Wednesday, 2014-03-26

« Tuesday, 2014-03-25 Index Thursday, 2014-03-27 »
jamielennoxun-deprecate? where's this coming from?00:02
morganfainbergjamielennox, http://lists.openstack.org/pipermail/openstack-dev/2014-March/031016.html00:03
*** nkinder has quit IRC00:03
*** Trozz has joined #openstack-keystone00:03
jamielennoxmorganfainberg: yea - i definetly get his point00:04
jamielennoxdoes that need to be in for rc?00:05
*** nkinder has joined #openstack-keystone00:06
morganfainbergjamielennox, that is the point of the discussion00:06
*** topol has quit IRC00:08
*** henrynash has quit IRC00:10
gyeebknudson, morganfainberg, dstanek, you guys recall why we removed gettextutils from httpd/keystone.py?00:16
gyeek, maybe we just never add it there00:19
morganfainberggyee, somethinG  about lazy loading?00:19
morganfainberggyee, not sure00:19
gyeeyes, running under apache yield a bunch warnings related to _()00:19
*** nkinder has quit IRC00:23
openstackgerritA change was merged to openstack/python-keystoneclient: Discover should support other services  https://review.openstack.org/7287800:32
*** morganfainberg is now known as morganfainberg_Z00:33
*** gokrokve has joined #openstack-keystone00:42
derek_copenstackclient is giving me a "ERROR: openstackclient.shell Exception raised: Authorization failed: The resource could not be found. (HTTP 404)"00:53
stevemarderek_c, what did you issue?00:53
derek_cwhen I look into keystone's log, I see something like: "POST http://10.0.2.15:5000/v2.0/auth/tokens HTTP/1.0" 404 9300:53
derek_cI mean, I'm just trying to run "openstack"00:53
derek_cnot even with any commands00:53
stevemarderek_c, do you have any env vars set up? like username or password?00:54
derek_cstevemar: I'm pretty sure I sourced the OpenStack RC file downloaded from horizon00:55
derek_cthe thing is it says 404, which is strange00:55
derek_cand also, I thought openstackclient uses v3 APIs by default?00:55
gyeejammielennox, gimme a shout when you have a chance, its about https://review.openstack.org/#/c/81977/00:56
dolphmmorganfainberg_Z: dstanek: the way i see it, we've achieved the most important goal -- communicating that the v2 API is going away00:56
stevemarderek_c, it would depend on what keystone endpoints are being used, if you used devstack it still sets v2.0 endpoints :\00:56
dolphmmorganfainberg_Z: dstanek: i didn't expect the K release to be completely without v2 anyway, so i don't think it's much of a dent in terms of realistic timing, either00:57
stevemarjamielennox, whats the deal with: https://github.com/openstack/python-keystoneclient/blob/master/doc/source/releases.rst should we give up on it? do a mass update - how do we figure out what we included?00:57
derek_cstevemar: hmm.. surely there must be a way to configure it to use V3 endpoint though?00:58
jamielennoxstevemar: lol - no idea00:58
jamielennoxummm00:58
stevemarjamielennox, it's so very out of date00:58
jamielennoxstevemar: yea - is it something that we can autogenerate do you think?00:59
derek_cstevemar: ah I see00:59
jamielennoxthe other option is that we just start enforcing in reviews that people add to the file when they add a feature and dolphm just seals it off before a release00:59
derek_cOS_IDENTITY_API_VERSION00:59
stevemarderek_c, http://paste.openstack.org/show/74307/01:00
openstackgerritJamie Lennox proposed a change to openstack/keystone: Isolate backend loading  https://review.openstack.org/7429301:02
openstackgerritJamie Lennox proposed a change to openstack/keystone: Make Pecan the root routing framework  https://review.openstack.org/6542801:02
stevemarjamielennox, ugh, there isn't much info in blueprints01:02
jamielennoxstevemar: there has been a few but in many cases one blueprint covered a lot of work01:02
jamielennoxeg auth-plugins01:02
stevemarjamielennox, there isn't a releases file in keystone, maybe we don't need one in keystonelcient either?01:04
*** theocean154 has joined #openstack-keystone01:04
jamielennoxstevemar: i'm happy enough to drop it consiering that it's useless anyway01:07
openstackgerritJamie Lennox proposed a change to openstack/keystone: Make Pecan the root routing framework  https://review.openstack.org/6542801:10
*** marcoemorais1 has quit IRC01:20
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Remove releases.rst from keystone docs  https://review.openstack.org/8296201:24
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Remove releases.rst from keystone docs  https://review.openstack.org/8296201:25
stevemarderek_c, try using v2.0, openstack user list should work01:27
stevemarit's possible that there is a bug where if just 'openstack' is issued, it comes up at garbage01:27
stevemarsince it's not really a command...01:27
stevemarif you need help, try --help or -h01:27
*** jamiec has joined #openstack-keystone01:34
ayoungWhy o why do I still need to do a full install to have  a VM running Fedora on my local machine?  I must figure out how to install a cloud image locally01:34
*** devlaps1 has quit IRC01:36
*** theocean154 has quit IRC01:36
*** derek_c has quit IRC01:41
ayoungjamielennox,  yum search openssl | grep python ....01:43
ayoungm2crypto  and python3-pyOpenSSL01:43
ayoungJust another reason to go Full Py301:43
*** nkinder has joined #openstack-keystone01:43
jamielennoxsure - but there are plenty of better ones01:45
jamielennoxthe problem with trying to change a framework incrementally is everything ends up looking very much like the old onee01:48
*** topol has joined #openstack-keystone01:49
openstackgerritDolph Mathews proposed a change to openstack/keystone: revert deprecation of v2 API  https://review.openstack.org/8296301:54
ayoungjamielennox, I was just looking at what was available without having to become a package maintainer02:01
ayoungjamielennox, what do you suggest?02:01
jamielennoxayoung: what are you trying to do/02:01
ayoungjamielennox, getus a crypto library02:01
jamielennoxoh - i don't think either do what you want02:01
ayoungjamielennox, if we stop doing Eventlet, we can actually use a library02:02
jamielennoxassuming you're still talking cms02:02
ayoungnope.  But m2 would support the pysmime....we'd still need to own that02:02
ayoungand openssl probably would need to be extended02:02
ayoungcould we do m2 for python27 and pyopenssl for py3?02:02
ayoungor maybe there is py27 support in the opensssl approach, we just don't ship02:03
*** derek_c has joined #openstack-keystone02:03
jamielennoxayoung: so pyopenssl is fairly limited02:03
jamielennoxmostly just ssl02:03
