Wednesday, 2017-12-20

« Tuesday, 2017-12-19 Index Thursday, 2017-12-21 »
*** edmondsw has joined #openstack-keystone00:08
*** edmondsw has quit IRC00:13
*** tlam_ has quit IRC00:18
*** threestrands has joined #openstack-keystone00:26
*** threestrands has quit IRC00:26
*** threestrands has joined #openstack-keystone00:26
*** dave-mccowan has quit IRC00:35
openstackgerritMerged openstack/keystone master: Improve exception logging with 500 response  https://review.openstack.org/52693900:53
*** itlinux has joined #openstack-keystone00:59
openstackgerritMerged openstack/keystone master: Expose a bug when authenticating for a trust-scoped token  https://review.openstack.org/52235601:03
*** dave-mccowan has joined #openstack-keystone01:12
openstackgerritwangxiyuan proposed openstack/keystone master: Expose a bug when authorize request token  https://review.openstack.org/52629501:18
openstackgerritwangxiyuan proposed openstack/keystone master: Add schema check for authorize request token  https://review.openstack.org/52629601:18
*** asettle has quit IRC01:19
openstackgerritMerged openstack/keystone master: Add schema check for OS-TRUST:trust authentication  https://review.openstack.org/52210701:20
openstackgerritMerged openstack/keystone master: Update keystone testing documentation  https://review.openstack.org/52352401:20
*** asettle has joined #openstack-keystone01:22
*** annp has joined #openstack-keystone01:23
*** aselius has quit IRC01:32
*** andreykurilin has quit IRC01:43
*** andreykurilin has joined #openstack-keystone01:46
*** r-daneel has quit IRC02:20
*** catintheroof has joined #openstack-keystone02:38
*** catintheroof has quit IRC02:53
*** gmann has quit IRC02:55
*** threestrands has quit IRC03:03
*** threestrands has joined #openstack-keystone03:04
*** threestrands has quit IRC03:04
*** threestrands has joined #openstack-keystone03:04
*** threestrands has quit IRC03:05
*** threestrands has joined #openstack-keystone03:06
*** threestrands has quit IRC03:06
*** threestrands has joined #openstack-keystone03:06
*** threestrands has quit IRC03:07
*** threestrands has joined #openstack-keystone03:07
*** dave-mccowan has quit IRC03:13
*** edmondsw has joined #openstack-keystone03:44
*** edmondsw has quit IRC03:49
*** gyee has quit IRC03:51
*** threestrands_ has joined #openstack-keystone03:57
*** threestrands has quit IRC03:57
*** threestrands_ has quit IRC03:58
*** zhurong has joined #openstack-keystone03:58
*** threestrands_ has joined #openstack-keystone03:59
openstackgerritGage Hugo proposed openstack/keystone master: Refactor project tags encoding  https://review.openstack.org/52917904:04
*** namnh has joined #openstack-keystone04:14
openstackgerritwangxiyuan proposed openstack/keystone master: Add new tables for unified limits  https://review.openstack.org/52304104:19
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add db operation for unified limit  https://review.openstack.org/52408204:19
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add limit provider  https://review.openstack.org/52410904:19
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Expose unified limit APIs  https://review.openstack.org/52411004:19
openstackgerritwangqiang-bj proposed openstack/keystone master: remove "Relationship links" in api-doc  https://review.openstack.org/52922004:36
*** ianw is now known as ianw_pto04:57
*** links has joined #openstack-keystone04:57
samueldmq\q lbragstad04:59
*** namnh has quit IRC05:19
*** edmondsw has joined #openstack-keystone05:32
*** edmondsw has quit IRC05:37
*** AlexeyAbashkin has joined #openstack-keystone05:37
*** AlexeyAbashkin has quit IRC05:42
*** d0ugal has quit IRC06:17
*** d0ugal has joined #openstack-keystone06:23
*** threestrands_ has quit IRC06:57
openstackgerritMerged openstack/keystone master: Updated from global requirements  https://review.openstack.org/52886607:03
*** rcernin has quit IRC07:08
*** edmondsw has joined #openstack-keystone07:21
*** edmondsw has quit IRC07:25
openstackgerritZhanHan proposed openstack/python-keystoneclient master: Modify a spelling error  https://review.openstack.org/52925007:33
*** sapd has quit IRC07:40
*** sapd has joined #openstack-keystone07:41
*** samuelbartel has joined #openstack-keystone07:55
openstackgerritwangxiyuan proposed openstack/keystone master: Add new tables for unified limits  https://review.openstack.org/52304107:56
