Wednesday, 2018-12-12

« Tuesday, 2018-12-11 Index Thursday, 2018-12-13 »
*** shrasool has quit IRC00:00
*** erus has quit IRC00:03
*** erus has joined #openstack-keystone00:04
*** erus has quit IRC00:06
*** itlinux has joined #openstack-keystone00:06
*** dklyle has quit IRC00:21
*** itlinux_ has joined #openstack-keystone00:25
*** itlinux has quit IRC00:28
*** dklyle has joined #openstack-keystone00:34
*** xek__ has joined #openstack-keystone00:37
*** xek_ has quit IRC00:39
*** itlinux_ has quit IRC00:49
*** dklyle has quit IRC01:04
*** dave-mccowan has joined #openstack-keystone01:16
*** erus has joined #openstack-keystone01:20
*** markvoelker has quit IRC01:41
openstackgerritMerged openstack/keystone master: Remove Certificates for PKI guide  https://review.openstack.org/62441901:57
*** Dinesh_Bhor has joined #openstack-keystone02:01
*** erus has quit IRC02:03
*** erus has joined #openstack-keystone02:15
openstackgerritayoung proposed openstack/keystone master: Remove message about circular role inferences  https://review.openstack.org/62455302:25
*** jrist has quit IRC02:25
*** Dinesh_Bhor has quit IRC02:27
*** mhen has quit IRC02:28
*** mhen has joined #openstack-keystone02:31
*** Dinesh_Bhor has joined #openstack-keystone02:33
*** Dinesh_Bhor has quit IRC03:34
openstackgerritwangxiyuan proposed openstack/keystone master: [api-ref] add domain level limit support  https://review.openstack.org/62456203:46
*** dave-mccowan has quit IRC03:52
*** Dinesh_Bhor has joined #openstack-keystone04:42
*** fiddletwix has quit IRC05:18
*** fiddletwix has joined #openstack-keystone05:19
*** itlinux has joined #openstack-keystone05:21
*** dklyle has joined #openstack-keystone05:51
*** itlinux has quit IRC05:51
*** dklyle has quit IRC05:56
*** Dinesh_Bhor has quit IRC06:13
*** Dinesh_Bhor has joined #openstack-keystone06:47
*** masayukig[m] has joined #openstack-keystone07:13
*** openstackgerrit has quit IRC07:29
*** dklyle has joined #openstack-keystone07:29
*** rcernin has quit IRC07:30
*** alexchadin has joined #openstack-keystone07:31
*** openstackgerrit has joined #openstack-keystone07:51
openstackgerritColleen Murphy proposed openstack/keystone master: Move identity sources doc to admin guide  https://review.openstack.org/62435107:51
*** trident has quit IRC07:58
*** trident has joined #openstack-keystone08:00
*** amoralej|off is now known as amoralej08:12
*** imacdonn has quit IRC08:23
*** imacdonn has joined #openstack-keystone08:23
*** dklyle has quit IRC08:32
*** markvoelker has joined #openstack-keystone08:44
*** markvoelker has quit IRC08:49
*** markvoelker has joined #openstack-keystone09:39
openstackgerritColleen Murphy proposed openstack/keystone master: Split trusts docs between admin and user guide  https://review.openstack.org/62462210:17
*** Dinesh_Bhor has quit IRC10:24
openstackgerritColleen Murphy proposed openstack/keystone master: Remove example usage from admin guide  https://review.openstack.org/62463710:34
openstackgerritColleen Murphy proposed openstack/keystone master: Delete outdated keystonemiddleware doc  https://review.openstack.org/62464510:40
*** Dinesh_Bhor has joined #openstack-keystone10:49
*** markvoelker has quit IRC11:30
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate service catalog docs  https://review.openstack.org/62467311:30
*** erus has quit IRC11:32
*** erus has joined #openstack-keystone11:32
*** Dinesh_Bhor has quit IRC11:33
*** erus has quit IRC11:38
*** erus has joined #openstack-keystone11:47
*** erus has quit IRC11:54
*** rafaelweingartne has joined #openstack-keystone11:58
*** erus has joined #openstack-keystone12:02
*** markvoelker has joined #openstack-keystone12:05
*** raildo has joined #openstack-keystone12:20
*** amoralej is now known as amoralej|lunch12:29
*** rafaelweingartne has quit IRC12:39
*** dave-mccowan has joined #openstack-keystone12:40
openstackgerritMoisés Guimarães de Medeiros proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665912:43
openstackgerritColleen Murphy proposed openstack/keystone-specs master: Add spec for immutable roles  https://review.openstack.org/62469213:27
*** markvoelker has quit IRC13:28
*** amoralej|lunch is now known as amoralej13:46
*** markvoelker has joined #openstack-keystone14:01
*** irclogbot_1 has quit IRC14:32
*** jrist has joined #openstack-keystone14:37
*** irclogbot_1 has joined #openstack-keystone14:42
gagehugoo/14:49
*** irclogbot_1 has quit IRC14:55
lbragstadhola14:56
