*** gyee has quit IRC | 00:19 | |
*** felipemonteiro has joined #openstack-keystone | 00:20 | |
*** harlowja has quit IRC | 00:23 | |
*** imacdonn has quit IRC | 00:49 | |
*** imacdonn has joined #openstack-keystone | 00:49 | |
*** felipemonteiro has quit IRC | 00:59 | |
*** felipemonteiro has joined #openstack-keystone | 01:21 | |
*** dmellado has quit IRC | 01:22 | |
*** rcernin_ has joined #openstack-keystone | 01:23 | |
*** rcernin has quit IRC | 01:25 | |
*** felipemonteiro has quit IRC | 01:31 | |
*** felipemonteiro has joined #openstack-keystone | 01:45 | |
*** wxy-xiyuan has joined #openstack-keystone | 01:50 | |
*** rcernin has joined #openstack-keystone | 02:00 | |
*** felipemonteiro has quit IRC | 02:01 | |
*** rcernin_ has quit IRC | 02:03 | |
*** felipemonteiro has joined #openstack-keystone | 02:05 | |
*** felipemonteiro has quit IRC | 02:06 | |
*** dmellado has joined #openstack-keystone | 02:38 | |
*** edmondsw has quit IRC | 02:45 | |
openstackgerrit | wangxiyuan proposed openstack/keystone master: Change unique_last_password_count default to 0 https://review.openstack.org/593476 | 03:22 |
---|---|---|
*** nicolasbock has quit IRC | 03:32 | |
*** felipemonteiro has joined #openstack-keystone | 03:49 | |
*** felipemonteiro has quit IRC | 03:54 | |
*** shyamb has joined #openstack-keystone | 04:15 | |
*** felipemonteiro has joined #openstack-keystone | 04:24 | |
*** felipemonteiro has quit IRC | 04:28 | |
*** shyamb has quit IRC | 04:32 | |
*** shyamb has joined #openstack-keystone | 04:32 | |
*** shyamb has quit IRC | 05:30 | |
*** edmondsw has joined #openstack-keystone | 05:34 | |
*** shyamb has joined #openstack-keystone | 05:36 | |
*** felipemonteiro has joined #openstack-keystone | 05:36 | |
openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Using isinstance(f, collections.Callable) https://review.openstack.org/594806 | 05:41 |
*** felipemonteiro has quit IRC | 05:50 | |
*** shyamb has quit IRC | 06:08 | |
*** shyamb has joined #openstack-keystone | 06:09 | |
*** pcaruana has joined #openstack-keystone | 06:41 | |
*** gagehugo has quit IRC | 06:49 | |
*** shyamb has quit IRC | 06:51 | |
*** shyamb has joined #openstack-keystone | 06:52 | |
*** dmellado has quit IRC | 07:04 | |
*** dmellado has joined #openstack-keystone | 07:06 | |
*** rcernin has quit IRC | 07:07 | |
*** ispp has joined #openstack-keystone | 07:08 | |
*** dmellado has quit IRC | 07:12 | |
*** ispp has quit IRC | 07:12 | |
*** dmellado has joined #openstack-keystone | 07:19 | |
*** gagehugo has joined #openstack-keystone | 07:26 | |
*** evrardjp has joined #openstack-keystone | 07:26 | |
*** shyamb has quit IRC | 07:27 | |
*** pcaruana has quit IRC | 08:28 | |
openstackgerrit | Merged openstack/keystone master: Redundant parameters in api-ref:domain-config https://review.openstack.org/590604 | 08:29 |
*** pcaruana has joined #openstack-keystone | 08:30 | |
*** s10 has joined #openstack-keystone | 08:30 | |
*** shyamb has joined #openstack-keystone | 08:41 | |
*** josecastroleon has quit IRC | 09:00 | |
*** josecastroleon has joined #openstack-keystone | 09:00 | |
*** shyam89 has joined #openstack-keystone | 09:22 | |
*** shyamb has quit IRC | 09:27 | |
*** tobberydberg has joined #openstack-keystone | 09:31 | |
*** Mantorok has quit IRC | 09:42 | |
*** shyam89 has quit IRC | 09:54 | |
*** josecastroleon has quit IRC | 09:56 | |
*** shyam89 has joined #openstack-keystone | 10:02 | |
*** shyamb has joined #openstack-keystone | 10:03 | |
mbuil | cmurphy: hello! I finally got time again to check keystone federation using horizon. On the top right, I can see that I can switch between Local Keystone and mysp. When I click on mysp "Switch to Keystone Provider mysp successful" and "Error: Unauthorized: Unable to retrieve project list" | 10:05 |
*** jaosorior_ has quit IRC | 10:05 | |
mbuil | cmurphy: looking at /var/log/horizon/horizon-error.log I see the following error: https://hastebin.com/ivamibevih.sql | 10:05 |
