*** martinlopes has quit IRC | 00:05 | |
*** _cjones_ has quit IRC | 00:05 | |
*** _cjones_ has joined #openstack-keystone | 00:06 | |
*** drjones has joined #openstack-keystone | 00:07 | |
*** _cjones_ has quit IRC | 00:10 | |
*** martinlopes has joined #openstack-keystone | 00:11 | |
*** drjones has quit IRC | 00:11 | |
*** yuvalb has quit IRC | 00:21 | |
*** yuvalb has joined #openstack-keystone | 00:30 | |
*** hoangcx has joined #openstack-keystone | 00:54 | |
*** ngupta has joined #openstack-keystone | 00:56 | |
*** zsli has joined #openstack-keystone | 00:57 | |
*** ngupta has quit IRC | 01:01 | |
*** tovin07 has joined #openstack-keystone | 01:08 | |
*** liujiong has joined #openstack-keystone | 01:32 | |
openstackgerrit | Merged openstack/keystone master: Imported Translations from Zanata https://review.openstack.org/437811 | 01:36 |
---|---|---|
*** dave-mccowan has joined #openstack-keystone | 01:53 | |
*** _cjones_ has joined #openstack-keystone | 02:09 | |
*** thorst has quit IRC | 02:10 | |
*** _cjones_ has quit IRC | 02:14 | |
openstackgerrit | Shan Guo proposed openstack/keystone master: Fix some typo in releasenotes https://review.openstack.org/437770 | 02:15 |
*** guoshan has joined #openstack-keystone | 02:27 | |
*** guoshan has quit IRC | 02:33 | |
*** guoshan has joined #openstack-keystone | 02:33 | |
*** guoshan has quit IRC | 02:39 | |
*** thorst has joined #openstack-keystone | 02:46 | |
*** thorst has quit IRC | 02:55 | |
*** thorst has joined #openstack-keystone | 02:55 | |
*** thorst has quit IRC | 03:00 | |
*** guoshan has joined #openstack-keystone | 03:14 | |
*** phalmos has joined #openstack-keystone | 03:17 | |
*** martinlopes has quit IRC | 03:18 | |
*** martinlopes has joined #openstack-keystone | 03:20 | |
*** thorst has joined #openstack-keystone | 03:27 | |
*** thorst has quit IRC | 03:28 | |
*** guoshan has quit IRC | 03:51 | |
*** _cjones_ has joined #openstack-keystone | 03:54 | |
*** liujiong_66 has joined #openstack-keystone | 03:58 | |
*** liujiong has quit IRC | 03:58 | |
*** _cjones_ has quit IRC | 03:58 | |
*** ngupta has joined #openstack-keystone | 03:59 | |
*** _cjones_ has joined #openstack-keystone | 03:59 | |
*** ngupta has quit IRC | 04:03 | |
*** zsli has quit IRC | 04:09 | |
*** gagehugo has quit IRC | 04:15 | |
*** lamt has joined #openstack-keystone | 04:18 | |
*** martinlopes has quit IRC | 04:24 | |
*** martinlopes has joined #openstack-keystone | 04:27 | |
*** thorst has joined #openstack-keystone | 04:30 | |
*** martinlopes has quit IRC | 04:32 | |
*** thorst has quit IRC | 04:34 | |
*** martinlopes has joined #openstack-keystone | 04:35 | |
*** dave-mccowan has quit IRC | 04:36 | |
*** guoshan has joined #openstack-keystone | 04:37 | |
*** liujiong_66 is now known as liujiong | 04:39 | |
*** zsli has joined #openstack-keystone | 04:41 | |
*** guoshan has quit IRC | 04:42 | |
*** lamt has quit IRC | 04:45 | |
*** zsli has quit IRC | 05:01 | |
*** drjones has joined #openstack-keystone | 05:02 | |
*** zsli has joined #openstack-keystone | 05:02 | |
*** _cjones_ has quit IRC | 05:05 | |
*** zsli has quit IRC | 05:07 | |
*** rezroo has quit IRC | 05:13 | |
*** drjones has quit IRC | 05:22 | |
*** _cjones_ has joined #openstack-keystone | 05:23 | |
*** adriant has quit IRC | 05:26 | |
*** _cjones_ has quit IRC | 05:27 | |
*** rezroo has joined #openstack-keystone | 05:27 | |
*** rezroo has quit IRC | 05:58 | |
*** ngupta has joined #openstack-keystone | 06:00 | |
*** ngupta has quit IRC | 06:05 | |
*** lamt has joined #openstack-keystone | 06:11 | |
*** gagehugo has joined #openstack-keystone | 06:15 | |
*** lamt has quit IRC | 06:21 | |
*** Administrator_ has