if you already have all the dependencies
available:
$ sh tools/config/generate_sample.sh
-- Forwarded message --
From: jazeltq
Date: Mon, Aug 11, 2014 at 5:06 AM
Subject: how to generate keystone.conf.sample in havana release?
To: Dolph Mathews
Hello
Is there a way to auto
See here:
http://lists.openstack.org/pipermail/openstack-dev/2014-August/042573.html
On Mon, Aug 11, 2014 at 3:53 AM, Li Tianqing wrote:
> Hello,
>Right now, i customerized keystone to meet our requeriments. I want to
> add some configuration options in keystone.conf.sample. But, i
> do not
On Tue, Aug 12, 2014 at 10:30 AM, Yee, Guang wrote:
> Hi Kristy,
>
> Have you try the "[]" or "@" rule as mentioned here?
>
That still requires valid authentication though, just not any specific
authorization. I don't think we have a way to express truly public
resources in oslo.policy.
>
>
>
On Tue, Aug 12, 2014 at 12:30 AM, Joe Gordon wrote:
>
>
>
> On Fri, Aug 8, 2014 at 6:58 AM, Kyle Mestery wrote:
>
>> On Thu, Aug 7, 2014 at 1:26 PM, Joe Gordon wrote:
>> >
>> >
>> >
>> > On Tue, Aug 5, 2014 at 9:03 AM, Thierry Carrez
>> > wrote:
>> >>
>> >> Hi everyone,
>> >>
>> >> With the in
On Tue, Aug 12, 2014 at 1:08 PM, Doug Hellmann
wrote:
>
> On Aug 12, 2014, at 1:44 PM, Dolph Mathews
> wrote:
>
>
> On Tue, Aug 12, 2014 at 12:30 AM, Joe Gordon
> wrote:
>
>>
>>
>>
>> On Fri, Aug 8, 2014 at 6:58 AM, Kyle Mestery wrote:
&
Regarding the connection to release notes, it'd be useful to link from
official release note bullet points back to the corresponding spec on
specs.openstack.org to provide additional detail.
On Fri, Aug 15, 2014 at 2:58 PM, Anne Gentle wrote:
>
>
>
> On Fri, Aug 15, 2014 at 2:47 PM, Adam Young
On Thu, Aug 21, 2014 at 11:21 AM, Daniel P. Berrange
wrote:
> On Thu, Aug 21, 2014 at 05:05:04PM +0100, Matthew Booth wrote:
> > "I would prefer that you didn't merge this."
> >
> > i.e. The project is better off without it.
>
> A bit off topic, but I've never liked this message that gets added
>
On Thu, Aug 21, 2014 at 11:53 AM, Daniel P. Berrange
wrote:
> On Thu, Aug 21, 2014 at 11:34:48AM -0500, Dolph Mathews wrote:
> > On Thu, Aug 21, 2014 at 11:21 AM, Daniel P. Berrange <
> [email protected]>
> > wrote:
> >
> > > On Thu, Aug 21, 2014 a
On Fri, Aug 22, 2014 at 9:13 AM, Daniel P. Berrange
wrote:
> On Fri, Aug 22, 2014 at 02:33:27PM +0200, Thierry Carrez wrote:
> > Hi everyone,
> >
> > We all know being a project PTL is an extremely busy job. That's because
> > in our structure the PTL is responsible for almost everything in a
> p
On Fri, Aug 22, 2014 at 11:32 AM, Zane Bitter wrote:
> On 22/08/14 11:19, Thierry Carrez wrote:
>
>> Zane Bitter wrote:
>>
>>> On 22/08/14 08:33, Thierry Carrez wrote:
>>>
We also
still need someone to have the final say in case of deadlocked issues.
>>>
>>> -1 we really don't.
