Tuesday, 2018-09-18

« Monday, 2018-09-17 Index Wednesday, 2018-09-19 »
*** gyee has quit IRC00:04
*** markvoelker has quit IRC00:44
*** felipemonteiro has quit IRC01:38
*** felipemonteiro has joined #openstack-keystone01:54
*** dave-mccowan has joined #openstack-keystone02:00
*** felipemonteiro has quit IRC02:10
*** dave-mccowan has quit IRC02:20
*** felipemonteiro has joined #openstack-keystone02:58
*** prashkre has joined #openstack-keystone02:58
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement Trust Flush via keystone-manage.  https://review.openstack.org/58937803:03
*** lbragstad has quit IRC03:04
*** lbragstad has joined #openstack-keystone03:11
*** ChanServ sets mode: +o lbragstad03:11
*** felipemonteiro has quit IRC03:23
*** prashkre has quit IRC03:32
*** Dinesh_Bhor has joined #openstack-keystone03:41
*** felipemonteiro has joined #openstack-keystone03:46
*** lbragstad has quit IRC03:48
*** prashkre has joined #openstack-keystone03:48
*** felipemonteiro has quit IRC03:52
*** felipemonteiro has joined #openstack-keystone03:56
*** felipemonteiro has quit IRC04:00
*** Dinesh_Bhor has quit IRC04:02
*** Dinesh_Bhor has joined #openstack-keystone04:28
openstackgerritMerged openstack/keystone-tempest-plugin master: Rename keystone zuul jobs  https://review.openstack.org/60319804:39
*** jaosorior has joined #openstack-keystone04:54
*** shyamb has joined #openstack-keystone05:02
*** Dinesh_Bhor has quit IRC05:08
*** prashkre has quit IRC05:14
*** shyamb has quit IRC05:14
vishakhawxy-xiyuan: Hello. Can you pl review https://review.openstack.org/#/c/589378/. Thanks05:17
*** shyamb has joined #openstack-keystone05:20
*** Dinesh_Bhor has joined #openstack-keystone05:26
*** belmoreira has joined #openstack-keystone05:30
vishakhalbragstad, cmurphy : In this  https://review.openstack.org/#/c/588211/. According to the latest comment of lance I need to assert domain _id + groupid in the attribute?? Looking for the response . Thanks05:33
*** shyamb has quit IRC05:36
*** prashkre has joined #openstack-keystone05:38
*** shyamb has joined #openstack-keystone05:38
openstackgerritAndreas Jaeger proposed openstack/keystone-tempest-plugin master: Import another job from project-config  https://review.openstack.org/60328105:52
openstackgerritAndreas Jaeger proposed openstack/keystone-tempest-plugin master: Import another job from project-config  https://review.openstack.org/60328105:54
*** shyamb has quit IRC06:07
*** shyamb has joined #openstack-keystone06:38
AJaegerkeystone cores, would be great to get this one in as well, please ^06:44
*** rcernin has quit IRC07:03
*** Dinesh_Bhor has quit IRC07:09
*** prashkre has quit IRC07:12
*** prashkre has joined #openstack-keystone07:12
cmurphyAJaeger: we actually just renamed that job, it was already imported https://review.openstack.org/60146307:14
AJaegercmurphy: this is for keystone-tempest-plugin - following the rename07:14
AJaegerdid I use the wrong name? double checking...07:15
AJaegercmurphy: ah, indeed - old keysteon repo checkout. Will fix.07:15
openstackgerritAndreas Jaeger proposed openstack/keystone-tempest-plugin master: Import another job from project-config  https://review.openstack.org/60328107:16
AJaegercmurphy: thanks, is this good now? ^07:16
cmurphyAJaeger: i think so07:17
cmurphyvishakha: I will try to add a comment with more detail, it is going to be slightly complicated07:18
AJaegerthanks, cmurphy07:18
vishakhacmurphy: Sure. Thanks for the  response.07:19
vishakhacmurphy: Also pl look into  https://review.openstack.org/#/c/594921/. Hope I am doing the same you said in the comment. But my unit test cases are failing07:21
*** shyamb has quit IRC07:22
*** Dinesh_Bhor has joined #openstack-keystone07:27
cmurphyvishakha: commented what i think the problem is07:30
vishakha: cmurphy thanks I got it07:32
vishakhacmurphy: thanks, got it07:33
