Friday, 2019-03-22

« Thursday, 2019-03-21 Index Saturday, 2019-03-23 »
*** gyee has quit IRC00:11
*** irclogbot_3 has joined #openstack-keystone00:17
*** jamesmcarthur has quit IRC00:30
*** ileixe has joined #openstack-keystone00:58
*** awalende has joined #openstack-keystone01:31
*** itlinux has joined #openstack-keystone01:34
*** awalende has quit IRC01:36
*** njohnston_ has quit IRC01:39
*** jamesmcarthur has joined #openstack-keystone01:46
*** jamesmcarthur has quit IRC02:03
openstackgerritMerged openstack/keystoneauth master: Factor Adapter conf-processing logic into a helper  https://review.openstack.org/64425102:46
*** mriedem has joined #openstack-keystone03:00
mriedemis this a known issue? http://logs.openstack.org/76/644576/1/gate/grenade-py3/e8d5a3b/logs/screen-keystone.txt.gz?level=TRACE#_Mar_22_01_10_29_13804303:01
mriedemah nvm i know what this is03:03
mriedemhttps://review.openstack.org/#/c/644638/03:04
*** mriedem has left #openstack-keystone03:24
*** whoami-rajat has joined #openstack-keystone03:41
*** jamesmcarthur has joined #openstack-keystone03:51
*** jamesmcarthur has quit IRC04:12
*** ileixe has quit IRC04:18
*** TheJulia has quit IRC04:31
*** wxy-xiyuan has quit IRC04:31
*** coreycb has quit IRC04:31
*** wxy-xiyuan has joined #openstack-keystone04:31
*** TheJulia has joined #openstack-keystone04:31
*** dustinc has quit IRC04:31
*** spsurya has quit IRC04:31
*** awestin1 has quit IRC04:32
*** cosss_ has quit IRC04:32
*** kmalloc has quit IRC04:32
*** hogepodge has quit IRC04:32
*** johnsom has quit IRC04:32
*** ayoung has quit IRC04:33
*** erus has quit IRC04:33
*** erus has joined #openstack-keystone04:34
*** coreycb has joined #openstack-keystone04:34
*** spsurya has joined #openstack-keystone04:34
*** johnsom has joined #openstack-keystone04:34
*** awestin1 has joined #openstack-keystone04:35
*** hogepodge has joined #openstack-keystone04:35
*** dustinc has joined #openstack-keystone04:39
*** kmalloc has joined #openstack-keystone04:39
*** erus has quit IRC04:39
*** cosss_ has joined #openstack-keystone04:40
*** erus has joined #openstack-keystone04:40
*** jamesmcarthur has joined #openstack-keystone04:52
*** erus has quit IRC04:52
*** erus has joined #openstack-keystone04:52
*** jamesmcarthur has quit IRC04:57
openstackgerritMerged openstack/keystone master: Update system grant policies for system reader  https://review.openstack.org/62261504:58
*** ileixe has joined #openstack-keystone05:03
*** jdennis has quit IRC05:45
*** jdennis has joined #openstack-keystone05:48
*** dustinc has quit IRC05:50
*** tkajinam has quit IRC05:59
*** tkajinam has joined #openstack-keystone05:59
*** david-lyle has joined #openstack-keystone06:27
*** dklyle has quit IRC06:27
*** david-lyle has quit IRC06:29
*** dklyle has joined #openstack-keystone06:29
*** dims has quit IRC06:39
*** dims has joined #openstack-keystone06:41
*** rcernin has quit IRC07:07
*** whoami-rajat has quit IRC07:11
*** pcaruana has joined #openstack-keystone07:27
*** whoami-rajat has joined #openstack-keystone07:30
*** phasespace has quit IRC07:35
*** xek_ has joined #openstack-keystone08:08
*** markvoelker has joined #openstack-keystone08:12
*** cfey has joined #openstack-keystone08:26
*** phasespace has joined #openstack-keystone08:27
*** tkajinam has quit IRC08:34
*** erus has quit IRC08:34
*** erus has joined #openstack-keystone08:35
*** shyamb has joined #openstack-keystone09:09
*** shyamb has quit IRC09:27
*** shyamb has joined #openstack-keystone09:27
*** shyamb has quit IRC09:39
*** shyamb has joined #openstack-keystone10:08
*** cosss_ has quit IRC10:59
*** johnsom has quit IRC10:59
*** erus has quit