Friday, 2014-08-29

« Thursday, 2014-08-28 Index Saturday, 2014-08-30 »
*** amcrn has quit IRC00:00
morganfainbergjamielennox, 'recheck' if it's in the queue shouldn't affect anything00:04
morganfainbergjamielennox, recheck should be ignored if it's actually in zuul already00:04
morganfainberg(even queued)00:04
jamielennoxmorganfainberg: ah - ok so it was lost00:06
morganfainbergyeah00:06
*** zzzeek has quit IRC00:09
*** jimhoagland has quit IRC00:09
*** arborism has joined #openstack-keystone00:12
*** arborism is now known as amcrn00:12
*** rm_work is now known as rm_work|away00:17
*** shakamunyi has joined #openstack-keystone00:19
openstackgerritguang-yee proposed a change to openstack/keystone: Use id attribute map for read-only LDAP  https://review.openstack.org/11765800:20
bknudsonmorganfainberg: I almost wonder if we shouldn't use python logging when running in apache.00:30
bknudsonactually, could use the same for both apache and eventlet.00:30
*** morganfainberg is now known as morganfainberg_Z00:32
*** morganfainberg_Z is now known as morganfainberg00:33
*** shakamunyi has quit IRC00:35
*** amcrn has quit IRC00:40
openstackgerritBrant Knudson proposed a change to openstack/keystone: JSON Home data is required  https://review.openstack.org/11766300:47
*** shakamunyi has joined #openstack-keystone00:50
*** gokrokve has joined #openstack-keystone00:51
*** stevemar has joined #openstack-keystone00:52
*** morganfainberg is now known as morganfainberg_Z00:53
*** zzzeek has joined #openstack-keystone00:53
*** r-daneel has quit IRC00:53
*** zzzeek has quit IRC00:54
*** gyee has quit IRC00:54
gabriel-bezerrabknudson, jamielennox: do you know whether it is possible to have cross-domain role assignments?00:59
bknudsongabriel-bezerra: yes, it is.01:00
jamielennoxgabriel-bezerra: sure, it's just a bit tricky to set up01:00
gabriel-bezerraand is that true with domain-specific back ends?01:00
bknudsongabriel-bezerra: why wouldn't it be possible?01:00
jamielennoxyes01:00
gabriel-bezerrabknudson: I saw there was some trouble with ids in the past01:00
gabriel-bezerraid mapping01:00
bknudsongabriel-bezerra: it doesn't work in icehouse01:01
bknudsonbut you've always been able to have cross-domain assignments01:01
gabriel-bezerrais there any doc that explain how to set it up?01:01
gabriel-bezerrajamielennox: as you said it is tricky01:02
jamielennoxso you still have user_ids project_ids and role_ids01:02
jamielennoxso cross domain is no different to regular role assignments01:02
jamielennoxthe tricky part is in that your permissions are generally within a domain01:02
bknudsonhttp://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers01:02
jamielennoxso you *generally* don't have access to list the user_ids from another domain01:03
jamielennoxif you have the ids though there's nothing to stop you01:03
gabriel-bezerraoh, I see..01:03
gabriel-bezerrathank you, guys01:03
*** shakamunyi has quit IRC01:09
*** RicoLin has joined #openstack-keystone01:11
*** topol has joined #openstack-keystone01:15
openstackgerritA change was merged to openstack/keystone: Add bash code style to some portions of configuration.rst  https://review.openstack.org/11730801:19
*** gokrokve has quit IRC01:19
*** gokrokve has joined #openstack-keystone01:19
*** shakamunyi has joined #openstack-keystone01:21
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add version parameter to adapter.  https://review.openstack.org/11766901:25
stevemardstanek, dolphm can either of you approve, it's sitting on 2 x +2's https://review.openstack.org/#/c/114118/01:25
dolphmstevemar: you're welcome to approve that if there wasn't a reason dstanek withheld a +A01:26
dolphmstevemar: just looks like he +2'd around the same time i was reviewing it though01:26
stevemardolphm, yeah, i figured... but i didn't want to overstep01:26
dolphmstevemar: you're good01:26
stevemardolphm, thanks for reviewing the token2saml too01:26
stevemari'll fix it up tonight01:26
stevemarhow were the classes?01:26
dolphmstevemar: actually super useful01:27
bknudsonclasses?01:27
*** marcoemorais has quit IRC01:27
*** shakamunyi has quit IRC01:29
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make keystoneclient use an adapter  https://review.openstack.org/9768101:34
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make tests run against original client and session  https://review.openstack.org/11708901:34
*** diegows has quit IRC01:44
*** yasukun has joined #openstack-keystone01:49
*** yasukun has quit IRC01:49
lbragstadstevemar: https://review.openstack.org/#/c/114118/ looks good01:50
*** alex_xu has joined #openstack-keystone01:50
openstackgerritBrant Knudson proposed a change to openstack/keystone: JSON Home data is required  https://review.openstack.org/11766301:56
*** ncoghlan_afk is now known as ncoghlan02:05
*** soulxu_ has joined #openstack-keystone02:06
*** wwriverrat has joined #openstack-keystone02:08
*** alex_xu has quit IRC02:10
openstackgerritA change was merged to openstack/identity-api: Update region entries to include URLs  https://review.openstack.org/11411802:15
