Tuesday, 2017-06-06

« Monday, 2017-06-05 Index Wednesday, 2017-06-07 »
*** jistr has quit IRC00:01
*** jistr has joined #openstack-keystone00:02
*** masber has joined #openstack-keystone00:13
openstackgerritMerged openstack/keystone master: Remove keystone.conf if not used  https://review.openstack.org/47087100:19
openstackgerritMerged openstack/keystone master: Addition of "type" optional attribute to list credentials.  https://review.openstack.org/46825400:19
openstackgerritMerged openstack/keystone master: Remove loading drivers outside of their expected namespaces  https://review.openstack.org/46603600:20
openstackgerritMerged openstack/keystone master: Update DirectMappingError in keystone.exception  https://review.openstack.org/47009400:20
*** lucasxu has joined #openstack-keystone00:22
*** aojea has joined #openstack-keystone00:24
*** aojea has quit IRC00:28
*** shuyingya has joined #openstack-keystone00:38
*** thorst has joined #openstack-keystone00:40
*** shuyingya has quit IRC00:43
*** thorst has quit IRC00:44
*** lucasxu has quit IRC00:45
*** lucasxu has joined #openstack-keystone00:46
*** lucasxu has quit IRC00:58
*** lucasxu has joined #openstack-keystone00:59
*** lucasxu has quit IRC01:00
*** lucasxu has joined #openstack-keystone01:01
*** thorst has joined #openstack-keystone01:07
*** thorst has quit IRC01:07
*** catintheroof has quit IRC01:10
*** gongysh has joined #openstack-keystone01:16
*** jamielennox is now known as jamielennox|away01:17
*** eandersson has quit IRC01:25
*** eandersson has joined #openstack-keystone01:26
*** liujiong has joined #openstack-keystone01:28
*** shuyingya has joined #openstack-keystone01:31
*** namnh has joined #openstack-keystone01:33
*** jamielennox|away is now known as jamielennox01:34
*** lucasxu has quit IRC01:34
*** thorst has joined #openstack-keystone01:41
openstackgerritVu Cong Tuan proposed openstack/python-keystoneclient master: Fix html_last_updated_fmt for Python3  https://review.openstack.org/47065801:47
*** aselius has quit IRC01:56
openstackgerritVu Cong Tuan proposed openstack/keystoneauth master: Fix html_last_updated_fmt for Python3  https://review.openstack.org/47066301:58
*** thorst has quit IRC02:06
*** Shunli has joined #openstack-keystone02:08
*** shuyingya has quit IRC02:11
*** shuyingya has joined #openstack-keystone02:12
*** thorst has joined #openstack-keystone02:26
*** links has joined #openstack-keystone02:27
*** links has quit IRC02:30
*** links has joined #openstack-keystone02:31
*** piliman974 has joined #openstack-keystone02:38
*** gagehugo has quit IRC02:41
*** thorst has joined #openstack-keystone02:42
*** piliman974 has quit IRC02:43
*** thorst has joined #openstack-keystone02:43
*** piliman974 has joined #openstack-keystone02:43
*** thorst has quit IRC02:47
*** gagehugo has joined #openstack-keystone02:48
*** shuyingya has quit IRC03:02
*** shuyingya has joined #openstack-keystone03:02
*** zsli_ has joined #openstack-keystone03:05
*** Shunli has quit IRC03:07
*** Shunli has joined #openstack-keystone03:13
*** thorst has joined #openstack-keystone03:14
*** zsli_ has quit IRC03:16
*** shuyingy_ has joined #openstack-keystone03:20
*** shuyingya has quit IRC03:24
*** zhurong has joined #openstack-keystone03:28
*** thorst has quit IRC03:32
*** gagehugo has quit IRC03:54
*** piliman974 has quit IRC03:54
*** gagehugo has joined #openstack-keystone03:56
*** shuyingy_ has quit IRC03:58
*** shuyingya has joined #openstack-keystone03:59
*** zhurong has quit IRC04:27
*** edmondsw has joined #openstack-keystone04:41
*** edmondsw has quit IRC04:46
*** gongysh has quit IRC04:50
*** zhurong has joined #openstack-keystone04:54
*** dikonoor has joined #openstack-keystone05:07
*** shuyingy_ has joined #openstack-keystone05:11
*** gyee has quit IRC05:12
*** shuyingya has quit IRC05:15
*** thorst has joined #openstack-keystone05:29
*** gongysh has joined #openstack-keystone05:30