jamielennoxi don't think they have much in raw cert handling02:03
jamielennoxm2 is much bigger and more likely to want that sort of thing02:04
ayoungbut py 27 only02:04
jamielennoxbut i don't know if we want it02:04
ayoungthen there is pycrypto02:04
jamielennoxi like the idea of contributing to the cryptography library02:04
jamielennoxi was wondering if i'd have the chance to do the nss backend for that02:05
jamielennoxi think that's your best bet02:05
ayoungso we do pycrypto, and support openssl and NSS long term.02:05
jamielennoxthough they still haven't defined a certificate02:05
jamielennoxpycrypto != cryptography02:05
jamielennoxhttps://pypi.python.org/pypi/cryptography02:06
ayoungMaybe we just cut straight to nss...which still doesn't do CMS in python.02:06
ayoungHow bad is M2?02:07
ayounghttps://github.com/martinpaljak/M2Crypto02:08
ayounghttps://github.com/martinpaljak/M2Crypto/commit/b03e643979bcdbdf0260696dcfee5ad59bacb6c002:09
jamielennoxi'm really not sure02:11
jamielennoxhttps://github.com/martinpaljak/M2Crypto/blob/master/M2Crypto/SMIME.py02:12
jamielennoxi can't see how you'd actually use that interface though02:12
ayounghttps://github.com/martinpaljak/M2Crypto/blob/master/M2Crypto/SMIME.py#L20702:16
ayounghttps://github.com/martinpaljak/M2Crypto/blob/master/M2Crypto/SMIME.py#L19102:16
ayoungprobably x = SMIME();  x. set_x509_store();02:17
ayoungsomething like that...doesn't look horrible02:18
stevemarayoung, mind if i push a new patch of the initialization scripts?02:21
ayoungstevemar, not in the slightest02:21
jamielennoxayoung: i'm going to have a stab and say the M2crypto writer was probably not an experience python user02:25
ayoungjamielennox, thats ok.  Experienced Python people we have access too.02:25
ayoungto02:25
jamielennoxi saw a tweet or something similar recently about how a good C programmer can make any language look like C02:26
*** harlowja is now known as harlowja_away02:27
ayoungjamielennox, if the only tool you have is duck tape, everything looks like a duck02:27
jamielennoxit's been a while since i've done openssl and C but i'd almost say we're better off filling the gap with our own library unti cryptography catches up02:28
ayoungI'm guessing "no"02:28
ayoungI'm guessing we are better off fixing M202:29
ayoungI'd rather have something that works but is uglyt02:29
jamielennoxfixing as in py3/02:29
ayoungthat too02:29
ayoungright now I am just trying to get the unit tests to run02:29
*** zhiyan_ is now known as zhiyan02:32
*** mberlin has joined #openstack-keystone02:50
*** mberlin1 has quit IRC02:52
*** esmute has joined #openstack-keystone02:54
*** gyee has quit IRC02:56
*** devlaps has joined #openstack-keystone03:03
*** derek_c has quit IRC03:13
ayoungjamielennox, lets see how this goes https://github.com/martinpaljak/M2Crypto/pull/2003:19
jamielennoxayoung: so that's not a good sign03:20
ayoungjamielennox, I think that someone moved the directory03:20
ayoungbut, yeah.03:21
ayoungOTOH hand, once I fixed it, they all ran03:21
jamielennoxayoung: yea the very last commit moved a bunch of tests03:21
jamielennoxlike 3 days ago03:21
ayoungMy guess is that this is a code base we can work with03:22
ayoungjamielennox, I'm guessing a liberal use of six and we can get this py3303:24
ayoungAnyway, I'm a head to bed.  Thought you might find it interesting03:25
*** ayoung has quit IRC03:26
*** gokrokve has quit IRC03:37
*** gokrokve_ has joined #openstack-keystone03:38
*** gokrokve_ has quit IRC03:42
*** wchrisj has quit IRC03:43
*** browne has quit IRC03:48
*** gokrokve has joined #openstack-keystone04:07
*** gokrokve has quit IRC04:13
*** david-lyle has joined #openstack-keystone04:16
*** dolphm has quit IRC04:25
*** dolphm has joined #openstack-keystone04:27
stevemaris there a correct order in deleting keystone data?04:50
stevemari would think it's users, projects, roles, domains, endpoints, services04:51
*** YorikSar has quit IRC05:03
*** amcrn has quit IRC05:08
*** topol has quit IRC05:14
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Example Initialization scripts  https://review.openstack.org/8268705:15
*** ChanServ sets mode: +o dolphm05:19
*** marcoemorais has joined #openstack-keystone05:20
*** devlaps has quit IRC05:43
*** stevemar has quit IRC05:58
openstackgerritJenkins proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/7852506:01
*** gokrokve has joined #openstack-keystone06:08
*** bvandenh has quit IRC06:13
*** gokrokve has quit IRC06:13
*** YorikSar has joined #openstack-keystone06:14
*** saju_m has joined #openstack-keystone06:19
*** amcrn has joined #openstack-keystone06:51
*** derek_c has joined #openstack-keystone06:53
*** zoresvit has joined #openstack-keystone07:12
*** saju_m has quit IRC07:13
*** derek_c has quit IRC07:18
*** jaosorior has joined #openstack-keystone07:25
*** henrynash has joined #openstack-keystone07:28
*** marcoemorais has quit IRC07:28
openstackgerritJamie Lennox proposed a change to openstack/keystone: Make Pecan the root routing framework  https://review.openstack.org/6542807:35
*** henrynash has quit IRC07:40
openstackgerritA change was merged to openstack/keystone: Uses generator expressions instead of filter  https://review.openstack.org/7081607:55
*** flaper87|afk is now known as flaper8707:57
*** zoresvit has quit IRC08:03
*** bvandenh has joined #openstack-keystone08:07
*** gokrokve has joined #openstack-keystone08:08
*** gokrokve has quit IRC08:12
*** henrynash has joined #openstack-keystone08:28
*** chandankumar_ has joined #openstack-keystone08:42
*** henrynash has quit IRC08:50
*** leseb has joined #openstack-keystone08:54
*** henrynash has joined #openstack-keystone08:55
*** marcoemorais has joined #openstack-keystone08:57
*** marcoemorais has quit IRC09:01
openstackgerritMarcos Fermín Lobo proposed a change to openstack/keystone: Unimplemented get roles by group for project list  https://review.openstack.org/7647009:11