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add db operation for unified limit  https://review.openstack.org/52408207:56
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add limit provider  https://review.openstack.org/52410907:56
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Expose unified limit APIs  https://review.openstack.org/52411007:56
*** zhurong has quit IRC08:17
*** AlexeyAbashkin has joined #openstack-keystone08:19
*** hoonetorg has quit IRC08:19
*** apuimedo has joined #openstack-keystone08:23
*** apuimedo has quit IRC08:24
*** celebdor has joined #openstack-keystone08:24
*** sapd has quit IRC08:33
*** hoonetorg has joined #openstack-keystone08:33
*** sapd has joined #openstack-keystone08:35
*** kmalloc has quit IRC08:41
*** magicboiz has quit IRC08:48
*** sbezverk has quit IRC09:02
*** magicboiz has joined #openstack-keystone09:04
*** magicboiz has quit IRC09:15
*** magicboiz has joined #openstack-keystone09:15
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add db operation for unified limit  https://review.openstack.org/52408209:33
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add limit provider  https://review.openstack.org/52410909:33
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Expose unified limit APIs  https://review.openstack.org/52411009:33
openstackgerritMerged openstack/python-keystoneclient master: Create doc/requirements.txt  https://review.openstack.org/52896410:10
*** Neptu_ is now known as Neptu10:23
*** ruan__he has quit IRC10:40
*** annp has quit IRC10:53
*** edmondsw has joined #openstack-keystone10:57
*** edmondsw has quit IRC11:01
*** AlexeyAbashkin has quit IRC11:08
*** szaher has quit IRC11:36
*** AlexeyAbashkin has joined #openstack-keystone11:52
*** panbalag has quit IRC11:53
*** slunkad has quit IRC11:59
*** slunkad has joined #openstack-keystone12:02
*** bhagyashris has joined #openstack-keystone12:10
*** dave-mccowan has joined #openstack-keystone12:13
bhagyashrismordred: Hi, Want to discuss about the patch https://review.openstack.org/#/c/505764/4 .Just check the zuul result and report and it's  showing 'keystoneauth1.tests.unit.test_session.SessionAuthTests.test_split_loggers' is failing12:15
bhagyashrismordred: I have applied the patch on my machine and checked and seems that randomly 2 to 4 unit test cases are failing12:15
bhagyashrismordred: any idea why this happening12:16
*** raildo has joined #openstack-keystone12:29
*** edmondsw has joined #openstack-keystone12:45
*** edmondsw has quit IRC12:49
*** openstackgerrit has quit IRC13:13
-openstackstatus- NOTICE: gerrit is being restarted due to extreme slowness13:14
*** rmascena has joined #openstack-keystone13:35
*** raildo has quit IRC13:37
*** panbalag has joined #openstack-keystone13:43
*** panbalag has left #openstack-keystone13:43
*** catintheroof has joined #openstack-keystone13:52
*** catintheroof has quit IRC14:02
*** catintheroof has joined #openstack-keystone14:04
*** catinthe_ has joined #openstack-keystone14:22
lbragstadsamueldmq: o/14:24
*** catintheroof has quit IRC14:26
*** jmlowe has quit IRC14:28
*** tlam_ has joined #openstack-keystone14:29
ayounglbragstad, I just pulled the trigger on the first of the system scoped patches...and just realized I want to make a change in direction...let me run it past you and you can talk me down off the ledge14:30
ayounglbragstad, I really don't like that we are getting a new table for the dumb reason of the enum values...what if we instead ported the old table over to a new table as well, and put everything in there:14:31
ayoungsystem role assignments as well as the existing role types?14:31
ayoungit would mean that your system role table would need to grow an assignment type value.14:32
ayoungfor a zero uptime upgrade, it would also mean that, during the migration stage, we would...read from both tables while migrating?14:33
lbragstadthat would have to be in place of `type`?14:33
ayoungyeah...not an enum anymore either14:33
lbragstadyou'd have to lock the assignment table14:33
lbragstadhttps://review.openstack.org/#/c/507993/5/keystone/common/sql/expand_repo/versions/031_expand_system_assignment_table.py14:33
ayoungright.14:33
lbragstador write a trigger to port things back and forth14:34