*** thorst has quit IRC05:34
*** jaosorior_away is now known as jaosorior05:44
*** zsli_ has joined #openstack-keystone05:48
*** zsli__ has joined #openstack-keystone05:49
*** Shunli has quit IRC05:51
*** zsli_ has quit IRC05:52
*** zsli_ has joined #openstack-keystone05:55
*** aojea has joined #openstack-keystone05:55
*** zsli__ has quit IRC05:57
*** zsli__ has joined #openstack-keystone05:58
*** zsli_ has quit IRC06:00
*** dikonoor has quit IRC06:09
*** rcernin has joined #openstack-keystone06:10
*** aojea has quit IRC06:15
*** aojea has joined #openstack-keystone06:15
*** aojea has quit IRC06:16
*** aojea has joined #openstack-keystone06:16
*** thorst has joined #openstack-keystone06:30
*** zhurong has quit IRC06:32
*** thorst has quit IRC06:35
*** pcaruana has joined #openstack-keystone06:39
*** zhurong has joined #openstack-keystone06:40
*** jaosorior is now known as jaosorior_away06:41
*** adriant has quit IRC06:42
*** ppiela has quit IRC06:47
*** ppiela_ has joined #openstack-keystone06:47
*** amrith has quit IRC06:48
*** amrith has joined #openstack-keystone06:49
*** toddnni has quit IRC06:50
*** jrist has quit IRC06:50
*** toddnni has joined #openstack-keystone06:52
*** tesseract has joined #openstack-keystone07:13
*** aojea has quit IRC07:24
*** aojea has joined #openstack-keystone07:25
*** aojea has quit IRC07:29
*** nicolasbock has joined #openstack-keystone07:31
*** thorst has joined #openstack-keystone07:31
*** thorst has quit IRC07:35
openstackgerritzhengliuyang proposed openstack/keystone master: Add response example in authenticate-v3.inc Change-Id: Ic7914c34b41a7efaa36d6d0449c2dcb6f2a52d22  https://review.openstack.org/46324507:36
*** jrist has joined #openstack-keystone07:36
*** jrist has quit IRC07:36
*** jrist has joined #openstack-keystone07:36
openstackgerritzhengliuyang proposed openstack/keystone master: Add response example in authenticate-v3.inc  https://review.openstack.org/46324507:37
*** jdennis1 has quit IRC07:45
*** jdennis has joined #openstack-keystone07:45
*** markvoelker has quit IRC07:57
*** markvoelker has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** links has quit IRC08:02
*** markvoelker has quit IRC08:02
*** edmondsw has joined #openstack-keystone08:17
*** links has joined #openstack-keystone08:19
*** yunus has joined #openstack-keystone08:20
*** edmondsw has quit IRC08:22
*** mvk has quit IRC08:22
yunusDear All, while configuring keystone for ldap i have a problem. Can anyone explain how keystone works while connecting ldap? I give ldap admin user as user inside keystone.conf. But always could not find admin user. Does keystone checks my user inside usertree? But admin user is not inside usertree. If someone knows working mechanism, it will be very grateful for me08:25
asettlelbragstad: I'll review today :)08:26
*** thorst has joined #openstack-keystone08:32
*** zhurong has quit IRC08:35
*** zhurong has joined #openstack-keystone08:40
*** thorst has quit IRC08:51
*** hoonetorg has quit IRC08:51
*** mvk has joined #openstack-keystone08:52
*** jaosorior_away is now known as jaosorior08:53
*** aojea has joined #openstack-keystone09:02
*** nicolasbock has quit IRC09:03
*** jaosorior has quit IRC09:04
*** hoonetorg has joined #openstack-keystone09:09
*** yunus has quit IRC09:09
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Fix .gitreview project  https://review.openstack.org/47128309:23
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Add lxml to test-requirements.txt  https://review.openstack.org/47128409:23
*** tbh_ has joined #openstack-keystone09:23
tbh_Hi09:23
tbh_To get tokens to what port we have to send request?09:24
openstackgerritColleen Murphy proposed openstack/keystone master: Remove the local tempest plugin  https://review.openstack.org/47106009:25