joined #openstack-keystone | 06:22 | |
*** guoshan has joined #openstack-keystone | 06:24 | |
*** richm has quit IRC | 06:43 | |
*** liujiong has quit IRC | 07:01 | |
*** liujiong_lj has joined #openstack-keystone | 07:01 | |
*** rcernin has joined #openstack-keystone | 07:20 | |
*** pcaruana has joined #openstack-keystone | 07:20 | |
*** rcernin has quit IRC | 07:23 | |
*** rcernin has joined #openstack-keystone | 07:23 | |
*** h5t4 has joined #openstack-keystone | 07:35 | |
*** phalmos has quit IRC | 07:38 | |
*** liujiong_lj is now known as liujiong | 07:49 | |
*** Guest68960 has quit IRC | 08:14 | |
*** mgagne has joined #openstack-keystone | 08:20 | |
*** mgagne is now known as Guest11443 | 08:20 | |
*** mvk has quit IRC | 08:44 | |
*** jaosorior has joined #openstack-keystone | 08:47 | |
*** slunkad has joined #openstack-keystone | 08:57 | |
*** zzzeek has quit IRC | 09:00 | |
*** zzzeek has joined #openstack-keystone | 09:00 | |
*** ngupta has joined #openstack-keystone | 09:03 | |
*** ngupta has quit IRC | 09:08 | |
*** mvk has joined #openstack-keystone | 09:12 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone master: Exchange cURL examples for openstackclient https://review.openstack.org/438389 | 09:32 |
*** Administrator_ has quit IRC | 09:50 | |
*** Administrator_ has joined #openstack-keystone | 09:50 | |
*** ngupta has joined #openstack-keystone | 10:04 | |
*** guoshan has quit IRC | 10:04 | |
*** ngupta has quit IRC | 10:09 | |
*** alex_xu_ has quit IRC | 10:14 | |
*** jaosorior is now known as jaosorior_lunch | 10:15 | |
*** liujiong has quit IRC | 10:16 | |
*** alex_xu has joined #openstack-keystone | 10:17 | |
*** jaosorior_lunch is now known as jaosorior | 10:17 | |
*** hoangcx has quit IRC | 10:34 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/438431 | 10:56 |
*** ayoung has joined #openstack-keystone | 11:09 | |
*** ChanServ sets mode: +v ayoung | 11:09 | |
*** nicolasbock has joined #openstack-keystone | 11:14 | |
*** richm has joined #openstack-keystone | 11:14 | |
*** ayoung has quit IRC | 11:14 | |
*** ayoung has joined #openstack-keystone | 11:15 | |
*** ChanServ sets mode: +v ayoung | 11:15 | |
asettle | ping - anyone awake in keystone? :) | 11:15 |
*** nicolasbock has quit IRC | 11:16 | |
*** nicolasbock has joined #openstack-keystone | 11:16 | |
breton | asettle: pong | 11:34 |
asettle | Woah I'm dazzled :P I wasn't expecting anything for the next 3 hours. | 11:34 |
asettle | breton: could you give me a super quick summary on the usage of project vs tenant? Which one is currently being used? Is it v2 tenant, and v3 project? | 11:35 |
breton | asettle: tenant in v2, project in v3. If you make queries to v2 api, you use tenant. If you make queries to v3, project. | 11:36 |
asettle | Okay, thought so. Sighhhhhhhhhhh. | 11:36 |
asettle | So, for example, a change like this is not exactly correct: https://review.openstack.org/#/c/438168/1 | 11:37 |
breton | asettle: it is correct, because we expect everyone to use v3 | 11:38 |
asettle | Hmmm I'll have to review the docs to check for any references to v2 | 11:39 |
asettle | Cheers, thanks breton | 11:39 |
breton | asettle: i think that the change still needs to be -1'd | 11:41 |
asettle | breton: I've asked Richard, the docs liaison, to take a look. Some of these just don't look like. | 11:43 |
asettle | don't look right* | 11:43 |
asettle | As in, just changing any instance of the word 'project' | 11:43 |
openstackgerrit | henry-nash proposed openstack/keystone master: Give a prospective removal date for all v2 APIs https://review.openstack.org/437667 | 11:53 |