ayounglbragstad, it seems silly to have a new table just cuz we have a new type.  We should fix the type thing as part of this, and get a unified table.  Am I correct that the only reason we have a new table is cuz of the locked enum, or is there some better reason for it?14:34
lbragstadthe enum bit was part of it14:35
lbragstadbut we started thinking about what happens if system breaks out into its own hierarchy14:35
lbragstadand wondered if any ramifications of that might justify having system role assignments as their own table?14:36
ayounghierarchy?  As in separate from the project hierarchy?14:36
lbragstadyes14:36
lbragstadthis is *way* future looking14:36
lbragstadbut something that's been kicked around14:37
ayoungI get it...it is based on the idea that this is really manageing control of the service catalog, but we don't want to get too close there, either14:37
lbragstadwell - if you have a bunch of services that make up a 'system'14:37
ayoungI 've long thought that everything in Keystone should be namespaced inside some project or domain...14:37
ayoungright14:38
ayoungand regions14:38
ayoungand all that stuff14:38
lbragstadthen you start getting into granting roles on the services/regions instead of the system as a whole14:38
*** aojea has joined #openstack-keystone14:38
lbragstadthat's seemed useful and powerful when we were discussing it in person14:38
lbragstadbut certainly something that doesn't need to be in the initial implementation14:38
lbragstadIMO14:38
lbragstadbut we made it a requirement to build for that case so that we could do that in the future if we wantedt o14:39
lbragstadanother thing i noticed when dealing with a single assignment table for system + project + domain roles assignments,14:39
lbragstadis that I think a lot of the logic for the existing assignment backend needs to be refactored into the manager layer14:40
lbragstadthe existing assignment driver does a lot of things and performs a lot of business logic14:40
ayounglbragstad, so, I think I want to let you drive one with this implementation for this release as designed, and we will do a refactoring reduction next release14:42
ayoungI +2Aed https://review.openstack.org/#/c/507993/  and lets drive on with those14:42
lbragstadayoung: you sure?14:42
ayounglbragstad, yeah, because I think what you are going to learn as you implement will aid us greatly14:43
lbragstadin what we need to refactor?14:43
ayoungand maybe we'll decide to do a V4 of the API with simpler naming.  I think we're collecting enough info along those lines I can see it happening in a year or two14:43
ayoungI suspect that we'll be able to reunify the assignment tables next release, even with a hierarchy identified.  I think the structure we have will support it, but the naming is too disjointed14:45
lbragstadthat's the important bit, the big thing is being able to unify later if we need to14:45
ayoungI like the Kubernetes use of the term namespace.  I'd like for us to collapse Project and domain and region into namespace, drop the term domain in favor of IdP for managing users and groups14:46
lbragstadyeah14:46
ayoungmake projects hierarchical, including a way to provide hierarchical URLs14:46
ayoungand get it so that a named resource, like a vm or a volume from cinder can be created and owned by one namespace, but manipulated in another.  THinking along the lines of  INODE vs DENTRY in filesystems14:47
lbragstadthat'd be interesting14:50
ayounglbragstad, BTW, tjhe second +2 on your table patch came from henry.14:50
lbragstadi saw14:50
ayoungWas very happy to see that.14:50
lbragstadi pestered him for some reviews yesterday :)14:50
ayoung:)14:51
lbragstadhe had a comment on an existing patch set that had been addressed, but i wanted to have him remove his -1 rather than wipe it14:51
ayounglbragstad, BTW, what do you want to do about the policy on the Systems roles?14:51
ayoungI really don't like the extension of admin there.14:51
lbragstadhow do you mean?14:51
ayounglbragstad, its an extension of ADMI_REQUIRED with no scope.  Now that we have system roles, lets use them14:52
*** aojea has quit IRC14:52
lbragstadthe assignment of system roles are broken out into their policies14:52
ayoungadd in a rule that says admin+system14:52