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on Assignment V3 API  https://review.openstack.org/8648402:16
*** richm has quit IRC02:54
stevemardolphm, ping?02:54
*** cjellick has joined #openstack-keystone02:55
*** cjellick_ has quit IRC02:57
jamielennoxi hate working with the other services, nobody does things the same way02:57
*** harlowja_ is now known as harlowja_away02:58
dolphmstevemar: pong ish02:59
dolphmjamielennox: for better or worse?02:59
dolphmjamielennox: or just *different*02:59
jamielennoxcinder went to v2 API ages ago and they brought /{tenant_id}/ in the URL with them03:00
jamielennoxat least everyone else ditched it03:00
dolphmyeah i told them not to, and they said they'd remove it before going stable03:00
*** soulxu_ has quit IRC03:00
jamielennoxjust makes it really difficult to come up with general solutions to thing03:00
dolphmhad the same conversation with nova, but that took a different direction03:00
jamielennoxds03:00
jamielennoxbarbican had it for a while, they are/were going to remove it before v1 stable03:01
jamielennoxanyway, makes it really difficult to do unversioned endpoints in the catalog when you've got to figure out project ids as well03:01
jamielennoxbecause GET cinder/v2/{tenant_id}/ gives a 404 :(03:02
ncoghlanjamielennox: I saw python-ldap was one of Keystone's blockers for Py3. Do you know if anyone has poked around at python3-ldap? (despite the name, it also works on Py2)03:03
stevemardolphm, just wanted to know what i can do about XML/SAML in the docstrings03:03
stevemari'm leaning toward nuking them03:03
dolphmstevemar: my diff showed the only fix i was looking for03:03
dolphmstevemar: the diff in the main review comment03:03
dolphmstevemar: it's just missing some whitespace03:03
jamielennoxncoghlan: i think this is the one where python-ldap now works on py3 they just haven't done a release in a year03:03
stevemardolphm, i'm referring to line 86 here03:04
stevemarhttps://review.openstack.org/#/c/110542/37/keystone/contrib/federation/idp.py03:04
dolphmstevemar: so am i03:04
dolphmstevemar: put a blank line after L8603:04
stevemardolphm, oh that's it?03:05
jamielennoxncoghlan: but essentially a bigger issue is paste and eventlet, there's not much point worrying about the rest of them  until that works03:05
stevemarbut you said it's redundant03:05
dolphmstevemar: that's all that's necessary for the next version of hacking, yeah03:05
dolphmstevemar: L86 is redundant with the method name -- it doesn't add any information for me03:05
stevemargotcha03:05
*** alex_xu has joined #openstack-keystone03:06
stevemardolphm,  "Create an object that represents a SAML Status" << ?03:06
dolphmstevemar: what's a saml status?03:07
dolphmstevemar: but yes, that's much better :)03:07
* dolphm heads to bed03:07
stevemarit's a valid saml tag03:07
stevemaralright, go to beds03:07
ncoghlanjamielennox: yeah, I saw the thread on the python-ldap mailing list. It just kinda trailed of with "there's a patch, dunno if it will get merged"03:08
jamielennoxncoghlan: i had a github issue against it but i can't find it now03:09
jamielennoxi don't know if anyone is doing anything with that repo - as i said it's been a long time since a release03:10
*** chandankumar has joined #openstack-keystone03:11
jamielennoxwhy won't github show me all the issues i've been involved in ....03:11
*** morganfainberg_Z is now known as morganfainberg03:15
morganfainbergwheeeee. 'reheck'03:16
*** mfisch has quit IRC03:19
*** mfisch has joined #openstack-keystone03:20
*** mfisch has quit IRC03:20
*** mfisch has joined #openstack-keystone03:20
ncoghlanjamielennox: no worries - just came across python3-ldap in a different context, and became curious03:20
*** chandankumar has quit IRC03:25
*** stevemar has quit IRC03:36
*** stevemar has joined #openstack-keystone03:36
*** alex_xu has quit IRC03:39
*** alex_xu has joined #openstack-keystone03:42
openstackgerritBob Thyne proposed a change to openstack/keystone: Implementation of Endpoint Grouping  https://review.openstack.org/11194903:54
*** jimhoagland has joined #openstack-keystone03:55
jamielennoxso i thought cinderclient just went right ahead and converted to using the session with no tests at all - not true, they did the shell so it's tested by jenkins03:59
*** bobt has quit IRC04:05
morganfainberglol04:10
morganfainbergjamielennox, so... does it ... work?04:10
jamielennoxwell i guess it passes gate04:10
morganfainbergyeaaaah04:11
morganfainbergdunno if that qualifies as "working"04:11
jamielennoxjust means i can't run the unit tests and know i broke something04:11
morganfainbergheh04:12
jamielennoxit's slightly better than when i though they checked it in without any tests at all i guess04:12
*** chandankumar has joined #openstack-keystone04:14
jamielennoxbut i removed the 'authenticate()' function and the unit tests never bothered to tell me there was a problem04:17
morganfainbergsounds ... annoying04:19