AJaegerkeystone cores: could you review https://review.openstack.org/#/c/603239/ as well, please? That blocks shade and openstacksdks.07:34
cmurphyAJaeger: is there a shade patch that depends-on that to show it fixes the issue?07:36
AJaegercmurphy: just updated https://review.openstack.org/#/c/603239/07:38
AJaegerargh, wrong one...07:38
AJaegercmurphy: https://review.openstack.org/#/c/603098 is the one07:39
cmurphyAJaeger: thanks07:39
AJaegercmurphy: mordred was faster - see https://review.openstack.org/#/c/600292/07:39
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: create() call in v3.regions.py is wrong  https://review.openstack.org/59492107:52
*** belmoreira has quit IRC08:15
*** prashkre has quit IRC08:18
*** prashkre has joined #openstack-keystone08:18
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement Trust Flush via keystone-manage.  https://review.openstack.org/58937808:21
*** sonuk has quit IRC08:23
openstackgerritChason Chan proposed openstack/keystone master: Update api-ref for setting an account lockout threshold  https://review.openstack.org/60331908:24
*** markvoelker has joined #openstack-keystone08:36
*** shyamb has joined #openstack-keystone08:45
*** Dinesh_Bhor has quit IRC08:45
*** Dinesh_Bhor has joined #openstack-keystone08:53
*** lbragstad has joined #openstack-keystone08:59
*** ChanServ sets mode: +o lbragstad08:59
*** prashkre has quit IRC08:59
*** Dinesh_Bhor has quit IRC09:01
*** prashkre has joined #openstack-keystone09:03
*** belmoreira has joined #openstack-keystone09:04
*** belmoreira has quit IRC09:10
*** Dinesh_Bhor has joined #openstack-keystone09:10
*** markvoelker has quit IRC09:11
*** belmoreira has joined #openstack-keystone09:11
*** idlemind has quit IRC09:18
*** dtantsur|afk is now known as dtantsur09:36
*** shyamb has quit IRC09:46
*** prashkre has quit IRC09:47
*** shyamb has joined #openstack-keystone09:47
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adresses LDAP case-sensitive issue  https://review.openstack.org/60334509:48
*** prashkre has joined #openstack-keystone09:58
*** Emine has joined #openstack-keystone09:58
*** markvoelker has joined #openstack-keystone10:07
*** Dinesh_Bhor has quit IRC10:10
*** Dinesh_Bhor has joined #openstack-keystone10:18
lbragstadwould anyone be opposed to having bugs for each specific federated identity documentation improvement?10:25
*** shyamb has quit IRC10:26
cmurphynot opposed, though i was already planning on going through it and porting parts of my blog post to it10:32
lbragstad++10:33
lbragstadi'm wondering if it would be useful to track specific areas of improvement as bugs, or if it's just noise10:34
cmurphyif the items to improve are clearly enumerable i guess it makes sense to track it, if it's just "make better" that feels more like noise10:38
lbragstadagreed10:39
lbragstadi'll open bugs for the actionable ones with clear targets10:40
*** markvoelker has quit IRC10:41
*** Dinesh_Bhor has quit IRC10:49
*** shyamb has joined #openstack-keystone10:56
cmurphysamueldmq: I see from http://lists.openstack.org/pipermail/openstack-dev/2018-September/134182.html that you're an outreachy coordinator, and I notice that the deadlines on https://wiki.openstack.org/wiki/Outreachy are out of date, what's the project submission deadline for the next round?11:19
*** imacdonn has quit IRC11:19
*** imacdonn has joined #openstack-keystone11:19
*** prashkre has quit IRC11:31
*** prashkre has joined #openstack-keystone11:31
dtantsurhi folks, could you approve https://review.openstack.org/#/c/603239/ please? It's blocking openstacksdk CI11:34
cmurphylbragstad: ^11:35
lbragstadah - i was going to review that yesterday11:44
lbragstadthanks for the reminder11:44
*** prashkre has quit IRC11:53
*** prashkre has joined #openstack-keystone11:53
*** markvoelker has joined #openstack-keystone12:04
*** shyamb has quit IRC12:06
*** shyamb has joined #openstack-keystone12:07
lbragstadcmurphy do you remember if we received specific feedback on the proxy idp stuff from the operator session on wednesday morning?12:17
