Wednesday, 2014-06-04

« Tuesday, 2014-06-03 Index Thursday, 2014-06-05 »
gyeejamielennox, ping00:01
jamielennoxgyee: aha! please review ^00:01
gyeeapproved00:01
jamielennox:)00:01
gyeejamielennox, can you take a quick look at this one? https://review.openstack.org/#/c/92728/00:02
gyeestill a POC00:02
gyeejust want to make sure I am headed in the right direction00:02
gyeedon't worry about the test failures right now00:02
jamielennoxgyee: in SessionClient you don't need/want to save username/password00:04
gyeejamielennox, I had a TODO there, need shardy to confirm what they are use for00:04
gyeeseem like heat is passing them in the headers00:05
jamielennoxoh, that's what that's about00:05
gyeejamielennox, I basically followed the same pattern you've established with the nova patch00:05
jamielennoxyep,00:06
jamielennoxand i was literally just looking at pulling this one back: https://review.openstack.org/#/c/86237/1/keystoneclient/session.py00:06
jamielennoxbecause i did it for cinder: https://review.openstack.org/#/c/95986/ and it's almost exactly the same as well00:06
jamielennoxso i think it's reasonable to move most of that to keystoneclient00:07
gyeejamielennox, yeah I agree, I had a few comment there about some of the code should really be in keystoneclient00:07
jamielennoxi'm trying to come up with a better name than Binding, it's kind of a decorator pattern but python uses decorator already, it's maybe an adapter00:08
gyeeadapter sounds about right00:08
jamielennoxcan you try doing the shell based on https://review.openstack.org/#/c/95679/100:09
jamielennoxi had an attempt with keystone CLI but it's really ugly00:09
gyeeI could00:10
gyeeplan is to do both in parallel00:10
gyeeworst case, just need a round of refactoring00:10
gyeejust trying to avoid too many moving targets00:11
jamielennoxyea, i'm just looking for a fairly clean implementation to make sure my variables are all correct etc00:11
*** praneshp has joined #openstack-keystone00:11
jamielennoxthis was the keystone attempt: https://review.openstack.org/#/c/95680/100:12
*** rodrigods_ has quit IRC00:12
gyeeah00:13
gyeejamielennox, but that one still WIP?00:13
gyeewhat else is needed? tests?00:13
jamielennoxright - it's ugly and we've been telling people to just use OSC so i don't know if i want it to merge or not i just wanted to see if it could be done and what were the problems/what was needed from params00:14
jamielennoxtests and i don't know if it's correct00:14
gyeejamielennox, incremental improvement :)00:14
gyeewe use OSC when it is ready00:14
jamielennoxgyee: anyway i'd like to see another implementation with the auth plugin from CLI stuff to make sure it makes senes00:17
gyeejamielennox, sure, both can be done in parallel. We can easily switch over to auth plugin from CLI when it is ready00:18
gyeeI am trying to avoid creating a chain of dependencies00:19
jamielennoxright - so long as we don't have to deprecate CLI options in the change00:19
gyeeagree00:19
jamielennoxgyee: at this point everything i'm working on is multiple patches into the future, generally across multiple projects00:19
jamielennoxPITA00:19
*** daneyon has quit IRC00:20
gyeeyes, PITA, but all good :)00:20
*** radez` is now known as radez_g0n300:21
morganfainbergjamielennox, sorry had to take a phone call or i would have reviewed that00:21
jamielennoxmorganfainberg: np00:22
gyeejamielennox, any reason why Session.construct() supports both 'verify' and 'insecure' while Session.__init__() only supports 'verify'?00:27
gyeeseem like Session.__init__() should support both as construct() is marked as deprecated00:28
gyeemost clients still using 'insecure'00:28
*** zhiyan_ is now known as zhiyan00:28
jamielennoxI've been trying to break what is old vs new00:30
jamielennoxif you are loading something from existing sources then you probably have an insecure variable - so use construct()00:30
jamielennoxhowever if you are writing a new client - just ignore insecure, use the verify parameter it makes more sense00:30
openstackgerritBrant Knudson proposed a change to openstack/keystone: Catalog driver generates v3 catalog from v2 catalog  https://review.openstack.org/7063000:31
gyeejamielennox, but most clients today only supports 'insecure'00:34
gyeeI would rather do that insecure to verify dance in one place00:34
jamielennoxgyee: right - i removed the deprecated comment from construct for that00:35
jamielennoxi need to figure out a better way of passing args to it00:35
ayoungnkinder, https://review.openstack.org/#/dashboard/221800:35
ayounggah00:35
ayoungnkinder, make that https://review.openstack.org/#/c/93060/00:35
ayoungmorganfainberg, got the unit test fixed in  "Ability to turn off ldap referral chasing"  https://review.openstack.org/#/c/93060/00:36
morganfainbergayoung, good!00:36
*** ayoung has quit IRC00:36
gyeejamielennox, k, I'll continue to use construct() then00:37
openstackgerritA change was merged to openstack/keystone: Update mailmap entry for Brant  https://review.openstack.org/9409600:37
openstackgerritA change was merged to openstack/python-keystoneclient: Add role assignments as concept in Client API V3 docs  https://review.openstack.org/9734500:37
openstackgerritA change was merged to openstack/python-keystoneclient: Changes exception raised by v3.trusts.update()  https://review.openstack.org/9735500:49
*** ozialien has joined #openstack-keystone00:51
*** stevemar has joined #openstack-keystone00:53
*** pheadron has quit IRC00:54
*** pheadron has joined #openstack-keystone00:55
*** sbfox has joined #openstack-keystone01:01
*** marcoemorais has quit IRC01:04
openstackgerritBrant Knudson proposed a change to openstack/keystone-specs: Spec for V3 extension advertisement  https://review.openstack.org/9597301:11
*** browne has quit IRC01:18
*** richm has quit IRC01:23
*** gokrokve has joined #openstack-keystone01:29
*** praneshp has quit IRC01:30
openstackgerritLance Bragstad proposed a change to openstack/keystone: Initial implementation of validator  https://review.openstack.org/8648301:33
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on Catalog V3 resources  https://review.openstack.org/9626601:33
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on Assignment V3 resources  https://review.openstack.org/8648401:33
*** bknudson has quit IRC01:37
*** ayoung has joined #openstack-keystone01:41
*** nsquare has quit IRC01:45
*** amcrn has quit IRC01:48
*** sbfox has quit IRC01:53
*** gokrokve has quit IRC01:59
*** stevemar has quit IRC02:01
*** sbfox has joined #openstack-keystone02:09
*** gyee has quit IRC02:27
*** xianghui has joined #openstack-keystone02:29
*** rodrigods_ has joined #openstack-keystone02:30
*** gokrokve has joined #openstack-keystone02:37
*** xianghui has quit IRC02:42
*** harlowja is now known as harlowja_away02:42
*** xianghui has joined #openstack-keystone02:43
*** dims has quit IRC02:45
*** mberlin1 has joined #openstack-keystone02:52
*** mberlin has quit IRC02:54
*** xianghui has quit IRC02:58
*** gokrokve has quit IRC03:09
*** rwsu has quit IRC03:10
*** xianghui has joined #openstack-keystone03:12
*** xianghui has quit IRC03:22
*** ncoghlan has joined #openstack-keystone03:30
openstackgerritayoung proposed a change to openstack/keystone-specs: Cross Backend Unique Identifiers for User and Group Entities  https://review.openstack.org/9749203:35