*** amirosh has joined #openstack-keystone04:21
*** amirosh has quit IRC04:24
*** amirosh has joined #openstack-keystone04:25
openstackgerritBrad Topol proposed a change to openstack/keystone: Add audit support to keystone federation  https://review.openstack.org/11433704:26
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not load auth plugins by class in tests  https://review.openstack.org/11706204:29
*** amirosh has quit IRC04:30
*** chandankumar has quit IRC04:32
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not load auth plugins by class in tests  https://review.openstack.org/11706204:32
*** shakamunyi has joined #openstack-keystone04:39
*** ncoghlan is now known as ncoghlan_afk04:58
*** ncoghlan_afk is now known as ncoghlan04:58
*** shakamunyi has quit IRC04:58
*** chandankumar has joined #openstack-keystone05:01
*** alex_xu has quit IRC05:01
*** chandankumar has quit IRC05:08
*** xianghui has quit IRC05:09
*** ncoghlan is now known as ncoghlan_afk05:13
*** chandankumar has joined #openstack-keystone05:15
*** xianghui has joined #openstack-keystone05:16
openstackgerritBrad Topol proposed a change to openstack/keystone: Add audit support to keystone federation  https://review.openstack.org/11433705:16
*** jimhoagland has quit IRC05:16
*** jimhoagland has joined #openstack-keystone05:19
*** chandankumar has quit IRC05:21
*** chandankumar has joined #openstack-keystone05:22
*** henrynash has joined #openstack-keystone05:26
*** andreaf has joined #openstack-keystone05:42
*** ncoghlan_afk is now known as ncoghlan05:44
*** ncoghlan_ has joined #openstack-keystone05:47
*** jamielennox has quit IRC05:48
*** ncoghlan__ has joined #openstack-keystone05:48
*** jamielennox has joined #openstack-keystone05:48
*** jaosorior has joined #openstack-keystone05:49
*** jamielennox has quit IRC05:50
*** jamielennox has joined #openstack-keystone05:50
*** ncoghlan_ has quit IRC05:52
*** ncoghlan has quit IRC05:52
*** ncoghlan__ has quit IRC05:54
*** chandankumar has quit IRC05:56
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Test cleanup: do not leak FDs during test runs  https://review.openstack.org/11769206:03
*** jimhoagland has quit IRC06:05
morganfainbergstevemar, ^06:06
morganfainberg:P06:06
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/11192006:06
stevemarha06:06
stevemarmorganfainberg, thanks :)06:07
morganfainbergstevemar also06:07
morganfainbergyou might want: https://github.com/openstack/keystone/blob/master/keystone/openstack/common/fileutils.py#L122-L14606:08
stevemar................06:08
morganfainbergstevemar, so fileutils.write_to_tempfile(assertion.to_string())06:08
morganfainbergi mean...06:08
stevemaryeah, i know what you mean06:08
stevemari had no idea it was there06:08
henrynashmorganfainberg: hi…did you do the cleanup of the database migrations (i.e. creation of 034_havana)?06:08
stevemarhenrynash, bknudson did06:09
morganfainberghenrynash, i did the squash, brant moves us backed to 034 as the base06:09
morganfainbergbecause there was a bug that 034 existed at havana release, but 035 and 036 were added during havana06:09
morganfainberghenrynash, running into an issue?06:09
henrynashanyone tested this outside of sqllite?  can’t seem to make it work on either mysql or postres06:10
henrynashdo we do that in tempest….surely we must?06:10
morganfainberghenrynash, upgrade or clean devstack06:10
morganfainbergbecause i'm sure it works in mysql on devstack06:10
morganfainbergi just stood one up earlier today06:10
henrynashjust runing test_sql_migration06:10
morganfainbergtest_sql_migration might be wonky outside of sqlite. we dont' do live tests in gate (i do plan on fixing that either this cycle post FF or kilo)06:11
*** rushiagr_away has quit IRC06:11
henrynashI don’t quite see how with everythineg squashed into 34, how we can delete, say, the domain table in teardown, since ther are other (initial) tables with FK to it06:12
morganfainbergyou shouldn't ever try and downgrade below havana06:12
morganfainbergso we might have a bug in that testcase then06:12
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Test cleanup: do not leak FDs during test runs  https://review.openstack.org/11769206:13
*** rushiagr_away has joined #openstack-keystone06:13
henrynashmaybe…everytest cases will tear the Db down I think, which tries to delte all teh tables…maybe it shouldn’t…ok, at least I know now that I’m not going mad06:14
morganfainbergyeah06:14
morganfainbergprobably an easy fix06:14
*** amirosh has joined #openstack-keystone06:14
morganfainberghenrynash, this test_sql_upgrade? or test_sql_livetests? or?06:15
henrynashtest_sql_upgrdade06:15
morganfainbergright ok06:16
henrynashahhh…is that actually supported outside sqllte?06:16
morganfainbergif you use test_sql_livetest it should be06:16
* morganfainberg dislikes sqlite a lot06:17
morganfainbergthere is talk about moving to functional tests in-tree. i think we're mostly there with the way we do things, but we should move away from sqlite where we can (but it'll slow testing down)06:18
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054206:19
henrynashah, think taht’s my problme - i was running test_sql_upgrade directly06:19