*** links has quit IRC09:25
*** zsli__ has quit IRC09:30
*** zhurong has quit IRC09:33
*** links has joined #openstack-keystone09:43
cmurphytbh_: any ports that keystone is listening on can accept token requests, traditionally it's been 5000 and 35357 but it doesn't have to be09:48
*** thorst has joined #openstack-keystone09:48
*** thorst has quit IRC09:52
*** tobberydberg has joined #openstack-keystone09:52
*** mvk has quit IRC09:53
*** mvk has joined #openstack-keystone09:58
*** markvoelker has joined #openstack-keystone09:59
tbh_But when I am trying to get tokens it says 40109:59
tbh_Am using rdo10:00
tbh_Will it change the curl request format if I am using rdo10:01
cmurphytbh_: 401 usually means your credentials are wrong10:03
tbh_cmurphy Using the same credentials I can log in to horizon10:06
cmurphytbh_: then you'll need to check the keystone logs to figure out what went wrong, setting insecure_debug = true in keystone.conf will help give more detailed information10:09
*** jamielennox is now known as jamielennox|away10:10
*** jamielennox|away is now known as jamielennox10:16
*** piliman974 has joined #openstack-keystone10:18
d0ugalIf I have a token and a service name, how can I get the endpoint for a service with keystoneclient?10:19
*** liujiong has quit IRC10:23
*** tobberydberg has quit IRC10:24
*** gongysh has quit IRC10:26
*** markvoelker has quit IRC10:32
*** nicolasbock has joined #openstack-keystone10:44
*** raildo has joined #openstack-keystone10:52
*** nishaYadav has joined #openstack-keystone11:12
*** piliman974 has quit IRC11:27
tbh_cmurphy I am using v2. 011:28
tbh_Even in v2.0 we can get tokens from 5000 port?11:28
*** markvoelker has joined #openstack-keystone11:29
*** zhurong has joined #openstack-keystone11:31
cmurphytbh_: yes, getting a token is something you should be able to do from either port11:32
tbh_Okay cmurphy11:32
bretond0ugal: https://review.openstack.org/#/c/465521/111:37
bretond0ugal: in mistral/context.py i create access_info11:38
bretond0ugal: access_info has property .service_catalog11:39
bretond0ugal: .service_catalog is an instance of https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/access/service_catalog.py#L2811:40
bretond0ugal: ServiceCatalog has method url_for11:40
bretond0ugal: or even better: auth object in mistral/context.py has .get_endpoint(): https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/base.py#L16011:41
*** piliman974 has joined #openstack-keystone11:41
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Cleanup cookiecutter defaults  https://review.openstack.org/47128311:46
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Add lxml to test-requirements.txt  https://review.openstack.org/47128411:48
openstackgerritColleen Murphy proposed openstack/keystone master: Remove the local tempest plugin  https://review.openstack.org/47106011:48
*** rcernin has quit IRC11:52
*** pcaruana has quit IRC11:53
*** thorst has joined #openstack-keystone11:54
*** edmondsw has joined #openstack-keystone11:55
*** jaosorior has joined #openstack-keystone11:56
*** markvoelker has quit IRC12:03
d0ugalbreton: thanks - I'll give that a shot. I'm trying to port a small bit of code from mistral to tripleo :)12:06
*** rcernin has joined #openstack-keystone12:07
*** ducttape_ has joined #openstack-keystone12:08
d0ugalbreton: it looks like that code requires the username and password - I only have the token at this point. Maybe what I want to do doesn't make sense.12:09
*** pcaruana has joined #openstack-keystone12:09
*** namnh has quit IRC12:09
bretond0ugal: i was trying to fix that in that patch12:12
*** zhurong has quit IRC12:12
d0ugalbreton: ah, I see12:13
bretond0ugal: no time to finish it unfortunatelly12:13
bretond0ugal: what's the tripleo bug?12:13
d0ugalbreton: I don't actually have a bug - I should open one really. I'm trying to remove the tripleo-common dependancy on mistral. This is the only part I don't know how to remove yet. https://github.com/openstack/tripleo-common/blob/master/tripleo_common/actions/base.py#L2212:14
