*** felipemonteiro has joined #openstack-keystone | 00:08 | |
*** felipemonteiro has quit IRC | 00:19 | |
*** gongysh has quit IRC | 00:24 | |
*** felipemonteiro has joined #openstack-keystone | 00:33 | |
*** dave-mcc_ has quit IRC | 00:35 | |
*** dklyle_ has quit IRC | 00:36 | |
*** dklyle has joined #openstack-keystone | 00:36 | |
openstackgerrit | Merged openstack/keystone master: Add project hierarchical tree check when Keystone start https://review.openstack.org/580331 | 00:53 |
---|---|---|
*** felipemonteiro has quit IRC | 00:57 | |
*** links has joined #openstack-keystone | 01:30 | |
*** dave-mccowan has joined #openstack-keystone | 01:35 | |
*** felipemonteiro has joined #openstack-keystone | 01:39 | |
*** felipemonteiro has quit IRC | 01:52 | |
*** gyee has quit IRC | 01:55 | |
*** felipemonteiro has joined #openstack-keystone | 02:10 | |
*** adriant has quit IRC | 02:16 | |
*** adriant has joined #openstack-keystone | 02:19 | |
*** sapd has joined #openstack-keystone | 02:21 | |
*** dave-mccowan has quit IRC | 02:29 | |
*** dave-mccowan has joined #openstack-keystone | 02:30 | |
*** abhi89 has joined #openstack-keystone | 02:30 | |
*** gongysh has joined #openstack-keystone | 02:30 | |
openstackgerrit | Merged openstack/keystone master: Delete project limits when deleting project https://review.openstack.org/538371 | 02:34 |
*** zeus has quit IRC | 02:35 | |
*** zeus has joined #openstack-keystone | 02:39 | |
*** zeus is now known as Guest14217 | 02:40 | |
*** jmlowe has joined #openstack-keystone | 02:43 | |
*** felipemonteiro has quit IRC | 02:43 | |
*** felipemonteiro has joined #openstack-keystone | 02:54 | |
*** sapd has quit IRC | 02:58 | |
wxy | abhi89: https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L230 https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L458 | 03:00 |
wxy | abhi89: seems the notification is sent? | 03:01 |
*** felipemonteiro has quit IRC | 03:03 | |
*** sapd has joined #openstack-keystone | 03:07 | |
*** dave-mcc_ has joined #openstack-keystone | 03:09 | |
*** dave-mccowan has quit IRC | 03:12 | |
*** dave-mcc_ has quit IRC | 03:12 | |
abhi89 | wxy: are audit events & service events same? we have audit.http.request & audit.http.response as event types under which all service audit events are collected.. the code snippet you mentioned is for these audit events i guess.. | 03:13 |
*** zhurong has joined #openstack-keystone | 03:30 | |
wxy | abhi89: they are not the same. | 03:46 |
wxy | abhi89: audit.http.request & audit.http.response is sent by keystonemiddleware. | 03:46 |
wxy | abhi89: The code I pointed is sent by Keystone. it's service events, the event can be used for audit as well. | 03:48 |
wxy | abhi89: the event_type is https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L404 or https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L441 | 03:50 |
wxy | abhi89: depends on the options `notification_format` you set (basic or cadf). default is cadf format. | 03:51 |
abhi89 | wxy: the events are getting generated by keystone.. but they are not there in panko db 'event' table.. may be they getting lost somewhere in between.. need to check whether they are reaching the message queue & then if panko is able to listen to these notifications.. | 03:56 |
wxy | abhi89: emm. from my sight, Keystone has sent the notifications to message bus already. Not sure what happened during the transport. It's worth to trace a message in the message bus to see what the input from Keystone and how panko query it | 04:01 |
abhi89 | wxy: yes, event is getting generated in keystone & is being sent.. need to check further as you mentioned.. thanks.. | 04:02 |
