.org/419451	12:49
*** stingaci has quit IRC		12:50
openstackgerrit	Merged openstack/keystone: Set connection timeout for LDAP configuration https://review.openstack.org/390948	12:52
stevemar	crinkle: ty!	12:53
*** voelzmo has joined #openstack-keystone		12:54
*** voelzmo has quit IRC		12:58
*** dgonzalez has quit IRC		12:58
*** dgonzalez has joined #openstack-keystone		13:05
*** stingaci has joined #openstack-keystone		13:10
*** edmondsw has joined #openstack-keystone		13:10
*** stingaci has quit IRC		13:14
*** links has joined #openstack-keystone		13:25
*** jaugustine_ has quit IRC		13:41
*** voelzmo has joined #openstack-keystone		13:41
*** stingaci has joined #openstack-keystone		13:42
*** voelzmo has quit IRC		13:46
dstanek	good morning all	13:52
*** lamt has joined #openstack-keystone		13:58
*** AlexeyAbashkin has quit IRC		13:59
stevemar	dstanek: howdy partner	13:59
stevemar	dstanek: i just realized i haven't seen you and lbragstad in many months!	14:00
stevemar	i miss you guys <3	14:00
*** guoshan has joined #openstack-keystone		14:01
dstanek	stevemar: i miss you too steve	14:01
*** AlexeyAbashkin has joined #openstack-keystone		14:02
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Cascade delete federated_user fk https://review.openstack.org/415906	14:03
lbragstad	stevemar o/	14:05
*** guoshan has quit IRC		14:05
lbragstad	stevemar here's to ATL!	14:05
stevemar	lbragstad: here here!	14:06
*** jaugustine has joined #openstack-keystone		14:08
*** jaugustine has quit IRC		14:09
*** jaugustine has joined #openstack-keystone		14:10
*** jaugustine has quit IRC		14:14
*** nishaYadav has joined #openstack-keystone		14:18
*** lucas__ has joined #openstack-keystone		14:18
nishaYadav	o/	14:18
*** jperry has joined #openstack-keystone		14:29
*** phalmos has joined #openstack-keystone		14:29
*** phalmos has quit IRC		14:33
*** phalmos has joined #openstack-keystone		14:34
*** lucas__ has quit IRC		14:37
*** jaugustine has joined #openstack-keystone		14:39
*** AlexeyAbashkin has quit IRC		14:45
*** edtubill has quit IRC		14:46
*** dikonoor has quit IRC		14:48
*** stingaci has quit IRC		14:54
*** stingaci has joined #openstack-keystone		14:57
openstackgerrit	Merged openstack/keystone: Add anonymous bind to get_connection method https://review.openstack.org/407561	15:01
*** lamt has quit IRC		15:02
*** chlong has joined #openstack-keystone		15:03
*** lamt has joined #openstack-keystone		15:03
*** sheel has quit IRC		15:07
*** edtubill has joined #openstack-keystone		15:09
*** adrian_otto has joined #openstack-keystone		15:09
*** jdennis1 has joined #openstack-keystone		15:10
*** jdennis has quit IRC		15:12
*** jaugustine has quit IRC		15:12
openstackgerrit	Lance Bragstad proposed openstack/keystone: Implement shadow mapping https://review.openstack.org/415895	15:13
*** jaugustine has joined #openstack-keystone		15:13
lbragstad	samueldmq rodrigods rderose dstanek thanks for the reviews ^	15:14
lbragstad	latest comments have been addressed	15:14
dstanek	lbragstad: nice	15:14
lbragstad	dstanek did you have an idea of what/how you wanted to isolate that shadow_mapping method (it's not named that anymore, but...)	15:15
lbragstad	dstanek the convention for doing that in the plugins it to create internal methods for it	15:15
lbragstad	I have no idea why that is the convention though - the pattern seems backwards, but I lack the tribal knowledge on why they are that way	15:15
*** jperry has quit IRC		15:16
*** jperry has joined #openstack-keystone		15:16
*** nishaYadav has quit IRC		15:16
stevemar	fyi lbragstad + samueldmq + dstanek + others, i queued up a bunch of stable releases for keystone server + libs: https://review.openstack.org/#/q/project:openstack/releases+owner:stevemar+status:open	15:16
stevemar	turns out there were no backported fixes for middleware :)	15:16
lbragstad	stevemar sweet - I can review those today	15:17
*** jaugustine has quit IRC		15:17
lbragstad	stevemar ^ those are the proposed shas for the releases, they aren't waiting on stable branch changes to merge are they?	15:18
stevemar	lbragstad: meh, no biggie	15:18
stevemar	lbragstad: correct	15:18
lbragstad	stevemar so they are good to go whenever?	15:18
stevemar	lbragstad: pending the release teams approval, they may think i broke the rules :O	15:18
lbragstad	stevemar ?	15:19
stevemar	if i backported something that goes against backport policy	15:19
dstanek	stevemar: did you?	15:21
stevemar	dstanek: don't think so :)	15:22
*** jaosorior has joined #openstack-keystone		15:22
*** jaugustine has joined #openstack-keystone		15:25
*** adrian_otto has quit IRC		15:27
*** adrian_otto1 has joined #openstack-keystone		15:27
*** markvoelker has quit IRC		15:27
*** AlexeyAbashkin has joined #openstack-keystone		15:28
*** adrian_otto1 has quit IRC		15:30
*** chris_hultin\|AWA is now known as chris_hultin		15:38
*** nishaYadav has joined #openstack-keystone		15:41
*** stingaci has quit IRC		15:42
*** jperry has quit IRC		15:42
*** stingaci has joined #openstack-keystone		15:42
*** ravelar has joined #openstack-keystone		15:43
*** mvk has quit IRC		15:44
*** ayoung has quit IRC		15:45
*** lucas__ has joined #openstack-keystone		15:46
*** lucas__ has quit IRC		15:48
*** adrian_otto has joined #openstack-keystone		15:50
*** lucas__ has joined #openstack-keystone		15:50
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Cascade delete federated_user fk https://review.openstack.org/415906	15:50