>>>
On Tue, Aug 26, 2014 at 6:44 AM, Sean Dague wrote:
> On 08/26/2014 05:38 AM, Thierry Carrez wrote:
> > Hi keystone/infra,
> >
> > One key upcoming Juno feature (Keystone to keystone federation) is
> > currently blocked on adding pysaml2 to requirements:
> >
> > https://review.openstack.org/#/c/11
On Wed, Sep 3, 2014 at 8:25 AM, Sean Dague wrote:
> On 09/03/2014 09:03 AM, Daniel P. Berrange wrote:
> > On Wed, Sep 03, 2014 at 08:37:17AM -0400, Sean Dague wrote:
> >> I'm not sure why people keep showing up with "sort requirements" patches
> >> like - https://review.openstack.org/#/c/76817/6,
On Wed, Sep 3, 2014 at 11:23 AM, Doug Hellmann
wrote:
>
> On Sep 3, 2014, at 12:20 PM, Dolph Mathews
> wrote:
>
>
> On Wed, Sep 3, 2014 at 8:25 AM, Sean Dague wrote:
>
>> On 09/03/2014 09:03 AM, Daniel P. Berrange wrote:
>> > On Wed, Sep 03, 2014 a
On Sep 12, 2014 10:05 AM, "Russell Bryant" wrote:
>
> On 09/12/2014 07:37 AM, Thierry Carrez wrote:
> > If you think this is wrong and think the "design summit suggestion"
> > website is a better way to do it, let me know why! If some programs
> > really can't stand the 'etherpad/IRC' approach I'l
On Wed, Nov 20, 2013 at 9:09 AM, Thierry Carrez wrote:
> Hi everyone,
>
> How should we proceed to make sure UX (user experience) is properly
> taken into account into OpenStack development ? Historically it was hard
> for UX sessions (especially the ones that affect multiple projects, like
> CLI
On Wed, Nov 20, 2013 at 10:24 AM, Yuriy Taraday wrote:
>
> On Wed, Nov 20, 2013 at 3:21 PM, Sylvain Bauza wrote:
>
>> Yes indeed, that's something coming into my mind. Looking at Nova, I
>> found a "context_is_admin" policy in policy.json allowing you to say which
>> role is admin or not [1] and
On Wed, Nov 20, 2013 at 10:52 AM, Yuriy Taraday wrote:
> Hello, Dolph.
>
> On Wed, Nov 20, 2013 at 8:42 PM, Dolph Mathews wrote:
>
>>
>> On Wed, Nov 20, 2013 at 10:24 AM, Yuriy Taraday wrote:
>>
>>>
>>> context.is_admin should not be checked direc
I don't have a great answer -- do any projects depend on it other than
python-keystoneclient? I'm happy to see it removed -- I see the immediate
benefit but it's obviously not significant relative to python 3 support.
BTW, this exact issue is being tracked here-
https://bugs.launchpad.net/python-k
On Wed, Nov 20, 2013 at 1:06 PM, Dmitri Zimin(e) | StackStorm <
[email protected]> wrote:
> Thanks Terry for highlighting this:
>
> Yes, tenant isolation is the must. It's not reflected in the prototype -
> it queries Solr directly; but the proper implementation will go through the
> query API s
Hmm, I was sort of thinking along the same lines after writing my
post-summit summary for keystone:
https://gist.github.com/dolph/7366031
Granted this is the first time I've written such a document, I could see
this evolving into a regularly updated document on the long term direction
that keys
On Thu, Nov 21, 2013 at 2:08 PM, Jarret Raim wrote:
> The Barbican team has been taking a look at the KDS feature and the
> proposed patch and I think this may be better placed in Barbican rather
> than Keystone. The patch, from what I can tell, seems to require that a
> service account create & u
On Fri, Nov 22, 2013 at 3:31 AM, Thierry Carrez wrote:
> Robert Collins wrote:
> > I don't understand why branches would be needed here *if* the breaking
> > changes don't impact any supported release of OpenStack.
>
> Right -- the trick is what does "supported" mean in that case.