lbragstadi'm not sure i recall an operator with a federated deployment being in the room?12:17
cmurphylbragstad: sort of, I think one person was saying we don't currently support their use case where keystone needs to forward to a discovery endpoint so the user could pick an IdP, which is something the proxy IdP idea could fix12:19
*** dtantsur has left #openstack-keystone12:19
lbragstadmmm12:19
lbragstadbecause keystone would be the discovery endpoint?12:20
cmurphyright12:20
cmurphyalthough -12:20
lbragstadi remember chris, erik, and mike being in the room12:20
cmurphywhat they wanted was to be able to have some kind of arbitrary flexible idp list12:21
cmurphyand the problem with keystone today is you have to name each idp in keystone12:21
lbragstaddoes horizon fetch that list from keystone?12:21
lbragstadwhen it gives users a drop down during login?12:22
cmurphyhorizon is static, you have to give the protocol and idp list in local_settings.py12:23
lbragstadahh12:23
cmurphyso that's another problem12:23
lbragstadsure12:23
lbragstadwhy is naming idps in keystone a problem?12:24
cmurphyit's a problem for their use case where it sounded like IdPs come and go? but I didn't really understand that part12:25
lbragstadinteresting12:25
lbragstadapparently i glossed over that12:25
cmurphyyeah i didn't take good notes on that part12:26
cmurphymaybe kmalloc remembers better12:26
cmurphyor knikolla12:26
lbragstadhopefully :)12:26
*** raildo has joined #openstack-keystone12:26
AJaegerlbragstad: could you review a small change for zuul.yaml on keystone-tempest, please? Want to cleanup those files... https://review.openstack.org/60328112:31
lbragstadAJaeger done - thanks!12:32
errrIm having an issue with federation. Im using shibboleth, and ADFS is my IDP. I have verified that /Shibboleth.sso/Session shows I have a valid session. In the keystone logs it shows to be properly mapping my user into the "fedgroup" in the "Default" domain as I have defined in my rules.json file, but at horizon it tells me "Login failed: An error occurred authenticating. Please try again later."12:34
errrany ideas what else I could check to see why I cant get into Horizon?12:34
cmurphyerrr: if the keystone logs (with debug=true and insecure_debug=true) aren't giving anything useful then in horizon's local_settings.py you can set LOGGING->handlers->console->level to 'DEBUG' which might give more useful input on horizon's side12:36
errrok thanks12:37
cmurphyshibd.log or shibd_warn.log or the main apache error.log might also be useful places to look12:37
errrnothing there, like those are all showing success12:38
*** prashkre has quit IRC12:40
errryay! fixed thanks!12:44
cmurphy\o/12:44
cmurphyerrr: what was the problem?12:44
errrwhen my co-workers dont use valid SSL certs it makes me want to punch things.12:44
errrso much extra work Ive done helping them when at every turn it was from being to cheap or lazy to get a valid cert for this lab12:45
*** shyamb has quit IRC12:45
*** shyamb has joined #openstack-keystone12:45
*** shyamb has quit IRC12:50
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adresses LDAP case-sensitive issue  https://review.openstack.org/60334513:12
*** prashkre has joined #openstack-keystone13:27
openstackgerritMerged openstack/keystone master: Properly normalize domain ids in flask  https://review.openstack.org/60323913:33
*** glb has joined #openstack-keystone13:36
openstackgerritColleen Murphy proposed openstack/keystone master: Convert legacy functional jobs to Zuul-v3-native  https://review.openstack.org/60245213:44