*** ayoung has joined #openstack-keystone		15:50
*** ChanServ sets mode: +v ayoung		15:50
*** adrian_otto has quit IRC		15:51
rderose	stevemar: around?	15:52
*** adrian_otto has joined #openstack-keystone		15:52
*** spzala has joined #openstack-keystone		15:52
*** markvoelker has joined #openstack-keystone		15:52
*** pcaruana has joined #openstack-keystone		15:58
*** jaugustine has quit IRC		16:09
*** jaugustine has joined #openstack-keystone		16:09
*** jaugustine has quit IRC		16:14
knikolla	o/	16:18
lbragstad	dstanek about your comment on shadow mapping and the exceptions not consistently have punctuation (or a lack of convention), I feel like that's something we should open a LHF bug for	16:21
lbragstad	dstanek since it does (ever to slightly) affect useres	16:21
lbragstad	users*	16:21
*** AlexeyAbashkin has quit IRC		16:27
*** adrian_otto1 has joined #openstack-keystone		16:32
*** adrian_otto has quit IRC		16:32
dstanek	lbragstad: sure. it was just commentary, I wasn't expecting a fix for it just yet.	16:33
*** raildo has joined #openstack-keystone		16:37
lbragstad	dstanek sweet - done https://bugs.launchpad.net/keystone/+bug/1656026	16:37
openstack	Launchpad bug 1656026 in OpenStack Identity (keystone) "Exception don't follow a punctuation convention" [Undecided,New]	16:37
*** links has quit IRC		16:37
*** jaugustine has joined #openstack-keystone		16:37
*** nishaYadav has quit IRC		16:43
dstanek	lbragstad: thanks	16:51
*** chlong has quit IRC		16:52
lbragstad	dstanek that'd be a good one for someone to pick up this Friday ^	16:53
*** jperry has joined #openstack-keystone		16:55
*** adu has quit IRC		16:59
*** spzala has quit IRC		17:01
*** jaugustine has quit IRC		17:03
*** jaugustine has joined #openstack-keystone		17:04
*** ravelar1 has joined #openstack-keystone		17:06
bknudson	are exception messages part of the public API contract?	17:07
*** ravelar has quit IRC		17:07
lbragstad	bknudson i was just thinking about that	17:07
*** xek has quit IRC		17:07
*** xek has joined #openstack-keystone		17:08
lbragstad	bknudson that's a good question - I would say the response codes are, but I don't know if I would consider the actual message text to be	17:08
*** jaugustine has quit IRC		17:08
bknudson	response codes are useless since different errors / problems can lead to the same response code.	17:09
lbragstad	I suppose we could implement a convention across exception messages saying it's an improvement to existing information	17:09
* lbragstad shrug		17:09
*** medberry has quit IRC		17:10
*** sheel has joined #openstack-keystone		17:10
*** aloga has quit IRC		17:12
*** aloga has joined #openstack-keystone		17:12
*** browne has joined #openstack-keystone		17:13
*** diazjf has joined #openstack-keystone		17:13
*** med_ has joined #openstack-keystone		17:14
stevemar	bknudson: lbragstad the type of exception and the number should be part of the public API, but the message -- that probably goes too far	17:14
*** med_ is now known as Guest87783		17:14
bknudson	type?	17:14
*** edtubill has quit IRC		17:15
*** adu has joined #openstack-keystone		17:16
dstanek	lunch time!	17:20
stevemar	bknudson: UserNotFound vs GroupNotFound vs NotFound ?	17:21
*** portdirect is now known as portdirect_eatin		17:21
rodrigods	stevemar, how the exception is exposed via the API?	17:21
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implement shadow mapping https://review.openstack.org/415895	17:22
rodrigods	lbragstad, ^ fixed pep8	17:22
stevemar	rodrigods: yeah, sorta	17:22
*** chlong has joined #openstack-keystone		17:26
*** stingaci has quit IRC		17:27
*** ravelar1 has quit IRC		17:43
*** lucas__ has quit IRC		17:49
*** lucas__ has joined #openstack-keystone		17:50
*** lucas__ has quit IRC		17:54
*** lucas__ has joined #openstack-keystone		17:55
*** phalmos_ has joined #openstack-keystone		17:57
*** jose-phillips has joined #openstack-keystone		17:58
*** diazjf has quit IRC		17:58
*** AlexeyAbashkin has joined #openstack-keystone		17:59
*** lucas__ has quit IRC		18:00
*** phalmos has quit IRC		18:00
*** jaugustine has joined #openstack-keystone		18:01
lbragstad	stevemar so do you think we can change the exception messages or no?	18:04
*** mvk has joined #openstack-keystone		18:09
*** ravelar1 has joined #openstack-keystone		18:10
rodrigods	lbragstad, IMHO, we can ^	18:14
*** arunkant has quit IRC		18:15
*** jaugustine has quit IRC		18:18
*** jaugustine has joined #openstack-keystone		18:19
*** chlong has quit IRC		18:19
*** jaugustine has quit IRC		18:23
morgan	lbragstad: which excreption message?	18:29
morgan	it is fine to update exception messages unless we explicitly make them a contract	18:30
ayoung	lbragstad, text is internationalized. It may vary depedning on the local value of the caller	18:30