>
> When the cli
+1 for using the term "project" across all services. Projects provide
multi-tenant isolation for resources across the cloud. Part of the reason
we prefer "projects" in keystone is that "domains" conceptually provide
multi-tenant isolation within keystone itself, so the overloaded "tenant"
terminolo
On Sat, Nov 23, 2013 at 2:27 PM, Caitlin Bestler <
[email protected]> wrote:
>
>
> On November 23, 2013 4:09:49 AM Christopher Yeoh
> wrote:
>
>> Hi,
>>
>> So in the past we've used both tenant and project to refer to the same
>> thing and I think its been a source of confusion for peop
On Mon, Nov 25, 2013 at 2:41 AM, Flavio Percoco wrote:
> On 25/11/13 09:28 +1000, Jamie Lennox wrote:
>
>> So the way we have this in keystone at least is that querying GET / will
>> return all available API versions and querying /v2.0 for example is a
>> similar result with just the v2 endpoint.
On Mon, Nov 25, 2013 at 8:12 PM, Robert Collins
wrote:
> This has been mentioned in other threads, but I thought I'd call it
> out and make it an explicit topic.
>
> We have over 100 recheck bugs open on
> http://status.openstack.org/rechecks/ - there is quite a bit of
> variation in how frequentl
On Tue, Nov 26, 2013 at 5:23 AM, Thierry Carrez wrote:
> Dolph Mathews wrote:
> > On Mon, Nov 25, 2013 at 8:12 PM, Robert Collins
> > mailto:[email protected]>> wrote:
> >
> > So my proposal is that we make it part of the base hygiene for a
> >
On Tue, Nov 26, 2013 at 2:47 AM, Flavio Percoco wrote:
> On 25/11/13 16:50 -0600, Dolph Mathews wrote:
>
>>
>> On Mon, Nov 25, 2013 at 2:41 AM, Flavio Percoco
>> wrote:
>>
>>On 25/11/13 09:28 +1000, Jamie Lennox wrote:
>>
>>So t
On Wed, Nov 27, 2013 at 8:12 AM, Steven Hardy wrote:
> On Tue, Nov 26, 2013 at 10:17:56PM +1030, Christopher Yeoh wrote:
> > On Mon, Nov 25, 2013 at 7:50 PM, Flavio Percoco
> wrote:
> > > On 24/11/13 12:47 -0500, Doug Hellmann wrote:
> > >
> > >> On Sun, Nov 24, 2013 at 12:08 AM, Morgan Fainberg
On Wed, Nov 27, 2013 at 10:58 AM, Paul Montgomery <
[email protected]> wrote:
> I created some relatively high level security best practices that I
> thought would apply to Solum. I don't think it is ever too early to get
> mindshare around security so that developers keep that in min
On Mon, Dec 2, 2013 at 11:55 AM, Russell Bryant wrote:
> On 12/02/2013 12:46 PM, Monty Taylor wrote:
> > On 12/02/2013 11:53 AM, Russell Bryant wrote:
> >>> * Scope
> >>> ** Project must have a clear and defined scope
> >>
> >> This is missing
> >>
> >>> ** Project should not inadvertently dup
On Tue, Dec 3, 2013 at 12:46 PM, John Griffith
wrote:
> On Tue, Dec 3, 2013 at 11:38 AM, Russell Bryant
> wrote:
> > On 12/03/2013 09:22 AM, Joe Gordon wrote:
> >> HI all,
> >>
> >> Recently I have seen a few patches fixing a few typos. I would like to
> >> point out a really nifty tool to detec
On Sun, Nov 24, 2013 at 9:39 PM, Adam Young wrote:
> The #1 pain point I hear from people in the field is that they need to
> consume read only LDAP but have service users in something Keystone
> specific. We are close to having this, but we have not closed the loop.
> This was something that
On Wed, Dec 4, 2013 at 1:26 PM, Georgy Okrokvertskhov <
[email protected]> wrote:
> Hi,
>
> I have failed tests in gate-solum-python33 because kesytoneclient fails to
> import xmlrpclib.