openstackgerrit | Vishakha Agarwal proposed openstack/python-keystoneclient master: create() call in v3.regions.py is wrong https://review.openstack.org/594921 | 10:06 |
mbuil | cmurphy: however, I don't see much at the SP side. Keystone logs don't show any error in both apache2 and keystone. Everything seems fine. Any idea what might be happening? Thanks in advance! | 10:06 |
*** shyam89 has quit IRC | 10:07 | |
openstackgerrit | Stephen Finucane proposed openstack/oslo.policy master: sphinxext: Start parsing 'DocumentedRuleDefault.description' as rST https://review.openstack.org/594222 | 10:17 |
*** s10 has quit IRC | 10:42 | |
*** nicolasbock has joined #openstack-keystone | 10:44 | |
*** dave-mccowan has joined #openstack-keystone | 10:47 | |
openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Use items() instead of iteritems() https://review.openstack.org/594929 | 11:05 |
*** josecastroleon has joined #openstack-keystone | 11:08 | |
*** shyamb has quit IRC | 11:11 | |
*** jaosorior has joined #openstack-keystone | 11:15 | |
*** shyamb has joined #openstack-keystone | 11:17 | |
cmurphy | mbuil: are you trying to log in as admin? | 11:52 |
cmurphy | sometimes horizon is weird about the admin user in this situation | 11:52 |
cmurphy | it's weird because it wants to list projects for nova or something | 11:53 |
cmurphy | try using a different user and also turn on insecure_debug in both keystones to get more information | 11:53 |
mbuil | cmurphy: yes, I was admin | 11:55 |
*** raildo has joined #openstack-keystone | 11:56 | |
*** shyamb has quit IRC | 12:35 | |
*** shyamb has joined #openstack-keystone | 12:42 | |
mbuil | cmurphy: BTW, should I add the "WEBSSO_CHOICES" option explained under http://www.gazlene.net/demystifying-keystone-federation.html? | 13:02 |
openstackgerrit | Merged openstack/keystone master: Update api-ref for unified limits https://review.openstack.org/588425 | 13:18 |
*** shyamb has quit IRC | 13:21 | |
*** ayoung has quit IRC | 13:23 | |
*** felipemonteiro has joined #openstack-keystone | 13:26 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Trivial: Add missing space in exception https://review.openstack.org/595002 | 13:30 |
cmurphy | mbuil: no, that only applies for an external identity provider, with k2k you don't need to make any config changes to horizon | 13:34 |
*** josecastroleon has quit IRC | 13:44 | |
*** josecastroleon has joined #openstack-keystone | 13:44 | |
*** r-daneel has joined #openstack-keystone | 13:48 | |
*** felipemonteiro has quit IRC | 13:54 | |
*** dmellado has quit IRC | 14:01 | |
BlackDex | Hello there. I'm having some issues with keystone and project/user/domain roles | 14:02 |
BlackDex | i have admin_domain with an admin project which is the big-mother of admins | 14:03 |
BlackDex | now i have a second domain, say test_domain | 14:03 |
BlackDex | and i want to have a special user which can create projects and users only within that domain | 14:04 |
*** nicolasbock has quit IRC | 14:04 | |
*** s10 has joined #openstack-keystone | 14:05 | |
lbragstad | BlackDex: yeah - fixing that today likely requires a bunch of modifications to policy.yaml files | 14:06 |
lbragstad | unforunately | 14:06 |
BlackDex | if i create an user and link it as admin to that specific domain i'm not able to do much | 14:07 |
BlackDex | but if i give that admin user an admin project and make it admin, it can add projects | 14:07 |
BlackDex | but it also sees the instances of other domains! | 14:08 |
lbragstad | yeah :( | 14:08 |
BlackDex | ah | 14:08 |
lbragstad | it's a mess | 14:08 |
BlackDex | a known issue | 14:08 |
lbragstad | but the good news is that we have the plumbing in place to start fixing it | 14:08 |
lbragstad | https://bugs.launchpad.net/keystone/+bug/1750660 | 14:08 |
openstack | Launchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged] | 14:08 |