*** xianghui has joined #openstack-keystone03:40
*** Abhijeet__ has joined #openstack-keystone03:58
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Session Adapters  https://review.openstack.org/8623704:04
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add service_name to URL discovery  https://review.openstack.org/9767904:04
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Create HTTP methods mixin object  https://review.openstack.org/9768004:04
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make keystoneclient use an adapter  https://review.openstack.org/9768104:04
*** daneyon has joined #openstack-keystone04:10
*** zhiyan is now known as zhiyan_04:15
*** xianghui has quit IRC04:17
*** zhiyan_ is now known as zhiyan04:17
morganfainbergjamielennox, you around04:20
morganfainberg?04:20
morganfainbergjamielennox, have a quick question regarding use of the session object - it's probably quick04:21
jamielennoxyea mate04:21
*** xianghui has joined #openstack-keystone04:21
morganfainbergso.. there is this thread: http://lists.openstack.org/pipermail/openstack-dev/2014-April/033952.html username/domain vs user_id for interacting with other services.04:22
morganfainbergjamielennox, would it be possible to make this ... well "easy" so to speak by leveraging the new session object (feed in the interesting info) vs having all sorts of code to work around it.04:22
jamielennoxok04:22
jamielennoxso how deep do i want to go for context, or is robert's message enough?04:23
morganfainbergjamielennox, context is fine as is what thye;re looking for04:23
jamielennoxthere is no problem now or in furture of using domain_name and username04:23
morganfainbergjamielennox, good, thought so.04:24
jamielennoxif you were to do Client(username=xx password=xx user_domain_name=xxx) that's fine04:24
jamielennoxsession will work that way too04:24
morganfainbergjamielennox, good that was my understanding04:24
jamielennoxPassword(url, ....)04:24
morganfainbergyep04:24
morganfainbergthis was a 2x check to make sure i'm not running off a cliff when i start writing up this email.04:25
morganfainbergjamielennox, as in, we didn't have a gap in the client :)04:25
* morganfainberg feels that it's silly to restrict methods to auth to one way or another if both are legitimately supported04:27
morganfainbergsure, username is mutable [i think], but i don't really care - someone changes a username, it'll fail, just like if you change a password and forget to tell anyone04:27
jamielennoxyea, i'd prefer people didn't use the names when you are doing automated work, but we can't stop people so they know the risks.../04:28
morganfainbergjamielennox, well and in this case because they're orchestrating things, it is really ugly04:29
morganfainbergthey know what name they're going to create, but otherwise they need to do like a 2x build.04:29
morganfainbergsetup, make names, lookup ids, and then setup again04:29
jamielennoxnot really, you get the id whenever you create the name04:29
jamielennoxso it's just a matter of storing the id at create time04:29
morganfainbergjamielennox, right, i think it's an issue with something needs to already be up by the time they get this far04:30
* morganfainberg goes and re-reads the bugs04:30
morganfainbergoh04:31
*** xianghui has quit IRC04:32
morganfainberghmmm.04:33
morganfainbergit looks like you can't chain templates in heat04:35
morganfainbergdo X in heat, then results from X use to do Y04:35
morganfainbergheat [it looks like] only knows about the undercloud info04:36
morganfainbergso asking keystone "what was that domain id" isn't possible if you're deploying keystone via heat04:36
morganfainbergjamielennox, i want to say it sounds like heat should have a state-of-the-stack stash it can reference based upon actions it took.04:37
morganfainbergjamielennox, though - it would be a lot less code (probably) to just allow interacting via names.04:37
jamielennoxi had a conversation in here the other day with someone wanting to use names04:38
jamielennoxbasically everyone has a reason why it's ok in there situation04:38
morganfainbergwe (keystone) don't care name wise, nor does our client04:38
morganfainbergit's the consuming services that care04:38
jamielennoxi guarantee it's going to bite people, but if people need it they'll do it anyway04:38
morganfainberglike i said, i think this is a case where we need a "store the result of this in a stash" and allow other parts of the heat stack to consume it.04:39
jamielennoxyep, i saw some stuff about the mistral project the other day and that's what it is doing04:39
morganfainbergso deploying heat can ask the stash fro the result of the keystone make domain to know what ID to use (for example04:39
morganfainberg004:39
* morganfainberg knows very little about how heat works.04:40
*** rodrigods_ has quit IRC04:40
jamielennoxme too04:40
morganfainbergugh, i should go learn :P04:41
*** daneyon has quit IRC04:41
jamielennoxhonestly there are too many projects to know them all04:41
morganfainbergjamielennox, well unless you're triple-o :P04:41
jamielennoxi'm also not a deployer so i've not really had to use heat for anything serious04:41
*** daneyon has joined #openstack-keystone04:41
morganfainbergyeah, i was a deployer for a while04:41
morganfainbergbut heat wasn't ready in the version i deployed04:41
morganfainbergi think this is solvable with some changes to heat.04:42
morganfainbergit's a question of which changes make the most sense.04:42
jamielennoxso are we actually missing something?04:42
morganfainbergjamielennox, don't think we (identity) are04:45
morganfainbergjamielennox, at all.04:45
morganfainbergjamielennox, i think other services are.04:45
jamielennoxok, you just said you could fix it and even if they are using names it is suboptimal but it shouldn't be broken04:46
morganfainbergjamielennox, yeah fix heat / etc04:46
morganfainbergjamielennox, not keystone.04:46
morganfainbergjamielennox, thanks for confirming the client stuff. I was fairly certain but... ugh i'd feel dumb if i didn't 3x check :P04:47
*** ncoghlan is now known as ncoghlan_afk04:55
*** ncoghlan_afk is now known as ncoghlan05:01
*** shakamunyi has joined #openstack-keystone05:04
*** stevemar has joined #openstack-keystone05:06
openstackgerritVladimir Eremin proposed a change to openstack/keystone: Keystone compact PKI token  https://review.openstack.org/9672505:08
*** praneshp has joined #openstack-keystone05:13
*** daneyon_ has joined #openstack-keystone05:15
*** daneyon has quit IRC05:15
*** rodrigods_ has joined #openstack-keystone05:15
*** xianghui has joined #openstack-keystone05:21
openstackgerritMorgan Fainberg proposed a change to openstack/keystone-specs: Add spec for non-persistent-tokens  https://review.openstack.org/9597605:25
*** rodrigods_ has quit IRC05:25
*** praneshp_ has joined #openstack-keystone05:27
*** ajayaa has joined #openstack-keystone05:28
*** praneshp has quit IRC05:29
*** praneshp_ is now known as praneshp05:29
*** pheadron has quit IRC05:36
*** henrynash has joined #openstack-keystone05:45
*** henrynash has quit IRC05:50
*** pheadron has joined #openstack-keystone05:55
*** stevemar has quit IRC05:58
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/9700506:00