morgan	as long as we don't violate the status code api contract guidelines	18:30
ayoung	SamYaple, can you give me the link to that docker container again?	18:31
morgan	if we are looking to standardize some part of the exception string we should look at using an error-code (not http status)	18:31
morgan	and look to encode that number separate from the i18n bits	18:31
morgan	so it's consistent	18:31
ayoung	https://github.com/yaodu/docker-keystone/tree/master/dockerfiles got it	18:31
SamYaple	ayoung: https://hub.docker.com/r/yaodu/keystone/ https://github.com/yaodu/docker-keystone	18:31
SamYaple	++	18:31
morgan	SamYaple: ooooh	18:31
morgan	nifty	18:31
*** portdirect_eatin is now known as portdirect		18:32
ayoung	SamYaple, ok, would you expect me to be able to build and deploy that on F25? I assume so...about to try...	18:32
portdirect	o/	18:32
morgan	ayoung: i need to bug you about F25 questions when you have a few minutes (can be tomorrow or later)	18:32
*** chlong has joined #openstack-keystone		18:32
ayoung	morgan, anytime	18:32
SamYaple	ayoung: yea portdirect was looking into adding F25	18:32
portdirect	ayoung: I made a f25 version - need to get it back up	18:32
morgan	ayoung: i'm running into some oddities but it's not work related (it's desktop) so when you're not doing docker/work things	18:32
ayoung	SamYaple, but that continaer is a debian, and I should be able to build and deploy it on F25, right?	18:33
ayoung	morgan, You need Ajax	18:33
portdirect	no probs :)	18:33
portdirect	thats what I'm doing atm	18:33
ayoung	portdirect, that would be awesome!	18:33
*** openstackgerrit has quit IRC		18:33
SamYaple	ayoung: correct. right now we have debian, ubuntu, centos. all should work on all distros	18:33
SamYaple	but sticking with the distro you have I feel will be the best for compat	18:33
portdirect	ayoung: should have it up in about 3 hours (on dockerhub as well)	18:34
morgan	ayoung: docker container (regardless of the container's internal runtime) should work on any distro as long as the dockerfile is not crazy	18:34
*** pcaruana has quit IRC		18:34
SamYaple	morgan: well, then we get to libvirt and openvsiwtch and that statment doesnt hold as true	18:34
morgan	and i trust SamYaple and portdirect to not have insane dockerfiles	18:34
ayoung	now, these run without MySQL ATM, right?	18:34
ayoung	they are just the containers, but do they have running keystone instances in them>	18:34
SamYaple	morgan: any _unprivileged_ container should work. past that you might be in trouble	18:34
ayoung	?	18:34
morgan	SamYaple: somewhat. i mean. there are tools around that	18:34
SamYaple	morgan: agreed	18:34
morgan	SamYaple: but yeah... unpriv and in this case this is unpriv for sure.	18:35
portdirect	ayoung: these dont have any config in them	18:35
morgan	if it isn't.. omg	18:35
morgan	:P	18:35
morgan	^_^	18:35
SamYaple	ayoung: the libs exist inside the contaienr. deployment tools can drop configs using mysql. i do not have an AIO entrypoint.sh script added yet	18:35
SamYaple	that entrypoint script will be a basic AIO type setup, where you can point it to a DB. not meant for production	18:36
ayoung	SamYaple, its ok, just trying to get the state of things. I acutally want it for development, and want to run the non-apache server way anyway	18:36
portdirect	ayoung: but ive been running them on https://github.com/att-comdev/openstack-helm as replacements for the existing images	18:36
SamYaple	ayoung: well i added ref patches, so you can build these contaienrs with patches now.	18:36
morgan	ayoung: uwsgi? vs apache?	18:36
morgan	ayoung: or similar?	18:36
ayoung	morgan, yeah, potentially with breakpoints etc	18:36
SamYaple	can you run uwsgi direct without apache/nginx?	18:37
morgan	ayoung: ah then not uwisgi	18:37
morgan	you want wsgiref	18:37
morgan	SamYaple: yes.	18:37
ayoung	ah, yeah, just the wsgi container	18:37
morgan	SamYaple: it has an HTTP mode	18:37
SamYaple	nice. was unawares	18:37
morgan	ayoung: yeah use wsgiref - it will play better with breakpoints, no cython magic	18:37
morgan	also will be single worker (iirc)	18:38
lbragstad	ayoung morgan ack	18:38
lbragstad	(sorry was grabbing food quick)	18:38
morgan	lbragstad: ftr, i have long advocated we should have a series of actual error codes	18:38
morgan	independent of http status	18:38
ayoung	SamYaple, http://docs.openstack.org/developer/keystone/devref/development_best_practices.html#running-keystone	18:38
morgan	for where we want to pass consistent information back down	18:38
portdirect	ayoung: I could get us to support that no problem	18:38
SamYaple	got it ayoung. i don't think uwsgi exists in the containers, but im going to add that now since its recommended	18:39
ayoung	portdirect, I'd rather figure it out myself.	18:39
SamYaple	and uwsgi is tiny	18:39
portdirect	roger :)	18:39
morgan	uwsgi is also damn good.	18:39
morgan	i wish we could gunicorn too, but oslo.config gets in the way :(	18:39
ayoung	Ah...if it is not in there, they yeah, please add.	18:39
SamYaple	it doesnt do federation though, right?	18:39
morgan	uwsgi cannot do federation	18:39
SamYaple	right. thats what i was thinking of then. tis why im still on apache2	18:40