> The exact error is:
> "File
> "/home/jenkins/workspace/gate-solum-python33/.tox/py33/lib/python3.3
> >> > socket layer, this means if we change out urllib for requests or some
> >> > other transport to make HTTP requests to we don't need to refactor
> >> > every one of the mock/mox subouts to match the exact set of parameters
> >> > to be passe
On Wed, Dec 4, 2013 at 7:48 PM, David Stanek wrote:
> On Wed, Dec 4, 2013 at 6:44 PM, Adrian Otto wrote:
>
>> Jamie,
>>
>> Thanks for the guidance here. I am checking to see if any of our
>> developers might take an interest in helping with the upstream work. At the
>> very least, it might be nic
On Mon, Nov 25, 2013 at 4:25 PM, Jamie Lennox wrote:
> To most of your questions i don't know the answer as the format was in
> place before i started with the project. I know that it is similar (though
> not exactly the same) as nova's but not where they are documented (as they
> are version inde
On Sun, Dec 8, 2013 at 5:20 PM, Monty Taylor wrote:
> Hi!
>
> Thanks - I've been wanting to kill this for a long time. Thanks for
> starting the discussion...
>
> On 12/08/2013 07:26 PM, Brant Knudson wrote:
> >
> > We'd like to get the keystoneclient tests out of keystone. They're
> > serving a
On Mon, Dec 9, 2013 at 9:08 PM, Adam Young wrote:
>
>
>
> On 12/09/2013 05:34 PM, Steven Hardy wrote:
>
>> Hi all,
>>
>> I have some queries about what the future of the ec2tokens API is for
>> keystone, context as we're looking to move Heat from a horrible mixture of
>> v2/v3 keystone to just v3
On Tue, Dec 10, 2013 at 10:49 PM, Jamie Lennox wrote:
> Using the default policies it will simply check for the admin role and not
> care about the domain that admin is limited to. This is partially a left
> over from the V2 api when there wasn't domains to worry about.
>
> A better example of pol
On Tue, Dec 10, 2013 at 9:13 AM, Steven Hardy wrote:
> On Tue, Dec 10, 2013 at 08:12:17AM -0600, Dolph Mathews wrote:
> > On Mon, Dec 9, 2013 at 9:08 PM, Adam Young wrote:
> >
> > >
> > >
> > >
> > > On 12/09/2013 05:34 PM, Steven Hardy wr
On Thu, Dec 12, 2013 at 8:50 AM, Adam Young wrote:
> On 12/11/2013 10:11 PM, Paul Belanger wrote:
>
>> On 13-12-11 11:18 AM, Lyle, David wrote:
>>
>>> +1 on moving the domain admin role rules to the default policy.json
>>>
>>> -David Lyle
&
The policy file is protecting v3 API calls at the controller layer, but
you're calling the v2 API. The policy decorators should be moved to the
manager layer to protect both APIs equally... but we'd have to be very
careful not to break deployments depending on the trivial "assert_admin"
behavior (h
On Wed, Dec 11, 2013 at 4:25 PM, Stefano Maffulli wrote:
> On 12/06/2013 02:19 AM, Jaromir Coufal wrote:
> > We are growing. At the moment we are 4 core members and others are
> > coming in. But honestly, contributors are not coming to specific
> > projects - they go to reach UX community in a sen
On Thu, Dec 12, 2013 at 2:58 PM, Adam Young wrote:
> On 12/04/2013 08:58 AM, Jarret Raim wrote:
>
> While I am all for adding a new program, I think we should only add one
> if we
> rule out all existing programs as a home. With that in mind why not add
> this
> to the keystone program? Perhap
On Thu, Dec 12, 2013 at 3:46 PM, Robert Collins
wrote:
> Hi, I'm trying to overhaul the bug triage process for nova (initially)
> to make it much lighter and more effective.
>
> I'll be sending a more comprehensive mail shortly but one thing that
> has been giving me pause is this:
> "
> Confirmed
they should, at least at the moment. With v2.0 gone, it
would be a more interesting, more approachable discussion.
>
> Cheers,
> Morgan Fainberg
>
> On December 12, 2013 at 10:32:40, Dolph Mathews
> ([email protected])
> wrote:
>
> The policy file is protecting v3
On Thu, Dec 12, 2013 at 11:03 PM, Qiu Yu wrote:
> On Fri, Dec 13, 2013 at 2:40 AM, Morgan Fainberg wrote:
>
>> As Dolph stated, V3 is where the policy file protects. This is one of
>> the many reasons why I would encourage movement to using V3 Keystone over
>> V2.