*** henrynash has joined #openstack-keystone06:01
*** andreaf has joined #openstack-keystone06:03
*** henrynash has quit IRC06:03
*** Chicago has joined #openstack-keystone06:06
*** Chicago has joined #openstack-keystone06:06
*** daneyon_ has quit IRC06:23
*** henrynash has joined #openstack-keystone06:24
*** daneyon has joined #openstack-keystone06:24
*** daneyon has quit IRC06:26
*** afazekas is now known as _afazekas06:29
*** leseb has joined #openstack-keystone06:29
*** jaosorior has joined #openstack-keystone06:35
*** sbfox has quit IRC06:40
*** amerine has quit IRC06:57
*** henrynash has quit IRC07:03
*** BAKfr has joined #openstack-keystone07:12
openstackgerritA change was merged to openstack/keystone: pep8: do not test locale files  https://review.openstack.org/9708907:16
*** zhiyan is now known as zhiyan_07:34
marekd|awaymorning all07:34
*** marekd|away is now known as marekd07:35
*** toddnni has quit IRC07:42
*** toddnni has joined #openstack-keystone07:46
*** andreaf has quit IRC07:55
openstackgerritChangBo Guo(gcb) proposed a change to openstack/python-keystoneclient: Don't use mock non-exist method assert_called_once  https://review.openstack.org/9383907:59
*** afazekas has joined #openstack-keystone08:03
*** ncoghlan is now known as ncoghlan_afk08:04
*** praneshp has quit IRC08:06
*** ncoghlan_afk is now known as ncoghlan08:08
*** shakamunyi has quit IRC08:10
*** ajayaa has quit IRC08:32
*** ajayaa has joined #openstack-keystone08:48
*** openstackgerrit has quit IRC08:48
*** leseb has quit IRC08:49
*** openstackgerrit has joined #openstack-keystone08:50
*** andreaf has joined #openstack-keystone09:05
*** leseb has joined #openstack-keystone09:17
*** xianghui has quit IRC09:20
*** ncoghlan has quit IRC09:29
*** xianghui has joined #openstack-keystone09:33
*** ajayaa has quit IRC09:39
*** ajayaa has joined #openstack-keystone09:52
*** xianghui has quit IRC09:54
*** xianghui has joined #openstack-keystone10:09
*** xianghui has quit IRC10:24
*** leseb has quit IRC10:24
openstackgerritMarco Fargetta proposed a change to openstack/keystone-specs: Web Authentication for SAML federated Keystone  https://review.openstack.org/9686710:28
*** shakamunyi has joined #openstack-keystone10:37
*** shakamunyi has quit IRC10:41
*** dims_ has joined #openstack-keystone10:50
*** dims_ has quit IRC11:14
*** dims_ has joined #openstack-keystone11:20
*** diegows has joined #openstack-keystone11:22
*** leseb has joined #openstack-keystone11:24
*** Abhijeet__ has quit IRC11:41
*** ukalifon has joined #openstack-keystone12:02
*** juanmo has joined #openstack-keystone12:13
*** radez_g0n3 is now known as radez12:23
*** leseb has quit IRC12:23
*** leseb has joined #openstack-keystone12:24
*** dims_ has quit IRC12:29
*** dims_ has joined #openstack-keystone12:29
*** hrybacki has joined #openstack-keystone12:34
*** leseb has quit IRC12:35
*** leseb has joined #openstack-keystone12:42
*** xianghui has joined #openstack-keystone12:44
*** ajayaa has quit IRC12:47
*** htruta has joined #openstack-keystone12:53
*** gokrokve has joined #openstack-keystone13:00
openstackgerritJuan Manuel Ollé proposed a change to openstack/python-keystoneclient: Keystoneclient create user API should have optional password.  https://review.openstack.org/9759713:10
*** nkinder has quit IRC13:11
*** joesavak has joined #openstack-keystone13:16
*** shakamunyi has joined #openstack-keystone13:17
*** bknudson has joined #openstack-keystone13:18
openstackgerritEric N. Vander Weele proposed a change to openstack/keystone: Add documentation on LDAP 'user_id_attribute'  https://review.openstack.org/9348013:24
*** radez is now known as radez_g0n313:26
lbragstadayoung: not sure if you'd seen this, kinda related to your blog post from yesterday https://wiki.openstack.org/wiki/Testr13:27
dolphmjamielennox: how broken would the world be if the v3 catalog was potentially missing endpoint ID's?13:27
dolphmjamielennox: ^ regarding: https://review.openstack.org/#/c/70630/13:28
ayounglbragstad, thanks13:28
lbragstadmhmm13:28
ayoungdolphm, he's asleep13:28
dolphmayoung: but it's only like 11p there13:28
*** gordc has joined #openstack-keystone13:33
marekddolphm: https://github.com/openstack/identity-api/blob/master/v3/src/markdown/identity-api-v3-os-federation-ext.md#request-a-scoped-os-federation-token-post-authtokens -> this token id is the the value from X-Subject-Token from response containing unscoped token, right?13:39
dolphmmarekd: yes. 'id' really should have been token_id at least there13:40
marekddolphm: ok, thanks.13:40
ayoungdolphm, he was at our meeting yesterday 2 PM Eastern13:41
*** topol has joined #openstack-keystone13:42
*** nkinder has joined #openstack-keystone13:56
*** raildo has joined #openstack-keystone13:59
ayoungdolphm, re endpoint_ids...those are probably irrelevant.  Most things have to work with the URLs.  The place where I was thinking of using endpoint ids was along the lines of tokenbinding, and fetching certificates for endpoints in distributed signing.  But both of those could be handled via URLs.  The question is what do we do about morganfainberg 's proposal for ID only catalogs, then?14:00
*** ukalifon has quit IRC14:01
dolphmayoung: right. i'm willing to treat the lack of endpoint IDs here as a bug as long as it doesn't break anything immediately14:01
dolphmayoung: i have a rewrite in mind for KVS & templated catalog in mind that would fix everything anyway14:02
dolphmwould be a juno-3 thing though14:02
ayoungdolphm, all of the cases Ican think of require an URL to talk to the endpoint.  The only thing that catalog ids  are actually used for AFAIK is the database link from endpoint to service, but that is only service id14:03
*** ajayaa has joined #openstack-keystone14:05
*** stevemar has joined #openstack-keystone14:19
*** ajayaa has quit IRC14:22
openstackgerritDolph Mathews proposed a change to openstack/keystone: update release support warning for domain-specific drivers  https://review.openstack.org/9780214:23
*** gordc1 has joined #openstack-keystone14:33
*** leseb has quit IRC14:33
*** gordc has quit IRC14:34
*** rwsu has joined #openstack-keystone14:40
*** andreaf has quit IRC14:41
bknudsoncompressed tokens on the way14:41
bknudsonmy devstack token went from 8k for 4k14:41
bknudsonprobably still not good enough for those who want an 8-byte token14:42
*** thedodd has joined #openstack-keystone14:44
*** rodrigods has quit IRC14:46
*** jaosorior has quit IRC14:52
*** rodrigods has joined #openstack-keystone14:54
*** rodrigods has quit IRC14:54
*** rodrigods has joined #openstack-keystone14:54
*** jsavak has joined #openstack-keystone15:03
*** sbfox has joined #openstack-keystone15:03
*** joesavak has quit IRC15:03
*** leseb has joined #openstack-keystone15:04
*** Chicago has quit IRC15:09
openstackgerritBrant Knudson proposed a change to openstack/keystone: Make sure all the auth plugins agree on the shared identity attributes.  https://review.openstack.org/8494515:11