morgan	you need nginx+<module for federation> or apache+module	18:40
morgan	there has been work to support saml natively in keystone	18:40
morgan	but i am going to claim that is not baked/ready/inplace/coded/etc	18:40
ayoung	SamYaple, what protocols do you need for Federation?	18:40
portdirect	ayoung: I'm using saml2 atm	18:40
SamYaple	ayoung: me _personally_, saml	18:41
morgan	but basically the web servers provide those modules, and uswsgi runs keystone - so you can restart keystone w/o needing to bounce apache (etc).	18:41
morgan	ayoung: most folks use SAML2 since we pushed so hard for it	18:41
SamYaple	morgan: in a container thats less of an issue (bounce container), but i get it	18:41
morgan	ayoung: which is a good thing.	18:41
portdirect	though we wish to use OpenIDC as well moving forward	18:41
morgan	SamYaple: well it matters a lot more if you are looking to do graceful restarts etc	18:41
ayoung	SamYaple, Yeah, I really want to split Keystone into multiple containers, one per IdP/protocol, so you can change them without affecting the rest of the world.	18:42
morgan	SamYaple: even with a container, telling uwsgi to reload is better than leaning on apache to manage the wsgi and other stuff (mod_wsgi is not great and also not py3 friendly really)	18:42
dstanek	i've got a todo to deliver middleware that implement SAML2 (a subset) for this cycle	18:42
morgan	dstanek: ++	18:42
dstanek	portdirect: i'm also looking at oidc as i do my work	18:42
morgan	dstanek: so... a couple 2-3 cycles and it'll be really ready, but likely early UAT like stuff this cycle.	18:42
morgan	?	18:43
ayoung	it should be something like $OS_AUTH_URL=https://saml2.myidp.com/	18:43
portdirect	dstanek: great it would be really usefull for the k8s work im doing	18:43
ayoung	prolly with a keystone or something in there, too	18:43
ayoung	it should be something like $OS_AUTH_URL=https://saml2.myidp.keystone.mycloud.com/	18:43
dstanek	morgan: basically. we'll probably never support everything	18:43
morgan	dstanek: "everything" isn't my goal, just knowing when we have core support for <protocol discussed>	18:44
morgan	i figure there is usually a cycle lag from when code lands to "really ready"	18:44
dstanek	morgan: yup, the plan is to get the most common things working with shibboleth and then take feature requests later	18:45
SamYaple	morgan: agreed on all accounts. I will switch to uwsgi with saml support for sure. not a big apache fan	18:45
dstanek	morgan: yeah, we'll need early adopters for sure	18:45
dstanek	SamYaple: the shib module for nginx worked ok in my mini tests	18:45
morgan	SamYaple: well you can offload only the shib work in nginx and passthrough the rest to uwsgi (more easily than in apache)	18:46
morgan	in fact, that is what i would run keystone under at this point	18:46
morgan	uwsgi backend(s), nginx+binary_uwsgi_protocol+federation and then probably some HAProxy or similar at the edge.	18:47
*** openstackgerrit has joined #openstack-keystone		18:47
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Add domain_id to the user table https://review.openstack.org/409874	18:47
morgan	and i would run it on 443/80	18:48
morgan	rderose: ^ nice	18:48
rderose	morgan: thanks :)	18:48
morgan	rderose: going to bug you for some reviews of the auth changes for per-user mfa soonish.	18:48
morgan	rderose: since you've been digging around in identity magic stuff	18:49
morgan	and we're changing the sql backend to do more ORM cross table loading	18:49
*** stingaci has joined #openstack-keystone		18:50
rderose	morgan: sounds good	18:50
*** tesseract has quit IRC		18:51
stevemar	o/	18:51
*** tqtran has joined #openstack-keystone		18:51
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - Add domain_id to the user table https://review.openstack.org/409874	18:52
openstackgerrit	Morgan Fainberg proposed openstack/keystone-specs: Update per-user-MFA spec to represent new db table not column https://review.openstack.org/419607	18:54
rodrigods	stevemar, do we have the auth plugins names documented anywhere?	18:55
*** stingaci has quit IRC		18:55
*** lucas__ has joined #openstack-keystone		18:55
stevemar	rodrigods: http://docs.openstack.org/developer/keystoneauth/plugin-options.html	18:55
stevemar	like that?	18:55
stevemar	look for "Available Plugins"	18:55
*** AlexeyAbashkin has quit IRC		18:55
stevemar	or you mean from the keystone side?	18:55
stevemar	not keystoneauth...	18:55
rodrigods	stevemar, keystoneauth... was exactly that! :)	18:56
rodrigods	this is new, right?	18:56
stevemar	rodrigods: merged yesterday	18:56
morgan	in ksa it's also listed in the entrypoints (not strictly docs)	18:56
rodrigods	lol	18:56
rodrigods	morgan, yeah, that's how i usually did in the past	18:56
morgan	hmm.	18:58
*** AlexeyAbashkin has joined #openstack-keystone		18:59
*** vern has quit IRC		18:59
ayoung	since I'm in a designing mode, to get a token should be like this	19:00
ayoung	it should be something like $OS_AUTH_URL=https://saml2.myidp.keystone.mycloud.com/domain/<domid>/project/<projectid>	19:00
ayoung	to list the projects you have access to would be	19:01