*** zhurong has quit IRC | 04:27 | |
*** r-daneel has joined #openstack-keystone | 04:37 | |
kmalloc | Do you have keystone confifured to talk on the bus? | 04:53 |
kmalloc | It's pretty explicit to do so. | 04:53 |
kmalloc | Keystone by default doesn't emit on the bus, but still generates the notification, since we use the same framework to talk between keystone subsystems. | 04:55 |
*** gongysh has quit IRC | 04:55 | |
*** flwang1 has quit IRC | 04:56 | |
*** pcichy has quit IRC | 04:58 | |
*** pcichy has joined #openstack-keystone | 04:59 | |
*** gongysh has joined #openstack-keystone | 05:27 | |
*** felipemonteiro has joined #openstack-keystone | 05:52 | |
*** hoonetorg has quit IRC | 06:01 | |
*** annp has joined #openstack-keystone | 06:05 | |
*** felipemonteiro has quit IRC | 06:16 | |
*** hoonetorg has joined #openstack-keystone | 06:17 | |
*** martinus__ has joined #openstack-keystone | 06:19 | |
*** pcaruana has joined #openstack-keystone | 06:33 | |
*** felipemonteiro has joined #openstack-keystone | 06:37 | |
*** rcernin has quit IRC | 06:59 | |
*** ispp has joined #openstack-keystone | 07:09 | |
*** tesseract has joined #openstack-keystone | 07:16 | |
*** ispp has quit IRC | 07:21 | |
*** AlexeyAbashkin has joined #openstack-keystone | 07:42 | |
*** ispp has joined #openstack-keystone | 07:47 | |
*** felipemonteiro has quit IRC | 08:01 | |
*** dstanek has quit IRC | 08:18 | |
*** dstanek has joined #openstack-keystone | 08:20 | |
*** rcernin has joined #openstack-keystone | 08:29 | |
*** openstackgerrit has quit IRC | 08:48 | |
*** josecastroleon has quit IRC | 09:01 | |
*** josecastroleon1 has joined #openstack-keystone | 09:01 | |
*** josecastroleon1 is now known as josecastroleon | 09:01 | |
*** ispp has quit IRC | 09:11 | |
*** pcichy has quit IRC | 09:16 | |
*** chason has quit IRC | 09:16 | |
*** pcichy has joined #openstack-keystone | 09:17 | |
*** chason has joined #openstack-keystone | 09:17 | |
*** ispp has joined #openstack-keystone | 09:19 | |
*** d0ugal has joined #openstack-keystone | 09:36 | |
*** d0ugal has quit IRC | 09:36 | |
*** d0ugal has joined #openstack-keystone | 09:36 | |
*** lifeless has quit IRC | 09:37 | |
*** flwang1 has joined #openstack-keystone | 09:48 | |
*** Tahvok has quit IRC | 09:50 | |
*** Tahvok has joined #openstack-keystone | 09:51 | |
*** ispp has quit IRC | 10:01 | |
*** abhi89 has quit IRC | 10:08 | |
*** josecastroleon has quit IRC | 10:10 | |
*** josecastroleon has joined #openstack-keystone | 10:10 | |
*** shyamb has joined #openstack-keystone | 10:14 | |
*** chason has quit IRC | 10:15 | |
*** chason has joined #openstack-keystone | 10:17 | |
*** josecastroleon has quit IRC | 10:17 | |
*** shyambiradar has joined #openstack-keystone | 10:17 | |
*** chason[m] has joined #openstack-keystone | 10:17 | |
*** d0ugal has quit IRC | 10:21 | |
*** shyambiradar has quit IRC | 10:22 | |
*** kukacz_ has quit IRC | 10:23 | |
*** shyamb has quit IRC | 10:23 | |
*** kukacz_ has joined #openstack-keystone | 10:23 | |
*** lifeless has joined #openstack-keystone | 10:23 | |
*** gongysh has quit IRC | 10:41 | |
*** edmondsw has joined #openstack-keystone | 10:49 | |
*** ispp has joined #openstack-keystone | 10:49 | |
*** shyambiradar has joined #openstack-keystone | 10:59 | |
*** shyamb has joined #openstack-keystone | 10:59 | |
*** shyambiradar has quit IRC | 11:00 | |
*** shyambiradar has joined #openstack-keystone | 11:00 | |
*** josecastroleon has joined #openstack-keystone | 11:13 | |
*** rcernin has quit IRC | 11:21 | |
*** abhi89 has joined #openstack-keystone | 11:46 | |
*** ispp has quit IRC | 11:54 | |
*** ispp has joined #openstack-keystone | 11:57 | |
*** dave-mccowan has joined #openstack-keystone | 12:25 | |
*** jaosorior has quit IRC | 12:27 | |
knikolla | o/ | 12:33 |