*** gokrokve has quit IRC06:19
morganfainbergstevemar, you *probably* still want a try/except IOError finally06:20
morganfainbergstevemar, popen can ioerror i think, and so can mkstemp even from the fileutils function06:20
morganfainbergand i'm not sure but i think os.unlink doesn't error if a file is missing but os.remove does?06:21
morganfainbergnvm still errors06:21
morganfainbergdo you probably need a try/except in the finally block *omg*06:21
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Create SAML generation route and controller  https://review.openstack.org/11413806:22
stevemarsec, just rebasing06:22
morganfainberg++06:22
morganfainberghenrynash, there might be some assumptions in the test_sql_upgrade that we have a clean schema each time06:23
morganfainbergwhich *may* not be the case in mysql06:23
morganfainberghenrynash, which sounds like what you're running up against06:23
stevemarmorganfainberg, why is it taking so long for your patches to land :(06:24
henrynashI think it expects to unwind teh DB to clean after everytest06:24
morganfainberghenrynash, yeah06:24
morganfainberghenrynash, sqlite works because we just create a new one06:24
morganfainberghenrynash, should be *not-too-hard-to-fix* but annoying none-the-less06:24
henrynashand since we don’t have the downgrade steps to go below 034, there are FK constraints around and it fails to delete the tables06:24
morganfainbergjust need a cleanup step that does 'for table in db, drop'06:25
morganfainbergyeah.06:25
morganfainbergi think you can drop all tables in a single transaction and solve that.06:25
henrynashone that ignores FKs?06:25
*** chandankumar has joined #openstack-keystone06:25
morganfainbergif you drop all tables in a single transaction it might work, but there is a way to turn off FK constraints in at least mysql06:26
morganfainbergso it wouldn't be hard to do that, i'd need to look into pgsql and db206:26
morganfainbergfile a bug, ping me in the morning, i'll fix it unless you want to take it on :)06:26
stevemarmorganfainberg, http://paste.openstack.org/show/102224/06:28
morganfainbergstevemar, because "OMG TRANSIENT BUG"06:28
stevemarmorganfainberg, i think that's safest ^06:28
morganfainbergstevemar, http://paste.openstack.org/show/102225/06:28
morganfainbergunless you want to it to raise if something else swept up that file06:29
stevemartry:06:29
stevemar    os.remove(filename)06:29
stevemarexcept OSError:06:29
stevemar    pass06:29
*** rm_work|away is now known as rm_work06:33
*** henrynash has quit IRC06:42
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054206:44
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Create SAML generation route and controller  https://review.openstack.org/11413806:45
*** gokrokve has joined #openstack-keystone06:55
*** chandankumar has quit IRC06:55
*** jorge_munoz has joined #openstack-keystone06:56
*** jorge_munoz has quit IRC06:58
*** gokrokve has quit IRC07:00
*** jorge_munoz has joined #openstack-keystone07:08
*** jorge_munoz has quit IRC07:08
*** bvandenh has joined #openstack-keystone07:10
*** stevemar has quit IRC07:16
*** andreaf has quit IRC07:18
*** andreaf has joined #openstack-keystone07:18
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make keystoneclient use an adapter  https://review.openstack.org/9768107:24
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make tests run against original client and session  https://review.openstack.org/11708907:24
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Expose auth methods on the adapter  https://review.openstack.org/11770907:24
*** andreaf_ has joined #openstack-keystone07:26
*** andreaf has quit IRC07:30
*** jorge_munoz has joined #openstack-keystone07:30
*** henrynash has joined #openstack-keystone07:36
*** cjellick has quit IRC07:40
*** cjellick has joined #openstack-keystone07:41
openstackgerritBob Thyne proposed a change to openstack/keystone: Implementation of Endpoint Grouping  https://review.openstack.org/11194907:42
*** cjellick has quit IRC07:45
*** jamielennox is now known as jamielennox|away07:46
*** lsmola has joined #openstack-keystone07:54
*** gokrokve has joined #openstack-keystone07:56
*** jorge_munoz has quit IRC07:59
*** gokrokve has quit IRC08:01
*** jorge_munoz has joined #openstack-keystone08:08
openstackgerritRazumovsky Peter proposed a change to openstack/keystone: Add a simple module to work with filters and DNs to LDAP backend  https://review.openstack.org/11748408:08
*** jorge_munoz has quit IRC08:11
*** chandankumar has joined #openstack-keystone08:13
*** jorge_munoz has joined #openstack-keystone08:14
*** jorge_munoz has quit IRC08:15
*** jorge_munoz has joined #openstack-keystone08:18
*** jorge_munoz has quit IRC08:21
openstackgerritBob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping  https://review.openstack.org/11772308:41
*** topol has quit IRC08:49
openstackgerritBob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping  https://review.openstack.org/11772308:50