>>
>> The V2 API is officially
On Wed, Dec 18, 2013 at 5:18 AM, Daniel P. Berrange wrote:
> On Wed, Dec 18, 2013 at 11:40:21AM +0100, Thierry Carrez wrote:
>
> > 2. Do not require diversity for incubation, but require it for
> > graduation, and remove projects from incubation if they fail to attract
> > a diverse community
> >
Services already own their own policy enforcement, and therefore own their
own definitions of roles. A service deployment can already require roles
that are prefixed by a specific string (compute-*), and can already map
actual capabilities onto those roles ({"compute-create":
"role:compute-manager"
te the domain that you plan to use
>> for your admin domain, and then paste its (auto-generated) domain_id into
>> the policy file.
>>
>> Henry
>> On 12 Dec 2013, at 03:11, Paul Belanger
>> wrote:
>>
>> > On 13-12-11 11:18 AM, Lyle, David wrot
On Thu, Dec 12, 2013 at 4:48 PM, Morgan Fainberg wrote:
> On December 12, 2013 at 14:32:36, Dolph Mathews
> ([email protected])
> wrote:
>
>
> On Thu, Dec 12, 2013 at 2:58 PM, Adam Young wrote:
>
>> On 12/04/2013 08:58 AM, Jarret Raim wrote:
>>
>>
In the past, I've been able to get authors of bug fixes attached to
Launchpad bugs to sign the CLA and submit the patch through gerrit...
although, in one case it took quite a bit of time (and thankfully it wasn't
a critical fix or anything).
This scenario just came up again (example: [1]), so I'm
On Friday, December 20, 2013, Russell Bryant wrote:
> On 12/20/2013 09:32 AM, Dolph Mathews wrote:
> > In the past, I've been able to get authors of bug fixes attached to
> > Launchpad bugs to sign the CLA and submit the patch through gerrit...
> > although, in one c
On Tue, Jan 7, 2014 at 11:01 AM, Adam Young wrote:
> On 01/06/2014 01:10 PM, Jeremy Stanley wrote:
>
>> On 2014-01-06 10:19:39 -0500 (-0500), Adam Young wrote:
>>
>>> If it were as easy as just replaceing hteh hash algorithm, we
>>> would have done it a year + ago. I'm guessing you figured that
Hello everyone!
We've been talking this for a long while, and we finally have a bunch of
changes to make to keystone-core all at once. A few people have moved on,
the project has grown a bit, and our review queue grows ever longer. As
ayoung phrased it in today's keystone meeting, with entirely se
Ooh, I meant to get this done last week as I agree that keystoneclient
needed to see a new release, but it totally slipped my mind.
python-keystoneclient 0.4.2 is now available on pypi!
https://pypi.python.org/pypi/python-keystoneclient/0.4.2
What's included in the milestone:
https://launch
First of all, welcome! As Steve suggested, feel free to ask questions in
#openstack-dev ... it seems there's almost always someone online with deep
knowledge of keystone.
On Wed, Jan 22, 2014 at 8:28 PM, Mario Adessi wrote:
> I'd like to begin contributing to the keystone project.
>
> Keystone,
... why? It strikes me as a rather shallow business decision to limit the
number of users or projects in a system, as neither are actually
cost-consuming resources.
On Thu, Jan 23, 2014 at 6:43 AM, Matthieu Huin
wrote:
> Hello,
>
> I'd be interested in opinions and feedback on the following bluep
lluding to, which I don't think
we have any reason to support in-tree.
>
> Regards,
> Florent Flament
>
>
> --
> *From: *"Dolph Mathews"
> *To: *"OpenStack Development Mailing List (not for usage questions)" <
> o
of the community.
>
> If some contributors are willing to spend some time in adding this
> feature to Openstack, is there any reason not to accept it ?