*** aojea has quit IRC12:14
d0ugalIt is used a few times in that file, just to get the endpoint of each project12:14
*** dave-mccowan has joined #openstack-keystone12:15
*** ducttape_ has quit IRC12:19
*** markvoelker has joined #openstack-keystone12:20
*** tobberydberg has joined #openstack-keystone12:25
*** tobberydberg has quit IRC12:29
*** hrybacki|afkish is now known as hrybacki12:33
*** shuyingy_ has quit IRC12:36
*** catintheroof has joined #openstack-keystone12:42
*** evgenyf_ has joined #openstack-keystone12:51
evgenyf_Hi folks! who can help with keystone issue after switching identity from v2.0 to v3?12:51
*** baffle has joined #openstack-keystone12:54
*** links has quit IRC12:56
samueldmqmorning keystone12:58
lamto/12:59
samueldmqevgenyf_: hi, just post the issue here :)12:59
nishaYadavsamueldmq, morning12:59
samueldmqlamt: nishaYadav hey12:59
*** shuyingya has joined #openstack-keystone13:00
*** shuyingya has quit IRC13:02
*** shuyingya has joined #openstack-keystone13:02
samueldmqlbragstad: morning, your patches for policy are looking great, I just had minor suggestions but I am basically  +2ing them13:04
samueldmqI just would like to get cross-project weight on them before we approve13:04
samueldmqwould be great to get johnthetubaguy's view on those (starting at https://review.openstack.org/#/c/460344)13:05
*** lucasxu has joined #openstack-keystone13:05
*** jrist has quit IRC13:07
*** jrist has joined #openstack-keystone13:10
evgenyf_samueldmq: I use KILO openstack RDO, After changing the policy.json to policy.v3cloudsample.json (renaming it ofcourse) I get the error ConfigFilesNotFoundError: Failed to find some config files: policy.json13:11
samueldmqevgenyf_: same permissions? same path from the original policy.json?13:12
evgenyf_same path (/etc/keystone). I changed permissions to 666 and also tried to change the owner, now it's the original (keystone.keystone)13:13
samueldmqevgenyf_: and is it still failing ? it shouldn't since that would be basically be changing the content of the original policy.json13:14
samueldmqif owner, path and permissions are all the same13:15
*** spilla has joined #openstack-keystone13:16
evgenyf_samueldmq: right, and when I put the original file back, the issue remains. weird.. maybe the path for v3 should be different?13:17
samueldmqevgenyf_: no, it will be looking for /etc/keystone/policy.json13:18
samueldmqif you put the original file back and it doesn't work so there is something wrong with the environment when you were making the transition13:19
samueldmqevgenyf_: sorry but I gotta go afk for a bit now, I will be able to help more later if you still haven't figured that out13:19
samueldmq(others here may help you too :))13:19
evgenyf_samueldmq: thank you13:21
*** piliman974 has quit IRC13:26
*** pcaruana has quit IRC13:34
openstackgerritSamuel Pilla proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031713:36
*** rcernin has quit IRC13:36
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Add lxml to requirements.txt  https://review.openstack.org/47128413:40
*** piliman974 has joined #openstack-keystone13:42
*** tbh_ has quit IRC13:42
*** aojea has joined #openstack-keystone13:47
*** thorst is now known as thorst_afk13:47
*** rcernin has joined #openstack-keystone13:49
TahvokHey guys!13:50
TahvokOn ocata here. Got a problem connecting using ldap account. In keystone log I get this: https://gist.github.com/Tahvok/b7a9288f0f27fb5b4fca1deb153b5bdd13:51
*** pcaruana has joined #openstack-keystone13:51
TahvokYou can see it's trying to insert '66048' into 'enabled' column. But it's tinyint, so of course it fails.13:51
TahvokWhat I could be missing? I've tried running su -s /bin/sh -c "keystone-manage db_sync" keystone again - but to no avail.13:52
cmurphyTahvok: check the user_enabled_attribute in your keystone.conf [ldap] config, it should be some boolean attribute in your ldap user schema, and not something like uidNumber, and also read about user_enabled_mask and user_enabled_default13:55