*** radez_g0n3 is now known as radez15:13
*** jdennis has quit IRC15:18
openstackgerritDolph Mathews proposed a change to openstack/keystone: Add v2 & v3 API documentation  https://review.openstack.org/9624215:21
dolphmbknudson: addressed all your comments on ^15:22
*** sbfox has quit IRC15:26
*** gokrokve has quit IRC15:29
*** gokrokve has joined #openstack-keystone15:29
*** jdennis has joined #openstack-keystone15:31
*** joesavak has joined #openstack-keystone15:31
*** jsavak has quit IRC15:34
*** gyee has joined #openstack-keystone15:39
morganfainbergbknudson, yeah well - sometimes people want a pony too!15:41
*** dims_ has quit IRC15:42
*** xianghui has quit IRC15:42
bknudsonmorganfainberg: we had horses, now they've got a pony, but they want a toy pony that fits in their pocket.15:42
morganfainbergbknudson, hehehe15:44
morganfainbergtopol, ping15:44
topolmorganfainberg,  hi15:45
morganfainbergtopol, sec.15:45
dolphmbknudson: pony on a stick! pony ON A STICK!15:45
dolphmbknudson: stevemar: thanks!15:46
dolphmbknudson: new patch on this btw https://review.openstack.org/#/c/91883/15:46
stevemari think the pressures of being PTL have finally gotten to dolphm. Talking about ponies on sticks.15:48
* stevemar realizes other people are also talking about ponies...15:49
bknudsonbattered and deep fried ... mmm!15:49
*** daneyon has joined #openstack-keystone15:50
*** sbfox has joined #openstack-keystone15:52
openstackgerritOpenStack Proposal Bot proposed a change to openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/9626515:52
stevemari think i need an adult15:53
stevemarbknudson, dolphm, are we still considering the "id" only token (https://gist.github.com/dolph/10757712)? given the fact that compressed tokens are in?15:54
openstackgerritDolph Mathews proposed a change to openstack/keystone: replace domains with ponies  https://review.openstack.org/9783815:55
bknudsonwhat's the size of a compressed ID-only token? seems like it would be < 4k15:55
bknudsonI just hope it doesn't pass tempest.15:57
dolphmi love the idea of pony-scoped tokens15:57
bknudsonshould replace project with pony15:57
bknudsonthen we could have multiponency15:57
dolphmoh wow. win.15:57
gyeedamn I missed the whole pony conversation15:58
stevemarbknudson, i have a bad feeling that ID-only ponytokens wouldn't pass tempest :(15:58
gyeebknudson, thanks for https://review.openstack.org/#/c/84945/15:58
*** amerine has joined #openstack-keystone15:59
dolphmfixed15:59
openstackgerritDolph Mathews proposed a change to openstack/keystone: replace projects with ponies in prep for multiponency  https://review.openstack.org/9783815:59
stevemar2.9K change!15:59
stevemardolphm, you have outdone yourself15:59
bknudsongyee: I think https://review.openstack.org/#/c/84945/ can be approved once it's passed jenkins15:59
gyeedolphm, holyshit must be a slow day :)16:00
dolphm:param belongs_to: optional identity of the scoped pony16:00
dolphm# user has no pony16:01
dolphmthe docs practically write themselves16:01
stevemardolphm, you even did projects (plural) first with ponies, then s/project/pony. Well done.16:01
dolphmall the sudden henrynash seems quite cruel http://i.imgur.com/qwiOqNs.png16:02
dolphmrofl there's a +1 already16:03
*** nkinder has quit IRC16:04
morganfainbergdolphm, i would expect nothing less.16:04
openstackgerrithenry-nash proposed a change to openstack/keystone-specs: Cross Backend Unique Idenifiers for User and Group Entities  https://review.openstack.org/9749216:04
morganfainbergdolphm: The whole project/tenant thing wasn't ever clear to me, using equestrian nomenclature is a significant step forwards.16:05
morganfainbergthat is awesome.16:05
*** jsavak has joined #openstack-keystone16:06
openstackgerritDolph Mathews proposed a change to openstack/keystone: replace domains & projects with unicorns & ponies  https://review.openstack.org/9783816:07
*** afazekas has quit IRC16:07
*** joesavak has quit IRC16:07
*** joesavak has joined #openstack-keystone16:08
dolphmdef list_ponies_in_unicorn(self, unicorn_id):16:08
morganfainbergdolphm, https://review.openstack.org/#/c/97638/ could use your +1 on that.16:08
morganfainbergdolphm, when you have a moment.16:08
dolphmmorganfainberg: is it not clear that i don't have time for that?16:09
morganfainbergdolphm, like i said, when you have a moment, ponies and unicorns are far more important at the moment!16:09
*** BAKfr has quit IRC16:09
openstackgerritA change was merged to openstack/keystone-specs: use double backticks on literals in README  https://review.openstack.org/9760516:09
dolphmi'm really just super hungry and waiting for the lunch vendor to open :(16:11
morganfainbergawww :(16:11
dolphmstevemar: because tacos.16:11
morganfainbergI think i need to go get coffee.16:11
*** jsavak has quit IRC16:11
* morganfainberg is sans caffeination at the moment16:11
dolphmmorganfainberg: +116:12
bknudsonI hope we don't run out of tacos at the hackathon16:12
bknudsonor ponies16:12
*** gokrokve has quit IRC16:13
morganfainbergbknudson, i heard dolphm was shipping extra ponies in just for the hackathon16:15
morganfainbergbknudson, gyee, do we need to get the new translation hints system in use yet? or are we waiting on the other patch to land?16:17
bknudsonmorganfainberg: what other patch?16:17
bknudsonmorganfainberg: and, are you talking about _LI, _LW, etc?16:17
morganfainbergyeah16:17
bknudsonI don't see any reason not to use it.16:18
bknudsonsomebody has to go in and change all the _()s16:18
morganfainbergbknudson, ok then i will propose a quick follow-up patch to gyee's auth reconciliation one16:18
stevemarsomeone's line of code count will go up16:18
morganfainbergbknudson, https://review.openstack.org/#/c/95381/ someone did a bunch of it already16:18
bknudsonmorganfainberg: ok, I hadn't gotten around to that one yet.16:19
stevemarwhats the difference between LI, LE, LW, etc?16:19
morganfainbergbknudson, yeah no rush there. let me just add a followup to gyee's and we'll go from there16:19
morganfainbergno need to duplicate work16:19
morganfainbergstevemar, LI = log info16:20
gyeemorganfainberg, sounds good16:20
bknudsonstevemar: this will put the translations for different level in different files / catalogs16:20
morganfainbergstevemar, etc16:20
morganfainbergit give the translators priority on translating strings16:20
morganfainbergexceptions16:20
bknudsonstevemar: so that the translators can focus on the more important changes16:20
stevemarahhh16:20
morganfainberg( e.g. _() get the highest prio)16:20
bknudsonalso there's no translation of debug16:20
gyeemorganfainberg, usually we only need to translate extern-facing messages returned by the API16:20
stevemari see, warning, info, exception, gotcha16:20
*** nkinder has joined #openstack-keystone16:21
bknudsonso if you see LOG.debug(_()) that's incorrect now16:21
stevemarwhy no _LD?16:21
gyeestevemar, debug messages are internal16:21
bknudsonstevemar: some might say we should have an _LD even if they aren't translated.16:21
stevemaroh, i guess just don't put _()16:21
bknudsonthere would be some advantages16:21
bknudsonbut that's not the way it was done16:22
gyeebknudson, why bother translating internal messages16:22