openstackgerrit | henry-nash proposed openstack/keystone master: Give a prospective removal date for all v2 APIs https://review.openstack.org/437667 | 11:54 |
*** dave-mccowan has joined #openstack-keystone | 12:21 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone master: Exchange cURL examples for openstackclient https://review.openstack.org/438389 | 12:28 |
*** thorst has joined #openstack-keystone | 12:43 | |
*** arturb has joined #openstack-keystone | 12:47 | |
arturb | Hi all. I am trying to install keystone with ansible role: https://github.com/openstack/openstack-ansible-os_keystone, and unfortunately I have a problem. Keystone is properly installed and working as a WSGI process, database is also created. I have a problem with a task: "Ensure service tenant" from a file:tasks/keystone_service_setup.yml. It retries couple of times and fails. When I try to use keystone manually wit | 12:54 |
arturb | h openstack CLI I got error: 500 Authorization Failed. In log file I have an error: ArgsAlreadyParseError: arguments already parsed: cannot register CLI option. I tried installation of master branch and stable/ocata. Any help?? | 12:54 |
openstackgerrit | Sean Dague proposed openstack/keystoneauth master: WIP: remove discover hacks https://review.openstack.org/438483 | 12:57 |
*** ngupta has joined #openstack-keystone | 13:07 | |
*** edmondsw has joined #openstack-keystone | 13:08 | |
*** lamt has joined #openstack-keystone | 13:11 | |
*** ngupta has quit IRC | 13:11 | |
*** lamt has quit IRC | 13:12 | |
breton | arturb: there should be error somewhere in the beginning of the logfile | 13:16 |
breton | arturb: it will show the real cause of the issue | 13:16 |
arturb | breton: Thanks. I will check it | 13:17 |
breton | try either scrolling to the first lines of the log or restart apache and look at the logs right after restart | 13:17 |
*** spilla has joined #openstack-keystone | 13:51 | |
*** chlong has joined #openstack-keystone | 13:59 | |
*** chlong has quit IRC | 14:04 | |
*** erhudy has joined #openstack-keystone | 14:05 | |
dstanek | good morning keystone | 14:23 |
lbragstad | o/ | 14:24 |
*** rderose has joined #openstack-keystone | 14:37 | |
*** lamt has joined #openstack-keystone | 14:39 | |
lbragstad | notmorgan jamielennox|away this is interesting http://lists.openstack.org/pipermail/openstack-dev/2017-February/112943.html | 14:40 |
lbragstad | notmorgan this is what you were working with sdague on I believe? | 14:40 |
*** ngupta has joined #openstack-keystone | 14:42 | |
dstanek | lbragstad: yep, i'm pretty sure that was it | 14:42 |
openstackgerrit | Richard Avelar proposed openstack/keystone master: Validate rolling upgrade is run in order https://review.openstack.org/437441 | 15:00 |
*** lamt has quit IRC | 15:03 | |
antwash | o/ morning | 15:09 |
*** belmoreira has joined #openstack-keystone | 15:09 | |
*** lucasxu has joined #openstack-keystone | 15:10 | |
*** lamt has joined #openstack-keystone | 15:15 | |
notmorgan | lbragstad: oh hai | 15:17 |
dstanek | hey antwash | 15:22 |
notmorgan | lbragstad: we can't remove that hack sdague commented on | 15:23 |
notmorgan | lbragstad: i responded to the thread | 15:23 |
lbragstad | notmorgan cool - thanks! | 15:23 |
notmorgan | lbragstad: basically treat keystoneauth as the strictest contract you can. | 15:24 |
notmorgan | lbragstad: anything exposed (intentional or not) and any behavior cannot change | 15:24 |
notmorgan | there is a reason we don't use oslo libs, and if we could have gotten away w/o stevedore and w/o pbr i would have opted for that as well | 15:24 |
notmorgan | lbragstad: in an ideal world, keystoneauth would have exactly one dependency: Requests | 15:25 |
notmorgan | we're pretty close to that now. | 15:25 |