*** markvoelker has quit IRC15:18
*** irclogbot_1 has joined #openstack-keystone15:20
*** jrist has quit IRC15:21
*** alexchadin has quit IRC15:22
knikollao/15:27
openstackgerritColleen Murphy proposed openstack/keystone master: Consolidate service catalog docs  https://review.openstack.org/62467315:29
*** mchlumsky has quit IRC15:38
*** mchlumsky has joined #openstack-keystone15:40
*** jrist has joined #openstack-keystone15:54
*** gyee has joined #openstack-keystone16:19
*** ayoung has joined #openstack-keystone16:24
*** itlinux has joined #openstack-keystone16:53
kmalloclbragstad: i'm going to add the DB Schema version # to the keystone cache key generator. that should eliminate all "upgrade and data drifted"17:06
kmalloccausing an implicit cache pop if the schema version change(s)17:07
kmalloclbragstad: and that can be loaded on startup.17:07
kmalloclooking at bug #179338917:07
openstackbug 1793389 in OpenStack Identity (keystone) "Upgrade to Ocata: Keystone Intermittent Missing 'options' Key" [Undecided,New] https://launchpad.net/bugs/1793389 - Assigned to Lance Bragstad (lbragstad)17:07
kmallocwe can consider if we want to backport it down the line17:07
lbragstadok17:08
*** erus has quit IRC17:13
*** erus has joined #openstack-keystone17:14
*** erus has quit IRC17:19
*** erus has joined #openstack-keystone17:21
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader role for projects  https://review.openstack.org/62421517:44
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system member role project test coverage  https://review.openstack.org/62421617:44
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system admin role in project API  https://review.openstack.org/62421717:44
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain reader functionality for projects  https://review.openstack.org/62421817:44
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain member functionality for projects  https://review.openstack.org/62421917:44
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain admin functionality for projects  https://review.openstack.org/62422017:44
openstackgerritLance Bragstad proposed openstack/keystone master: Add explicit testing for project users and the project API  https://review.openstack.org/62422117:44
openstackgerritLance Bragstad proposed openstack/keystone master: Remove project policies from policy.v3cloudsample.json  https://review.openstack.org/62422217:44
lbragstadgmann there is the latest series ^17:44
lbragstadbut as far as what i can validate locally with tempest, everything after https://review.openstack.org/#/c/624218/ is going to fail because domain admins in tempest don't have the correct authorization (e.g., an 'admin' on the Default domain can list all projects in the deployment)17:46
lbragstadfwiw - if i set CONF.identity.domain_scope = False, all the tests pass for me through the whole series17:46
lbragstadcurious if anyone else has opinions on ^17:54
lbragstadsteps out to shovel snow quick17:54
*** raildo has quit IRC17:58
*** raildo has joined #openstack-keystone17:58
*** jrist has quit IRC18:33
*** raildo_ has joined #openstack-keystone18:35
*** raildo has quit IRC18:35
openstackgerritMerged openstack/pycadf master: Change openstack-dev to openstack-discuss  https://review.openstack.org/62228618:38
*** amoralej is now known as amoralej|off19:08
openstackgerritMerged openstack/keystone master: Implement system admin role in domains API  https://review.openstack.org/60585019:29
openstackgerritMerged openstack/keystone master: Update registered limit policies for system admin  https://review.openstack.org/62101619:29
*** ayoung has quit IRC19:35
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain reader functionality for projects  https://review.openstack.org/62421819:46
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain member functionality for projects  https://review.openstack.org/62421919:46
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain admin functionality for projects  https://review.openstack.org/62422019:47
openstackgerritLance Bragstad proposed openstack/keystone master: Add explicit testing for project users and the project API  https://review.openstack.org/62422119:47
openstackgerritLance Bragstad proposed openstack/keystone master: Remove project policies from policy.v3cloudsample.json  https://review.openstack.org/62422219:47
lbragstadgmann i put some more context into the commit message of ^ and linked to it here https://review.openstack.org/#/c/624218/19:48