bknudsongyee: somebody might want to... maybe they have a customer that wants it for whatever reason16:22
morganfainbergstevemar, solution to the convo eysterday about oauth16:23
bknudsonor there might be a customer that requires it -- maybe a govt wants to push their language.16:23
morganfainbergstevemar, going to provide some enhancements to the V3 ec2 token contrib (optional)16:23
morganfainbergstevemar, will be a little easier to meet needs and we "already" support it. - that way no one needs to have optionally lingering oauth tokens.16:24
*** KnewB has joined #openstack-keystone16:30
KnewBIs keystone fully support openldap server/ldap 389 ? if yes what all schema are required on ldap server ?16:31
gyeemorganfainberg, bknudson, seems like manually adding _LI, _LW, etc is inefficient16:33
gyeecan't we do this in log filter?16:34
morganfainberggyee, no, its not about how the logging works it's how the translation stuff works16:34
morganfainberg_() is called before we get to the logger16:34
morganfainberggyee, _LW() etc is just replacing _() for log-only messages16:35
morganfainbergif a message gets passed through an exception _() is still the correct translation function (iirc), even if the message also goes through logging16:36
gyeeLOG.info(_LI()) seem ugly16:36
morganfainbergyou wouldn't say msg = 'string', then log.info(_lw(msg))  and then a line lower raise Exception(_(msg))16:37
morganfainberggyee, any less ugly than LOG.info(_(msg)) ?16:37
*** gordc1 is now known as gordc16:37
*** dims_ has joined #openstack-keystone16:38
*** yiconglu has joined #openstack-keystone16:38
gyeemorganfainber, maybe just LW() or something16:39
yicongluHi, I had some question about the ladp setting in keystone.conf,  About the item 'user_domain_id_attribute', I can not find it since Havana release, does it still work now ?16:40
yicongluAnd I found a new item 'user_default_project_id_attribute' in the section 'ldap' since Havana release, does this item work as the same function as 'user_domain_id_attribute'?16:40
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Use translation hints  https://review.openstack.org/9785216:42
*** meera has joined #openstack-keystone16:42
*** dims_ has quit IRC16:43
morganfainbergyiconglu, as i recall, in havana we determined that LDAP identity backends are explicitly 1 domain, do the user_domain_id_attribute was no longer needed.16:44
morganfainbergyiconglu, so it is not possible to have multiple domains served out of a single identity LDAP back end.16:44
morganfainbergyiconglu, however, there are a few others in this channel that might have a little more detail/insight on this (gyee or ayoung are good resources)16:46
morganfainbergKnewB, Keystone can use 389 / OpenLdap as a backend, i don't believe we have a custom schema. It becomes a question of setting up all the attribute mappings in the keystone.conf in the [ldap] section16:47
morganfainbergKnewB, http://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone.conf.sample#n78616:47
morganfainbergKnewB, there are a lot of options to set that will help you make use of the available LDAP schemas.16:48
*** KnewB has quit IRC16:48
openstackgerritVladimir Eremin proposed a change to openstack/python-keystoneclient: Keystone compact PKI token  https://review.openstack.org/9785416:49
*** richm has joined #openstack-keystone16:49
ayoungyiconglu, yes, morganfainberg is correct16:50
yicongluthanks to morganfainberg16:56
*** browne has joined #openstack-keystone16:59
*** yiconglu has quit IRC17:02
*** joesavak has quit IRC17:03
*** joesavak has joined #openstack-keystone17:03
*** KNewB has joined #openstack-keystone17:05
KNewByiconglu, Hi, What document/link you are following to configure the keystone with ldap ?17:05
*** shakamunyi has quit IRC17:13
*** nsquare has joined #openstack-keystone17:15
*** gokrokve has joined #openstack-keystone17:18
dolphmbknudson: according to Yelp, there are 948 mexican restaurants in san antonio, so i don't think we'll run out of tacos17:20
morganfainbergdolphm, but what if we do?17:20
dolphmbknudson: aslo according to yelp, that means about 1 in 5 restaurants are mexican17:20
*** dims_ has joined #openstack-keystone17:20
dolphmmorganfainberg: then we'll drive to mexico17:20
morganfainberggood contigency plan17:21
dolphmmorganfainberg: or we'll have ponies. they make good tacos, i'll bet17:21
*** dims_ has quit IRC17:23
*** dims_ has joined #openstack-keystone17:23
morganfainbergdolphm, unicorns?17:23
*** leseb has quit IRC17:24
*** KNewB has quit IRC17:25
dolphmmorganfainberg: too boney for good tacos, best stewed17:25
*** sbfox has quit IRC17:27
*** praneshp has joined #openstack-keystone17:28
openstackgerritA change was merged to openstack/keystone: Invalid command referenced in federation documentation  https://review.openstack.org/9729817:30
*** sbfox has joined #openstack-keystone17:30
*** sbfox has quit IRC17:31
*** leseb has joined #openstack-keystone17:33
*** harlowja_away is now known as harlowja17:39
*** sbfox has joined #openstack-keystone17:40
*** ukalifon has joined #openstack-keystone17:50
*** sbfox has quit IRC17:52
*** gokrokve has quit IRC18:00
*** leseb has quit IRC18:01
*** amcrn has joined #openstack-keystone18:06
*** sbfox has joined #openstack-keystone18:07
*** praneshp_ has joined #openstack-keystone18:08
*** praneshp has quit IRC18:09
*** praneshp_ is now known as praneshp18:09
arunkantayoung, I see you mentioned in review about adding blueprint for https://review.openstack.org/#/c/95300/ . Does this apply for this change considering its a bug fix, no API or new functionality ?18:13
ayoungarunkant, I think you are good18:13
ayoungarunkant, bug should be sufficient18:13
arunkantokay...great as I was in process of adding spec change...good thing I checked with you before adding it..thanks18:14
*** jsavak has joined #openstack-keystone18:16
*** joesavak has quit IRC18:16
*** sbfox has quit IRC18:29
openstackgerritChristian Berendt proposed a change to openstack/python-keystoneclient: Overwrite HelpFormatter constructur to extend argument column  https://review.openstack.org/9787318:29
*** leseb has joined #openstack-keystone18:31
*** leseb has quit IRC18:33
*** leseb has joined #openstack-keystone18:33
*** toddnni has quit IRC18:36
*** leseb has quit IRC18:38
*** toddnni has joined #openstack-keystone18:39
brownecan anyone explain what this error means?  Authorization Failed: Unable to add token user list (HTTP 500)18:40
brownei get this in Havana using the keystone client when using an admin user, but not with admin token18:41
bknudsonbrowne: using memcache?18:42
bknudsonbrowne: # Exceeded the maximum retry attempts.18:43
brownebknudson: yes. and i suspect that's somehow broken in my setup18:43
bknudsonbrowne: keystone tries to update the user list in tokens, and retries if a separate process modified it at the same time.18:43
bknudsonbrowne: seems like something that should be unlikely to happen18:44
brownebknudson: i have a separate server that hosts memcache, so i wonder if its down18:44
brownebknudson: or misconfigured18:45
bknudsonbrowne: the code looks like it's trying to handle a multi-process conflict but it probably has the same look as server down or misconfigured?18:45