>
> On Thu, 2014-01-23 at 14:55 -0600, Dolph Mathews wrote:
> >
> > On Thu, Jan 23, 2014 at 9:59 AM, Florent Flament
&
On Thu, Jan 23, 2014 at 4:02 PM, Russell Bryant wrote:
> Greetings,
>
> Last cycle we had A "feature proposal deadline" across some projects.
> This was the date that code associated with blueprints had to be posted
> for review to make the release. This was in advance of the official
> feature
_check_password() is a private/internal API, so we make no guarantees about
it's stability. Instead, override the public authenticate() method with
something like this:
def authenticate(self, user_id, password, domain_scope=None):
if user_id in SPECIAL_LIST_OF_USERS:
# compa
>From your original email, it sounds like you want to extend the existing
LDAP identity driver implementation, rather than writing a custom driver
from scratch, which is what you've written. The TemplatedCatalog driver
sort of follows that pattern with the KVS catalog driver, although it's not
a sp
On Tue, Jan 28, 2014 at 12:54 PM, Simon Perfer wrote:
> Thanks again, Dolph.
>
> First, is there some good documentation on how to write a custom driver?
> I'm wondering specifically about how a "keystone user-list" is mapped to a
> specific function in identity/backend/mydriver.py.
>
I believe i
CC'd Adam Young
Several of us were very much in favor of this around the Folsom release,
but we settled on domains as a solution to the most immediate use case
(isolation between flat collections of tenants, without impacting the rest
of openstack). I don't think it has been discussed much in the
On Sat, Feb 1, 2014 at 12:33 PM, Anne Gentle wrote:
>
>
>
> On Thu, Jan 23, 2014 at 5:21 AM, Steven Hardy wrote:
>
>> Hi all,
>>
>> I've recently been working on migrating the heat internal interfaces to
>> use
>> the keystone v3 API exclusively[1].
>>
>> This work has mostly been going well, bu
Can you open a bug for this at https://bugs.launchpad.net/keystone ? Thanks!
On Sun, Feb 2, 2014 at 9:15 AM, Martinx - ジェームズ
wrote:
> Guys,
>
> I'm trying to install IceHouse-2 in a dual-stacked environment (Ubuntu
> 14.04) but, "keystone-manage db_sync" doesn't work if db connection points
> to
On Wed, Feb 5, 2014 at 10:22 AM, Thierry Carrez wrote:
> (This email is mostly directed to PTLs for programs that include one
> integrated project)
>
> The DefCore subcommittee from the OpenStack board of directors asked the
> Technical Committee yesterday about which code sections in each
> integ
On Thu, Feb 6, 2014 at 6:38 AM, Noorul Islam Kamal Malmiyoda <
[email protected]> wrote:
> Hello stackers,
>
> We have a database with tables users, projects, roles, etc. Is there
> any reference implementation or best practices to make keystone use
> this DB instead of its own?
>
What's the prob
ts.openstack.org>
> > Sent: Friday, 7 February, 2014 7:13:20 PM
> > Subject: Re: [openstack-dev] [keystone] Integrating with 3rd party DB
> >
> > Jamie Lennox writes:
> >
> > > - Original Message -
> > >> From: "Noorul Islam K M&q
On Wed, Feb 12, 2014 at 8:30 AM, Julie Pichon wrote:
>
> I can definitely sympathise with the comment in Stefano's article that
> there are not enough easy tasks / simple issues for newcomers. There's
> a lot to learn already when you're starting out (git, gerrit, python,
> devstack, ...) and sim
keystoneclient.middlware.auth_token passes a project ID (and name, for
convenience) to the underlying application through the WSGI environment,
and already ensures that this value can not be manipulated by the end user.
Project ID's (redundantly) passed through other means, such as URLs, are up
to
On Mon, Feb 10, 2014 at 5:23 PM, Frittoli, Andrea (Cloud Services) <
[email protected]> wrote:
> Hi,
>
>
>
> I’m working on a tempest blueprint to make tempest able to run 100% on
> keystone v3 (or later versions) – the auth version to be used will be
> available via a configuration switch.
>
>
> T
t;
>
> The update of the python binding to use the keystone binding is targeted
> for icehouse or juno?