openstackgerritBob Thyne proposed a change to openstack/keystone: Implementation of Endpoint Grouping  https://review.openstack.org/11194908:55
*** alex_xu has joined #openstack-keystone08:55
*** gokrokve has joined #openstack-keystone08:56
*** rm_work is now known as rm_work|away08:58
*** gokrokve has quit IRC08:58
*** gokrokve has joined #openstack-keystone08:58
openstackgerrithenry-nash proposed a change to openstack/keystone: Add index for actor_id in assignments table.  https://review.openstack.org/11754109:00
*** gokrokve has quit IRC09:02
*** jorge_munoz has joined #openstack-keystone09:07
openstackgerrithenry-nash proposed a change to openstack/keystone: Add index for actor_id in assignments table.  https://review.openstack.org/11754109:07
*** chandankumar has quit IRC09:09
*** jorge_munoz has quit IRC09:10
*** chandankumar has joined #openstack-keystone09:11
*** jorge_munoz has joined #openstack-keystone09:14
*** andreaf_ has quit IRC09:16
*** bvandenh has quit IRC09:16
*** xianghui has quit IRC09:16
*** boris-42 has quit IRC09:16
*** toddnni has quit IRC09:16
*** dhellmann_ has quit IRC09:16
*** uvirtbot` has quit IRC09:16
*** dvorak has quit IRC09:16
*** XEye has quit IRC09:16
*** andreaf_ has joined #openstack-keystone09:17
*** bvandenh has joined #openstack-keystone09:17
*** xianghui has joined #openstack-keystone09:17
*** boris-42 has joined #openstack-keystone09:17
*** toddnni has joined #openstack-keystone09:17
*** dhellmann_ has joined #openstack-keystone09:17
*** uvirtbot` has joined #openstack-keystone09:17
*** dvorak has joined #openstack-keystone09:17
*** XEye has joined #openstack-keystone09:17
*** RicoLin has quit IRC09:17
*** notmyname has quit IRC09:17
*** medberry has quit IRC09:17
*** grantbow has quit IRC09:17
*** jorge_munoz has quit IRC09:20
*** RicoLin has joined #openstack-keystone09:30
*** notmyname has joined #openstack-keystone09:30
*** grantbow has joined #openstack-keystone09:30
*** aix has joined #openstack-keystone09:40
*** anteaya has quit IRC09:46
*** samuelmz_ has joined #openstack-keystone09:47
*** anteaya has joined #openstack-keystone09:47
*** marzif_ has joined #openstack-keystone09:48
*** andreaf has joined #openstack-keystone09:49
*** mhu1 has joined #openstack-keystone09:50
*** samuelmz has quit IRC09:50
*** marzif has quit IRC09:50
*** mhu has quit IRC09:50
*** d34dh0r53 has quit IRC09:50
*** mhu1 is now known as mhu09:50
*** russellb has quit IRC09:51
*** russellb has joined #openstack-keystone09:51
*** comstud has quit IRC09:51
*** andreaf_ has quit IRC09:51
*** d34dh0r53 has joined #openstack-keystone09:53
*** comstud has joined #openstack-keystone09:54
*** gokrokve has joined #openstack-keystone09:56
*** gus_ has joined #openstack-keystone09:57
*** zhiyan_ has joined #openstack-keystone09:58
*** vish1 has joined #openstack-keystone09:59
*** gokrokve has quit IRC10:01
openstackgerrithenry-nash proposed a change to openstack/keystone: Fix test_versions that is currently breaking pep8 in master.  https://review.openstack.org/11773210:01
openstackgerritRazumovsky Peter proposed a change to openstack/keystone: Add a simple module to work with filters and DNs to LDAP backend  https://review.openstack.org/11748410:01
*** EmilienM_ has joined #openstack-keystone10:01
*** rm_workz has joined #openstack-keystone10:02
*** rm_workz is now known as rm_work10:02
*** rm_work has joined #openstack-keystone10:02
*** mitz_ has joined #openstack-keystone10:03
*** sudorandom_ has joined #openstack-keystone10:03
openstackgerrithenry-nash proposed a change to openstack/keystone: Fix test_versions that is currently breaking pep8 in master.  https://review.openstack.org/11773210:04
XEyeGreetings! Are there any instructions or how-to about configuring Keystone to use LDAP backend? All I found is just a configuration file with comments - is it all documentation available? Thanks in advance :)10:06
*** swartulv has quit IRC10:09
*** zhiyan has quit IRC10:09
*** rm_work|away has quit IRC10:09
*** vishy has quit IRC10:09
*** jamiec has quit IRC10:09
*** marekd|away has quit IRC10:09
*** dobson has quit IRC10:09
*** sudorandom has quit IRC10:09
*** mitz- has quit IRC10:09
*** gus has quit IRC10:09
*** EmilienM has quit IRC10:09
*** sudorandom_ is now known as sudorandom10:09
*** vish1 is now known as vishy10:09
*** EmilienM_ is now known as EmilienM10:10
*** jamiec has joined #openstack-keystone10:10
*** zhiyan_ is now known as zhiyan10:11
*** dobson has joined #openstack-keystone10:12
*** swartulv has joined #openstack-keystone10:12
*** marekd|away has joined #openstack-keystone10:15
*** wolsen_ has joined #openstack-keystone10:33
*** openstackgerrit has quit IRC10:34
*** bknudson has quit IRC10:34
*** wolsen has quit IRC10:34
*** topol has joined #openstack-keystone10:37
*** bknudson has joined #openstack-keystone10:40
*** openstackgerrit has joined #openstack-keystone10:40
*** boris-42 has quit IRC10:43
*** ctracey_ has joined #openstack-keystone10:51
*** alex_xu has quit IRC10:55
*** EmilienM has quit IRC10:55
*** ctracey has quit IRC10:56
*** EmilienM has joined #openstack-keystone10:56
*** gokrokve has joined #openstack-keystone10:56
*** alex_xu has joined #openstack-keystone10:57
*** ctracey_ is now known as ctracey11:00
*** gokrokve has quit IRC11:01
*** andreaf has quit IRC11:04
*** med_ has joined #openstack-keystone11:05
*** med_ has joined #openstack-keystone11:05
*** andreaf has joined #openstack-keystone11:05
*** Dafna has joined #openstack-keystone11:13
*** alex_xu has quit IRC11:19
openstackgerritA change was merged to openstack/keystone: Remove SAML2 plugin dependency on token_api  https://review.openstack.org/11501211:20