*** Gippa has joined #openstack-keystone09:13
*** gokrokve has joined #openstack-keystone09:13
*** gokrokve has quit IRC09:13
*** gokrokve has joined #openstack-keystone09:14
*** gokrokve has quit IRC09:16
*** gokrokve has joined #openstack-keystone09:17
*** gokrokve has quit IRC09:21
*** andreaf has joined #openstack-keystone09:22
*** Trozz has quit IRC09:28
*** Trozz has joined #openstack-keystone09:29
*** Trozz_ has joined #openstack-keystone09:30
*** Trozz_ has quit IRC09:30
*** Trozz has quit IRC09:30
*** Trozz has joined #openstack-keystone09:31
*** Trozz_ has joined #openstack-keystone09:31
*** mich5225 has joined #openstack-keystone09:32
*** Trozz has quit IRC09:33
*** Trozz_ has quit IRC09:33
*** mich5225 has quit IRC09:33
*** Trozz has joined #openstack-keystone09:33
*** Trozz has quit IRC09:39
*** Trozz has joined #openstack-keystone09:40
*** Trozz has quit IRC09:40
*** Trozz has joined #openstack-keystone09:43
*** gokrokve has joined #openstack-keystone09:44
*** Trozz has quit IRC09:45
*** marcoemorais has joined #openstack-keystone09:57
*** marcoemorais has quit IRC10:01
*** chandankumar_ has quit IRC10:22
*** Trozz has joined #openstack-keystone10:31
*** Trozz has quit IRC10:34
*** Trozz has joined #openstack-keystone10:41
*** Trozz has quit IRC10:42
*** Trozz has joined #openstack-keystone10:44
*** Gippa has quit IRC10:44
*** Trozz has quit IRC10:45
*** Gippa has joined #openstack-keystone10:48
*** marcoemorais has joined #openstack-keystone10:58
*** marcoemorais1 has joined #openstack-keystone11:00
*** marcoemorais1 has quit IRC11:00
*** marcoemorais has quit IRC11:00
*** marcoemorais has joined #openstack-keystone11:00
*** marcoemorais has quit IRC11:05
*** henrynash has quit IRC11:09
*** leseb has quit IRC11:14
*** leseb has joined #openstack-keystone11:14
*** leseb has quit IRC11:19
*** saju_m has joined #openstack-keystone11:21
*** Trozz has joined #openstack-keystone11:23
*** Trozz has quit IRC11:23
*** Trozz has joined #openstack-keystone11:29
*** Trozz has quit IRC11:36
thiagopHello everyone. I was investigating the use of domains on Horizon and suddenly bumped into a problem: When I'm using API v3 on Horizon, authenticate myself and send my token to Nova, Nova doesn't works using API v3 and send the token to be validated by v2.0 port11:45
*** gokrokve has quit IRC11:45
*** gokrokve has joined #openstack-keystone11:46
thiagopTalking to some colleagues here we thought of a solution that seems reasonable, but I can't view all the implications so, here it goes...11:46
thiagopWe could create a way to distinguish a token v2 from a v3 and use it to create a port that could receive any token of any version and use the correct validation procedure for it11:48
thiagopwhat could be problematic on doing that?11:48
*** gokrokve has quit IRC11:50
*** leseb has joined #openstack-keystone11:56
*** gokrokve has joined #openstack-keystone11:57
*** leseb has quit IRC12:00
*** marcoemorais has joined #openstack-keystone12:01
*** Trozz has joined #openstack-keystone12:02
*** raildo has joined #openstack-keystone12:03
*** Trozz has quit IRC12:03
*** wchrisj has joined #openstack-keystone12:04
*** marcoemorais has quit IRC12:05
*** topol has joined #openstack-keystone12:16
*** dims_ has quit IRC12:18
dolphmthiagop: you should be able to configure auth_token to talk to v3 by setting auth_version = 3 in it's config12:18
thiagopdolphm: on Nova?12:18
dolphmthiagop: in nova's paste config for auth_token, yes12:18
dolphmthiagop: the v3 api can validate all v2 tokens, and v2 can validate default-domain tokens12:19
*** dims_ has joined #openstack-keystone12:21
thiagopdolphm: I'll try that, thanks!12:26
*** david-lyle has quit IRC12:27
*** leseb has joined #openstack-keystone12:27
*** leseb has quit IRC12:43
dstanekdolphm: i just saw a message from gyee (from last night) about a possible bug in httpd/keystone.py. do you happen to know if there is a review for it? i don't see one from gyee12:45
dolphmdstanek: i definitely don't have a bug report12:45
dstanekdolphm: i'll make one with the details i have to far12:46
dolphmdstanek: what's the gist?12:46
dstanekwarnings about _() when running under apache12:46
dolphmdstanek: warnings?12:47
dstaneki haven't tried it yet so i don't know if it's a complete fail or just something logged12:47
dolphmdstanek: not the failure we saw in keystone-all i assume12:47
dstaneki don't think so: "gyee | yes, running under apache yield a bunch warnings related to _()"12:47
dstanekis devstack setup to run under apache?12:48
dolphmwell that's vague12:48
dolphmdstanek: you can switch to apache with...12:48
dstanekif i can't reproduce i won't worry about it unless gyee says it's actually an issue12:48
dolphmthere's a function called "is_apache_enabled_service" somewhere...12:51
dolphmdstanek: APACHE_ENABLED_SERVICES = key12:52
dolphmi think12:52
dolphmswift is also supported there12:52
*** gokrokve has quit IRC12:53
*** gokrokve has joined #openstack-keystone12:53
dstanekstacking now12:57
*** gokrokve has quit IRC12:57
openstackgerritMarcos Fermín Lobo proposed a change to openstack/keystone: Unimplemented get roles by group for project list  https://review.openstack.org/7647012:58
*** leseb has joined #openstack-keystone13:00
* dolphm python-keystoneclient 0.7.0 is gating13:01
*** marcoemorais has joined #openstack-keystone13:01
*** bknudson has joined #openstack-keystone13:03
*** marcoemorais has quit IRC13:06
*** gokrokve has joined #openstack-keystone13:07
* dolphm https://pypi.python.org/pypi/python-keystoneclient/0.7.013:17
*** zhiyan is now known as zhiyan_13:19
*** zhiyan_ is now known as zhiyan13:19
*** ayoung_ has joined #openstack-keystone13:21
dolphmgraphing the last year of load on the gate is interesting http://graphite.openstack.org/render/?from=-1year&width=1920&height=135&margin=0&hideLegend=true&hideAxes=true&hideGrid=true&target=color(stats.gauges.zuul.pipeline.gate.current_changes,%20%27000000%27)&bgcolor=ffffff&139583994265113:22
*** ayoung_ is now known as ayoung13:22
*** bknudson has quit IRC13:23
dolphmthe 60 hour gate times is reflected by the big giant spike on the right13:23
*** topol has quit IRC13:24
openstackgerritDolph Mathews proposed a change to openstack/keystone: Avoid using .values() on the indexed columns  https://review.openstack.org/8279313:26
*** joesavak has joined #openstack-keystone13:27
*** leseb has quit IRC13:31
*** leseb has joined #openstack-keystone13:34
dstanekdolphm: i can definitely see how translations would not work, but i can't reproduce yet13:35
*** lbragstad has quit IRC13:38
*** stevemar has joined #openstack-keystone13:47
*** stevemar has quit IRC13:48
*** stevemar has joined #openstack-keystone13:48
*** nkinder has quit IRC13:49
stevemardolphm, what about the access and stats extension, weren't those marked deprecated, and need to be reverted? or because they are contrib, we still go ahead with it?13:53
dstanekah, so i don't actually the the .mo translations installed13:55