bknudsonI'm not very familiar with memcache18:46
brownebknudson: np, this gives me a place to look.  thanks!18:46
morganfainbergbrowne, are you using memcache for the token backend?18:46
morganfainbergbrowne, and in havana?18:46
morganfainbergbrowne, you might also have too many active tokens for a given user18:47
browne morganfainberg: yes and yes18:47
brownemorganfainberg: i just deployed openstack using vagrant, so probably misconfiguration18:48
morganfainbergbrowne, ah ok18:48
morganfainbergbrowne, yeah, just keep in mind that when you hit ... uhm... ~10000 active tokens for a user (can vary for a number of reasons) you might see a similar issue18:48
*** toddnni has quit IRC18:48
brownemorganfainberg: ok, thx.  what's the solution in that case?  token flush?18:49
morganfainbergbrowne, not that you're likely to have that many in a test environment :)18:49
morganfainbergbrowne, well, i'd say the best answer is to (preemptively) set the token expiration lower (e.g. 28800 instead of 86400)18:50
brownemorganfainberg: ok, i have it at 720018:50
morganfainbergbrowne, ah then you're probably fine18:50
lbragstadmorganfainberg: have you played with jsonschema much?18:51
morganfainberglbragstad, not much, i've been wanting to18:51
morganfainberglbragstad, and i expect i'm going to need to.18:52
*** toddnni has joined #openstack-keystone18:52
lbragstadok, just curious... looking into some of the FormatChecker stuff18:52
lbragstadfor validating URIs18:52
lbragstadand was wondering if you've hit this? https://groups.google.com/forum/#!topic/jsonschema/_zlfVs80VUg18:52
lbragstadposted what I hit/experienced in the 6th post18:53
lbragstadmorganfainberg: I was going to try and find oomichi to see if he's experienced this too... since the nova V3 validator has the same code...18:54
morganfainberglbragstad, no never saw that, but i've not been playing around iwth it much yet18:54
lbragstadand https://pypi.python.org/pypi/rfc3987/ isnt' pulled into nova18:54
lbragstadok, sounds good. I'll see what kind of response I get back18:54
morganfainberglbragstad, keep me posted, let me know if you need me to jump in as well :)18:55
lbragstadmorganfainberg: will do18:55
morganfainberglbragstad, which case i'll jump in and poke it with a sharp stick after learning a lot about it18:55
lbragstadwe *might* need that,18:55
* morganfainberg goes and writes up an email.18:55
lbragstadnot 100% sure, but this seems like a bug in jsonschema18:56
morganfainberglbragstad, it might be.18:56
morganfainberglbragstad, just at a glance18:56
*** marcoemorais has joined #openstack-keystone19:02
*** gokrokve has joined #openstack-keystone19:10
bknudsonhow did this happen ? https://review.openstack.org/#/c/96265/ -- proposal bot got the reqs wrong?19:12
*** andreaf has joined #openstack-keystone19:12
*** ukalifon has quit IRC19:13
ericvwayoung: with respect to https://review.openstack.org/#/c/93480, does it make sense to just perform the LDAP query to look up the user?  I have seen this approach used by other project LDAP authentication backends.  If that approach is taken, an additional configuration flag is not needed and setting the user_id_attribute would work as expected in all future19:13
ericvwconfigurations.19:13
ayoungericvw, we can't break existing deployements19:14
ayoungso the default needs to be the existing behavior19:14
*** gokrokve has quit IRC19:15
ericvwDo future releases also need to maintain this backwards compatibility?19:15
ayoungericvw, CONF.ldap.user_id_attribute_dn=True  appends it to the DN,  Flase does the lookup with filter=($user_id_attibute=$value)  type semantices19:15
openstackgerrithenry-nash proposed a change to openstack/keystone-specs: Cross Backend Unique Idenifiers for User and Group Entities  https://review.openstack.org/9749219:16
ericvwayoung, I am happy to dig in and attempt doing that change; unless you have already started19:16
schofieldI'm doing an install from source as a learning experience, and I *think* I'm having a problem adding users to roles. The symptom is that "nova list" works but "nova image-list" gives me an error 401. Details here: https://gist.github.com/johnmarkschofield/8035896307cf7cc7f755 . Any troubleshooting suggestions?19:17
ayoungericvw, nah, if you write it, I can review it19:17
ayoungschofield, does your setup policy for nova and glance require the same role?19:17
ericvwayoung: I will try to something initially working by tomorrow.  Should publish to the same change-id or start a completely different review?19:18
ayoungsame change id is fine19:18
ayoungkeep the documentation you've written as part of it19:18
ayoungericvw, it explains why we need the new flag19:18
schofieldayoung: I'm following this doc: http://docs.openstack.org/icehouse/install-guide/install/apt/content/nova-controller.html Both nova and glance users should have role "admin"19:18
ericvwwill do19:18
ayoungschofield, what does your policy.json say19:18
ayoungif they both honor 'admin' then you have a different problem19:19
ayoungschofield, might be19:19
ayounghttp://adam.younglogic.com/2013/07/troubleshooting-pki-middleware/19:19
schofieldayoung: Gist updated with policy.json: https://gist.github.com/johnmarkschofield/8035896307cf7cc7f75519:20
*** praneshp has quit IRC19:20
ayoungschofield, no19:20
ayoungnot keystone policy19:20
ayoungglance policy19:20
schofieldayoung: That may be it. Looks like most policies for glance are empty. Updated gist with glance policy.json. What should that file look like?19:22
ayoungschofield, like the is_admin type roles in keystone, I would guess19:22
*** sbfox has joined #openstack-keystone19:22
*** Chicago has joined #openstack-keystone19:24
*** Chicago has joined #openstack-keystone19:24
*** sbfox1 has joined #openstack-keystone19:25
schofieldayoung: I took a look at a working openstack install (done via devstack) and the glance policy.json is identical to the one I've got. Do you still suggest I edit it to add admin role statements to each line?19:26
*** sbfox has quit IRC19:26
*** daneyon has quit IRC19:31
*** leseb has joined #openstack-keystone19:34
*** gokrokve has joined #openstack-keystone19:36
*** marcoemorais has quit IRC19:37
*** marcoemorais has joined #openstack-keystone19:38
*** marcoemorais has quit IRC19:38
*** marcoemorais has joined #openstack-keystone19:38
*** leseb has quit IRC19:38
*** marcoemorais has quit IRC19:44
*** marcoemorais has joined #openstack-keystone19:44
morganfainbergbknudson, ping re: https://review.openstack.org/#/c/86578 is the raise of not_found in the delete_tree_nodes correct behavior? previously it would pass on the query and raise on the delete_s call in the base class .delete() method19:46
morganfainbergbknudson, if this behavior change in the query part isn't an issue, I'm good to +2 that code.19:47
bknudsonmorganfainberg: if it wasn't mentioned in the commit message then it shouldn't be changing behavior anyways19:48
bknudsonthis was a refactoring and not meant to change behavior19:48
morganfainbergbknudson, ah it is in the commit message19:48
*** hrybacki has quit IRC19:48
morganfainbergbknudson, but i wanted to be sure (since you reviewed it as well)19:49