*** ducttape_ has joined #openstack-keystone13:56
Tahvokuser_enabled_attribute = userAccountControl13:56
*** ducttape_ has quit IRC13:58
TahvokOk, I see. Reading about user_enabled_mask/default now.13:58
*** ducttape_ has joined #openstack-keystone13:58
*** pcaruana has quit IRC13:59
*** pcaruana has joined #openstack-keystone14:00
*** rcernin has quit IRC14:04
*** rcernin has joined #openstack-keystone14:05
*** rcernin has quit IRC14:07
*** rcernin has joined #openstack-keystone14:07
TahvokConfigured it, and now I get this: https://gist.github.com/Tahvok/5bc8d4354bc43f52fefedf30f206137c14:08
TahvokWriting incorrect credentials will throw 'INVALID_CREDENTIALS' - so I guess I don't have an ldap connection problem14:10
*** links has joined #openstack-keystone14:12
evgenyf_Hi folks, need a help with keystone, what is the right way to restart keystone on RDO? what is the service name?14:13
Tahvokcmurphy: found this fixed bug: https://bugs.launchpad.net/keystone/+bug/166276214:13
openstackLaunchpad bug 1662762 in OpenStack Identity (keystone) ocata "Authentication for LDAP user fails at MFA rule check" [High,Fix released] - Assigned to Matthew Edmonds (edmondsw)14:13
TahvokI guess there's no fix for ubuntu yet14:13
*** r-daneel has joined #openstack-keystone14:14
cmurphyTahvok: ah :(14:17
cmurphyevgenyf_: on kilo probably openstack-keystone14:17
Tahvokcmurphy: do you know if there's a way to request to include a fix in ubuntu packages?14:17
*** links has quit IRC14:17
*** nishaYadav has quit IRC14:18
evgenyf_cmurphy: thanks14:20
cmurphyTahvok: i don't know what the official channels are, but it looks like the fix was released for ocata on 8 May so ubuntu will probably get around to it soon14:20
evgenyf_cmurphy: another question if I may, does keystone service get parameters? I restart it after switching identity from v2.0 to 3 and get error "ConfigFilesNotFoundError: Failed to find some config files: policy.json". I print out the path in oslo-config code which  throws the exception and the path is None.14:23
cmurphyevgenyf_: all the parameters would be set in keystone.conf14:24
evgenyf_cmurphy: the keystone.conf was not touched during the transfer from v2.0 to v3. Do you have an idea why restarting the service caused lost of config file?14:26
cmurphyevgenyf_: nothing besides what samueldmq already suggested :(14:27
lbragstadsamueldmq: awesome, thanks!14:28
evgenyf_cmurphy:thanks for your help14:28
*** ducttape_ has quit IRC14:35
*** pnavarro has joined #openstack-keystone14:43
*** spilla has quit IRC14:49
*** ducttape_ has joined #openstack-keystone14:50
*** rcernin has quit IRC14:54
*** aselius has joined #openstack-keystone15:15
*** ayoung has quit IRC15:28
*** chlong has joined #openstack-keystone15:29
*** ayoung has joined #openstack-keystone15:35
knikollao/15:35
*** shuyingya has quit IRC15:39
morganoh hai15:41
*** jaosorior is now known as jaosorior_away15:47
lbragstado/15:48
* morgan does a dance15:52
morganit's interpretive... and reflects the internal structure of keystone (flopping on the floor)15:52
morgan:P15:52
morgananyway.. yay weekend, yay being back.15:52
morganlbragstad so... did I miss anything fun?15:56
lbragstadwell, business as usual15:57
lbragstadmorgan: vacation was probably more exciting :)15:57
*** gyee has joined #openstack-keystone15:58
*** mvk has quit IRC15:58
*** aojea has quit IRC15:58
*** piliman974 has quit IRC16:14
*** piliman974 has joined #openstack-keystone16:15
*** jamielennox is now known as jamielennox|away16:26
*** clenimar_ has joined #openstack-keystone16:28
*** clenimar_ has quit IRC16:28
*** tesseract has quit IRC16:32
*** pcaruana has quit IRC16:34
*** makoto_ has quit IRC16:35
samueldmqmorgan: o/16:55