*** marcoemorais has joined #openstack-keystone14:02
*** browne has joined #openstack-keystone14:03
*** marcoemorais has quit IRC14:07
*** zuqiang has quit IRC14:14
*** topol has joined #openstack-keystone14:16
*** lbragstad has joined #openstack-keystone14:21
marekdstevemar: hi. Just want to confirm: In the tests like here https://review.openstack.org/#/c/60820/19/keystoneclient/tests/v3/test_oauth1.py what is really checked is not the interaction with the server but  rather the fact if keystoneclient correctly creates the requests?14:25
openstackgerritA change was merged to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/7852514:32
dolphmstevemar: the reasoning behind deprecating those was different, i don't think there's an issue there14:36
stevemardolphm, cool14:36
stevemardolphm, just wanted to make sure we're covered14:36
stevemarmarekd, yes, the test is to make sure the request is correctly formed, the headers, body and url14:37
stevemarmarekd, the keystoneclient tests don't interact with the keystone server, if you want that, you can look at: https://github.com/openstack/keystone/blob/master/keystone/tests/test_keystoneclient.py#L11114:38
marekdstevemar: and the way back?14:39
stevemarmarekd, how does keystoneclient verify what was received?14:40
*** chandan_kumar has quit IRC14:42
marekdstevemar: attributes, structure etc. It's not for validating server side, rather validating whether you wrote the code that correctly parses the response...14:42
marekdstevemar: and this response you can *somehow* create, by hand..14:42
*** nkinder has joined #openstack-keystone14:42
*** chandankumar_ has joined #openstack-keystone14:44
marekdstevemar: stevemar what's the point in creating such fake URL (I assume they are fake URL..) like here for instance?14:44
marekdstevemar: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/v3/test_groups.py#L4114:45
*** chandankumar_ has quit IRC14:46
*** chandan_kumar has joined #openstack-keystone14:47
*** chandan_kumar has quit IRC14:48
*** chandan_kumar has joined #openstack-keystone14:48
*** thedodd has joined #openstack-keystone14:48
stevemarmarekd, the point of the fake url is to make sure your new class is actually invoking that url.14:48
marekdstevemar: ah, ok :-)14:49
marekdstevemar: it was kinda unclear to me :-)14:49
stevemarmarekd, so in that case, managers.lits(user=user_id) should trigger the url GET /users/user_id14:49
marekdstevemar: ok, triger URL and get some response?14:50
stevemarsort of14:50
marekdstevemar: because my initial understanding was: httpretty acts as a fake server, you basically pass to it what should be responded (just pure to-be-jsonized-dictionary), and call keystoneclient method, that will hit that URL, get response, parse it etc.14:51
stevemaryou can't verify the server response, but you can verify that the class created the object with all the data14:51
stevemaryeah, you're not far off14:51
stevemartheres a lot of behind-the-scenes code going on in those tests, so it's a bit weird14:52
marekdstevemar: Already noticed it :-)14:52
*** marcoemorais has joined #openstack-keystone14:52
stevemarhttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/v3/test_auth.py14:52
marekdstevemar: especially 'default' test_{create,delete,get} methods :-)14:52
stevemaryeah :\14:53
stevemarmarekd, you can use stub_url to pass in a json parameter to act as the respose body14:53
*** david-lyle has joined #openstack-keystone14:53
stevemarmarekd, in this case: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/v3/test_auth.py#L90 the response is checked14:54
stevemarerr, not actually checked, you know what i mean14:54
marekdyep14:54
stevemarstub_auth is just stub_url but checks /auth specific stuff14:55
*** chandan_kumar has quit IRC14:55
stevemarhttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/v3/utils.py#L14014:55
marekdyep, i was looking at it.14:55
*** chandan_kumar has joined #openstack-keystone14:56
marekdhmmm, stub_auth is a general method for *all* calls where authentication is required?14:56
marekdstevemar: erm...stupid me.14:57
*** marcoemorais has quit IRC14:57
stevemarmarekd, yes, generic call for all auth related calls, you don't have to use it, but it's handy14:57
marekdbecause when I am calling test that adds IdP now what I get is Unauthorized error.14:59
marekdRESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}14:59
marekdso i don't know if the solution for that is adding some extra parameter, like X-Auth-Token in kwargs in stub_uri()14:59
*** bvandenh has quit IRC15:02
*** chandan_kumar has quit IRC15:03
*** vhoward has joined #openstack-keystone15:07
*** chandan_kumar has joined #openstack-keystone15:09
stevemarmarekd, show me some code in a pastie15:12
marekdstevemar: ok15:13
*** wchrisj has quit IRC15:18
*** Gippa has quit IRC15:20
marekdstevemar: ok, nvm, looks like i found where the problem was :-)15:24
stevemaryay15:24
*** jsavak has joined #openstack-keystone15:30
*** bknudson has joined #openstack-keystone15:30
*** joesavak has quit IRC15:33
openstackgerritMarcos Fermín Lobo proposed a change to openstack/keystone: Unimplemented get roles by group for project list  https://review.openstack.org/7647015:39
*** saju_m has quit IRC15:43
dolphmisn't there a bug that s/v2.0/v3/ https://review.openstack.org/#/c/75731/ can be attached to?15:44
dolphmthat would have been in 0.7.0 if it was tracked ;(15:45
dolphmmaybe https://bugs.launchpad.net/python-keystoneclient/+bug/126091615:45
uvirtbotLaunchpad bug 1260916 in python-openstackclient "Setting --os-identity-api-version=3  still uses v2" [Undecided,Invalid]15:45
openstackgerritDolph Mathews proposed a change to openstack/python-keystoneclient: Adds to Keystone to convert V2 endpoints to V3  https://review.openstack.org/7573115:46
*** joesavak has joined #openstack-keystone15:47
*** marcoemorais has joined #openstack-keystone15:49
*** jsavak has quit IRC15:51
*** wchrisj has joined #openstack-keystone15:52
*** jsavak has joined #openstack-keystone15:59
*** joesavak has quit IRC16:02
*** wchrisj has quit IRC16:05
*** wchrisj has joined #openstack-keystone16:07
ayoungdolphm, https://review.openstack.org/#/c/75731/  thank you16:09
ayoungmight be the killer feature for KC16:09
dolphmayoung: i don't know about "killer" but it would be nice for icehouse :P16:10
ayoungdolphm, its one of the reasons we had to remove the deprecation from V2...16:10
ayoungit allows v2/v3 interop.  That is big16:10
openstackgerritDavid Stanek proposed a change to openstack/keystone: Enable lazy translations in httpd/keystone.py  https://review.openstack.org/8311316:10
*** wchrisj has quit IRC16:12
dolphmdstanek: know if that was a regression during icehouse?16:12