>
Clients are tracked against the same release milestones of the services, so
the integration can happen whenever someone wants to tackle it and we can
release them when they'
On Wed, Feb 19, 2014 at 10:21 AM, Vinod Kumar Boppanna <
[email protected]> wrote:
> Dear All,
>
> I am doing some development in Nova and in this regard, i have to write a
> code where Nova requests some date through V3 API of keystone. But the
> keystoneclient is always falling back
On Wed, Feb 19, 2014 at 12:33 PM, Dan Prince wrote:
> Perhaps one of the lesser know Gerrit "features" is the ability to
> overwrite someone else's patchset/review with a new revision. This can be a
> handy thing for collaboration, or perhaps to make minor edits (spelling
> fixes for example) to
17, 2014 at 6:35 AM, Yongsheng Gong wrote:
> It is not easy to enhance it. If we check the tenant_id on creation, if
> should we also to do some job when keystone delete tenant?
>
>
> On Mon, Feb 17, 2014 at 6:41 AM, Dolph Mathews wrote:
>
>> keystoneclient.middlware.au
I just noticed the subject of this email referred to the "first batch" of
invitations -- are there going to be subsequent batches of invites? If so,
who was not included in the first batch that will be in subsequent batches?
On Tue, Jan 28, 2014 at 2:45 PM, Stefano Maffulli wrote:
> A few minutes
Yes, see:
http://docs.openstack.org/developer/keystone/event_notifications.html
On Thu, Feb 20, 2014 at 10:54 AM, Nader Lahouti wrote:
> Hi All,
>
> I have a question regarding creating/deleting a tenant in openstack (using
> horizon or CLI). Is there any notification mechanism in place so tha
On Thu, Feb 20, 2014 at 4:18 AM, Marco Fargetta
wrote:
> Dear all,
>
> I am interested to the integration of SAML with keystone and I am analysing
> the following blueprint and its implementation:
>
> https://blueprints.launchpad.net/keystone/+spec/saml-id
>
> https://review.openstack.org/#/c/7135
On Wed, Feb 26, 2014 at 4:23 AM, Marco Fargetta
wrote:
> Hi Morgan,
>
> On Tue, Feb 25, 2014 at 11:47:43AM -0800, Morgan Fainberg wrote:
> > For purposes of supporting multiple backends for Identity (multiple
> LDAP, mix
> > of LDAP and SQL, federation, etc) Keystone is planning to increase the
>
On Tue, Feb 25, 2014 at 2:38 PM, Jay Pipes wrote:
> On Tue, 2014-02-25 at 11:47 -0800, Morgan Fainberg wrote:
> > For purposes of supporting multiple backends for Identity (multiple
> > LDAP, mix of LDAP and SQL, federation, etc) Keystone is planning to
> > increase the maximum size of the USER_I
gt; > From a delivery into IceHouse point of view any of the above are
> > possible, since the actual mapping used is relatively small part of
> > the patch. I personally favor 2b), since it is simple, has "less
> > moving parts" and does not change any external facing
lometer like others [1].
>> > it is surprising that it does not already identity meters indeed...
>> > probably nobody needs them before you.
>> > I guess it remains to open a BP and code them like I recently did for
>> Heat [2]
>> >
>> >
>> >
On Mon, Mar 3, 2014 at 8:48 AM, Jay Pipes wrote:
> On Sun, 2014-03-02 at 12:05 -0800, Morgan Fainberg wrote:
> > Having done some work with MySQL (specifically around similar data
> > sets) and discussing the changes with some former coworkers (MySQL
> > experts) I am inclined to believe the move
I'm very much interested in this new Keystyone thing. Is the name still
open to debeate?
On Wed, Nov 12, 2014 at 9:26 AM, Brad Topol wrote:
> I have filled out the form and very much look forward to attending!!!
>
>
> Brad Topol, Ph.D.