*** piliman974 has quit IRC16:57
*** piliman974 has joined #openstack-keystone17:04
*** jamielennox|away is now known as jamielennox17:05
*** jlvillal is now known as jlvacation17:10
*** lucasxu has quit IRC17:11
*** aojea has joined #openstack-keystone17:16
*** lwanderley has joined #openstack-keystone17:17
*** aojea has quit IRC17:20
*** lwanderley has quit IRC17:21
*** phalmos has joined #openstack-keystone17:26
*** lwanderley has joined #openstack-keystone17:31
*** sjain has joined #openstack-keystone17:32
*** pnavarro has quit IRC17:39
*** spilla has joined #openstack-keystone17:40
*** lwanderley has quit IRC17:40
*** nicolasbock has quit IRC17:41
*** lwanderley has joined #openstack-keystone17:42
*** nicolasbock has joined #openstack-keystone17:42
*** aojea has joined #openstack-keystone17:50
openstackgerritSamuel Pilla proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031717:51
*** pnavarro has joined #openstack-keystone17:55
*** phalmos has quit IRC17:57
*** ducttape_ has quit IRC17:59
*** lucasxu has joined #openstack-keystone17:59
*** knikolla_phone has joined #openstack-keystone18:00
hrybackio/18:00
*** phalmos has joined #openstack-keystone18:03
evgenyf_Folks, can anybody help with the following issue?: I switched my KILO env. from identity v2.0 to v3. Now, Any horizon request related to project fails with "Unable to retrieve instance project information"18:04
*** lwanderley has quit IRC18:13
*** sjain has quit IRC18:15
*** sjain has joined #openstack-keystone18:15
*** knikolla_phone has quit IRC18:19
*** aojea has quit IRC18:25
*** ducttape_ has joined #openstack-keystone18:28
*** iurygregory has quit IRC18:28
*** clenimar has quit IRC18:29
*** evgenyf_ has quit IRC18:30
*** lwanderley has joined #openstack-keystone18:33
*** phalmos has quit IRC18:35
*** phalmos has joined #openstack-keystone18:38
*** mordred has quit IRC18:47
*** mordred has joined #openstack-keystone18:48
*** lwanderley has quit IRC18:49
*** iurygregory has joined #openstack-keystone18:51
*** thorst_afk has quit IRC18:54
*** pcaruana has joined #openstack-keystone18:56
*** thorst_afk has joined #openstack-keystone18:56
*** thorst_afk has quit IRC19:00
ayoungmorgan, I'd rather leave it as API keys than call it application passwords.  The word Key is at least ambiguous to support multipe mechanisms19:01
ayoungAPI versus Application specifgic?  Meh, close enough19:01
*** aojea has joined #openstack-keystone19:02
*** sjain__ has joined #openstack-keystone19:02
hrybackilbragstad: samueldmq ping regarding policy reviews19:02
lbragstadhrybacki: samueldmq o/19:03
hrybackilbragstad: you taking on any of these?19:03
* hrybacki has no idea what he is doing but can rebase/attempt to address comments19:03
lbragstadhrybacki: samueldmq so here is the list19:03
lbragstadhttps://review.openstack.org/#/q/topic:bp/policy-docs+project:openstack/keystone+status:open19:03
lbragstadhrybacki: those patches are the last few that finish implementing http://specs.openstack.org/openstack/keystone-specs/specs/keystone/pike/policy-docs.html19:03
*** sjain has quit IRC19:03
samueldmqhrybacki: yes, just rebase on master and address the comments, that's all19:04
hrybackiack19:04
lbragstadok19:04
hrybackisamueldmq: you want to take grant, token, role, user and I'll jump on ec2, domain, trust, and implied?19:04
lbragstadsamueldmq:  hrybacki i'll rebase https://review.openstack.org/#/c/449337/ and https://review.openstack.org/#/c/449255/5 on master19:04
hrybackiokay, I'll start with https://review.openstack.org/449278 and https://review.openstack.org/44924619:05
lbragstadjust fyi - let's keep bp/policy-docs as the topic19:06
hrybackilbragstad: ack19:06
hrybackilbragstad: how are the proposals coming along? I've been updating my +1's and responding to some of the comments. We need those locked in by the 8th?19:06
samueldmqhrybacki: lbragstad I will get users and roles: https://review.openstack.org/#/c/449251/ and https://review.openstack.org/#/c/449240/19:08