dolphmdstanek: stable/havana just has a gettextutils.install('keystone')16:13
dstanekdolphm: it slipped in on patch set 27 https://review.openstack.org/#/c/58766/16:13
dstanekdolphm: httpd/keystone.py should have had the same change as bin/keystone-*16:15
ayoungdstanek, +A16:15
ayoungdolphm, anything gating RC1 at the moment?16:16
dolphmayoung: that ^ now16:16
dolphmdstanek: thanks!16:16
dolphmayoung: deprecation revert hasn't landed yet eitehr16:16
ayoungdolphm, looking16:16
dolphmayoung: nor has the .values() removal from migration 4316:17
dolphmayoung: so, three patches to land until milestone-proposed16:17
ayoungdolphm, that one is progressing, I just checked16:17
ayoungdolphm, so nothing that still needs review, then?16:18
openstackgerritA change was merged to openstack/identity-api: Add service name to service catalog  https://review.openstack.org/8197516:18
dolphmayoung: i don't think so, we're just waiting on the electrons to shuffle about16:18
dstanekdolphm: i thought electrons were pretty fast. i think we are actually waiting for paint to dry16:20
ayoungdolphm, cool....change of subjects.  jamielennox and I were looking at Crypto libraries last night.  It looks like someone has picked up M2 as the maintainer.  It seems to be the most full-featured of the set.  Does SMIME, for example.  Its Py26 and 27 only.16:20
ayoungI don;t think there is anything out there we can use without putting some effort in16:20
ayoungI suspect M2 is the best candidate16:20
ayoungI submitted this last night https://github.com/martinpaljak/M2Crypto/pull/2016:21
dolphmdstanek: depends on if you're talking AC or DC :P16:21
dolphmayoung: what is barbican using?16:22
ayoungWhich indicates he's playing it a little fast and loose on commits, since his previous obviously broke all of the unit tests16:22
dolphmayoung: and is m2 in openstack/requirements already?16:22
ayoungdolphm, I suspect that they are using pycrypto.  m2 used to be, not sure if it was removed16:22
*** leseb has quit IRC16:22
ayounghttps://github.com/openstack/requirements/blob/master/global-requirements.txt nope, it is gone16:23
ayoungpycrypto>=2.6  is in there16:23
dstanekayoung: i think they do use pycrypto16:23
ayoungI suspect, though, that the amount of work we would have to put into pycrypto is much greater.16:23
dolphmayoung: maybe a good cross-project session - crypto libraries in the community and reasons behind using/avoiding each16:24
ayoungStill doing research, of course16:24
ayoungdolphm, yeah, that is what I was thinking16:24
dolphmayoung: start a mailing list discussion?16:24
ayoungNeed to do some homework for that.16:24
openstackgerritJenkins proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/8223116:26
*** joesavak has joined #openstack-keystone16:29
*** jsavak has quit IRC16:31
*** leseb has joined #openstack-keystone16:32
openstackgerritJenkins proposed a change to openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/7969516:33
openstackgerritA change was merged to openstack/keystone: Avoid using .values() on the indexed columns  https://review.openstack.org/8279316:34
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Sync test_migrations  https://review.openstack.org/8061816:35
openstackgerritIlya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations.  https://review.openstack.org/8063016:35
*** devlaps has joined #openstack-keystone16:36
*** wchrisj has joined #openstack-keystone16:36
*** sneezewort has joined #openstack-keystone16:41
sneezewortDo you guys have any good in-depth documentation of keystone endpoints?16:43
dolphmsneezewort: referring to the catalog of other services, or to keystone's own API endpoints?16:47
*** marekd is now known as marekd|away16:48
sneezewortdolphm, The API endpoints.16:49
*** lbragstad has quit IRC16:49
dolphmsneezewort: :5000/v2.0/ implements the "public service" described here https://github.com/openstack/identity-api/tree/master/openstack-identity-api/v2.0/src/docbkx16:50
*** jaosorior has quit IRC16:50
dolphmsneezewort: :35357/v2.0/ implements the "admin" interface described the corresponding wadl/xsd above16:51
dolphmsneezewort: /v3/ is implements https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md16:51
dolphmsneezewort: extensions define their own resources on top of the common apis16:52
*** gokrokve has quit IRC16:55
*** chandan_kumar has quit IRC16:57
*** harlowja_away is now known as harlowja16:58
*** gokrokve_ has joined #openstack-keystone16:58
openstackgerritThierry Carrez proposed a change to openstack/keystone: Open Juno development  https://review.openstack.org/8313216:59
*** gpizza has joined #openstack-keystone17:03
dolphmsoon ^17:03
*** wchrisj has quit IRC17:05
*** leseb has quit IRC17:10
openstackgerritA change was merged to openstack/keystone: revert deprecation of v2 API  https://review.openstack.org/8296317:12
*** gpizza has quit IRC17:13
*** amcrn has quit IRC17:15
sneezewortdolphm, Thanks!17:15
*** gyee has joined #openstack-keystone17:40
*** gokrokve_ has quit IRC17:41
gyeedolphm, thanks for https://bugs.launchpad.net/bugs/129792217:46
uvirtbotLaunchpad bug 1297922 in keystone "Internationalization is broken when using httpd/keystone.py" [Medium,In progress]17:46
*** leseb has joined #openstack-keystone17:48
dolphmgyee: you should have reported it as a bug ASAP!17:49
*** lbragstad has joined #openstack-keystone17:50
*** morganfainberg_Z is now known as morganfainberg17:50
*** pcargnel_ has joined #openstack-keystone17:53
morganfainbergmornin'17:54
dstanekgyee: you also said something about warnings for _() - where were you seeing that?17:54
*** amcrn has joined #openstack-keystone17:55
dolphmmorganfainberg: o/17:56
morganfainbergdolphm, how goes? (saw the removal of V2 deprecation)17:56
morganfainbergdolphm, i'm wondering if we can roll up all of V2 into a middleware that translates v3...17:57
dolphmmorganfainberg: waiting on one last bug fix (i18n+httpd) and we'll open for juno17:57
gyeedstanek, a follow HP dude noticed them in the logs17:57
morganfainbergdolphm, +++++++17:57
morganfainbergdolphm, YAY!17:57
dolphmmorganfainberg: and yes, i'd like to do that specifically for the basic auth flow17:57
morganfainbergdolphm, that means it's time to crank on getting revoke and ephemeral tokens moving.17:57
*** pcargnel_ has quit IRC17:57
dolphmmorganfainberg: ++17:57
*** saju_m has joined #openstack-keystone17:58
dstanekgyee: do you have access to those logs? i'd be interested to see if my fix actually fixes that issue17:59
gyeedstanek, sure, I'll attach them to the bug18:00
