| opendevreview | Takashi Kajinami proposed openstack/oslo.limit master: Add note about requirements lower bounds https://review.opendev.org/c/openstack/oslo.limit/+/933795 | 00:50 |
|---|---|---|
| opendevreview | Takashi Kajinami proposed openstack/oslo.policy master: Add note about requirements lower bounds https://review.opendev.org/c/openstack/oslo.policy/+/933800 | 00:52 |
| *** __ministry is now known as Guest8014 | 01:35 | |
| opendevreview | Takashi Kajinami proposed openstack/keystone master: Remove pointer for keystone-tempest-plugin https://review.opendev.org/c/openstack/keystone/+/933828 | 03:16 |
| tkajinam | xek, could you please review (and hopefully add 2nd +2) to https://review.opendev.org/c/openstack/python-keystoneclient/+/930176 and the subsequent two changes ? | 03:19 |
| opendevreview | Merged openstack/oslo.limit master: Add note about requirements lower bounds https://review.opendev.org/c/openstack/oslo.limit/+/933795 | 04:28 |
| opendevreview | Merged openstack/oslo.policy master: Add note about requirements lower bounds https://review.opendev.org/c/openstack/oslo.policy/+/933800 | 04:54 |
| opendevreview | Takashi Kajinami proposed openstack/keystone master: Add explicit dependency on Werkzeug https://review.opendev.org/c/openstack/keystone/+/933837 | 08:58 |
| opendevreview | Takashi Kajinami proposed openstack/keystone master: Add explicit dependency on Werkzeug https://review.opendev.org/c/openstack/keystone/+/933837 | 08:58 |
| jovial | The tokens that are created with a system scoped application credential (openstack application credential create --role admin --role member --role reader --os-system-scope=all will-testing) seem to be project scoped. Is that expected? | 10:45 |
| jovial | i.e they have project_id set and not system:all | 10:47 |
| jovial | I'm obtaining the token with `openstack token issue` | 10:47 |
| jovial | using application credential as created above | 10:48 |
| gtema | jovial - application credentials are by design (current and only) project scoped. | 10:57 |
| jovial | gtema, fair enough. So what is the different between the app cred created with `--os-system-scope=all` which has project_id = None and one created without which has the project id set? | 11:00 |
| jovial | The output I see from the CLI: https://paste.opendev.org/show/bgiteCmjUQAlz8AqU4rS/ | 11:03 |
| gtema | Honestly no clue. Well, the code extracts project_id from the context which in your case would be empty. I just believe that appcreds without project can not be used properly since keystone refuses to accept scope when authenticating with appcreds | 11:06 |
| jovial | Thanks, that clears things up. In practice they seem to work in the same way, but possibly select the "default" project for the user (if that is a thing). | 11:20 |
| opendevreview | Merged openstack/oslo.limit master: Run pyupgrade to clean up Python 2 syntaxes https://review.opendev.org/c/openstack/oslo.limit/+/932787 | 12:48 |
| opendevreview | Antonia Gaete proposed openstack/keystone master: Add JSON schema to `service provider` and validation decorators to service provider resource. https://review.opendev.org/c/openstack/keystone/+/930610 | 16:21 |
| opendevreview | Antonia Gaete proposed openstack/keystone master: Add JSON Schema to `access rules` https://review.opendev.org/c/openstack/keystone/+/925020 | 16:35 |
| opendevreview | Antonia Gaete proposed openstack/keystone master: Add JSON Schema to `endpoints` and validation decorators to endpoints resource. https://review.opendev.org/c/openstack/keystone/+/927856 | 16:42 |
| opendevreview | Antonia Gaete proposed openstack/keystone master: Add JSON schema to `identity provider` and validation decorators to identity provider resource. https://review.opendev.org/c/openstack/keystone/+/930633 | 17:45 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!