lbragstadhrybacki: yeah - i updated the ML thread - but i don't think anyone else has reviewed it19:08
lbragstad(outside of keystone)19:09
hrybackilbragstad: yeah =/ I direclty linked that thread when folks were asking about operator input too.19:09
lbragstadhrybacki: ++19:09
lbragstadi know several folks were out last week due to the holiday19:09
lbragstadso hopefully this week we can get some traction on it19:10
hrybackifingers crossed19:10
openstackgerritLance Bragstad proposed openstack/keystone master: Move domain config to DocumentedRuleDefault  https://review.openstack.org/44933719:12
*** thorst_afk has joined #openstack-keystone19:14
*** thorst_afk has quit IRC19:15
*** thorst_afk has joined #openstack-keystone19:16
openstackgerritLance Bragstad proposed openstack/keystone master: Move domain config to DocumentedRuleDefault  https://review.openstack.org/44933719:17
openstackgerritHarry Rybacki proposed openstack/keystone master: Move trust to DocumentedRuleDefault  https://review.openstack.org/44927819:18
hrybackilbragstad: can you walk me through your comments: https://review.openstack.org/#/c/449246/5/keystone/common/policies/implied_role.py I'm not familiar enough with the roles yet19:22
* hrybacki googles implied roles19:23
lbragstadhrybacki: sure19:25
lbragstadhrybacki: implied roles are documented with roles https://developer.openstack.org/api-ref/identity/v3/index.html#roles19:26
lbragstadhrybacki: implied roles allows you to do role inheritance19:27
lbragstadhrybacki: for example, if i have two roles editor and reader19:27
lbragstadi can make the editor role imply the reader role19:28
* hrybacki nods19:28
lbragstadmy main concern in that patch was getting that communicated effectively in the wording of the policy19:28
lbragstadwhich might be something we should do with the implied role documentation anyway - because it seems to be there, too19:29
hrybackiyeah, I understand. I'll read up and try to re-word it a bit19:29
*** harlowja has quit IRC19:29
lbragstadhrybacki: if you find yourself having to reword the documentation https://developer.openstack.org/api-ref/identity/v3/index.html#roles we can hold it off and fix it later19:30
lbragstadbut i'll defer to your best judgement19:30
hrybacki+1 thanks for the links :)19:30
*** pcaruana has quit IRC19:33
openstackgerritLance Bragstad proposed openstack/keystone master: Use DocumentedRuleDefault for token operations  https://review.openstack.org/44925519:35
openstackgerritLance Bragstad proposed openstack/keystone master: Use DocumentedRuleDefault for token operations  https://review.openstack.org/44925519:40
lbragstadhrybacki: samueldmq ok - i have my patches up and rebased19:46
lbragstadi'm gonna take a late lunch to get a run in19:46
*** spilla has quit IRC19:49
*** harlowja has joined #openstack-keystone19:50
*** tobberydberg has joined #openstack-keystone19:53
hrybackio/19:55
hrybackinote to self, stay away from keystone test code19:55
*** sjain__ has quit IRC19:58
*** tobberydberg has quit IRC20:02
*** tobberydberg has joined #openstack-keystone20:10
*** tobberydberg has quit IRC20:14
*** gardlt has joined #openstack-keystone20:23
openstackgerritHarry Rybacki proposed openstack/keystone master: Move implied role policies to DocumentedRuleDefault  https://review.openstack.org/44924620:25
hrybackilbragstad: updated mine as well. So, the implied roles stuff. The code is a bit confusing and the API doc is certainly incomplete. As a matter of fact, I don't see how (in Pike) to test these via OSC. Am I missing something?20:26
*** ducttap__ has joined #openstack-keystone20:30
*** ducttape_ has quit IRC20:31
*** ducttap__ has quit IRC20:31
*** ducttape_ has joined #openstack-keystone20:31
*** raildo has quit IRC20:32
*** aojea has quit IRC20:32
*** jamielennox has quit IRC20:34
*** aojea has joined #openstack-keystone20:35
*** nicolasbock has quit IRC20:35
*** aojea has quit IRC20:36
*** aojea has joined #openstack-keystone20:37
*** ducttape_ has quit IRC20:37
*** jamielennox has joined #openstack-keystone20:38
*** ducttape_ has joined #openstack-keystone20:38
*** piliman974 has quit IRC20:40
lbragstadhrybacki: nope - i don't think osc has support for implied roles20:40