dstanekgyee: my fix was targeting the problem of always translating to the default locale18:00
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Use in-memory SQLite for testing  https://review.openstack.org/8291718:01
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Use in-memory SQLite for sql migration tests  https://review.openstack.org/8291818:01
morganfainbergdolphm, ^ everything should be in place for way better testing once we jump into juno.18:01
morganfainbergdolphm, I think... I think... we're starting in a much better place than before.18:02
morganfainbergdolphm, also, the transient error that we occassionally see in multiple workers I've seen a couple times now. I think it's a teardown issue because it's something wrong with the FAKELDAP impl.18:03
gyeedstanek, I bet my beer money you fixed it, its the same as https://github.com/openstack/keystone/blob/master/bin/keystone-all#L3718:03
gyeebut I'll reverify18:03
ayoungmorganfainberg, this makes me happy as a little schoolgirl!  https://review.openstack.org/#/c/82917/218:07
morganfainbergayoung, :)18:07
ayoungdstanek, we holding off on +A on https://review.openstack.org/#/c/81720/7  due to gate?18:08
morganfainbergayoung, wait for juno18:08
ayoungmorganfainberg, ++18:08
morganfainbergayoung, :) we're close and no reason to chance anything.18:09
ayoungJ0 should be cut at the time of the summit!18:09
gyeedon't mess up the karma now18:09
ayoung++18:09
dstanekayoung: yup - i probably should have put that in there to that effect18:09
ayounggyee, wanna see something?18:09
ayounghttps://github.com/martinpaljak/M2Crypto/pull/20  gyee18:10
ayounggyee, not 100% sure, but I think M2 might be the right way forward.  Doing my homework now.  It would need some love...specially in a python3 sort of way18:10
gyeeayoung, yeah, I agree18:11
morganfainbergayoung, ugh another pull request based lib.18:11
* morganfainberg dislikes pull-requests18:11
ayounggyee, do you guys have an in house maintainer for M2?18:11
morganfainberggerrit workflow is better imo18:11
ayoungmorganfainberg, meh...its what github does.   Better than we had in the past18:11
gyeeayoung, not officially afaik18:12
morganfainbergayoung, true, but still.18:12
gyeeayoung, lemme kick off an internal email to find out18:12
morganfainbergayoung, gerrit > github18:12
ayounggyee, hows about unofficially?  Someone we could lean on?18:12
ayoungnice18:12
gyeeayoung, I can help18:12
morganfainbergayoung, you thinking of resurrecting M2 (inc. for py33?)18:12
ayoungmorganfainberg, contemplating.  not committed18:12
morganfainbergit looks maintained-ish18:12
morganfainbergnow18:12
ayoungmorganfainberg, resurrected, I would say18:12
morganfainberglol18:13
ayoungmorganfainberg, its more full featured than any of the other openssl libraries18:13
ayoungso question is how hard would Py3 be?18:13
gyeem2 is just a openssl wrap18:13
ayoungCuz whatever we would chose would require work18:13
morganfainbergayoung, iirc it was a large refactor to make it py3 happy18:13
morganfainbergayoung, which was why it was discounted (along with, more importantly, that it wasn't maintained)18:14
dstaneklate lunch time!18:14
*** dstanek is now known as dstanek_afk18:14
ayoungmorganfainberg, I suspect that is true, but I suspect that with what I've seen in Key Client that is going to be true of any libraray18:14
ayoungp2/3 interop is not trivial18:14
ayoungand we are going to need both for a while.18:14
morganfainbergayoung, worse when you're doing c-bindings18:15
ayoungNot a Py3 rewrite18:15
ayoungmorganfainberg, one possibility is M2 for py27 and openssl for Py318:15
gyeemorganfainberg, more scary than that, code is generated from the SWIG18:15
gyeeso we have to make sure the generated code is p3 happy18:16
gyeepy3 I mean18:16
ayoungis SWIG capable of producing Py3 code?18:16
morganfainberggyee, swig... euuuuuwwww18:16
gyeeyep swig :)18:16
morganfainbergayoung, https://bitbucket.org/hpk42/tox/pull-request/86/support-optional-env-variable-substitution/diff once that is in, and we move to that vintage of tox (some work) we can convert 100% of run_tests over to using tox18:17
ayoungmorganfainberg, they all suck, just in different ways18:17
ayoungNICE18:18
openstackgerritA change was merged to openstack/python-keystoneclient: Adds to Keystone to convert V2 endpoints to V3  https://review.openstack.org/7573118:24
openstackgerritJenkins proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/8223118:27
openstackgerritA change was merged to openstack/keystone: Enable lazy translations in httpd/keystone.py  https://review.openstack.org/8311318:30
dolphmwoo18:30
*** amerine has joined #openstack-keystone18:32
openstackgerritJenkins proposed a change to openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/7969518:33
*** dstanek_afk has quit IRC18:36
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Remove _delete_tokens function from federation controller  https://review.openstack.org/8316918:41
stevemardolphm, ^18:42
*** zhiyan is now known as zhiyan_18:52
*** jamielennox is now known as jamielennox|away18:54
*** pcargnel has joined #openstack-keystone18:55
*** thedodd has quit IRC19:05
*** jaosorior has joined #openstack-keystone19:06
*** wchrisj has joined #openstack-keystone19:14
ayoungmorganfainberg, so, in our tox setup, the requirements.txt file is processed to install the reqs into the tox venv.  What makes that happen?19:15
ayoung[testenv]19:16
ayoungusedevelop = True19:16
ayounginstall_command = pip install -U {opts} {packages}19:16
ayoung19:16
morganfainbergayoung, if you look in tox.ini https://github.com/openstack/keystone/blob/master/tox.ini#L1019:21
ayoungmorganfainberg, yeah...still some magix in there19:21
ayounginstall_command = pip install -U {opts} {packages}19:22
ayoungwhat builds {packages}19:22
morganfainbergayoung, http://tox.readthedocs.org/en/latest/config.html#confval-install_command=ARGV19:22
morganfainbergit's a tox substitution19:23
*** leseb has quit IRC19:24
morganfainbergdolphm, minutes...19:25
dolphmmorganfainberg: 17!19:25
morganfainberg:)19:25
openstackgerritA change was merged to openstack/keystone: Open Juno development  https://review.openstack.org/8313219:27
ayoungw00t!19:27
morganfainbergdolphm, that was less than 1019:27
morganfainbergless than 1719:27
morganfainbergayoung, i think this means we need to get working on Ephemeral tokens and getting revoke up to snuff.19:31
morganfainbergayoung, cause... that should be ready before summit imo19:32
*** leseb has joined #openstack-keystone19:32
ayoungw00t woot!19:33