*** lbragstad has quit IRC13:53
*** lbragstad has joined #openstack-keystone13:54
*** ChanServ sets mode: +o lbragstad13:54
hrybackikmalloc gagehugo can either of you help me understand the difference between the purpose of `resources` and the `resource_mapping` ? I dug down into the the latter but the former doesn't seem to have much in underlying code. But I noted that all of the root level paths for the APIS are tied to `resources`14:03
*** shyamb has joined #openstack-keystone14:04
hrybackie.g. why not just have all the resources inside of the `resource_mapping`14:04
*** Emine has quit IRC14:06
kmallochrybacki: resources does some extra magic14:16
kmallocBaiscally "known" paths14:17
hrybackikmalloc: ah, okay. Is that in the upstream docs and I just missed them maybe?14:17
kmallocNo, it's custom for our impl14:17
hrybackiokay, I'll dig around in the common code again14:18
hrybackithanks kmalloc14:18
kmallocIt just is "this is common stuff" and it does the json home bits14:18
kmallocWithout needing explicit rel, etc14:18
kmallocMost folks will use resource_mapping14:18
*** Emine has joined #openstack-keystone14:19
kmallocBut we have enough things currently, it made sense to have a "common" register this route code14:19
kmallocLook at federation, it uses both.14:19
hrybackiack, will do14:19
kmallochttps://review.openstack.org/#/c/603239/1 lbragstad cmurphy14:24
kmallocThat didn't work before, I omitted the get domain ID from token method14:24
kmallocWe didn't test inferred domain membership on creation14:24
kmallocShade found it.14:24
lbragstadkmalloc does that need to be backported?14:25
kmallocThe only place get ID from token was used was in normalize domain, so the new code splits it out.14:25
kmallocDon't think so, I'll check14:25
kmallocMy guess is it wasn't even hit until groups14:25
kmallocWhich landed in stien14:25
kmallocSince domain specific roles always require an explicit domain, and most other things are not domain owned.14:26
kmallocNeed to run, Dr appointment14:26
kmallocMight miss meeting today.14:26
cmurphykmalloc: not sure I understand, it sounds like the 500 was caused by not passing the request object to cls._get_domain_id_from_token()? so my suggestion could work?14:27
cmurphykmalloc: can wait till you're back14:28
kmallocNo, it was because the function didn't exist on the resourcebase14:28
cmurphyoh i see14:28
kmalloc:)14:28
gagehugoo/14:28
* gagehugo reads scrollback14:29
lbragstadi was wondering about htat14:29
lbragstadi looked at the copy i have locally and that method isn't in the flask specific bits14:29
kmallocExactly14:29
lbragstadthe wsgi/server implementation prior to flask also is the one that accepted request objecst14:29
lbragstadwhich is what caused me to notice it - since the method signature was different14:30
kmallocAnd since the rule is (except special circumstances) don't change tests when porting to flask, test gaps can lead to broken behavior14:30
kmallocWe didn't test for this, it was broken. Thankfully shade/sdk did test for it.14:30
kmallocEven if it was unintentional14:30
kmallocTurns out, it was an accident it was even tested over there as well.14:31
lbragstadglad we added tests14:31
AJaegerthanks, lbragstad !14:48
lbragstadno problem - thanks for the clean up14:53
*** wxy| has joined #openstack-keystone15:08
*** belmoreira has quit IRC15:15
*** shyamb has quit IRC15:18
*** felipemonteiro has joined #openstack-keystone15:24
*** prashkre has quit IRC15:28
*** Emine has quit IRC15:31
*** naptastic has joined #openstack-keystone15:32
naptasticIs `keystone-manage bootstrap` responsible for creating roles?15:33
cmurphynaptastic: pre-rocky it is responsible for creating the admin role, in rocky+ it creates the admin, member, and reader roles15:34
naptasticcmurphy, Awesome. It's not doing so right now, and it's not giving any clue as to why, at least that I've been able to find.15:35
naptasticIs there a way to create the 'admin' role in the 'default' domain otherwise?15:35
cmurphynaptastic: it's not supposed to create them in domains, it creates global roles15:36