IRC10:59
*** johnsom has joined #openstack-keystone10:59
*** erus has joined #openstack-keystone10:59
*** whoami-rajat has quit IRC10:59
*** spsurya has quit IRC10:59
*** awestin1 has quit IRC11:00
*** cosss_ has joined #openstack-keystone11:00
*** spsurya has joined #openstack-keystone11:01
*** whoami-rajat has joined #openstack-keystone11:01
*** awestin1 has joined #openstack-keystone11:02
*** phasespace has quit IRC11:04
*** ileixe has quit IRC11:21
*** shyamb has quit IRC11:35
*** shyamb has joined #openstack-keystone11:35
*** shyamb has quit IRC11:50
*** shyamb has joined #openstack-keystone11:51
*** pcaruana has quit IRC11:53
*** zbitter has joined #openstack-keystone12:05
*** csatari_ has joined #openstack-keystone12:07
*** erus has quit IRC12:07
*** erus has joined #openstack-keystone12:07
*** markvoelker has quit IRC12:10
*** ab-a has quit IRC12:14
*** zaneb has quit IRC12:14
*** csatari has quit IRC12:14
*** johnthetubaguy has quit IRC12:14
*** csatari_ is now known as csatari12:14
*** johnthetubaguy has joined #openstack-keystone12:15
*** raildo has joined #openstack-keystone12:33
*** pcaruana has joined #openstack-keystone12:54
*** altlogbot_3 has quit IRC13:01
*** irclogbot_3 has quit IRC13:01
*** altlogbot_1 has joined #openstack-keystone13:02
*** irclogbot_3 has joined #openstack-keystone13:02
*** dklyle has quit IRC13:07
*** lbragstad has joined #openstack-keystone13:10
*** ChanServ sets mode: +o lbragstad13:10
*** shyamb has quit IRC13:12
*** dklyle has joined #openstack-keystone13:12
*** jmlowe has quit IRC13:18
*** lbragstad is now known as elbragstad13:19
*** zbitter is now known as zaneb13:31
*** efried is now known as fried_rice13:58
*** bnemec is now known as beekneemech13:59
*** jaosorior has quit IRC14:01
*** jmlowe has joined #openstack-keystone14:15
*** shyamb has joined #openstack-keystone14:18
gagehugoo/14:34
*** erus has quit IRC14:34
*** erus has joined #openstack-keystone14:35
*** mloza has quit IRC14:43
*** shyamb has quit IRC14:56
*** jamesmcarthur has joined #openstack-keystone15:12
*** altlogbot_1 has quit IRC15:21
*** altlogbot_2 has joined #openstack-keystone15:25
*** irclogbot_3 has quit IRC15:30
*** irclogbot_0 has joined #openstack-keystone15:32
*** irclogbot_0 has quit IRC15:36
*** irclogbot_1 has joined #openstack-keystone15:37
openstackgerritGage Hugo proposed openstack/keystone master: Remove external-dev and consolidate to contributor  https://review.openstack.org/64564015:54
*** dustinc has joined #openstack-keystone16:08
*** fried_rice is now known as fried_rolls16:30
kmallochm.16:37
kmallocso.16:37
kmalloci'll put a separate patch up for oslo.cache that monkey patches the memcache client.16:37
kmalloci *think* i can do it16:37
*** jamesmcarthur has quit IRC17:05
*** stewie925 has joined #openstack-keystone17:20
stewie925hello guys17:20
stewie925I created a domain called 'local', and created a user 'admin-local' under that 'local' domain   and logged back in as 'admin-local'  ....17:21
stewie925when i do 'openstack user list'   I was expecting to see only admin-local'   but i still see users under the 'default' domain17:22
*** jamesmcarthur has joined #openstack-keystone17:22
stewie925for my admin-local,   my openrc has 'OS_USER_DOMAIN_NAME=local'17:23
*** jamesmcarthur has quit IRC17:27
*** jamesmcarthur has joined #openstack-keystone17:34
*** gmann is now known as gmann_afk17:52
*** stewie925 has quit IRC18:06
*** gmann_afk is now known as gmann18:11
openstackgerritMerged openstack/keystone master: Implement domain admin functionality for user API  https://review.openstack.org/62332118:16