*** shyamb has quit IRC | 12:41 | |
*** shyamb has joined #openstack-keystone | 12:42 | |
*** jaosorior has joined #openstack-keystone | 12:50 | |
*** r-daneel has quit IRC | 12:57 | |
*** pcichy has quit IRC | 12:59 | |
*** openstackgerrit has joined #openstack-keystone | 13:03 | |
openstackgerrit | Merged openstack/keystone master: Allow for 'extension' rel in json home https://review.openstack.org/583357 | 13:03 |
openstackgerrit | Merged openstack/keystone master: Trusts do not implement patch. https://review.openstack.org/583358 | 13:03 |
*** pcichy has joined #openstack-keystone | 13:07 | |
*** Tahvok has quit IRC | 13:08 | |
*** Tahvok has joined #openstack-keystone | 13:11 | |
*** d0ugal has joined #openstack-keystone | 13:27 | |
*** cmurphy is now known as cmurphy|vacation | 13:29 | |
*** dave-mcc_ has joined #openstack-keystone | 13:33 | |
*** dave-mccowan has quit IRC | 13:34 | |
*** dave-mccowan has joined #openstack-keystone | 13:36 | |
*** dave-mcc_ has quit IRC | 13:38 | |
*** shyamb has quit IRC | 13:38 | |
*** d0ugal has quit IRC | 13:45 | |
*** r-daneel has joined #openstack-keystone | 13:55 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Address nits in strict-two-level implementation https://review.openstack.org/585379 | 13:57 |
*** gongysh has joined #openstack-keystone | 14:00 | |
*** xinran__ has joined #openstack-keystone | 14:05 | |
*** vrv_ has joined #openstack-keystone | 14:06 | |
*** felipemonteiro has joined #openstack-keystone | 14:08 | |
*** spilla has joined #openstack-keystone | 14:19 | |
gagehugo | o/ | 14:30 |
lbragstad | o/ | 14:31 |
*** links has quit IRC | 14:33 | |
*** felipemonteiro has quit IRC | 14:33 | |
*** jmlowe has quit IRC | 14:38 | |
*** gongysh has quit IRC | 14:48 | |
*** jrist has quit IRC | 14:49 | |
*** imacdonn has quit IRC | 14:51 | |
*** imacdonn has joined #openstack-keystone | 14:51 | |
*** pcaruana has quit IRC | 14:52 | |
*** ChanServ sets mode: +o lbragstad | 15:01 | |
*** r-daneel has quit IRC | 15:07 | |
*** r-daneel has joined #openstack-keystone | 15:08 | |
*** jrist has joined #openstack-keystone | 15:15 | |
*** jrist has quit IRC | 15:15 | |
*** jrist has joined #openstack-keystone | 15:15 | |
*** r-daneel has quit IRC | 15:19 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Reduce duplication in federated auth APIs https://review.openstack.org/585782 | 15:20 |
jaosorior | lbragstad: hey! Back from vacations. Was the bug fixed where it wasn't passed if a token is system scoped? (forgot the bug ID) | 15:22 |
lbragstad | jaosorior: yep - let me grab you a link | 15:22 |
lbragstad | welcome back :) | 15:22 |
lbragstad | jaosorior: https://bugs.launchpad.net/oslo.policy/+bug/1779172 was it - yeah? | 15:24 |
openstack | Launchpad bug 1779172 in oslo.policy "RFE: policy enforcement should accept context objects" [Undecided,Fix released] - Assigned to Lance Bragstad (lbragstad) | 15:24 |
lbragstad | if so - that was addressed with https://review.openstack.org/#/c/578995/ | 15:24 |
jaosorior | lbragstad: that looks about right | 15:25 |
jaosorior | nice! | 15:25 |
lbragstad | yeah - that should be fixed in oslo.policy 1.38.0 | 15:25 |
jaosorior | so, currently only projects passing the context object to the policy enforcer will be able to use system scopes, right? (unless they explicitly pass the key "system" in the creds) | 15:26 |
lbragstad | (latest release is 1.38.1) | 15:26 |
lbragstad | correct | 15:26 |
lbragstad | IMO - having the ability to use a context object is a nice carrot that might help move projects in that direction (and hopefully away from building creds dictionaries by hand) | 15:26 |
jaosorior | agreed | 15:27 |