ayoungmorganfainberg, Time to start on Juno.19:33
*** leseb has quit IRC19:34
dolphmi need to go unblock things19:34
dolphmall the things19:34
*** andreaf has quit IRC19:34
*** pcargnel has quit IRC19:44
*** dstanek_afk has joined #openstack-keystone19:52
dolphmbknudson: restore? https://review.openstack.org/#/c/70630/19:53
dolphmdstanek_afk: restore? https://review.openstack.org/#/c/74447/19:53
*** dstanek_afk is now known as dstanek19:53
dolphmbknudson: restore? https://review.openstack.org/#/c/75708/19:53
dolphmjamielennox|away: restore? https://review.openstack.org/#/c/78127/19:53
dstanekdolphm: restored19:54
dolphmmorganfainberg: definitely restore ASAP https://review.openstack.org/#/c/78169/19:54
dolphmmorganfainberg: i also need to restore my empty migrations patch19:54
dolphmdstanek: thanks19:54
dolphmdstanek: same https://review.openstack.org/#/c/73368/19:55
dolphmdstanek: https://review.openstack.org/#/c/74623/19:55
dolphmbknudson: https://review.openstack.org/#/c/80401/19:56
bknudsondolphm: ?19:56
dstanekall the things in that patchset are now restored - looks like i have quite a bit of rebasing ahead of me19:56
dolphmbknudson: restore!19:57
bknudsondolphm: https://review.openstack.org/#/c/80401/ is not abandoned19:57
bknudsonit will probably be abandoned tomorrow19:57
dolphmbknudson: my mistake!20:00
openstackgerritDolph Mathews proposed a change to openstack/keystone: Add placeholders for reserved migrations  https://review.openstack.org/7015320:07
bknudsonis there a v3 api to get the list of extensions?20:07
dolphmbknudson: no - think extensions should inject themselves as links from existing resources20:07
dolphmbknudson: even if that's from /v3/ as OS-FEDERATION might do20:08
*** thedodd has joined #openstack-keystone20:08
dolphmthis should land before anything else in juno: https://review.openstack.org/#/c/70153/20:09
openstackgerritDolph Mathews proposed a change to openstack/keystone: Add placeholders for reserved migrations  https://review.openstack.org/7015320:10
dolphmbknudson: just fixed a typo ^ s/JUno/Juno/20:10
*** saju_m has quit IRC20:11
bknudson/v2.0/extensions has OS-FEDERATION20:12
bknudsonhttp://api.openstack.org/api-ref-identity.html#identity-v3-ext -- says /v3/extensions :(20:13
openstackgerritA change was merged to openstack/python-keystoneclient: Add 'methods' to all v3 test tokens  https://review.openstack.org/7495520:18
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Remove _delete_tokens function from federation controller  https://review.openstack.org/8316920:21
*** derek_c has joined #openstack-keystone20:22
*** joesavak has quit IRC20:29
*** saju_m has joined #openstack-keystone20:30
openstackgerritSteve Martinelli proposed a change to openstack/python-keystoneclient: Example Initialization scripts  https://review.openstack.org/8268720:34
*** david-lyle has quit IRC20:34
*** devlaps has quit IRC20:35
*** saju_m has quit IRC20:37
dolphm51 bugs fixed during RC, nice work everyone :)20:38
morganfainbergdolphm, i'll bring that one back soon20:41
dolphmmorganfainberg: https://review.openstack.org/#/c/70153/20:41
*** devlaps has joined #openstack-keystone20:41
*** nkinder has quit IRC20:42
morganfainbergdolphm, so we're going wiht that for sure this time?20:42
morganfainberg+220:43
dolphmmorganfainberg: might as well have room for the possibility, right?20:43
morganfainbergdolphm, +2'd20:43
morganfainbergdolphm, about to propose the removal of the assignment proxy20:44
dolphmmorganfainberg: IN_MEM_DB_CONN_STRING - but why didn't you abbreviate STRING too?20:48
morganfainbergdolphm, :P20:49
morganfainbergdolphm, what it's a descriptive (ish) variable name20:49
*** topol has quit IRC20:50
dolphmmorganfainberg: IN_MEM_SQL_DB_CONN_STR <- i would have used those extra three characters for something more productive20:50
morganfainbergdolphm, oh yes! TEST_RUN_CONCURRENCY=8 tox -epy27 -- --subunit | subunit-2to1 | tools/colorizer.py20:50
morganfainbergthats right run concurrency of 820:50
dolphmyeah i can't match that20:50
bknudsonthe concurrency run often fails for me20:51
morganfainbergdolphm, mbp 13 only have i5?20:51
bknudsonusually in fakeldap20:51
bknudsonbut I also saw it fail once on the keystoneclient tests20:51
morganfainbergbknudson, that is the bug i need to smash out before we enable it for everything20:51
dolphmmorganfainberg: mine has an i720:51
dolphmmorganfainberg: i guess i could do 8 with threading20:51
morganfainbergdolphm, 8 should be good.20:51
morganfainbergbknudson, the ksc one is really infrequent compared to the fakeldap one20:52
morganfainbergbknudson, but i haven't seen the issue enough to really solve it.20:52
morganfainbergbknudson, it's an attribute error, so something wrong w/ setup/teardown?20:53
morganfainbergbknudson, i'm planning on poking at it as I can to try and get us to using concurrency by default20:53
bknudsonmorganfainberg: I think it was git complaining20:53
morganfainbergbknudson, the keystoneclient ones?20:53
bknudsonmorganfainberg: yes20:53
morganfainbergbknudson, yeah, i think we need to collapse the two keystoneclient files and that will likely go away20:54
morganfainbergbknudson, i _think_20:54
*** leseb has joined #openstack-keystone20:54
morganfainbergbknudson, the fakeldap one, i'm not really sure about20:55
morganfainbergbknudson, ooh interestingly i have a failure happening consistently now.20:55
morganfainbergbknudson, maybe i can fix it.20:55
bknudsonmorganfainberg can fix it.20:56
morganfainbergbknudson, lol20:56
dstanekdolphm: your fix to replace len(idx.columns.values()) fixes a bug in Py3, win win20:59
morganfainbergdstanek, yay!21:00
dstanekmorganfainberg: i should have something today for fixing the tests under python3 - i've been poking at it in between other things21:01
morganfainbergdstanek, sounds good21:01
dstaneki've haven't really had to do much to get tests working - right now though testr just dies and i don't know how many succeed or fail21:02
dstaneki get path the cert creation without errors because i see that output just fine21:02
morganfainbergdolphm, do we want a "removed as of Juno" bp?21:02
morganfainbergdolphm, since we ahve a deprecated as of21:03
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove assignment proxy methods/controllers  https://review.openstack.org/8321921:05
morganfainbergbknudson, i think i foudn the issue w/ fakeldap.21:08
morganfainbergbknudson, looking into it now.21:08
*** wchrisj has quit IRC21:11
bknudsonmorganfainberg: is this the error you see - UnexpectedMethodCallError(self, None)21:11