*** chlong has joined #openstack-keystone | 15:25 | |
antwash | dstanek : how are you> | 15:25 |
antwash | ? | 15:25 |
*** ravelar has joined #openstack-keystone | 15:26 | |
dstanek | antwash: good, you? | 15:26 |
dstanek | antwash: must have been quiet last week | 15:26 |
*** chlong_ has joined #openstack-keystone | 15:27 | |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Give a prospective removal date for all v2 APIs https://review.openstack.org/437667 | 15:28 |
*** chlong_ has quit IRC | 15:28 | |
antwash | dstanek : doing great now catching up on PTG discussions, and yeah it was. I was off for a few days due to (unexpected passing in 2nd family) | 15:28 |
*** edtubill has joined #openstack-keystone | 15:28 | |
*** agrebennikov has joined #openstack-keystone | 15:32 | |
*** chris_hultin|AWA is now known as chris_hultin | 15:36 | |
*** jaugustine has joined #openstack-keystone | 15:36 | |
*** jaugustine has quit IRC | 15:37 | |
*** agrebennikov has quit IRC | 15:38 | |
*** agrebennikov has joined #openstack-keystone | 15:39 | |
knikolla | o/ | 15:41 |
notmorgan | dstanek: you working on bcrypt/scrypt or want me to? | 15:47 |
notmorgan | dstanek: it's a pretty quick tack in of code | 15:48 |
notmorgan | dstanek: but i don't want to step on your work if you're going to do it | 15:48 |
*** lamt has quit IRC | 15:49 | |
notmorgan | lbragstad: see -dev, request to add you to stable-maint for keystone | 15:51 |
notmorgan | bknudson_, stevemar, you two interested in continuing as stable-maint? | 15:52 |
gagehugo | o/ | 15:55 |
*** lucasxu has quit IRC | 15:58 | |
*** tqtran has joined #openstack-keystone | 16:05 | |
*** h5t4 has quit IRC | 16:06 | |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Remove password_expires_ignore_user_ids https://review.openstack.org/438208 | 16:09 |
*** lamt has joined #openstack-keystone | 16:14 | |
dstanek | notmorgan: i have not yet, so feel free to do so if you have the time | 16:14 |
dstanek | if not, i'll add it to my list | 16:14 |
*** rcernin has quit IRC | 16:15 | |
notmorgan | dstanek: i'll hack up the code, it should take me an hour or so to do | 16:15 |
notmorgan | dstanek: the hardest part is setting conf defaults ;) | 16:15 |
*** jaugustine has joined #openstack-keystone | 16:16 | |
*** lucasxu has joined #openstack-keystone | 16:16 | |
dstanek | sounds good to me :-) | 16:16 |
*** belmoreira has quit IRC | 16:17 | |
lbragstad | notmorgan dstanek ravelar antwash https://review.openstack.org/#/c/428453/8 | 16:18 |
lbragstad | rderose ^ | 16:18 |
*** jaugustine has quit IRC | 16:20 | |
*** jaugustine has joined #openstack-keystone | 16:21 | |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Exclusively use restore_padding method in unpacking fernet tokens https://review.openstack.org/438207 | 16:25 |
bknudson_ | notmorgan: I can continue as stable core for now. | 16:29 |
notmorgan | bknudson_: cool. that makes it easier | 16:29 |
notmorgan | bknudson_: ty. mostly because with stevemar being really out | 16:29 |
notmorgan | bknudson_: i don't want to have it be just dolphm and myself :) | 16:30 |
notmorgan | bknudson_: ^_^ | 16:30 |
knikolla | notmorgan: thoughts on this? https://review.openstack.org/#/c/438206/ | 16:30 |
notmorgan | knikolla: i don't have an issue with it. Don't think it'll break anyone | 16:32 |
notmorgan | knikolla: but if it is under v3... i think we need to maintain the endpoint that just does 200 and no content | 16:32 |
notmorgan | i'll need to think about that one | 16:32 |