openstackgerritA change was merged to openstack/keystone: Mark methods on token_api deprecated  https://review.openstack.org/11534711:20
openstackgerritA change was merged to openstack/keystone: Add extra guarding to revoke_by_audit_id methods  https://review.openstack.org/11514711:20
*** bambam1 has quit IRC11:22
*** bambam1 has joined #openstack-keystone11:22
openstackgerritA change was merged to openstack/keystone: Make persistence manager in token_provider_api private  https://review.openstack.org/11696111:22
openstackgerritA change was merged to openstack/keystone: Update tests to not use token_api  https://review.openstack.org/11696211:24
openstackgerritA change was merged to openstack/keystone: Notification cleanup: namespace actions  https://review.openstack.org/11733011:24
openstackgerritA change was merged to openstack/keystone: Comments to docstrings for notification emit methods  https://review.openstack.org/11733111:24
*** Jean-Daniel1 has quit IRC11:27
*** Jean-Daniel has joined #openstack-keystone11:28
*** gmurphy has quit IRC11:30
*** chandankumar has quit IRC11:32
*** gmurphy has joined #openstack-keystone11:33
*** chandankumar has joined #openstack-keystone11:44
openstackgerritMarcos Fermín Lobo proposed a change to openstack/keystone: Add information regarding HTTPS for SSL enabled endpoints  https://review.openstack.org/9554511:44
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make keystoneclient use an adapter  https://review.openstack.org/9768111:46
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Make tests run against original client and session  https://review.openstack.org/11708911:46
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Expose auth methods on the adapter  https://review.openstack.org/11770911:46
*** diegows has joined #openstack-keystone11:48
*** gokrokve has joined #openstack-keystone11:56
*** gokrokve has quit IRC12:01
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on Assignment V3 API  https://review.openstack.org/8648412:03
*** topol has quit IRC12:11
*** HenryG has joined #openstack-keystone12:12
*** alexander has joined #openstack-keystone12:14
*** alexander is now known as Guest5196012:14
*** Guest51960 has quit IRC12:14
*** XEye has quit IRC12:15
*** Xeye has joined #openstack-keystone12:16
*** Xeye is now known as XEye12:16
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on the Catalog V3 API  https://review.openstack.org/9626612:21
openstackgerritRodrigo Duarte proposed a change to openstack/keystone: Add index for actor_id in assignments table.  https://review.openstack.org/11754112:43
*** chandankumar has quit IRC12:49
*** kleini has joined #openstack-keystone12:54
*** radez_g0n3 is now known as radez12:54
kleiniI am trying to test keystone Juno and have LDAP for default domain and SQL for the heat domain. furthermore I want to store roles, projects and so on in SQL. I configured assignment storage in SQL. Now I am encountering the problem that keystone searches for roles in LDAP. Do you have any idea, what is configured wrong?12:56
*** gokrokve has joined #openstack-keystone12:56
kleiniThe same setup works with keystone Icehouse12:56
*** zzzeek has joined #openstack-keystone12:56
*** joesavak has joined #openstack-keystone12:58
*** richm has joined #openstack-keystone13:00
*** gokrokve has quit IRC13:01
*** jaosorior has quit IRC13:02
*** russellb is now known as rustlebee13:09
openstackgerritLance Bragstad proposed a change to openstack/keystone: Adds tests that show how update with validation works  https://review.openstack.org/11695413:15
*** bknudson has quit IRC13:24
*** jimhoagland has joined #openstack-keystone13:24
*** gordc has joined #openstack-keystone13:27
openstackgerritA change was merged to openstack/keystone: Add commas for ease of maintenance  https://review.openstack.org/11733213:27
*** topol has joined #openstack-keystone13:40
*** thiagop has joined #openstack-keystone13:43
dolphmraildo: the branch is now available https://github.com/openstack/keystone/tree/feature/hierarchical-multitenancy13:49
raildodolphm: Great! Thank you13:50
*** r-daneel has joined #openstack-keystone13:52
*** bvandenh has quit IRC13:52
*** gokrokve has joined #openstack-keystone13:56
*** gokrokve has quit IRC14:01
*** cjellick has joined #openstack-keystone14:01
*** bknudson has joined #openstack-keystone14:02
*** ukalifon1 has joined #openstack-keystone14:18
*** alex_xu has joined #openstack-keystone14:21
*** jimhoagland has quit IRC14:21
openstackgerritBob Thyne proposed a change to openstack/keystone: Add delete notification to endpoint grouping  https://review.openstack.org/11772314:25