ayounghttps://review.openstack.org/#/c/514471/6/keystone/common/policies/grant.py14:52
ayoungcheck_str=base.RULE_ADMIN_REQUIRED,14:52
ayounglets add a new rule first14:53
lbragstadi don't think we need to because of https://review.openstack.org/#/c/514471/6/keystone/common/policies/grant.py@10414:53
ayoungcheck_str=base.RULE_SYSTEM_ADMIN_REQUIRED,14:53
lbragstadand we're leveraging scope_types14:53
ayoungscope_types=['system'],14:53
* ayoung feels silly14:53
lbragstadyep14:53
ayounglbragstad, that makes me very happy14:54
lbragstadoslo.policy has all the plumbing to handle that enforcement for us (and all other projects)14:54
lbragstadbut i still added a configuration option to toggle the hard enforcement behavior14:54
lbragstadand you actually see a *ton* of logs in our tests14:55
ayounglbragstad, what about a keystone-manage extension to convert is_admin_project role assignments  to system roles?14:55
lbragstadthat would work14:55
ayoungI'll try to hack that out.  I'm going to rebase that patch and +2 them from there on up14:55
lbragstadi was thinking that keystone-manage should setup the admin user and give them the admin role on a project and the system14:56
lbragstadan operator should be able to use that account to do anything and everything from a keystone perspective14:56
lbragstadthen, once they audit their users and give them proper roles on projects or the system depending on the case, they can flip the bit14:57
ayounglbragstad, BTW, is there a common Capabilities doc that I can read up on?14:58
lbragstadwe have a ton of tests that emit logs because our testing infrastructure hasn't accounted for system-scope yet14:58
lbragstadlike a capabilities API doc?14:58
ayoungI want to revise the RBAC in middleware approach based on the common approach to capabilities. I assume someone is driving that somewhere?14:58
lbragstadseveral projects have specifications that detail the work14:59
lbragstadbut i think cinder is the only one who merged it14:59
lbragstadi was actually going to take a stab at writing one for keystone soon14:59
lbragstadbut - just not enough hours in the day15:00
*** catinthe_ has quit IRC15:02
*** catintheroof has joined #openstack-keystone15:03
lbragstadonce we get all the scope_types stuff into keystone https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:add-scope-types15:03
lbragstadwe should be able to use the Enforcer object to generate a list of things you can do based on a token15:03
lbragstadwhich would be good functionality to have in oslo.policy15:04
lbragstadif other projects want to reuse it15:04
ayounglbragstad, I'll look at the cinder one15:05
ayounghttps://review.openstack.org/#/q/status:merged+project:openstack/cinder-specs+branch:master+topic:bp/discovering-system-capabilities15:06
lbragstadyeah - that looks right15:06
lbragstadi don't think it's all completely implemented15:06
ayoung``GET /v3.x/{tenant id}/capabilities``15:07
ayounglbragstad, OK...here is a thought:15:07
lbragstadbecause we have policy issues that need to be worked out yet15:07
ayoungfrom /v3 we add a series of links to /users /groups etc15:07
*** openstackgerrit has joined #openstack-keystone15:07
openstackgerritMehdi Abaakouk (sileht) proposed openstack/keystonemiddleware master: cfg.CONF must not be used directly  https://review.openstack.org/52663115:07
ayoungand from those top level links, we add links to the actual APIs for manipulating them.  We also add in a link for the capabilities15:07
*** catintheroof has quit IRC15:08
ayoungI've wanted those intermediate links for a long time...along with the ability to pass Accepts Content-Type of HTML so a user can probe the Keystone server from a browser15:08
ayoungheh policy issue as in "what role do you need  in order to query the capabilies" policy?15:10
lbragstadhuh...15:12
lbragstadthat'd be interesting15:12
lbragstadso i could query the capabilities api and get back a list of links15:12
lbragstadwith things i can do15:12
lbragstadi could see that being really cool15:14
lbragstadclients could use that to expose functionality15:15
lbragstadin a predetermined way15:15
lbragstadsame with horizon15:15
knikollao/15:23
lbragstadknikolla: o/15:28
cmurphyeasy reviews to get the rest of our docs jobs fixed https://review.openstack.org/#/c/529164/ https://review.openstack.org/#/c/529158/ :)15:30