BlackDex | is there a ticket somewhere which i can follow? | 14:08 |
BlackDex | thx : | 14:08 |
BlackDex | :) | 14:08 |
*** felipemonteiro has joined #openstack-keystone | 14:08 | |
BlackDex | lbragstad: i whish you good luck then with fixing it | 14:09 |
lbragstad | BlackDex: the overall issue spanning OpenStack projects is here https://bugs.launchpad.net/keystone/+bug/968696 | 14:09 |
openstack | Launchpad bug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] - Assigned to Adam Young (ayoung) | 14:09 |
BlackDex | oke thx | 14:09 |
BlackDex | i subscribed to it | 14:09 |
lbragstad | but we do have bugs open against keystone directly to make out API more self-service https://bugs.launchpad.net/keystone/+bugs?field.tag=policy | 14:09 |
lbragstad | https://bugs.launchpad.net/keystone/+bug/1750660 is specifically what you're looking for I think | 14:10 |
openstack | Launchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged] | 14:10 |
*** felipemonteiro has quit IRC | 14:10 | |
BlackDex | yea it seems so thx! | 14:11 |
lbragstad | no problem | 14:11 |
BlackDex | i found those bugs, but wernt sure | 14:11 |
BlackDex | first thought i was going crazy | 14:11 |
BlackDex | but it's non-wanted-feature | 14:11 |
BlackDex | thx lbragstad, i have subscribed my self to these tickets so i will get notified of the changes! | 14:14 |
*** felipemonteiro has joined #openstack-keystone | 14:14 | |
lbragstad | sounds good | 14:14 |
*** felipemonteiro has quit IRC | 14:18 | |
*** felipemonteiro has joined #openstack-keystone | 14:18 | |
*** felipemonteiro has quit IRC | 14:24 | |
*** felipemonteiro has joined #openstack-keystone | 14:27 | |
*** felipemonteiro has quit IRC | 14:30 | |
*** nicolasbock has joined #openstack-keystone | 14:31 | |
*** felipemonteiro has joined #openstack-keystone | 14:33 | |
*** felipemonteiro has quit IRC | 14:35 | |
gagehugo | lbragstad https://review.openstack.org/#/c/581122/ | 14:40 |
*** raildo has quit IRC | 14:40 | |
gagehugo | devstack change for "member" | 14:40 |
*** raildo has joined #openstack-keystone | 14:42 | |
lbragstad | gagehugo: nice | 14:43 |
*** jrist has joined #openstack-keystone | 14:45 | |
*** s10 has quit IRC | 14:47 | |
*** raildo_ has joined #openstack-keystone | 14:51 | |
*** raildo has quit IRC | 14:54 | |
*** pcaruana has quit IRC | 15:10 | |
*** r-daneel has quit IRC | 15:23 | |
*** r-daneel has joined #openstack-keystone | 15:24 | |
*** openstackgerrit has quit IRC | 15:31 | |
lbragstad | kmalloc: is there anything specific that needs to be done before we can start using the flask client stuff in tests? | 15:37 |
lbragstad | i'm trying to figure out the best path forward for testing fixes for incorporating scope types, but i think we need to teach the tests how to use keystone-manage bootstrap instead of self.load_sample_data() | 15:38 |
lbragstad | and the setup chain for test_v3.RestfulTestCase is intense | 15:40 |
lbragstad | so i'm considering options for implementing a new RestfulTestCase that doesn't rely on all the bloated setup stuff | 15:41 |
lbragstad | thoughts anyone/ | 15:41 |
*** nicolasbock has quit IRC | 15:43 | |
*** dmellado has joined #openstack-keystone | 15:45 | |
*** nicolasbock has joined #openstack-keystone | 15:49 | |
*** pcaruana has joined #openstack-keystone | 15:49 | |
kmalloc | lbragstad: you can use the test client at anytime, just can't use flask.request unless the API has been ported | 15:59 |
lbragstad | ack | 15:59 |
lbragstad | ok | 15:59 |
kmalloc | But test client and all that works today, it's how rbac enforcer is tested, among other things. | 15:59 |
lbragstad | i might try and incorporate that into the new protection tests... | 16:00 |
kmalloc | Sure! | 16:00 |
lbragstad | idk... kinda feels like a rabbit hole | 16:00 |
lbragstad | our existing test setup infrastructure is so complicated | 16:00 |
lbragstad | and incorporating bootstrap into that to reduce the complexity could be a pretty large refactor | 16:01 |