cmurphy`openstack role create admin/member/reader` would do the trick15:36
cmurphywell if the admin role isn't there you'd have a hard time creating any roles15:37
naptasticYEP. :-)15:37
cmurphyoh well something is wrong there15:38
naptasticoh yeah. Lemme see if I can find the more useful error.15:38
cmurphywhen you run keystone-manage bootstrap does it give any errors? or an info log saying that the role was created? or info log saying it is already created?15:38
*** felipemonteiro has quit IRC15:39
naptasticIt exits 0 and prints nothing. It also doesn't put anything in /var/log/keystone.15:39
cmurphyhmm usually even if it does nothing it should print something15:40
naptasticThe only output I've gotten out of it is that it needs OS_BOOTSTRAP_PASSWORD, which I then set, and then it exits 0 without printing anything.15:40
cmurphymaybe i always run it with debug=true, maybe try setting that in keystone.conf and see if there's more output?15:41
naptastic(I'm using Queens, btw. The setup is... uncommon, I'm sure. We're deploying via Puppet and integrating with an established LDAP system to which we have read-only access.)15:41
cmurphythe roles should be created in sql so that shouldn't be an issue15:41
cmurphyis the admin role not there in the roles table?15:41
naptasticChecking...15:42
naptasticadmin and _member_ are in the role table, with {} extras and NULL domain_ids. So that's right.15:42
cmurphyokay, so then bootstrap worked correctly, so what's the actual problem you're facing?15:43
naptastic"Could not find project: services.: ProjectNotFound: Could not find project: services." in /var/log/keystone/keystone-admin.log15:43
naptasticwhen I do "openstack user list" or most anything else.15:43
naptasticIf I try to create the "services" project (which seems like the wrong thing to do, but I tried it anyway) it says something more specific (one moment)15:44
naptasticok, with a token it says "You have tried to create a resource using the admin token. As this token is not within a domain you must explicitly include a domain for this resource to belong to."15:45
naptastictrying with password...15:46
cmurphynaptastic: what does your openrc look like? you shouldn't normally be using OS_TOKEN for anything15:46
naptastic(I'm going to condense it a bit)15:47
naptasticunset OS_TOKEN OS_URL OS_PASSWORD OS_TENANT_NAME OS_USERNAME OS_AUTH_URL; export OS_IDENTITY_API_VERSION=3; export OS_PASSWORD=[redacted]; export OS_TENANT_NAME=admin; export OS_USERNAME=admin; export OS_AUTH_URL=http://10.0.40.16:5000/v315:47
naptasticsorry for the poor readability. IDK what kind of flood protection is in here and I didn't want to trip it. :)15:48
cmurphynaptastic: okay so I'm not sure where the 'services' project is coming from but instead of setting OS_TENANT_NAME you should set OS_PROJECT_NAME=admin, and you also need to set OS_USER_DOMAIN_NAME=Default and OS_PROJECT_DOMAIN_NAME=Default15:49
naptasticOk, trying that15:50
cmurphyif you have OS_PROJECT_NAME=services or OS_TENANT_NAME=services set in your env for some reason that might cause it15:50
naptasticI've been very careful to keep env clean of OS_ variables, since they've caused me a lot of Python errors. (I can't remember them exactly.)15:52
naptasticUser 999999 has no access to project 09d4f0ab68e243eda5de26855b6636aa _populate_roles /usr/lib/python2.7/dist-packages/keystone/token/providers/common.py:15:53
naptasticthat seems more useful :)15:53
cmurphynaptastic: is your identity backend completely backed by ldap? you're not using something like https://docs.openstack.org/keystone/latest/admin/identity-domain-specific-config.html ?15:56
naptasticcmurphy, we're not using domain-specific configs. To be precise, identity is all in LDAP, and assignments are all in SQL.15:57