lbragstadgmann actually - nevermind, i got my links mixed up.. i put more context here - https://review.openstack.org/62479420:01
openstackgerritLance Bragstad proposed openstack/keystone master: Remove duplicate RBAC logging from enforcer  https://review.openstack.org/62479920:04
*** kmalloc is now known as notmorgan20:10
*** notmorgan is now known as morgan20:10
*** itlinux_ has joined #openstack-keystone20:14
*** itlinux has quit IRC20:15
*** jrist has joined #openstack-keystone20:30
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Propose a backlogged specification for resource locking  https://review.openstack.org/62480720:39
lbragstadcmurphy ^20:39
*** dklyle has joined #openstack-keystone20:39
*** ayoung has joined #openstack-keystone20:42
ayounglbragstad, I just modified this bug to make it service scoped specific.  It was origianlly Default domain:  https://bugs.launchpad.net/keystone/+bug/180805920:44
openstackLaunchpad bug 1808059 in OpenStack Identity (keystone) "admin user should have service scoped admin role" [Undecided,New]20:44
ayoungBootstrap should be the minimum, but if we remove  what it currently creates, we will break some tooling20:44
lbragstadi'm missing the point20:50
lbragstadkeystone-manage bootstrap already creates an admin user and grants them the admin role on the system20:50
ayounglbragstad, ah,  right...we got that .  It was based on a discussion for creating one for the domain]20:57
lbragstadsystem admin support was added in https://review.openstack.org/#/c/530410/20:57
ayounglbragstad, do we still create the admin project and role on that?20:57
lbragstadyes20:58
lbragstadthe admin user gets an admin role on the admin project for backwards compatibility20:58
ayoungso...I wonder if we should stop doing that, or start doing a role on the default domain20:58
lbragstadthe Default domain should just be another domain, right?20:58
ayounglbragstad, well, yeah, but you should need a domain scoped token to create projects etc20:58
ayoungnot project scoped, so admin on admin_project is really a throwbak20:59
ayoungand...I suspect that people are using that project + Bug968696 to do basic system config20:59
lbragstadsystem administrators can create projects under the default domain21:01
*** rcernin has joined #openstack-keystone21:06
*** jmlowe has quit IRC21:10
*** jmlowe has joined #openstack-keystone21:11
*** jmlowe has quit IRC21:13
*** jmlowe has joined #openstack-keystone21:14
*** xek__ has quit IRC21:18
morganayoung: that isn't a valid bug still21:35
morganuntil NFV plugins can consume system scope21:36
morganthat is a bug against the NFV stuff first.21:36
morganayoung: i'd rather not try and trac that with the NFV parts21:36
*** jonher has joined #openstack-keystone21:37
morganand it looks like system scope is somewhat handled in bootstrap according to bug #174926821:40
openstackbug 1749268 in OpenStack Identity (keystone) queens "`keystone-manage bootstrap` doesn't handle system role assignments" [High,Fix committed] https://launchpad.net/bugs/1749268 - Assigned to Lance Bragstad (lbragstad)21:40
morganayoung: ^21:40
cmurphylbragstad: uh https://review.openstack.org/62469221:42
lbragstadlol21:42
lbragstadat first glance, yours looks more specific than mine, which is probably a good thing :)21:43
cmurphymaybe we can combine them21:43
lbragstadsure21:44
openstackgerritMerged openstack/keystonemiddleware master: Added request_id and global_request_id to CADF notifications  https://review.openstack.org/61871221:58
*** itlinux_ has quit IRC22:00
*** dklyle has quit IRC22:00
*** itlinux has joined #openstack-keystone22:00
*** kklimonda_ has joined #openstack-keystone22:23
*** awestin1_ has joined #openstack-keystone22:24
*** obre_ has joined #openstack-keystone22:25
*** andreykurilin has quit IRC22:29
*** rledisez has quit IRC22:29
*** masayukig[m] has quit IRC22:29
*** obre has quit IRC22:29
*** awestin1 has quit IRC22:29
*** kklimonda has quit IRC22:29
*** awestin1_ is now known as awestin122:29
*** trident has quit IRC22:32
*** trident has joined #openstack-keystone22:34
*** itlinux has quit IRC22:35
*** mchlumsky has quit IRC22:57
*** raildo_ has quit IRC23:06
*** dave-mccowan has quit IRC23:19
*** dklyle has joined #openstack-keystone23:35
*** fiddletwix has quit IRC23:45
*** dklyle has quit IRC23:45
« Tuesday, 2018-12-11 Index Thursday, 2018-12-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!