knikolla | notmorgan: alright. thanks. | 16:34 |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Remove x-subject-token from api-ref in v3/auth/projects https://review.openstack.org/437973 | 16:42 |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Remove x-subject-token in api-ref for v3/auth/{projects,domains} https://review.openstack.org/437973 | 16:54 |
*** adrian_otto has joined #openstack-keystone | 17:01 | |
*** lamt has quit IRC | 17:07 | |
*** mvk has quit IRC | 17:12 | |
*** david-lyle has joined #openstack-keystone | 17:17 | |
*** david-lyle has quit IRC | 17:21 | |
*** rderose_ has quit IRC | 17:21 | |
*** thorst has quit IRC | 17:22 | |
*** thorst has joined #openstack-keystone | 17:22 | |
*** lucasxu has quit IRC | 17:22 | |
openstackgerrit | Merged openstack/keystone master: Include 'token' in the method list for federated scoped tokens https://review.openstack.org/431181 | 17:25 |
*** _cjones_ has joined #openstack-keystone | 17:26 | |
*** BjoernT has joined #openstack-keystone | 17:27 | |
stevemar | notmorgan: i don't mind staying on | 17:40 |
stevemar | notmorgan: i'm not slacking in reviews, yet :) | 17:41 |
*** BjoernT has left #openstack-keystone | 17:42 | |
notmorgan | stevemar: you sure, you're all manager-y now. | 17:42 |
*** h5t4 has joined #openstack-keystone | 17:42 | |
notmorgan | stevemar: you're going to be topol like next, so busy you can't even regularly say hi in this channel. | 17:42 |
notmorgan | stevemar: ;) | 17:42 |
*** ravelar has quit IRC | 17:43 | |
*** david-lyle has joined #openstack-keystone | 17:44 | |
*** david-lyle has quit IRC | 17:45 | |
*** david-lyle has joined #openstack-keystone | 17:46 | |
*** aasthad has joined #openstack-keystone | 17:50 | |
*** chlong has quit IRC | 17:55 | |
*** david-lyle has quit IRC | 17:58 | |
*** david-lyle has joined #openstack-keystone | 18:01 | |
*** jaosorior has quit IRC | 18:05 | |
*** ravelar has joined #openstack-keystone | 18:06 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/438431 | 18:09 |
*** chlong has joined #openstack-keystone | 18:10 | |
openstackgerrit | Merged openstack/keystone-specs master: Policy in code https://review.openstack.org/428453 | 18:17 |
*** rderose has quit IRC | 18:21 | |
*** rderose has joined #openstack-keystone | 18:22 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone-specs master: API keys https://review.openstack.org/438667 | 18:23 |
lbragstad | rderose ^ | 18:23 |
*** lamt has joined #openstack-keystone | 18:24 | |
rderose | lbragstad: cool | 18:25 |
rderose | lbragstad: I'll take what I can from yours and combine with mine | 18:25 |
rderose | lbragstad: thanks | 18:25 |
lbragstad | rderose sweet | 18:25 |
lbragstad | rderose no problem - I had the itch to get it written down before I started forgetting it :) | 18:25 |
rderose | lbragstad: ha, I understand :) | 18:26 |
*** h5t4 has quit IRC | 18:32 | |
*** lamt has quit IRC | 18:41 | |
*** browne has joined #openstack-keystone | 18:41 | |
*** h5t4 has joined #openstack-keystone | 18:41 | |
*** lamt has joined #openstack-keystone | 18:47 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone-specs master: Add Policy Documentation https://review.openstack.org/435078 | 19:10 |
openstackgerrit | Lance Bragstad proposed openstack/keystone-specs master: Define a richer policy by default https://review.openstack.org/428454 | 19:11 |