cmurphynaptastic: okay, iirc I think we never addressed that use case when we created the bootstrap command, so the only way to create the role assignment for an admin user living in ldap would be to edit the role_assignments sql table15:59
cmurphyI'd recommend setting up a separate domain for ldap users so that the admin user and service users can live in sql16:00
naptasticGotcha. Well, switching back to domain-specific backends is doable (we tried it before) but how bad of an idea is modifying role_assignments directly?16:01
naptasticactually, I don't have that table. Is it different in Queens vs. Rocky?16:02
naptastic(I've got to go get lunch; I'll be back in less than 30 minutes, probably much less.)16:05
cmurphynaptastic: oh sorry the table name is just 'assignment'16:13
cmurphynaptastic: I would not officially recommend editing the table directly but anecdotally I have done it successfully16:14
*** bnemec has quit IRC16:28
*** bnemec has joined #openstack-keystone16:28
*** wxy| has quit IRC16:29
naptasticcmurphy, I fear no foreign key constraints. I will go boldly and restore a snapshot if I completely screw it up. :) Thanks for the info!16:34
*** gyee has joined #openstack-keystone16:38
openstackgerritColleen Murphy proposed openstack/keystone master: Convert legacy functional jobs to Zuul-v3-native  https://review.openstack.org/60245216:39
*** prashkre has joined #openstack-keystone16:40
*** prashkre has quit IRC16:44
*** prashkre has joined #openstack-keystone16:44
openstackgerritHarry Rybacki proposed openstack/keystone master: WIP: Convert projects API to Flask  https://review.openstack.org/60345117:17
hrybackikmalloc: ^^ (heavy on the WIP)17:18
hrybackionly 5 of the endpoints covered so far17:18
gagehugonice17:19
lbragstad#startmeeting keystone-office-hours17:20
openstackMeeting started Tue Sep 18 17:20:12 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.17:20
lbragstadoops17:20
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:20
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"17:20
*** ChanServ changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"17:20
openstackThe meeting name has been set to 'keystone_office_hours'17:20
*** prashkre has quit IRC17:33
*** prashkre_ has joined #openstack-keystone17:33
hrybackiPhoto and video of damage, destruction caused by Hurricane Florence - The Washington Post (https://www.washingtonpost.com/graphics/2018/national/amp-stories/photo-and-video-of-damage-destruction-caused-by-hurricane-florence/)17:42
hrybackiI lived in Fayetteville (pictured) for a few years (my first home in NC). Pretty bad17:42
kmalloco/17:42
hrybacki\o17:42
kmallocback from the dr. office yay17:43
kmalloclbragstad: no need to backport, that bug (get_domain_id_from_token) was introduced when groups were added17:45
kmalloclbragstad: to flask, so ... not long ago17:45
kmallocdef. post Rocky17:45
lbragstadack17:45
lbragstadthanks!17:45
gagehugoo/17:46
kmalloclbragstad: and additional bugs/proposed fixes are closed out now that that has merged17:47
lbragstad++ cool17:49
openstackgerritMorgan Fainberg proposed openstack/keystone master: Comment out un-runnable tests  https://review.openstack.org/60345917:54
kmalloclbragstad: ^ that is in lieu of deletion of the tests to allow ayoung to respin them on top of flask auth.17:54
openstackgerritMorgan Fainberg proposed openstack/keystone master: WIP: Convert auth to flask native dispatching  https://review.openstack.org/60346117:59
kmallochrybacki: hah, flaskification has only been 67 commits *so far*18:02
kmallocwe might get it all done in under 100 commits (oh man, so glad we didn't make this an intern project)18:03
kmalloclbragstad: ^18:03
hrybackiheh, that would be one frazzled intern18:05
hrybackikmalloc: so how do I determine if the tags portion of the project API should be a resource or a `ks_flask.ResourceBase` or a `flask_restful.Resource` ?18:06
kmallochrybacki: gut feeling :P18:08
hrybackiheh, ResourceBase it is18:08