> IBM Distinguished Engineer
> OpenStack
> (919) 543-0646
>
On Wed, Nov 26, 2014 at 1:15 PM, Steve Gordon wrote:
> - Original Message -
> > From: "Deepak Shetty"
> > To: "OpenStack Development Mailing List (not for usage questions)" <
> [email protected]>
> >
> > Hi stackers,
> >I was having this thought which i believe applie
I've envisioned basically the same feature before, but I don't find the
comments to be particularly useful without the complete context.
What I really want from gerrit is a 3-way diff, wherein the first column is
always the original state of the repo, the second column is a
user-selectable patchse
On Tue, Dec 23, 2014 at 1:33 PM, David Chadwick
wrote:
> Hi Adam
>
> On 23/12/2014 17:34, Adam Young wrote:
> > On 12/23/2014 11:34 AM, David Chadwick wrote:
> >> Hi guys
> >>
> >> we now have the ABFAB federation protocol working with Keystone, using a
> >> modified mod_auth_kerb plugin for Apac
The default behavior, rebasing automatically, is the sane default to avoid
having developers run into unexpected merge conflicts on new patch
submissions.
But if git-review can check to see if a review already exists in gerrit
*before* doing the local rebase, I'd be in favor of it skipping the reb
Both of these build failures should be fixed by:
https://review.openstack.org/#/c/144182/
(Thanks, Alan!)
On Tue, Jan 6, 2015 at 12:28 AM, A mailing list for the OpenStack Stable
Branch test reports. wrote:
> Build failed.
>
> - periodic-keystone-docs-icehouse
> http://logs.openstack.org/per
On Wed, Jan 7, 2015 at 10:32 AM, Lance Bragstad wrote:
> https://review.openstack.org/#/c/113586/ is owned by dstanek but I
> understand he is out this week at a conference?
>
>
Correct.
> It might be worth dropping in #openstack-keystone and seeing if dstanek
> would be alright with you pickin
+1
On Sun, Jan 18, 2015 at 1:11 PM, Morgan Fainberg
wrote:
> Hello all,
>
> I would like to nominate Brad Topol for Keystone Spec core (core reviewer
> for Keystone specifications and API-Specification only:
> https://git.openstack.org/cgit/openstack/keystone-specs ). Brad has been
> a consisten
On Sun, Apr 27, 2014 at 12:19 PM, Andreas Jaeger wrote:
> The documentation team noticed that we have links in the version
> responses of several APIs that contain URLs that do not exist at all.
>
> For example, cinder includes a link to
> "
> http://jorgew.github.com/block-storage-api/content/os
On Mon, Apr 28, 2014 at 12:51 PM, Clint Byrum wrote:
> So in the process of making Heat deploy itself, I've run into a bit of a
> deadlock.
>
> https://bugs.launchpad.net/tripleo/+bug/1287453
> https://bugs.launchpad.net/heat/+bug/1313003
>
> Currently, we deploy OpenStack like this:
>
> * First
On Mon, Apr 28, 2014 at 2:48 PM, Clint Byrum wrote:
> Excerpts from Dolph Mathews's message of 2014-04-28 12:28:41 -0700:
> > On Mon, Apr 28, 2014 at 12:51 PM, Clint Byrum wrote:
> >
> > > So in the process of making Heat deploy itself, I've run into a bit of
> a
> > > deadlock.
> > >
> > > http
On Thu, May 1, 2014 at 8:50 AM, Fuente, Pablo A wrote:
> Hi,
> We recently implemented our V2 REST API, and at this moment we are
> trying to get working our python client against this new version. For
> this reason, we start a discussion about how the client will choose/set
> the REST API
On Tue, May 6, 2014 at 3:17 AM, Roman Bodnarchuk <
[email protected]> wrote:
> Thanks for reply. I think I got the justifications for such an approach.
>
> BTW, is there a resource, which can be used to track support of Keystone
> v3 (and domain-based policies) among OS services? Are
On Tue, Apr 29, 2014 at 1:25 AM, Robert Collins
wrote:
> On 29 April 2014 12:27, Dolph Mathews wrote:
> >
>
>
> > Sure: domain names are unambiguous but user mutable, whereas Heat's
> approach
> > to using admin tenant "name" is at risk to both muta
1 - 100 of 440 matches
Mail list logo