*** raildo has joined #openstack-keystone | 16:16 | |
*** raildo_ has quit IRC | 16:19 | |
*** spilla has joined #openstack-keystone | 16:25 | |
*** felipemonteiro has joined #openstack-keystone | 16:58 | |
*** gyee has joined #openstack-keystone | 17:03 | |
*** DinaBelova has quit IRC | 17:25 | |
*** redrobot has quit IRC | 17:25 | |
*** cburgess has quit IRC | 17:25 | |
*** mchlumsky has quit IRC | 17:25 | |
*** aloga has quit IRC | 17:25 | |
*** sayalilunkad has quit IRC | 17:25 | |
*** mbuil has quit IRC | 17:25 | |
*** mtreinish has quit IRC | 17:25 | |
*** N3l1x has quit IRC | 17:25 | |
*** obre has quit IRC | 17:25 | |
*** jlvillal has quit IRC | 17:25 | |
*** afazekas_ has quit IRC | 17:25 | |
*** hemna has quit IRC | 17:25 | |
*** dims has quit IRC | 17:25 | |
*** cwright has quit IRC | 17:25 | |
*** Anticimex has quit IRC | 17:25 | |
*** chudly_ has quit IRC | 17:25 | |
*** DinaBelova has joined #openstack-keystone | 17:26 | |
*** jlvillal has joined #openstack-keystone | 17:27 | |
*** cburgess has joined #openstack-keystone | 17:32 | |
*** dims_ has joined #openstack-keystone | 17:36 | |
*** openstackgerrit has joined #openstack-keystone | 17:36 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Trivial: Remove app_conf kwarg from testing setup https://review.openstack.org/595271 | 17:36 |
*** markvoelker has quit IRC | 17:39 | |
*** rodrigods has joined #openstack-keystone | 17:44 | |
*** felipemonteiro has quit IRC | 17:45 | |
*** hemna has joined #openstack-keystone | 18:08 | |
*** ChanServ has quit IRC | 18:16 | |
*** ChanServ has joined #openstack-keystone | 18:22 | |
*** barjavel.freenode.net sets mode: +o ChanServ | 18:22 | |
*** dmellado has quit IRC | 18:22 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional https://review.openstack.org/595279 | 18:26 |
*** pcaruana has quit IRC | 19:47 | |
*** aloga has joined #openstack-keystone | 20:30 | |
*** harlowja has joined #openstack-keystone | 20:42 | |
*** raildo has quit IRC | 20:45 | |
*** spilla has quit IRC | 20:54 | |
*** spilla has joined #openstack-keystone | 20:54 | |
*** spilla has quit IRC | 20:58 | |
*** felipemonteiro has joined #openstack-keystone | 20:59 | |
*** felipemonteiro has quit IRC | 21:23 | |
*** felipemonteiro has joined #openstack-keystone | 21:26 | |
*** dansmith is now known as htimsnad | 21:34 | |
*** felipemonteiro has quit IRC | 21:57 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Fix db model inconsistency for FederatedUser https://review.openstack.org/566242 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Enable Foreign keys for sql backend unit test https://review.openstack.org/558029 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Enable foreign keys for unit test https://review.openstack.org/558193 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional https://review.openstack.org/595279 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: WIP: Implement scope_type checking for credentials https://review.openstack.org/594547 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Move loadapp to a generic place https://review.openstack.org/595371 | 22:12 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: WIP: Implement scope_type checking for credentials https://review.openstack.org/594547 | 22:13 |
*** felipemonteiro has joined #openstack-keystone | 22:22 | |
*** rcernin has joined #openstack-keystone | 22:34 | |
*** felipemonteiro has quit IRC | 22:37 | |
*** ChanServ has quit IRC | 22:49 | |
*** ChanServ has joined #openstack-keystone | 23:03 | |
*** barjavel.freenode.net sets mode: +o ChanServ | 23:03 | |
*** _KaszpiR_ has quit IRC | 23:04 | |
*** _KaszpiR_ has joined #openstack-keystone | 23:06 | |
*** felipemonteiro has joined #openstack-keystone | 23:26 | |
*** felipemonteiro has quit IRC | 23:55 | |
*** r-daneel has quit IRC | 23:58 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!