*** xek_ has quit IRC18:17
*** jamesmcarthur has quit IRC18:19
*** jamesmcarthur has joined #openstack-keystone18:20
*** jamesmcarthur has quit IRC18:24
*** pcaruana has quit IRC18:45
*** fried_rolls is now known as fried_rice19:07
*** phasespace has joined #openstack-keystone19:23
*** jmlowe has quit IRC19:40
elbragstadquick question for the room on the grant API wrt system-scope and default roles19:45
*** erus has quit IRC19:45
elbragstadwe currently require system-administrator (or rule:admin_required) in order for a user to create grants19:45
*** erus has joined #openstack-keystone19:45
elbragstadwith domain-scope, should we open up the grant API, and if so, how much should we open up to those users?19:46
elbragstadi mean - users can have role assignments on projects in domains outside of their own domain19:47
elbragstadso - if a domain admin wants to manage role assignments within their domain, should they only be able to grant users *within* their domain access to projects *within* their domain?19:47
cmurphyelbragstad: i think so19:55
elbragstadok19:55
elbragstadto be clear, we don't want to expose that same functionality to project users, right?19:56
cmurphyi wouldn't think so19:57
*** erus has quit IRC19:57
cmurphyyou mean project admins?19:57
elbragstadjust like domain users shouldn't be able to grant other users roles on the domain?19:57
elbragstadright19:57
*** erus has joined #openstack-keystone19:58
cmurphyi think a project admin only has any rights over their own project and since projects can't own users or other projects it wouldn't make sense to allow that there19:58
elbragstadwhat about hmt?19:58
cmurphyoh hm19:58
elbragstadi'm fine punting that part for now...19:59
cmurphybut they still don't have read access to users so i don't think they should assign roles for them19:59
elbragstadok - that's fair19:59
cmurphyotoh i could see it being useful19:59
elbragstadso - we should keep a "one layer up" mentality it sounds like19:59
elbragstadsystem users can do all the things with grants, because they are operating on the system19:59
elbragstaddomain users can manage grants for users and project *within* the domain, but that's it.. which works because users and projects need a domain container20:00
elbragstadproject users are sol as far as grants go (from a self-service perspective)20:00
elbragstadand that is mainly because users aren't contained with projects in any way, shape, or form, despite projects muddying the water with HMT20:01
elbragstaddoes that all sound kosher?20:01
cmurphythinking about it from an abuse perspective, i wouldn't want some user out there adding me to projects that i don't know about20:01
cmurphythen a bunch of projects show up for me in horizon20:02
elbragstadright20:02
cmurphythat user would have basically edited my user when they had no rights20:02
elbragstadto clarify, you're referencing the project admin, right?20:02
cmurphyso yeah agree with everything you said20:02
cmurphyright20:02
elbragstadok - cool20:02
*** cfey has quit IRC20:08
*** jmlowe has joined #openstack-keystone20:20
*** raildo has quit IRC21:12
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader functionality for grants  https://review.openstack.org/64588921:26
openstackgerritLance Bragstad proposed openstack/keystone master: Make system admin policies consistent for grants  https://review.openstack.org/64589021:26
openstackgerritLance Bragstad proposed openstack/keystone master: Make system admin policies consistent for grants  https://review.openstack.org/64589021:28
*** mchlumsky has quit IRC21:30
*** whoami-rajat has quit IRC22:41
« Thursday, 2019-03-21 Index Saturday, 2019-03-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!