ayoung	it should be something like $OS_AUTH_URL=https://saml2.myidp.keystone.mycloud.com/projects	19:01
ayoung	it should be something like $OS_AUTH_URL=https://saml2.myidp.keystone.mycloud.com/domains would list the domains in which you have projects assigned	19:01
ayoung	man, I miss REST	19:01
*** AlexeyAbashkin has quit IRC		19:01
morgan	ayoung, bknudson, stevemar, dstanek: I'm looking at the auth paths. Most of the time the user object is loaded by the auth plugins themselves (for obvious reasons). There isn't a big concern on timing attacks and such (leak of information) based upon the fact that the MFA data will return actual information such as "insufficient auth methods" if not enough	19:03
morgan	methods are supplied. I could probably invert it but it gets a bit wonky based upon the need to do work for "external" plugins	19:03
morgan	(this is in "keystone" server fwiw)	19:03
morgan	I see some minor changes needed such as holding errors for authentication until after all methods are processed... but thats nbd on the change front	19:03
ayoung	morgan, I still read mfa as Museum of Fine Art	19:04
*** guoshan has joined #openstack-keystone		19:05
morgan	ayoung: as you should	19:06
*** stingaci has joined #openstack-keystone		19:06
ayoung	SamYaple, no pip inside the container?	19:06
morgan	ayoung: oh wow. i just found a bug in our auth system	19:07
ayoung	morgan, put that back. I was saving that.	19:08
morgan	ayoung: if something is improperly configured, and you specify say "password" and "external" -- whichever the last plugin that runs dictates the user_id in auth_context	19:08
morgan	we blindly overrwrite the auth_context.user_id	19:08
morgan	each method we validate	19:08
SamYaple	ayoung: we remove it in cleanup. id be open to leaving it in for use with 'FROM yaodu/keystone'	19:08
ayoung	morgan, yep	19:08
morgan	(not exploitable externally short of bad config, hence why i said it here)	19:09
morgan	but... ick	19:09
ayoung	SamYaple, nah, that is OK, I just need to add uwsgi to my build....	19:09
morgan	that is not good(tm)	19:09
* morgan goes and opens a bug for hardening and will fix at the same time		19:09
*** guoshan has quit IRC		19:10
stevemar	morgan: are you surprised we have half-baked code :)	19:12
morgan	stevemar: no.	19:12
morgan	stevemar: but... this is old code	19:13
morgan	i'm surprised no one has hit this / noticed it before	19:13
stevemar	morgan: we've never had reason to try 2 auth methods at once	19:14
*** spzala has joined #openstack-keystone		19:14
*** spzala has quit IRC		19:14
openstackgerrit	Samuel Pilla proposed openstack/keystone: Add password expiration queries for PCI-DSS https://review.openstack.org/403898	19:15
*** spzala has joined #openstack-keystone		19:15
morgan	stevemar: except we have always supported it :P	19:16
morgan	stevemar: please look and confirm https://bugs.launchpad.net/keystone/+bug/1656076	19:17
openstack	Launchpad bug 1656076 in OpenStack Identity (keystone) "The keystone server auth pluigin methods could mismatch user_id in auth_context" [Undecided,New]	19:17
morgan	stevemar: i've marked it security public. looks like a Class "D" to me. (bug with security implications)	19:17
morgan	stevemar: and i think that should be fixed for sure in Ocata, so i'll submit the fix ahead of the MFA work patches	19:17
morgan	it is also likely something we might want to consider as a low importance backport. so it doesn't bite anyone who has multiple plugins configured	19:18
openstackgerrit	Merged openstack/keystone-specs: Update per-user-MFA spec to represent new db table not column https://review.openstack.org/419607	19:18
*** jaugustine has joined #openstack-keystone		19:19
*** diazjf has joined #openstack-keystone		19:21
*** jaugustine has quit IRC		19:25
*** nicolasbock has quit IRC		19:28
*** nicolasbock has joined #openstack-keystone		19:31
*** edtubill has joined #openstack-keystone		19:40
*** chlong has quit IRC		19:41
openstackgerrit	Lance Bragstad proposed openstack/keystone: Implement shadow mapping https://review.openstack.org/415895	19:45
*** gyee has joined #openstack-keystone		19:45
*** chlong has joined #openstack-keystone		19:57
lbragstad	do we have a keystone+horizon meeting today?	20:04
-openstackstatus- NOTICE: Gerrit will be offline between now and 20:30 for scheduled maintenance: http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html		20:08
*** ChanServ changes topic to "Gerrit will be offline between now and 20:30 for scheduled maintenance: http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html"		20:08
edtubill	was the keystone+horizon meeting cancelled?	20:10
david-lyle	not sure	20:10
lbragstad	ping stevemar ^	20:15
lbragstad	david-lyle edtubill I didn't see a note about a cancellation (but I could have missed it)	20:15
robcresswell	Shouldn't be. I think richard is around this week, but not next or last	20:16
dstanek	i'm just waiting for it to start if it's still on	20:16
*** adrian_otto1 has quit IRC		20:17
*** jaugustine has joined #openstack-keystone		20:22
*** ravelar1 has quit IRC		20:22
ayoung	SamYaple, raise Exception("you need a C compiler to build uWSGI")	20:22