morganfainbergbknudson, yeah it's a mox stubout issue21:11
bknudsonseems odd to use mox on a fake.21:12
morganfainbergbknudson, it looks like we may not do stubout cleanly in the test cases.21:12
morganfainbergbknudson, it's to stubout the connection in the ldap lib21:12
morganfainbergiirc21:12
morganfainbergso we don't _actually_ connect to an ldap server21:12
bknudsonthe fake stuff doesn't connect to an ldap server21:12
morganfainbergbknudson, oh it doesn't?21:13
morganfainberghmm.21:13
bknudsonno, it's a fake21:13
morganfainberglol21:13
morganfainbergsure21:13
morganfainbergalso, we're not clearing the handlers out in common_ldap between test cases21:13
morganfainbergnot sure if we care about that21:13
bknudsonmight as well clean up after ourselves21:13
morganfainbergbknudson, that is my thought21:14
bknudsonit'll come back to bite us sometime.21:14
morganfainbergbknudson, i'll add an addCleanup for that21:14
bknudsoncould have a fixture21:14
morganfainbergbknudson, converting to a fixture ++, but i think i'm going to focus on cleanup needed to solve this issue first21:15
morganfainbergbknudson, if it works, it might be easier to convert to a fixture cleanly21:15
*** dstanek has quit IRC21:26
*** dstanek has joined #openstack-keystone21:28
morganfainbergbknudson, is this normal mox usage https://github.com/openstack/keystone/blob/master/keystone/tests/test_backend_ldap.py#L947 bind conn to a self.CreateMockAnything then rebind it to the fakeldap.FakeLdap object?21:28
bknudsonmorganfainberg: This looks like it's supposed to be testing that chase_referrals is called with True..21:32
bknudsonseems like it wouldn't be difficult to have FakeLdap record that it was called with chase_referrals=True and expose a function that returns if chase_referrals is true or not21:33
bknudsonI'd have to reimplement the test case to see how difficult it is.21:33
morganfainbergbknudson, that was my thought21:33
morganfainbergbknudson, the way i see it we could remove mox completely here pretty easily21:35
*** jamielennox|away is now known as jamielennox21:35
*** leseb has quit IRC21:57
*** nkinder has joined #openstack-keystone22:00
morganfainbergbknudson, i think i have a fix ready to go for the mox stuff in the backend. about to post it22:02
morganfainbergbknudson, test_backend_ldap that is22:02
*** derek_c has quit IRC22:03
*** bknudson has quit IRC22:09
*** dstanek has quit IRC22:19
jamielennoxlike 3 days ago22:35
jamielennoxbah - up + enter22:35
openstackgerritJamie Lennox proposed a change to openstack/keystone: Make service catalog include service name  https://review.openstack.org/7812722:38
jamielennoxdolphm: restored ^22:39
*** thedodd has quit IRC22:45
*** sneezewort has quit IRC22:48
openstackgerritJamie Lennox proposed a change to openstack/keystone: Isolate backend loading  https://review.openstack.org/7429322:49
openstackgerritJamie Lennox proposed a change to openstack/keystone: Make Pecan the root routing framework  https://review.openstack.org/6542822:49
*** dstanek has joined #openstack-keystone22:49
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Cleanup ldap tests (mox and reset values)  https://review.openstack.org/8323522:55
*** harlowja has quit IRC22:58
*** jaosorior has quit IRC23:00
*** harlowja has joined #openstack-keystone23:03
*** bknudson has joined #openstack-keystone23:05
dstanekturns out paste isn't py3 friendly yet23:09
morganfainbergdstanek, doh!23:09
*** Trozz has joined #openstack-keystone23:10
*** dims_ has quit IRC23:12
*** flaper87 is now known as flaper87|afk23:18
*** dims_ has joined #openstack-keystone23:30
*** Trozz has quit IRC23:40
jamielennoxmorganfainberg: i'm not sure if it's going to be feasible to use cfg.DeprecatedOpt in auth_token23:41
jamielennoxa couple of things:23:41
morganfainbergjamielennox, figured i'd ask before hand though23:42
jamielennox1st there is a mix of arguments from paste and CONF which have to co-exist and i can't figure out how to know if identity_uri was the default or provided23:42
jamielennox2nd if i remove the options from the CONF then other services that do testing by setting the CONF will fail because the options will no longer be registered23:43
morganfainbergjamielennox, there is the dumb way to tell default23:43
morganfainbergjamielennox, set the default external to the opt definition, and compart23:43
morganfainbergcompare*23:43
jamielennoxright - but the default is http://localhost:35357 which is what eg devstack will actually set23:43
jamielennoxso the default is fairly23:44
jamielennoxuseful23:44
morganfainbergjamielennox, i'll rescind my -1,23:46
morganfainbergjamielennox, just figured i'd ask.23:46
jamielennoxmorganfainberg: that's ok - i'll put in a big comment as to why i do it23:46
morganfainbergwell, rescind the -1 for the opt, but this looks like it justifies a BP23:46
morganfainbergso we can track correlated patches / work23:47
jamielennoxmorganfainberg: yep - i'm doing that23:47
morganfainbergcool23:47
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Tests should use identity_uri by default  https://review.openstack.org/7749223:54
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Replace auth fragements with identity_uri  https://review.openstack.org/7749123:54
ayoungjamielennox, I'm not sure I am so hot on your organizational scheme direction in https://review.openstack.org/#/c/65428/17  for v2/v3.  I'd rather keep the code for the modules together.23:55
ayoungNot so much this patch, as where you seem to be headed23:55
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Rename request_uri to identity_uri  https://review.openstack.org/7774823:56
morganfainbergayoung, about 10mins frmo having sqlite in-mem in juno23:57
jamielennoxayoung: i'm not as convinced on pecan as i was - it's a bit less easy without WSME but i think the organization is much better23:57
morganfainbergalso this should fix one of the bigger transient errors for making concurrent tests the default https://review.openstack.org/#/c/83235/23:57
*** Mario_ has joined #openstack-keystone23:58
jamielennoxthe information in eg keystone/token should be how to interact with the token - this doesn't need to be only from the /token URL23:58
Mario_hello23:58
jamielennoxevery time i have to find the /auth/tokens route i need to try and remember if that lives in the /auth /tokens or some other directory23:59
jamielennoxit's splitting the backend from the control layer23:59
« Tuesday, 2014-03-25 Index Thursday, 2014-03-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!