lbragstadcmurphy: thanks for respinning those15:32
lbragstad+215:32
gagehugoo/15:42
*** pcaruana has joined #openstack-keystone15:51
openstackgerritLance Bragstad proposed openstack/keystone master: Add a new table for system role assignments  https://review.openstack.org/50799315:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement backend logic for system roles  https://review.openstack.org/50799415:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement manager logic for user+system roles  https://review.openstack.org/51246815:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement manager logic for group+system roles  https://review.openstack.org/51264115:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add user system grant policies  https://review.openstack.org/51447115:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add group system grant policies  https://review.openstack.org/51472515:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add configuration option for enforcing system-scope  https://review.openstack.org/52884715:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement controller logic for system user assignments  https://review.openstack.org/51521515:57
openstackgerritLance Bragstad proposed openstack/keystone master: Implement controller logic for system group assignments  https://review.openstack.org/52401715:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add system role assignment documentation  https://review.openstack.org/52430715:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add ability to list all system role assignments  https://review.openstack.org/52440715:57
openstackgerritLance Bragstad proposed openstack/keystone master: Ensure building scope is mutually exclusive  https://review.openstack.org/49809115:57
openstackgerritLance Bragstad proposed openstack/keystone master: Remove private methods for v2.0 and v3 tokens  https://review.openstack.org/52532915:58
openstackgerritLance Bragstad proposed openstack/keystone master: Teach TokenFormatter how to handle system scope  https://review.openstack.org/52533015:58
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scope in the token provider API  https://review.openstack.org/52536015:58
openstackgerritLance Bragstad proposed openstack/keystone master: Introduce assertions for system-scoped token testing  https://review.openstack.org/52803715:58
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scoped tokens  https://review.openstack.org/52568715:58
openstackgerritLance Bragstad proposed openstack/keystone master: Add release note for system-scope  https://review.openstack.org/52803915:58
lbragstadayoung: sorry - i had to add a new test case ^15:58
ayounglbragstad, should I push the DB change through again?15:59
lbragstadayoung: thanks15:59
ayoungcmurphy, +@A on both those.  One question, the test build-openstack-sphinx-docs  should exercise those, right?16:01
lbragstadi'm wondering what people think of https://review.openstack.org/#/c/528847/216:02
lbragstaddoes that configuration option need to be in oslo.policy?16:02
cmurphyayoung: yes, and you'll notice on other ksm changes it's been failing the last couple of days https://review.openstack.org/#/c/526631/16:02
lbragstadinstead of in *each* project?16:02
ayounglbragstad, it would certainly be better if it were commonized16:04
lbragstadmmmk16:04
lbragstadi can whip that up16:04
ayoungcould we get it into oslo-context?16:04
lbragstadmmm16:05
ayoungI guess not...16:05
ayoungneeds to be in the enforcement, not just the data16:05
lbragstadwould there be an advantage to it being in context?16:05
ayoungjust that context is supposed to be the common OpenStack specific stuff, whereas policy thus far has been a rules  engine,16:05
ayoungwith the exception of roles16:06
ayoungbut I think scope requires a change to policy, too, so yeah, needs to be in oslo policy16:06
lbragstadif we have a toggle for enforcing scope, we certainly need it at evaluation time16:06
lbragstadwhich is what pushed me to think it should go into oslo.policy16:06
*** celebdor has quit IRC16:15
*** edmondsw has joined #openstack-keystone16:21
openstackgerritMerged openstack/keystone master: Deprecate member_role_id and member_role_name  https://review.openstack.org/52246116:25