*** jsavak has quit IRC19:49
openstackgerritVladimir Eremin proposed a change to openstack/python-keystoneclient: Keystone compact PKI token  https://review.openstack.org/9785419:49
bknudsonmorganfainberg: we might have actually had a reason for doing that (ignore the error)19:49
bknudsonfor example if it was deleted from another process?19:49
morganfainbergbknudson, that was my thought19:49
*** joesavak has joined #openstack-keystone19:50
*** daneyon has joined #openstack-keystone19:50
morganfainbergdid we want to raise an exception because we raced on deletion19:50
morganfainbergbknudson, i'll go ahead an submit my -1 on the review with my question19:50
bknudsonreturning 404 Not Found wouldn't be appropriate in that case, IMO19:50
morganfainberghm19:51
morganfainbergeah19:51
morganfainbergyeah*19:51
*** jsavak has joined #openstack-keystone19:51
bknudsonmorganfainberg: oh, hang on19:51
bknudsonso if the server couldn't delete an individual entry it doesn't fail19:51
bknudsonit stores up the names and prints out a warning message19:51
bknudsonhttps://review.openstack.org/#/c/86578/13/keystone/common/ldap/core.py19:51
bknudsonso it's only the search_base where if that was missing would fail with not found19:52
bknudsonwhich seems appropriate to me19:52
bknudsonthat's not a race that I would worry about, I'd worry about a race with the sub-entries being deleted19:53
morganfainbergbknudson, ah see this is why i am asking you19:53
morganfainbergand the race on sub-entries is handled19:53
morganfainbergbknudson, nice warning message in the case there was a race no errors raised up19:54
morganfainbergbknudson, thanks, i'm good with a +2 on that then.19:54
*** joesavak has quit IRC19:54
openstackgerritA change was merged to openstack/keystone: Fix curl example refs in docs  https://review.openstack.org/9696620:00
*** topol has quit IRC20:04
openstackgerritMorgan Fainberg proposed a change to openstack/keystone-specs: Add spec for non-persistent-tokens  https://review.openstack.org/9597620:04
*** leseb has joined #openstack-keystone20:05
*** leseb has quit IRC20:11
*** marcoemorais has quit IRC20:12
*** marcoemorais has joined #openstack-keystone20:12
*** sbfox1 has quit IRC20:19
marekddolphm morganfainberg ayoung bknudson: Hi. UUID tokens are still to be deprecated in favor of PKI tokens, and this will be happening relatively soon, am I right?20:19
morganfainbergmarekd, deprecation timeline is not determined20:20
bknudsonmarekd: I don't think deprecating UUID tokens is happening any time soon20:20
morganfainbergmarekd, but PKI is the "recommended" deployment strategy20:20
marekdmorganfainberg: do you think it's reasonable to start working on a new feature assuming that uuid tokens would be used, without support for PKI?20:20
bknudsonmarekd: I don't remember if it was swift or glance that had a requirement for smaller tokens than we provide with PKI20:20
marekdbknudson: yes, remember that from the design session.20:21
bknudsonmaybe we can get them to to token hash if they don't like the size of the tokens20:21
marekdbknudson: and that's why i am asking if you are still recommending PKI and trying tu push for them.20:21
morganfainbergmarekd, assuming UUID tokens is probably a bad assumption20:21
marekdmorganfainberg: thanks.20:21
morganfainbergmarekd, i would assume PKI tokens in lieu of UUID (non-persistent backend drive, etc)20:22
*** stevemar has quit IRC20:22
morganfainbergmarekd, but the inverse feels like you're artificially limiting yourself20:22
marekdmorganfainberg: why?20:22
morganfainbergmarekd, we want to remove the persistence backend.20:22
morganfainbergmarekd, and i want tokens to never be stored in keystone20:22
morganfainbergmarekd, that means you can't use UUID or short-hash of PKI20:23
morganfainbergmarekd, i wont stop people from using UUID, but it's a sub-optimal deployment choice once we get non-persistence in20:23
marekdmorganfainberg: right.20:23
*** hrybacki has joined #openstack-keystone20:24
ayoungmarekd, o Hells no!20:25
dolphmmorganfainberg: i don't think we can deprecate uuid in juno though -- too soon20:25
morganfainbergdolphm, correct.20:25
ayounguuid tokens for what?20:25
dolphmmorganfainberg: i was looking at the deprecation bp today - is there *anything* to deprecate this cycle?20:25
marekdmorganfainberg: so I am assuming it's not that from version X of Keystone the backedn will be removed. This would indeed mean that uuid are no longer supported.20:25
dolphmmarekd: that could happen in the future, but not juno, or k*, or l*20:27
morganfainbergdolphm, hmmmmmm.20:27
* morganfainberg thinks.20:27
morganfainbergdolphm, all XML!20:28
dolphmmorganfainberg: we did that already, no?20:28
morganfainbergdolphm, in all seriousness...20:28
morganfainbergdolphm, don't think we have anything to deprecate20:28
*** nsquare has quit IRC20:28
dolphmi also un-prioritized basically all bp's beyond juno-1; we can assign them priorities and release targets as the specs are approved20:29
morganfainbergdolphm, ++20:29
morganfainbergdolphm, oh, so if i find a bug that was fixed, but the code has already been released...20:31
morganfainbergdo i just mark the bug as fix released?20:31
morganfainbergdolphm, i've been trying to do some cleanup on our bugs that have been lingering around for......ever20:31
*** jamielennox is now known as jamielennox|away20:31
dolphmmorganfainberg: yeah, just mark them as Fix Released without a target. link to a patch on github or include the hash or change-id if possible20:34
morganfainbergdolphm, thanks.20:34
ayounggiven a choice of changing planes in STL, ATL, BWI, BNA, or HOU...  guessing I'll take HOU.  If things go pear shaped, I can always catch a bus or something, right?20:44
morganfainbergayoung, i read that as HNL not HOU... was wondering how you convinced the airline to ship you to hawaii on the way to San Antonio20:45
*** sbfox has joined #openstack-keystone20:45
morganfainbergthough... K cycle meetup... on an islance in the pacific? anyone?20:46
ayoungMuch as I would not mind spending some time in Hawaii, I would not really like fly there from Boston on my way to Texas20:46
ayoungmorganfainberg, Avalon20:46
morganfainbergayoung, i'd telecommute to the hackathon in that case.20:46
morganfainbergayoung, "oopse" missed my flight to SAN20:46
ayoungmorganfainberg, I'm guessing that Summer in Texas is going to make us want to have the next July midcycle in Toronto20:47
morganfainbergayoung, Peru?20:47
ayoungPeru in July...good skiing, no?20:47
morganfainbergayoung, thats my thought20:47
* morganfainberg patiently awaits credit card to arrive so can book the meetup.20:49
*** pheadron has quit IRC20:49
*** sbfox has quit IRC20:50
morganfainbergdolphm, i'm getting ERROR: InvocationError: "/bin/bash -c find keystone -type f -regex '.*\\.pot*' -print0| xargs -0 -n 1 msgfmt --check-format -o /dev/null" on pep8 runs on OS X now20:50
morganfainbergdolphm, are you seeing the same?20:50
*** sbfox has joined #openstack-keystone20:50
morganfainbergxargs: msgfmt: No such file or directory20:50
bknudsonmorganfainberg: install the package with msgfmt20:51
dolphmmorganfainberg: bknudson: i have a note on that somehwere, one sec20:51