*** MasterOfBugs has joined #openstack-keystone | 19:14 | |
*** pramodrj07 has joined #openstack-keystone | 19:14 | |
*** gyee has joined #openstack-keystone | 19:17 | |
*** jaugustine has quit IRC | 19:23 | |
*** pcaruana has quit IRC | 19:29 | |
*** spilla has quit IRC | 19:41 | |
*** thumpba has joined #openstack-keystone | 19:54 | |
*** adrian_otto has quit IRC | 20:00 | |
*** aasthad has quit IRC | 20:12 | |
*** ayoung has quit IRC | 20:21 | |
*** ngupta has quit IRC | 20:26 | |
*** h5t4 has quit IRC | 20:26 | |
*** ngupta has joined #openstack-keystone | 20:27 | |
*** h5t4 has joined #openstack-keystone | 20:28 | |
*** chris_hultin is now known as chris_hultin|AWA | 20:31 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone master: Exchange cURL examples for openstackclient https://review.openstack.org/438389 | 20:36 |
*** dave-mccowan has quit IRC | 20:47 | |
*** adriant has joined #openstack-keystone | 20:47 | |
*** rcernin has joined #openstack-keystone | 20:52 | |
*** Guest11443 is now known as mgagne | 20:57 | |
*** mgagne has quit IRC | 20:57 | |
*** mgagne has joined #openstack-keystone | 20:57 | |
*** h5t4 has quit IRC | 20:59 | |
*** ngupta has quit IRC | 21:02 | |
*** ngupta has joined #openstack-keystone | 21:03 | |
*** aasthad has joined #openstack-keystone | 21:05 | |
lbragstad | ravelar could minor comments here - https://review.openstack.org/#/c/435751/9 | 21:05 |
dolphm | crinkle: "This is a step above using LDAP as an identity backend..." -- and because keystone does not have to be trusted with user passwords | 21:09 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:09 |
notmorgan | dstanek: ^ needs some love, but that is the first pass at the code. it is not used yet anywhere | 21:10 |
notmorgan | dstanek: but it is a start. | 21:10 |
lbragstad | ravelar couple* ravelar | 21:10 |
* notmorgan has some important things to take care of this afternoon so have to take a break | 21:10 | |
* lbragstad can't type or tab at all today | 21:10 | |
ravelar | lbragstad thanks! appreciate it | 21:11 |
notmorgan | lbragstad, dolphm: ^ cc | 21:14 |
dolphm | notmorgan: things like password hashing, obviously | 21:15 |
notmorgan | dolphm: clearly. | 21:16 |
notmorgan | dolphm: you know someone is going to complain that it takes longer to compare passwords now. | 21:16 |
notmorgan | dolphm: and i'm going to shake my head sadly. | 21:16 |
notmorgan | dolphm: (for initial auth that is) | 21:16 |
*** adrian_otto has joined #openstack-keystone | 21:17 | |
*** nicolasbock has quit IRC | 21:22 | |
crinkle | dolphm: good point | 21:22 |
dolphm | notmorgan: just dstanek | 21:23 |
dolphm | crinkle: /salute | 21:23 |
*** crinkle is now known as cmurphy | 21:26 | |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:36 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:36 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:38 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:40 |
edmondsw | lbragstad, when you get a chance, need a 2nd +2 on the backport of the LDAP fix: https://review.openstack.org/#/c/437998/ | 21:42 |
notmorgan | edmondsw: needs to be a stable-maint-core or one of the keystone-cores on stable-maint: dolphm, bknudson_, stevemar | 21:43 |
notmorgan | edmondsw: lbragstad can't do stable approvals atm | 21:43 |
bknudson_ | I can take a look. | 21:43 |
lbragstad | fwiw - it looks like a clean backport | 21:44 |
edmondsw | tx | 21:44 |
edmondsw | lol the PTL can't do stable approvals! | 21:44 |
edmondsw | I picked the PTL to ping because I can never remember who is on stable-maint or where to check | 21:47 |
edmondsw | :) | 21:48 |
openstackgerrit | Eric Brown proposed openstack/keystone master: Typos in the LoadAuthPlugins note https://review.openstack.org/438714 | 21:48 |
lbragstad | edmondsw :) | 21:48 |
lbragstad | edmondsw it should be a group in gerrit | 21:48 |
lbragstad | edmondsw https://review.openstack.org/#/admin/groups/538,members | 21:49 |
*** chlong has quit IRC | 21:50 | |
edmondsw | lbragstad tx... I guess I could bookmark that, but is there a good way to find it? | 21:51 |
lbragstad | edmondsw i usually just filter the groups through gerrit | 21:52 |