ayoung	Exception: you need a C compiler to build uWSGI	20:22
ayoung	might be tough to do inside the venv	20:23
SamYaple	ayoung: images are almost dont gating	20:24
SamYaple	ayoung: wont be a problem in a moment	20:24
SamYaple	you need to install gcc, which you dont want to do	20:24
ayoung	SamYaple, excellent	20:24
*** stingaci has quit IRC		20:25
ayoung	SamYaple, I'm building the image myself. Are your changes in the git repo?	20:26
*** jaugustine has quit IRC		20:26
SamYaple	ayoung: the changes are in yaodu/openstack-requirements, but that image is still building in the dockerhub cloud, which is not fast	20:27
*** adu has quit IRC		20:27
SamYaple	but if you build openstack-requirements, you can then build with this PR https://github.com/yaodu/docker-keystone/pull/19	20:28
SamYaple	the changes should all be in the images in dockerhub in ~30m	20:28
*** jaugustine has joined #openstack-keystone		20:32
-openstackstatus- NOTICE: Updated: Gerrit will be offline until 20:45 for scheduled maintenance (running longer than anticipated): http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html		20:33
*** ChanServ changes topic to "Updated: Gerrit will be offline until 20:45 for scheduled maintenance (running longer than anticipated): http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html"		20:33
*** jrist has quit IRC		20:33
*** itisha has joined #openstack-keystone		20:35
*** stingaci has joined #openstack-keystone		20:41
*** spzala has quit IRC		20:41
*** chlong has quit IRC		20:44
*** AlexeyAbashkin has joined #openstack-keystone		20:44
*** jrist has joined #openstack-keystone		20:47
*** ravelar has joined #openstack-keystone		20:47
*** agrebennikov has joined #openstack-keystone		20:49
*** adriant has joined #openstack-keystone		20:51
*** d0ugal has quit IRC		20:52
*** ChanServ changes topic to "Meeting Agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Ocata goals: https://docs.google.com/spreadsheets/d/156q820cXcEc8Y9YWQgoc_hyOm3AZ2jtMQM3zdDhwGFU/edit?usp=sharing"		20:53
*** d0ugal has joined #openstack-keystone		20:54
*** d0ugal has quit IRC		20:54
*** d0ugal has joined #openstack-keystone		20:54
stevemar	edtubill: david-lyle lbragstad bah, i forgot about the meeting	20:54
*** stingaci has quit IRC		20:57
*** chlong has joined #openstack-keystone		20:58
*** AlexeyAbashkin has quit IRC		20:59
SamYaple	ayoung: /win 26	21:00
*** stingaci has joined #openstack-keystone		21:01
*** david-lyle has quit IRC		21:01
*** stingaci has quit IRC		21:01
dstanek	stevemar: boo	21:01
dstanek	:-)	21:01
*** stingaci has joined #openstack-keystone		21:01
*** r1chardj0n3s has joined #openstack-keystone		21:02
*** david-lyle has joined #openstack-keystone		21:02
stevemar	dstanek: o/	21:03
*** d0ugal has quit IRC		21:03
dstanek	stevemar: i forgot too. i was busy reviewing a word doc and realized 15 mins late that i was missing it	21:04
*** chlong has quit IRC		21:04
*** browne has quit IRC		21:05
*** diazjf has quit IRC		21:05
*** stingaci has quit IRC		21:05
*** thiagolib has quit IRC		21:08
SamYaple	ayoung: yaodu/keystone patch has passed gate and is committed. images in dockerhub will take ~30m to build and push out (its really slow atm). but you can build it successfully locally	21:08
ayoung	SamYaple, building now anyway...cuz I live on the edge	21:09
ayoung	first I had to clean up some old messes	21:09
ayoung	docker rm `docker ps --all \| awk ' $1 !~ /CONTAINER/ {print $1}' `	21:09
*** adrian_otto has joined #openstack-keystone		21:10
ayoung	SamYaple, I still find it hard to accept that I should run a container, and then run a virtualenv inside that container.	21:11
SamYaple	ayoung: make sure yo `docker rm -v $(images)` to remove the volumes that would be orphaned too	21:11
ayoung	SamYaple, ah, good point	21:11
ayoung	SamYaple, shouild I see a uwsgi executable in there?	21:12
ayoung	docker run -i -t yaodu/keystone:latest bash	21:12
ayoung	. ./virtualenv/bin/activate	21:12
ayoung	bash: uwsgi: command not found	21:12
SamYaple	you dont need to active the venv for starters (its in your PATH already)	21:13
SamYaple	but its not in dockerhub yet, the PR built and passed, now that its committed its building the image _again_	21:13
SamYaple	that will be tagged	21:13
SamYaple	but if you clone yaodu/keystone and build locally, it should be there	21:14
SamYaple	its unfortunate that the hub is slow :/ but im working on fixing that	21:15
ayoung	SamYaple, that is what I did.	21:15
SamYaple	`docker run -i -t yaodu/keystone:latest bash` looks like youre pulling the dockerhub image maybe?	21:16
SamYaple	but ive just tested it locally and it worked	21:16
SamYaple	(rebuilt on master)	21:16
edtubill	Hi, can someone help me figure out what's wrong with my federated environment? I can log into horizon using federation but any action seems to result in an invalid token (in the keystone logs).	21:17
SamYaple	ayoung: http://paste.openstack.org/show/594771/	21:17
edtubill	Does anyone have any ideas where I can start debugging this?	21:17
*** spzala has joined #openstack-keystone		21:18
ayoung	edtubill, you probably have an unscoped token, but no project assignments	21:18