*** r-daneel has joined #openstack-keystone | 15:27 | |
lbragstad | then we should be able to control all that stuff with just oslo.context and oslo.policy patches if projects are just using context objects | 15:28 |
*** gyee has joined #openstack-keystone | 15:29 | |
jaosorior | that sounds like the way to go | 15:30 |
lbragstad | i hope so | 15:30 |
jaosorior | way less error-prone | 15:30 |
lbragstad | ++ | 15:30 |
jaosorior | and if folks need extra attributes, then they can just subclass the context class (would probably be the case for nova) | 15:31 |
lbragstad | yeah - some projects are already doing that (i know we do in keystone) | 15:31 |
*** abhi89 has quit IRC | 15:31 | |
*** dtantsur has joined #openstack-keystone | 15:43 | |
dtantsur | hi folks! I desperately need help with understanding https://bugs.launchpad.net/keystoneauth/+bug/1783590 | 15:43 |
openstack | Launchpad bug 1783590 in keystoneauth "EmptyCatalog raised when the catalog is not empty" [Undecided,New] | 15:43 |
dtantsur | the only thing I understand is that the exception message is wrong.. but I have no ideas on what could cause it to not see the catalog | 15:43 |
*** itlinux has joined #openstack-keystone | 15:49 | |
dtantsur | the only conclusion I can make from local testing is that Token auth is completely broken :-/ | 15:51 |
*** ispp has quit IRC | 15:53 | |
*** dave-mccowan has quit IRC | 15:58 | |
*** dave-mccowan has joined #openstack-keystone | 16:00 | |
*** vrv_ has quit IRC | 16:15 | |
ayoung | jaosorior, lets set up some time for you me and hrybacki to talk through what we want to present on policy. We can then backbrief the rest of the Keystoners in the next couple weeks. | 16:50 |
*** tesseract has quit IRC | 16:53 | |
*** dtantsur is now known as dtantsur|afk | 17:13 | |
*** AlexeyAbashkin has quit IRC | 17:17 | |
*** xinran__ has quit IRC | 17:34 | |
hrybacki | ayoung: perhaps Tuesday morning? I'm off this Fri/Mon | 17:45 |
*** felipemonteiro has joined #openstack-keystone | 17:45 | |
jaosorior | ayoung: sounds good to me | 17:47 |
ayoung | im out tuesday and wednesday | 17:47 |
*** itlinux has quit IRC | 17:47 | |
*** spilla has quit IRC | 17:49 | |
*** itlinux has joined #openstack-keystone | 17:51 | |
*** spilla has joined #openstack-keystone | 17:52 | |
*** sapd has quit IRC | 17:56 | |
*** abhi89 has joined #openstack-keystone | 17:57 | |
*** markvoelker_ has joined #openstack-keystone | 18:05 | |
*** markvoelker has quit IRC | 18:06 | |
*** rcernin has joined #openstack-keystone | 18:09 | |
*** abhi89 has quit IRC | 18:11 | |
*** fiddletwix has joined #openstack-keystone | 18:12 | |
*** dave-mcc_ has joined #openstack-keystone | 18:19 | |
*** dave-mccowan has quit IRC | 18:20 | |
*** rodrigod` is now known as rodrigods | 18:22 | |
*** rodrigods has quit IRC | 18:22 | |
*** rodrigods has joined #openstack-keystone | 18:22 | |
ayoung | hrybacki, jaosorior sorry, I should have notified you on that; I'm moving on Tuesday/Wednesday next week. | 18:25 |
hrybacki | ayoung: oh nice! to where?? | 18:27 |
ayoung | Same town, but we bought a house. | 18:27 |
ayoung | 1850s | 18:28 |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Enable mutable config https://review.openstack.org/585417 | 18:30 |
knikolla | lbragstad, kmalloc ^^ | 18:31 |
lbragstad | ayoung: congrats! | 18:34 |
*** dtruong_ has joined #openstack-keystone | 18:45 | |
*** dtruong has quit IRC | 18:49 | |
*** rcernin has quit IRC | 18:53 | |
*** dklyle has quit IRC | 19:03 | |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Deprecate [token] infer_roles=False https://review.openstack.org/574869 | 19:04 |
*** rcernin has joined #openstack-keystone | 19:09 | |
*** d0ugal has joined #openstack-keystone | 19:11 | |
*** rcernin has quit IRC | 19:16 | |
ayoung | lbragstad, thanks | 19:18 |