*** dave-mccowan has joined #openstack-keystone | 21:52 | |
lbragstad | from the People tab -> List Groups | 21:52 |
edmondsw | lbragstad... ah, tx | 21:52 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: WIP: Add support for bcrypt and scrypt to keystone password hashing https://review.openstack.org/438701 | 21:55 |
openstackgerrit | Richard Avelar proposed openstack/keystone master: Policy in code (part 2) https://review.openstack.org/435751 | 21:58 |
openstackgerrit | Richard Avelar proposed openstack/keystone master: Policy in code https://review.openstack.org/435609 | 21:58 |
*** mvk has joined #openstack-keystone | 21:59 | |
openstackgerrit | Merged openstack/keystone master: Updated from global requirements https://review.openstack.org/438431 | 21:59 |
*** samueldmq has quit IRC | 22:00 | |
openstackgerrit | Merged openstack/keystone master: Correct and enhance Mellon federation docs https://review.openstack.org/437422 | 22:00 |
openstackgerrit | Merged openstack/keystone master: Correct and enhance OpenId Connect docs https://review.openstack.org/438069 | 22:00 |
*** edmondsw has quit IRC | 22:00 | |
openstackgerrit | Richard Avelar proposed openstack/keystone master: Validate rolling upgrade is run in order https://review.openstack.org/437441 | 22:06 |
*** catintheroof has joined #openstack-keystone | 22:15 | |
*** sorrison_ has quit IRC | 22:29 | |
*** thorst has quit IRC | 22:31 | |
*** thorst has joined #openstack-keystone | 22:32 | |
*** thorst has quit IRC | 22:36 | |
*** ngupta has quit IRC | 22:38 | |
*** edtubill has quit IRC | 22:42 | |
lbragstad | rderose you didn't happen to open a bug for the account linking stuff did you: | 22:43 |
lbragstad | ? | 22:43 |
rderose | lbragstad: for account linking? | 22:44 |
lbragstad | rderose we had an action item here that we must have covered in the federation session - https://etherpad.openstack.org/p/pike-ptg-keystone-federation | 22:44 |
lbragstad | I'm trying to recall what that was? | 22:44 |
lbragstad | s/?// | 22:44 |
rderose | yeah, I opened a bug for this | 22:44 |
rderose | let me find it and I'll update the etherpad | 22:45 |
*** vinaypotluri has joined #openstack-keystone | 22:45 | |
lbragstad | rderose https://bugs.launchpad.net/keystone/+bug/1667070 ? | 22:46 |
openstack | Launchpad bug 1667070 in OpenStack Identity (keystone) "Mapping a federated user to a local user does not return concrete role assignments" [Undecided,New] - Assigned to Ron De Rose (ronald-de-rose) | 22:46 |
rderose | lbragstad: yeah, that's it | 22:46 |
*** dave-mccowan has quit IRC | 22:48 | |
*** vinaypotluri has left #openstack-keystone | 22:50 | |
*** eandersson has joined #openstack-keystone | 22:56 | |
eandersson | Out of interest - is there a specific reason why a catalog is only provided when you specify a project or domain? | 22:57 |
eandersson | referring to https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L352 specifcally | 22:58 |
lbragstad | eandersson I believe the reason for that is because you'd need to a token scoped to something in order to interact with other services | 22:58 |
lbragstad | s/to// | 22:59 |
eandersson | I see | 23:01 |
eandersson | I was trying to dynamically generate a list of regions for my openstackrc script. | 23:03 |
eandersson | I ended up having to get the projects before I got the regions because of this. Felt a little backwards. | 23:04 |
lbragstad | eandersson ah - right | 23:04 |
lbragstad | eandersson you're specifying REGIONS in your rc files? | 23:04 |
eandersson | I am not. | 23:05 |
eandersson | Or well, I am once it's done. | 23:05 |