lbragstad	edtubill do you have your federated groups and group assignments setup?	21:18
*** chlong has joined #openstack-keystone		21:18
*** openstackgerrit has quit IRC		21:18
ayoung	lbragstad, wouldn't he get the "no projects for user" thing then?	21:18
edtubill	ayoung,lbragstad: I have the group assignments and mappings setup.	21:18
portdirect	ayoung: I've also just built from master - and pushed to my own repo - if you are still having difficulty before the image gets into docker hub then you can try: docker.io/port/keystone:centos	21:18
ayoung	SamYaple, I hadn't rebased	21:19
lbragstad	ayoung oh - sure.. .yeah you're probably write	21:19
ayoung	just did, saw your commit	21:19
lbragstad	s/write/right/	21:19
ayoung	lbragstad, no you were write the first time	21:19
SamYaple	ayoung: ++	21:19
edtubill	ayoung: lbragstad: I see 'user ... has no access to project ...' in the keystone logs.	21:20
ayoung	SamYaple, I thought they were supposed to come in via the openstack-dependences, which I have to admit now makes no sense	21:20
lbragstad	hmm - i would double check that the federated group you have setup actually has role assignments on the projects you want to work on	21:20
ayoung	edtubill, sounds like you need to map the user to a group, and give the group a role assignemnt. You know how to do that	21:20
*** phalmos has joined #openstack-keystone		21:21
SamYaple	ayoung: ah yea. the build is interesting, because there is no build tools in keystone container ever. we pull built wheels from a layer in yaodu/openstack-requirements	21:21
*** phalmos_ has quit IRC		21:21
SamYaple	ayoung: it allows for the quick builds and small images	21:21
*** diazjf has joined #openstack-keystone		21:21
edtubill	ayoung: lbragstad: Yeah the group has a role on the project. and the user gets mapped to the group. I feel like somehow the mapping auth method doesn't get used or something.	21:22
lbragstad	edtubill are you able to get an unscoped token manually from keystone using cURL?	21:23
ayoung	edtubill, you can always hack the code and throw in an rpdb to trace what actually happens	21:23
ayoung	I have to admit I do that far more often than I should	21:24
SamYaple	+2 for rpdb. love that method of debugging	21:24
ayoung	edtubill, https://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/	21:25
edtubill	lbragstad: ayoung: so I've been using rpdb and it appears that I get a unscoped token and also a scoped token but when that token gets validated on keystone (by nova or something), keystone sees that the user has no roles.	21:25
lbragstad	edtubill if you are able to get an unscoped token, I would try to get a list of projects you have access to	21:25
ayoung	edtubill, that does not make sense. A scoped token has to have roles.	21:25
lbragstad	hm	21:25
ayoung	can you see the token response somewhere?	21:25
lbragstad	edtubill what's the response look like?	21:25
* ayoung wishes we could depend on ecp		21:26
lbragstad	edtubill and can you validate the token manually against keystone?	21:26
edtubill	lbragstad: hmm, I see the invalid token id in the mysql table if that helps....	21:27
*** browne has joined #openstack-keystone		21:27
lbragstad	edtubill in the keystone.revocation_event table?	21:27
ayoung	SamYaple, its there now. THanks	21:28
edtubill	ayoung, let me get back to you with some more responses. I think I can't do curl requests because my IDP doesn't support ECP. (so I'll have to switch to shibtest or something)	21:28
edtubill	lbragstad: I see the token in the token table.	21:29
lbragstad	edtubill ah - you're using UUID	21:29
lbragstad	gotcha	21:29
edtubill	lbragstad: yup I think so.	21:29
lbragstad	ok - since we in the realm of tokens and revocation events, do you have anything in your revocation_event table?	21:29
lbragstad	or is that empty	21:29
lbragstad	?	21:29
*** jose-phillips has quit IRC		21:30
edtubill	lbragstad: it seems to be empty.	21:31
lbragstad	edtubill ok - good deal	21:31
lbragstad	i didn't assume there to be anything in there, but wanted to double check	21:32
lbragstad	edtubill is this a devstack installation?	21:32
edtubill	lbragstad: yeah	21:32
lbragstad	master?	21:32
edtubill	lbragstad: yup	21:33
lbragstad	what's acting as the IdP/	21:33
lbragstad	another keystone?	21:33
lbragstad	or something else?	21:33
*** jose-phillips has joined #openstack-keystone		21:33
edtubill	I'm using Auth0 but I get the same results when I set it up for K2K.	21:33
lbragstad	hmm	21:33
*** lucas__ has quit IRC		21:34
edtubill	lbragstad: I feel like I'm setting up something wrong with the auth methods or something. I can log in but can't do any actions.	21:34
lbragstad	edtubill the interesting part that throws me for a loop is that you are able to get an unscoped and eventually a scoped, token	21:35
lbragstad	which leads me to think that you've setup your authentication methods properly	21:35
edtubill	lbragstad: let me debug django_openstack_auth again and make sure I get a proper scoped token. brb	21:36
lbragstad	(by I could be wrong - I'd probably differ to dstanek or rodrigods for more help)	21:36
lbragstad	edtubill ok	21:36