*** edmondsw has quit IRC16:26
*** AlexeyAbashkin has quit IRC16:37
*** links has quit IRC16:44
*** aselius has joined #openstack-keystone16:56
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add configuration option for enforcing scope  https://review.openstack.org/52937216:59
lbragstadayoung: dims i'm likely going to need some guidance there ^17:00
ayounglbragstad, my guess is we would have to test that manually for a functional test.  Some devstack setup with it enabled.17:01
*** gyee has joined #openstack-keystone17:01
*** samuelbartel has quit IRC17:01
lbragstadayoung: yeah - the problem is that i introduced a kwarg to do this before, but it doesn't make sense to have a kwarg and a configuration option17:02
lbragstad(especially since they both defaulted to different values)17:03
lbragstadso i'm wondering how to go about fixing that mistake17:03
lbragstadbut the devstack thing is on my list for later this week or the weekend17:03
lbragstadI'd like do stand up one with scoping enabled and another without it enabled and using project assignments17:03
lbragstadand see where things tip over, and possible record a demo17:04
lbragstadpossibly*17:04
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add configuration option for enforcing scope  https://review.openstack.org/52937217:05
ayoungremove the kwarg?17:10
ayoungI doubt anyone is using it yet17:10
lbragstadyeah... i doubt it17:13
lbragstadbut i'm just not sure on the process17:13
lbragstador if it is acceptable to do that17:13
lbragstadi left a comment on the review asking for feedback17:14
ayoung++17:18
*** d0ugal has quit IRC17:23
openstackgerritLance Bragstad proposed openstack/keystone master: Break TestMappingPurge into multiple tests  https://review.openstack.org/47113817:23
*** sbezverk has joined #openstack-keystone17:25
openstackgerritMerged openstack/keystonemiddleware master: Fix docs builds  https://review.openstack.org/52915817:35
*** d0ugal has joined #openstack-keystone17:35
*** magicboiz has quit IRC17:45
openstackgerritMerged openstack/keystoneauth master: Fix docs builds  https://review.openstack.org/52916417:46
*** sapd_ has joined #openstack-keystone18:01
*** sapd has quit IRC18:01
*** panbalag has joined #openstack-keystone18:06
*** AlexeyAbashkin has joined #openstack-keystone18:08
*** edmondsw has joined #openstack-keystone18:09
*** AlexeyAbashkin has quit IRC18:13
*** edmondsw has quit IRC18:13
*** panbalag has quit IRC18:14
*** panbalag has joined #openstack-keystone18:30
*** panbalag has left #openstack-keystone18:40
*** spilla has joined #openstack-keystone18:58
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials db migration  https://review.openstack.org/52492719:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials driver  https://review.openstack.org/52492819:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474719:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/52442319:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credential auth plugin  https://review.openstack.org/52534619:16
*** pcaruana has quit IRC19:29
openstackgerritLance Bragstad proposed openstack/keystone master: Add configuration option for enforcing system-scope  https://review.openstack.org/52884719:34
openstackgerritLance Bragstad proposed openstack/keystone master: Implement controller logic for system user assignments  https://review.openstack.org/51521519:37
openstackgerritLance Bragstad proposed openstack/keystone master: Implement controller logic for system group assignments  https://review.openstack.org/52401719:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add system role assignment documentation  https://review.openstack.org/52430719:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add ability to list all system role assignments  https://review.openstack.org/52440719:37
openstackgerritLance Bragstad proposed openstack/keystone master: Ensure building scope is mutually exclusive  https://review.openstack.org/49809119:37
openstackgerritLance Bragstad proposed openstack/keystone master: Remove private methods for v2.0 and v3 tokens  https://review.openstack.org/52532919:37
openstackgerritLance Bragstad proposed openstack/keystone master: Teach TokenFormatter how to handle system scope  https://review.openstack.org/52533019:37