morganfainbergbknudson, sure, i was curious if this is something missing from test-requires or the like20:51
bknudsonit's not a python package20:52
morganfainbergbknudson, ah. *grumble*20:52
*** pheadron has joined #openstack-keystone20:52
dolphmmorganfainberg: http://docs.openstack.org/developer/keystone/setup.html brew install gettext20:53
morganfainbergdolphm, ah thanks20:53
dolphmmorganfainberg: it's not system specific, but it's under prereq's20:53
morganfainbergright20:53
morganfainbergbrew... makes me want a beer20:53
openstackgerritJuan Manuel Ollé proposed a change to openstack/python-keystoneclient: Keystoneclient create user API should have optional password.  https://review.openstack.org/9759720:53
morganfainberghmm.20:54
*** harlowja has quit IRC20:54
*** harlowja has joined #openstack-keystone20:54
morganfainbergdolphm, 🍺  does that show up as a beermug?20:54
openstackgerritDolph Mathews proposed a change to openstack/keystone: install gettext on OS X for msgfmt  https://review.openstack.org/9792820:55
dolphmmorganfainberg: ^20:55
dolphmmorganfainberg: and yes, it does20:55
morganfainbergdolphm, awesome.20:55
* dolphm runs off to meeting20:56
marekddolphm: i also had to install gettext on debian jessie.20:57
*** sbfox has quit IRC20:58
*** marcoemorais has quit IRC21:01
*** marcoemorais has joined #openstack-keystone21:02
*** juanmo has quit IRC21:02
*** marcoemorais has quit IRC21:03
*** marcoemorais has joined #openstack-keystone21:03
*** marcoemorais has quit IRC21:03
*** marcoemorais has joined #openstack-keystone21:04
*** amcrn_ has joined #openstack-keystone21:07
*** sbfox has joined #openstack-keystone21:08
*** amcrn has quit IRC21:09
*** Chicago has quit IRC21:14
*** nsquare has joined #openstack-keystone21:19
*** sbfox has quit IRC21:20
*** marcoemorais has quit IRC21:23
*** marcoemorais has joined #openstack-keystone21:23
*** hrybacki has quit IRC21:25
*** marekd is now known as marekd|away21:32
*** marcoemorais1 has joined #openstack-keystone21:36
*** andreaf has quit IRC21:40
*** marcoemorais1 has quit IRC21:40
*** marcoemorais has quit IRC21:40
*** jsavak has quit IRC21:44
*** radez is now known as radez_g0n321:45
*** gordc has left #openstack-keystone21:51
*** richm has quit IRC21:59
*** sbfox has joined #openstack-keystone22:01
*** sbfox has quit IRC22:11
*** sbfox has joined #openstack-keystone22:11
*** sbfox has quit IRC22:11
*** daneyon has quit IRC22:12
*** richm has joined #openstack-keystone22:13
*** bknudson has quit IRC22:23
*** amcrn_ has quit IRC22:24
*** thedodd has quit IRC22:30
*** nkinder has quit IRC22:31
*** sbfox has joined #openstack-keystone22:32
*** amcrn has joined #openstack-keystone22:40
*** marcoemorais has joined #openstack-keystone22:42
*** gokrokve has quit IRC22:43
*** daneyon has joined #openstack-keystone22:43
*** dims_ has quit IRC22:51
morganfainberggyee, ping you here?22:58
morganfainberggyee, have a question on a bug you... uh worked on ages ago22:59
*** pheadron has quit IRC22:59
gyeemorganfainberg, here23:00
morganfainberggyee, https://bugs.launchpad.net/keystone/+bug/89041123:01
uvirtbotLaunchpad bug 890411 in keystone "Tenant role conflicts/overlaps can be a security issue" [Medium,Confirmed]23:01
gyee:)23:01
gyeemy favor topic23:01
morganfainberggyee, is... that still an issue?23:01
morganfainbergi can't tell from the comments.23:01
morganfainbergand if it is what i _think_ it is... it's not a bug.23:01
gyeeyes, still problematic23:01
* morganfainberg is doing cleanup on ancient bugs.23:01
gyeeprobably lack of feature23:02
morganfainberggyee is this the whole namespaced roles argument?23:02
gyeeyes23:02
morganfainbergright23:02
morganfainbergi'd like to "kill" this bug because it's not really a bug23:02
gyeehierarchical multiponycy is going to make it much apparent23:03
morganfainbergright but it's still not a bug.23:03
morganfainberggyee, any issues with pushing this over to "file a spec to fix this lets not treat it as a bug"?23:03
gyeemorganfainberg, sounds like a plan23:04
morganfainberggyee, k marking it as "wont fix" with a comment like "spec plz"23:04
morganfainbergbut less obnoxious23:04
gyeewe just need to keep track of it in some form23:04
* gyee is bracing for battles ahead on role namespacing :)23:06
*** daneyon has quit IRC23:08
*** dims_ has joined #openstack-keystone23:08
*** daneyon has joined #openstack-keystone23:09
*** pheadron has joined #openstack-keystone23:12
morganfainberggyee, anyway i think i'm calling it on doing bug cleanup23:16
morganfainberggyee, i _think_ i just cleaned up most of the invalid / previously fixed bugs23:16
gyeemorganfainberg, fantastic! thanks for doing this btw23:17
morganfainbergsomeone had to.23:17
morganfainberg:)23:17
morganfainbergnext i think i'm going to be untargeting / invalidating some folsom, essex and grizzly targeted bugs23:17
gyeemorganfainberg, is there a DONT-GIVE-A-SHIT status for the bugs, I would think bugs that are lingered more then two releases should have that status23:20
morganfainberg"wishlist"23:20
morganfainberg:P23:20
morganfainbergi mean23:20
gyeeah23:20
morganfainberg>.>23:20
*** sbfox has quit IRC23:26
morganfainberggyee, phew. this is slow work going through LP and cleaning all this up23:35
morganfainbergnow we have no more bugs open (any state) targeted at folsom or essex23:35
gyeenice!23:36
morganfainberggrizzly also clenaed up23:39
morganfainbergwoo, yay, only 297 open bugs now23:39
morganfainbergactually on the topic of "don't give a crap about" if it legitimately is don't give a crap about this bug, we could mark them as wont fix.23:40
morganfainbergbut... thats toeing the line a bit23:40
*** daneyon has quit IRC23:41
morganfainberglol: https://bugs.launchpad.net/keystone/+bug/88445123:41
uvirtbotLaunchpad bug 884451 in keystone "End User Has No "Forgot Password" Option" [Wishlist,Incomplete]23:41
gyeemorganfainberg, seriously, for a commercial product, if a bug that's been around for more than two releases, that means either customers don't care or they are no longer customers23:41
gyeeeither way, close as won't fix23:41
gyeenot sure if the the open source world works the same though23:42
morganfainbergit's "incomplete" that is ... afaict the same as wont fix23:42
morganfainbergjust was looking through the bugs.23:42
*** praneshp has joined #openstack-keystone23:42
morganfainbergthis is another one i'm not sure...23:43
morganfainberghttps://bugs.launchpad.net/keystone/+bug/92804223:43
uvirtbotLaunchpad bug 928042 in keystone "clean up some of the various dict.copy() calls so that they don't confuse new developers" [Medium,Triaged]23:43
morganfainbergi mean... we do some of this still...23:43
morganfainbergbut.23:44
* morganfainberg wonders what a fix that just pulls all of the really random dict.copy stuff out would do23:44
gyeeheh23:45
gyeethat's only so much we can do to prevent ppl from shooting themselves23:45
gyeein the foot I mean23:45
*** sbfox has joined #openstack-keystone23:48
*** meera has quit IRC23:48
*** diegows has quit IRC23:52
*** topol has joined #openstack-keystone23:57
« Tuesday, 2014-06-03 Index Thursday, 2014-06-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!