edtubill	ok sure thing, but thanks for the help lbragstad and ayoung.	21:36
lbragstad	edtubill anytime - i'm curious about what you find	21:36
*** ravelar has quit IRC		21:37
*** openstackgerrit has joined #openstack-keystone		21:45
openstackgerrit	Gage Hugo proposed openstack/keystone: Removed old 'Driver' reference from token init https://review.openstack.org/419663	21:45
*** phalmos has quit IRC		21:46
*** sheel has quit IRC		21:47
stevemar	do we have a list of bugs we're looking at for the office hours?	21:51
stevemar	or an etherpad?	21:51
*** phalmos has joined #openstack-keystone		21:53
lbragstad	stevemar we don't	21:54
lbragstad	I wasn't sure if it would be worth it to duplicate it	21:54
stevemar	lbragstad: s'all good, we can use my google doc	21:54
lbragstad	I figured we'd just use the list you've started	21:54
lbragstad	stevemar yes - exactly	21:54
*** spzala has quit IRC		21:54
openstackgerrit	Gage Hugo proposed openstack/keystone: Changed 'Driver' reference to 'TokenDriverBase' https://review.openstack.org/419663	21:54
lbragstad	stevemar dstanek also had some pretty awesome tooling setup to make it so that we could track all the activity on Friday - which would save us a lot of time	21:55
stevemar	lbragstad: i'd love to get the k2k one, and the ldap and upgrade bugs fixed for ocata	21:55
lbragstad	and make things way easier to understand	21:55
stevemar	++	21:55
gagehugo	lbragstad: thanks for the quick review	21:55
lbragstad	gagehugo thanks for the quick turn around	21:56
gagehugo	:)	21:56
gagehugo	wanted to get this bug done last friday but things keep distracting me	21:56
lbragstad	gagehugo that happens	21:57
stevemar	gagehugo: being ptl is week after week of distractions	21:57
lbragstad	it's a good thing tomorrow is Friday :)	21:57
*** diazjf has quit IRC		21:57
*** thorst_ has quit IRC		21:57
stevemar	you people are very distracting	21:58
lbragstad	stevemar ping	21:58
* stevemar laughs at his own joke		21:58
stevemar	lbragstad: yessum	21:58
gagehugo	lol	21:58
lbragstad	stevemar you in the middle of something?	21:58
stevemar	lbragstad: not really	21:59
lbragstad	stevemar oh ok - cool...	21:59
lbragstad	stevemar that is all	21:59
gagehugo	heh	21:59
* stevemar shakes fist!		21:59
gagehugo	supposed to get ice tomorrow so it may be fixing bugs by candlelight	21:59
lbragstad	gagehugo stash your changes locally in case your wifi freezes	22:00
gagehugo	lbragstad exactly!	22:00
*** chris_hultin is now known as chris_hultin\|AWA		22:01
*** spilla has joined #openstack-keystone		22:02
lbragstad	alright - stepping away for a bit, i'll check back in a little later	22:04
*** d0ugal has joined #openstack-keystone		22:07
*** darrenc is now known as darrenc_afk		22:09
*** jaugustine has quit IRC		22:11
*** jaugustine has joined #openstack-keystone		22:11
jamielennox	stevemar: requests for that doc already!	22:12
stevemar	jamielennox: who'd thunk that docs were wanted?!	22:14
jamielennox	stevemar: i've never believed it	22:14
*** jaugustine_ has joined #openstack-keystone		22:14
*** jaugustine has quit IRC		22:15
*** jaugustine_ has quit IRC		22:15
*** jose-phillips has quit IRC		22:19
*** spilla has quit IRC		22:22
*** spzala has joined #openstack-keystone		22:22
*** edmondsw has quit IRC		22:24
*** edmondsw has joined #openstack-keystone		22:24
*** jose-phillips has joined #openstack-keystone		22:25
*** spzala has quit IRC		22:27
*** spzala has joined #openstack-keystone		22:28
*** edmondsw has quit IRC		22:29
*** chlong has quit IRC		22:29
*** diazjf has joined #openstack-keystone		22:30
*** thorst_ has joined #openstack-keystone		22:32
*** spzala has quit IRC		22:34
*** thorst_ has quit IRC		22:37
*** chlong has joined #openstack-keystone		22:37
*** darrenc_afk is now known as darrenc		22:41
*** chris_hultin\|AWA is now known as chris_hultin		22:43
openstackgerrit	Merged openstack/keystone: Fix keystone-manage mapping_engine tester https://review.openstack.org/418165	22:47
*** diazjf has quit IRC		22:50
*** jperry has quit IRC		23:03
*** chris_hultin is now known as chris_hultin\|AWA		23:04
openstackgerrit	Gage Hugo proposed openstack/keystone: Changed 'Driver' reference to 'TokenDriverBase' https://review.openstack.org/419663	23:12
*** dave-mccowan has quit IRC		23:17
*** jaosorior has quit IRC		23:22
morgan	stevemar: about to push the fix for the auth methods and mutable user_ids	23:24
morgan	jamielennox: docs?! what is this madness	23:28
*** tqtran has quit IRC		23:29
*** thorst_ has joined #openstack-keystone		23:33
*** haplo37_ has quit IRC		23:36
*** thorst_ has quit IRC		23:37
*** rvba has quit IRC		23:38
*** lucas__ has joined #openstack-keystone		23:38
*** haplo37_ has joined #openstack-keystone		23:39
*** edtubill has quit IRC		23:42
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Do not allow auth plugins to return different user_id https://review.openstack.org/419693	23:49
morgan	stevemar: ^	23:50
*** lamt has quit IRC		23:55
*** rvba has joined #openstack-keystone		23:57
*** rvba has quit IRC		23:57
*** rvba has joined #openstack-keystone		23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!