henrynashkleini: you want to make sure you set the assignment driver to sql explicitely…since by default it will follow the one you have for identity (in the main config file)14:33
*** david-lyle has joined #openstack-keystone14:34
*** david-lyle has quit IRC14:34
*** david-lyle has joined #openstack-keystone14:35
*** ukalifon1 has quit IRC14:37
*** david-lyle has quit IRC14:38
*** gokrokve has joined #openstack-keystone14:38
*** stevemar has joined #openstack-keystone14:38
kleinihenrynash: is14:40
kleini[assignment]14:40
kleinidriver=keystone.assignment.backends.sql.Assignment14:40
kleinisufficient?14:40
*** amirosh has quit IRC14:40
henrynashkleini: that should be ok14:40
kleiniso, it does not work within keystone Juno14:41
openstackgerrithenry-nash proposed a change to openstack/keystone: Mark the trust kvs backend deprecated, for removal in Kilo  https://review.openstack.org/11780414:42
kleinihenrynash: do you have any advice, what I can check/change regarding the wrong search for a role?14:43
henrynashkleini: hold on..back in a sec14:46
openstackgerrithenry-nash proposed a change to openstack/keystone: Mark the trust kvs backend deprecated, for removal in Kilo  https://review.openstack.org/11780414:48
henrynashkleini: ok, back…14:48
stevemarbknudson, dstanek https://review.openstack.org/#/c/111920/ << request from doc team to merge translations sooner rather than later14:48
dstanekstevemar: there nothing to check for this right?14:49
henrynashkleini: so when you say “it searches for roles in LDAP”….how does this manifets itself?14:49
bknudsondid we ever go through and do the _LI, _LW, etc?14:49
dstanekbknudson: no14:49
bknudsonis there a translation cutoff?14:50
dstanekIs the _LI, etc. needed?14:50
*** alex_xu has quit IRC14:50
bknudsonit's not needed, but if we do it now it's going to change all these.14:50
dstaneki doubt we'll get it dont and reviewed by the FF14:51
*** andreaf has quit IRC14:51
bknudsonit's not a feature14:51
kleinihenrynash: https://bugs.launchpad.net/keystone/+bug/1362678/comments/514:51
uvirtbot`Launchpad bug 1362678 in keystone "multi-domain has problems with LDAP identity on default domain" [Undecided,New]14:51
dstanekno, but when do they cut a tag/brach or whatever14:51
*** andreaf has joined #openstack-keystone14:51
kleinihenrynash: keystone tells me, it can not find the role with identifier abc14:51
bknudsondstanek: I went through 111920 and didn't see any probs14:52
dstanekbknudson: same here14:53
bknudsonI think someone proposed the change to use _LI, etc...14:53
kleinihenrynash: I traced SQL traffic and saw, roles are read from SQL: SELECT role.id AS role_id, role.name AS role_name, role.extra AS role_extra FROM role. but later the identifier of the role heat_stack_owner is tried to resolve in LDAP 8dc819df55184eba8552949788a49b7714:54
*** lsmola has quit IRC14:54
kleinihmm, will try to give the user that role. maybe that helps14:54
dstanekbknudson: for at least some https://review.openstack.org/#/c/9538114:54
mflobokleini, I've reported a similar issue https://bugs.launchpad.net/keystone/+bug/136218114:54
uvirtbot`Launchpad bug 1362181 in keystone "Multi-domain has problems with domain drivers" [Undecided,Incomplete]14:54
dstanekbut that needs to be revised14:54
bknudsondstanek: do you have time to rebase it?14:55
dstanekbknudson: yeah14:55
bknudsonthere's also https://review.openstack.org/#/c/93013/9 (no debug logs), and https://review.openstack.org/#/c/94184/ (more xlations)14:57
*** wwriverrat has quit IRC14:59
henrynashkleini, mflobo: ok, im going have to take a detailed look at what’s going on….I’nm baclked up today, but will get to it asap (probably over the weekend)14:59
kleiniI will post my results in my bug report15:00
kleiniI added the role heat_stack_owner to the user creating stacks and now it seems to work15:00
kleiniit does not search anymore for the role identifier in LDAP15:00
*** jimhoagland has joined #openstack-keystone15:00
mflobohenrynash, thanks, I'll still work on it. If I find something, I'll report it15:03
lbragstadtopol: might need a rebase here? https://review.openstack.org/#/c/114337/15:03
*** david-lyle has joined #openstack-keystone15:03
topollbragstad, BIG TIME!  working on it now.  Morgan!!!!! did it to me 3 times :-)15:04
topolmorganfainberg--^15:04
*** cjellick has quit IRC15:09
*** lsmola has joined #openstack-keystone15:09
*** PsionTheory has joined #openstack-keystone15:10
*** cjellick has joined #openstack-keystone15:13
*** zzzeek has quit IRC15:22
openstackgerritLance Bragstad proposed a change to openstack/keystone: Adds tests that show how update with validation works  https://review.openstack.org/11695415:22
*** zzzeek has joined #openstack-keystone15:24
*** shakamunyi has joined #openstack-keystone15:25
dstanekbknudson: ha, we can chat here instead of on the review!15:32
dstanekbknudson: i agree about the error code, but right now it is what it is :-(15:32
bknudsonwe don't need to use it for new code15:32