*** pnavarro has quit IRC20:49
*** piliman974 has joined #openstack-keystone20:51
*** dave-mccowan has quit IRC21:06
lbragstadcmurphy: this one looks close in case you want to revisit it https://review.openstack.org/#/c/449240/1321:08
lbragstadwhenever you have a minute21:08
bretonayoung: RBAC via Fortress was not done not because of bad process in keystone21:08
bretonayoung: if failed because Fortress did not fit and nobody cared enough about the whole initiative21:09
ayoungbreton, I just came across this: "Did you know that most new contributions to @kubernetesio occur outside the main repo (kubernetes/kubernetes)? This is great! #stability"21:09
ayoungbreton, it should be possible to map out how something like that could be prototype, put into production, and validated, in conjunctiojn with keystone, not as a rewrite21:10
bretonayoung: is their kubernetes/kubernetes like our openstack/nova?21:10
ayoungand I think we are doing something very wrong in our process21:10
ayoungbreton, yeah...ish21:11
ayoungthe API server part of Kubernetes does all the Keystone-y bits21:11
cmurphylbragstad: done21:11
*** lucasxu has quit IRC21:11
ayoungThere is no cinder21:11
ayoungthere is no neutron...or rather a million mini-neutrons21:11
lbragstadcmurphy: woo! thank you21:11
ayoungglance is either docker upstream or mini-registries that run as apps inside of k8s21:12
ayoungI just like the K8S service catalog approach so much better.  It allows for extension, etc21:12
*** thorst_afk has quit IRC21:19
*** thorst_afk has joined #openstack-keystone21:20
*** thorst_afk has quit IRC21:24
*** cheran has joined #openstack-keystone21:46
openstackgerritNicolas Helgeson proposed openstack/keystone master: Added versions to keyston headers  https://review.openstack.org/46818921:50
*** piliman974 has quit IRC21:56
*** gardlt has quit IRC21:56
*** ducttape_ has quit IRC22:01
*** aojea has quit IRC22:03
*** ducttape_ has joined #openstack-keystone22:07
*** piliman974 has joined #openstack-keystone22:25
*** lbragstad has quit IRC22:30
*** piliman974 has quit IRC22:38
*** piliman974 has joined #openstack-keystone22:40
openstackgerritColleen Murphy proposed openstack/keystone-specs master: Application Credentials for application authn  https://review.openstack.org/45041522:41
*** catintheroof has quit IRC22:41
*** ducttap__ has joined #openstack-keystone22:44
*** ductta___ has joined #openstack-keystone22:46
*** ducttap__ has quit IRC22:46
*** ducttape_ has quit IRC22:48
*** ducttape_ has joined #openstack-keystone22:49
*** ductta___ has quit IRC22:49
*** ducttape_ has quit IRC22:50
*** thorst_afk has joined #openstack-keystone22:50
*** ducttape_ has joined #openstack-keystone22:53
*** ducttape_ has quit IRC22:53
openstackgerritColleen Murphy proposed openstack/keystone-specs master: Application Credentials for application authn  https://review.openstack.org/45041522:53
*** ducttape_ has joined #openstack-keystone22:57
*** piliman974 has quit IRC23:01
*** ducttap__ has joined #openstack-keystone23:04
*** ducttape_ has quit IRC23:04
*** ducttape_ has joined #openstack-keystone23:06
*** ducttap__ has quit IRC23:06
*** ducttape_ has quit IRC23:08
*** thorst_afk has quit IRC23:09
*** ducttap__ has joined #openstack-keystone23:12
*** ducttape_ has joined #openstack-keystone23:13
*** ducttap__ has quit IRC23:17
*** david-lyle has quit IRC23:28
*** piliman974 has joined #openstack-keystone23:31
*** david-lyle has joined #openstack-keystone23:32
*** ducttape_ has quit IRC23:51
*** david-lyle has quit IRC23:58
« Monday, 2017-06-05 Index Wednesday, 2017-06-07 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!