kmallochrybacki: typically a "resource" conforms as follows: A number of concurrent operations (GET/POST/PATCH/DELETE) in a single case, easy prefixing, and not a lot of path substitutions (easier to represent in a mapped resource)18:08
kmallochrybacki: basically, if you need to go through hoops to make resource work, use mapped resource instead18:09
hrybackiack18:09
lbragstadkmalloc ack18:12
*** prashkre_ has quit IRC18:21
*** prashkre_ has joined #openstack-keystone18:32
gagehugohrybacki might be better off doing mapped resource, you have {project_id} & {tag}18:55
*** tobiash has left #openstack-keystone18:56
hrybackigagehugo: ack :)18:57
gagehugohttps://github.com/openstack/keystone/blob/master/keystone/resource/routers.py18:59
gagehugothe update without {tag value} expects a body, so doing it as non-mapped might be weird19:00
gagehugoyou may need to override wrap_member as well, as tags was written to follow the APIWG spec and it was specific on what should be returned (aka it was different than what keystone does by default)19:01
gagehugoif you see anything weird let me know and I can help19:01
gagehugoregarding that19:01
naptasticcmurphy, forgive my ignorance, but what do the <<double angle brackets>> signify in the tables related to assignment? (e.g., <<keystone.domain.root>>)19:06
naptasticAnd do I need to include them when I'm inserting values?19:07
*** raildo has quit IRC19:14
*** raildo has joined #openstack-keystone19:20
naptasticI included them and it worked :)19:27
naptasticNow I've just got to figure out why keystone-manage bootstrap is exiting 1 with no output.19:28
hrybackiI just lugged a Dell R910 up to my desk from the parking deck. I am no longer in Army shape -_-19:41
lbragstad:)19:47
*** oikiki has joined #openstack-keystone19:48
*** dmellado has quit IRC20:01
*** david-lyle is now known as dklyle20:02
*** raildo_ has joined #openstack-keystone20:04
*** raha has joined #openstack-keystone20:05
*** raildo has quit IRC20:06
*** dave-mccowan has joined #openstack-keystone20:07
rahaHi. I need to test my token proposal, but I have not had any OpenStack programming experiment, yet. Where should I start?20:10
*** prashkre__ has joined #openstack-keystone20:10
*** prashkre_ has quit IRC20:14
rahahi20:19
openstackgerritHarry Rybacki proposed openstack/keystone master: WIP: Convert projects API to Flask  https://review.openstack.org/60345120:21
*** rmascena__ has joined #openstack-keystone20:26
*** raildo_ has quit IRC20:29
*** raha has quit IRC20:34
*** rmascena__ has quit IRC20:35
knikollalbragstad: "Although the trains sound the same, much has changed in keystone since then."20:47
knikollathat sentence is... poetic20:48
lbragstadlol20:48
lbragstadhow'd you find that post so quickly?20:49
knikollalbragstad: was going through planet openstack20:50
knikollaand apparently the timing was uncanny as it was the topmost20:50
lbragstadhuh20:53
lbragstadno kidding20:53
*** dmellado has joined #openstack-keystone21:20
*** rmascena__ has joined #openstack-keystone21:25
knikollawhat's people's opinion of medium.com? i'm moving to yet another platform :/21:25
*** naptastic has quit IRC21:26
*** rmascena__ has quit IRC21:26
gagehugoI've seen some decent articles on there21:27
*** Emine has joined #openstack-keystone21:28
*** prashkre__ is now known as prashkre21:33
lbragstadknikolla i have no idea21:35
lbragstadi've never used it21:35
knikollahttps://medium.com/behind-clouds21:36
knikollastarted a blog21:36
knikollai'll probably be hosting my stuff there moving forward21:36
*** Emine has quit IRC21:40
* lbragstad bookmarks21:45
*** oikiki has quit IRC21:47
*** prashkre has quit IRC21:52
*** jaosorior_ has joined #openstack-keystone22:42
*** jaosorior has quit IRC22:45
*** rcernin has joined #openstack-keystone22:47
« Monday, 2018-09-17 Index Wednesday, 2018-09-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!