gagehugo | ayoung nice! | 19:23 |
*** flwang1 has quit IRC | 19:34 | |
*** d0ugal has quit IRC | 19:46 | |
*** felipemonteiro_ has joined #openstack-keystone | 19:52 | |
kmalloc | lbragstad: is revoked token list deprecated? | 19:52 |
kmalloc | lbragstad: it sure would be easier if i could just always make it return 410 | 19:53 |
* lbragstad hands kmalloc https://review.openstack.org/#/c/545009/ | 19:54 | |
lbragstad | gagehugo: thanks for the rechecks | 19:55 |
lbragstad | i'm hoping that fix doesn't drab out because of zuul tripping | 19:55 |
kmalloc | lol, i thought we landed that one lbragstad | 19:56 |
kmalloc | bah. | 19:56 |
*** felipemonteiro has quit IRC | 19:56 | |
jaosorior | ayoung: congrats! | 19:56 |
* gagehugo stares at zuul | 19:58 | |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Address FIXMEs for listing revoked tokens https://review.openstack.org/545009 | 20:03 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Move unenforced_api decorator to module function https://review.openstack.org/585869 | 20:03 |
kmalloc | lbragstad: ^ it's now part of the flask chain | 20:03 |
lbragstad | kmalloc: nice - i can abandon mine then | 20:12 |
lbragstad | oh - wait... nevermind | 20:13 |
lbragstad | thanks for working that into the chain | 20:13 |
kmalloc | lbragstad: makes my life a TON easier for auth->api.auth | 20:14 |
*** edmondsw has quit IRC | 20:28 | |
*** edmondsw has joined #openstack-keystone | 20:28 | |
openstackgerrit | Merged openstack/keystone master: Introduce new TokenModel object https://review.openstack.org/559129 | 20:31 |
*** edmondsw has quit IRC | 20:32 | |
*** gongysh has joined #openstack-keystone | 20:50 | |
*** flwang1 has joined #openstack-keystone | 20:58 | |
*** spilla has quit IRC | 21:00 | |
gagehugo | lbragstad kmalloc for the FIXMEs it's going from a 2XX -> 403, we're not breaking any contracts there are we? | 21:01 |
kmalloc | it isn't actually moving to a 200 | 21:03 |
kmalloc | erm from | 21:03 |
kmalloc | if you don't have signing stuff, you end up with 500s | 21:03 |
kmalloc | look at the comment on the previous patchset | 21:03 |
kmalloc | basically we move from consistent 500 -> 403 | 21:03 |
openstackgerrit | Merged openstack/keystone master: Add docs for case-insensitivity in keystone https://review.openstack.org/576640 | 21:04 |
*** gongysh has quit IRC | 21:04 | |
*** openstackgerrit has quit IRC | 21:04 | |
gagehugo | kmalloc welp idk how I missed that | 21:07 |
gagehugo | seeing as I left the same comment back in Feb | 21:08 |
kmalloc | hehe | 21:08 |
* gagehugo facepalms | 21:08 | |
*** itlinux has quit IRC | 21:31 | |
*** itlinux has joined #openstack-keystone | 21:36 | |
*** dklyle has joined #openstack-keystone | 21:38 | |
*** edmondsw has joined #openstack-keystone | 21:40 | |
*** edmondsw has quit IRC | 21:45 | |
*** felipemonteiro_ has quit IRC | 21:48 | |
*** martinus__ has quit IRC | 21:59 | |
*** mchlumsky has quit IRC | 22:07 | |
*** eandersson has quit IRC | 22:22 | |
*** eandersson has joined #openstack-keystone | 22:24 | |
*** itlinux has quit IRC | 22:25 | |
*** spilla has joined #openstack-keystone | 22:26 | |
*** mtreinish has quit IRC | 22:33 | |
*** mtreinish has joined #openstack-keystone | 22:36 | |
*** openstackgerrit has joined #openstack-keystone | 23:06 | |
openstackgerrit | Merged openstack/keystonemiddleware master: Replace port 35357 with 5000 https://review.openstack.org/584251 | 23:06 |
*** r-daneel has quit IRC | 23:28 | |
*** edmondsw has joined #openstack-keystone | 23:29 | |
*** edmondsw has quit IRC | 23:33 | |
*** itlinux has joined #openstack-keystone | 23:44 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!