eandersson | I am just dynamically getting the region, projects etc and then allowing the user to pick what ever they want | 23:05 |
lbragstad | eandersson does your user need to specify a region and a project? | 23:06 |
lbragstad | you should be able to get a list of projects you have access to with an unscoped token via the /v3/auth/projects/ api | 23:06 |
eandersson | yep exactly | 23:07 |
eandersson | I basically do that, use the first one to get a project scoped token and then generate the regions using that | 23:08 |
eandersson | *use the first project listed | 23:08 |
lbragstad | eandersson that makes sense | 23:09 |
lbragstad | eandersson but according to the default policy file, the list regions API is available to authenticated users https://github.com/openstack/keystone/blob/master/etc/policy.json#L14 | 23:09 |
eandersson | Yep | 23:09 |
eandersson | but that depends on the catalog | 23:09 |
eandersson | So it fails | 23:09 |
eandersson | At least my calls failed | 23:10 |
lbragstad | eandersson really? | 23:10 |
lbragstad | eandersson do you have a paste? | 23:10 |
eandersson | Let me take a look | 23:10 |
*** thorst has joined #openstack-keystone | 23:12 | |
eandersson | keystoneauth1.exceptions.catalog.EmptyCatalog: The service catalog is empty. | 23:14 |
eandersson | I'll get you a tb lbragstad | 23:14 |
lbragstad | oh - interesting, are you using python-openstackclient? | 23:15 |
eandersson | nope | 23:16 |
lbragstad | eandersson I assuming you're writing your own client that is just using keystoneauth directly? | 23:17 |
*** thorst has quit IRC | 23:17 | |
eandersson | http://paste.openstack.org/show/h2HcNVH9c1C4UjOd5PSZ/ | 23:17 |
eandersson | yep | 23:17 |
eandersson | But if you look at the code it makes sense. | 23:18 |
eandersson | regions.list is using the catalog to generate the list of regions | 23:18 |
eandersson | and since unscoped tokens don't have a catalog it will fail | 23:18 |
lbragstad | eandersson but can you call GET /v3/regions/ with an unscoped token directly? | 23:19 |
lbragstad | if so - then we have a client bug | 23:19 |
* lbragstad aha - https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/base.py#L385-L398 | 23:21 | |
*** phalmos has joined #openstack-keystone | 23:21 | |
*** lamt has quit IRC | 23:23 | |
*** lamt has joined #openstack-keystone | 23:28 | |
mordred | eandersson: not sure the scope of the thing you're working on, but you may (or may not) be interested in os-client-config | 23:29 |
lbragstad | mordred ++ | 23:29 |
eandersson | Thanks mordred I'll take a look | 23:30 |
eandersson | From my side though everything has been resolved, I just found this behavior interesting | 23:30 |
mordred | cool - mostly mentioning it because if you're doing user-empowerment things, it might be a better base than pure ksa - but yes, interesting behavior to be sure :) | 23:31 |
lbragstad | eandersson I'm going to file a client bug for this since I think the list regions api seems to be inconsistent with was ksa/ksc is assuming | 23:32 |
mordred | lbragstad: ++ | 23:32 |
*** agrebennikov has quit IRC | 23:35 | |
lbragstad | eandersson https://bugs.launchpad.net/python-keystoneclient/+bug/1668442 | 23:40 |
openstack | Launchpad bug 1668442 in python-keystoneclient "unable to list regions with unscoped token" [Undecided,New] | 23:40 |
*** rcernin has quit IRC | 23:41 | |
*** catintheroof has quit IRC | 23:44 | |
*** edmondsw has joined #openstack-keystone | 23:49 | |
*** edmondsw has quit IRC | 23:50 | |
*** edmondsw has joined #openstack-keystone | 23:51 | |
*** samueldmq has joined #openstack-keystone | 23:51 | |
*** ChanServ sets mode: +v samueldmq | 23:51 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!