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scope in the token provider API  https://review.openstack.org/52536019:37
openstackgerritLance Bragstad proposed openstack/keystone master: Introduce assertions for system-scoped token testing  https://review.openstack.org/52803719:37
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scoped tokens  https://review.openstack.org/52568719:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add release note for system-scope  https://review.openstack.org/52803919:37
*** pcaruana has joined #openstack-keystone19:48
*** pcaruana has quit IRC19:54
openstackgerritGage Hugo proposed openstack/python-keystoneclient master: Add project tags to keystoneclient  https://review.openstack.org/48122319:54
gagehugo^ lbragstad fixed the 'u's showing up I think19:54
*** edmondsw has joined #openstack-keystone19:57
lbragstadsweet19:58
lbragstadi should be able to test that out - i have a bunch of patches installed locally for keystone, ksa, keystoneclient, and openstackclient working on the system scope changes19:58
lbragstadbut i should be able to review after that19:58
*** edmondsw has quit IRC20:02
gagehugosounds good20:04
*** pcaruana has joined #openstack-keystone20:06
*** rmascena__ has joined #openstack-keystone20:08
*** rmascena has quit IRC20:10
*** rmascena__ is now known as raildo20:11
*** pcaruana has quit IRC20:13
NobodyCamGood Morning Keystone Folks. I have a question: could someone point me any old docs on how to decrypt the pkiz tokens?20:23
*** links has joined #openstack-keystone20:41
*** links has quit IRC20:47
*** tlam_ has quit IRC20:53
*** catintheroof has joined #openstack-keystone20:54
*** tlam_ has joined #openstack-keystone20:54
*** raildo has quit IRC21:01
*** jmlowe has joined #openstack-keystone21:04
openstackgerritMerged openstack/keystonemiddleware master: cfg.CONF must not be used directly  https://review.openstack.org/52663121:05
*** aojea has joined #openstack-keystone21:21
*** catinthe_ has joined #openstack-keystone21:23
*** catintheroof has quit IRC21:25
ayoungcmurphy, care to start kicking the lbragstad commits on System Role on through, since henrynash seems to be on holiday?  I'll trade by reviewing anything you got that is priority21:29
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474721:29
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/52442321:29
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credential auth plugin  https://review.openstack.org/52534621:29
lbragstad^ priority :)21:29
cmurphyWIP :P21:30
cmurphyalthough early feedback on the auth plugin wouldn't be a bad idea21:30
cmurphyayoung: yes I'll start looking at it21:30
*** catinthe_ has quit IRC21:35
*** catintheroof has joined #openstack-keystone21:35
*** threestrands_ has joined #openstack-keystone21:36
*** catintheroof has quit IRC21:40
cmurphylbragstad: I didn't realize https://review.openstack.org/#/c/498091/ was part of the giant stack, i'm pretty sure you could pull it out and we could merge it independently21:50
cmurphyand then the stack would be smaller21:50
lbragstadyeah - i kept it in there since i figured a subsequent patch would cause a merge conflict21:52
openstackgerritLance Bragstad proposed openstack/keystone master: Ensure building scope is mutually exclusive  https://review.openstack.org/49809121:53
*** tlam_ has quit IRC21:53
*** tlam_ has joined #openstack-keystone21:53
openstackgerritLance Bragstad proposed openstack/keystone master: Remove private methods for v2.0 and v3 tokens  https://review.openstack.org/52532921:53
lbragstadok - pulled those two out of the stack21:53
cmurphy+A +A21:55
cmurphytwo less things for me to do tomorrow21:55
lbragstad:)22:00
lbragstadi'll just wait for those to merge before i rebase the entire stack22:01
*** aojea has quit IRC22:04
*** spilla has quit IRC22:18
*** david-lyle has quit IRC22:24
*** rcernin has joined #openstack-keystone22:32
*** aojea has joined #openstack-keystone22:33
*** jappleii__ has joined #openstack-keystone22:35
*** threestrands_ has quit IRC22:36
*** david-lyle has joined #openstack-keystone22:56
*** aojea has quit IRC23:06
*** dave-mccowan has quit IRC23:17
*** edmondsw has joined #openstack-keystone23:33
*** edmondsw has quit IRC23:38
« Tuesday, 2017-12-19 Index Thursday, 2017-12-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!