bknudsoncreate a TheRealValidationError and use that15:33
dstanekis it now backward compatible to swap error codes?15:33
dstanekthat would be idea so we don't have to remember which ones are different15:34
bknudsonhttps://wiki.openstack.org/wiki/APIChangeGuidelines#Generally_Not_Acceptable15:34
dstanekoh, good then no!15:35
*** wwriverrat has joined #openstack-keystone15:35
*** gokrokve has quit IRC15:35
dstanekthere is a lot of debate in the rest community over 400 vs 40315:35
bknudsonthere's no guideline there for changing the error code that's returned15:35
bknudson"Changing an error response code to be more accurate" is in the generally considered OK category15:36
dstanekah, yes....i was answering myself as if i said 'if is wrong to swap errors codes'15:36
bknudsonthe debate is silly. The status codes are too coarse grained to be useful anyways.15:37
dstanekfor the 400 some people wonder about the definition of malformed (is it only structural or can it also be bad data)15:37
bknudsonyou need an error document with more information to be useful15:37
dstanekfor the 403 people complain that the spec says that the request shouldn't be sent again15:37
bknudsony, it's not going to do any good to send the same request again, it'll fail15:37
bknudsonit'll always 403 if you don't have a name for a user.15:38
dstanekbut a 400 (i'm pretty sure) says fix and try againg - 403 says don't try again15:38
dstaneki'm happy with either just because it tells the client that they messed up vs. our 500s right now15:39
dstanekor 404s in some cases15:39
bknudsonI don't think a 403 means you can't ever talk to the server again.15:40
*** gokrokve has joined #openstack-keystone15:41
*** wwriverrat has left #openstack-keystone15:41
openstackgerritBrad Topol proposed a change to openstack/keystone: Add audit support to keystone federation  https://review.openstack.org/11433715:41
topolmorganfainberg I assume token_ref.audit_id is meant for me to use?? Wanted to talk to you before I plug itin15:43
bknudsontopol: audit_id can be used all over.15:46
bknudsonlogs15:46
bknudsonrevocation lists15:46
topolbknudson, in the cadf I should replace token_id  in the record with token_ref.audit_id correct?15:46
bknudsontopol: yes!!!15:47
topolbknudson, I caught that all byt myself. I swear15:47
bknudsonwe shouldn't be using token ids anywhere it's not required15:47
topolbknudson +++15:48
openstackgerritLance Bragstad proposed a change to openstack/keystone: Adds tests that show how update with validation works  https://review.openstack.org/11695415:48
openstackgerritLance Bragstad proposed a change to openstack/keystone: Implement validation on Assignment V3 API  https://review.openstack.org/8648415:49
openstackgerritLance Bragstad proposed a change to openstack/keystone: Add string id type validation  https://review.openstack.org/10886215:49
henrynashKanagarajM: ping15:52
*** kleini has left #openstack-keystone15:55
dstanekdolphm: ping15:57
dolphmdstanek: le pong15:57
dolphm#practicefrenchforparis15:57
dstanekdolphm: i fixed up that null description in region thing. just wanted to confirm that you want None's treated as empty strings there?15:58
openstackgerritBrad Topol proposed a change to openstack/keystone: Add audit support to keystone federation  https://review.openstack.org/11433715:58
lbragstadoui15:58
lbragstadoui oui!15:58
dstanekit is optional, but i just wante to double check15:59
dolphmdstanek: ++15:59
dstanekdolphm: cool, i found a bug in the create and update related to that - just have to submit a bug report so i can push my change15:59
dolphmdstanek: ack16:01
morganfainbergomg... things... merged16:02
dstanekthe list is getting shorter!16:02
topolmorganfainberg token_model.KeystoneToken is awesome except for the rebase you caused me... AGAIN16:03
dstanekdolphm: actually it's the other side of this bug https://bugs.launchpad.net/keystone/+bug/128497216:03
uvirtbot`Launchpad bug 1284972 in keystone "Creating a region using V3 api fails in backend code when missing description" [High,Fix released]16:03
morganfainbergtopol, LOL16:03
*** gokrokve has quit IRC16:03
*** saipandi has joined #openstack-keystone16:03
*** gokrokve has joined #openstack-keystone16:04
topolmorganfainberg, I used token_ref.audit_id in the CADF record instead of token_id16:04
morganfainbergtopol, ++++++++16:04
morganfainbergtopol, that is *exactly* what it is meant to be used for16:04
topolmorganfainberg but I did not use audit_chain for anything. did I fail my final exam?16:04
morganfainbergtopol, nah16:04
morganfainbergtopol, audit_chain is mostly un-used but there for future proofing16:05
topolmorganfainberg if you can look at https://review.openstack.org/114337 to keep me and my nasty rebase honest it would be much appreciated16:05
*** r-daneel has quit IRC16:06
morganfainbergtopol, looking now16:07
topolmorganfainberg but  token_model.KeystoneToken is awesome.16:07
topolmorganfainberg I was gonna jump ship and start contributing to Trove, but  token_model.KeystoneToken  makes life so much better I think I'll stay :-)16:08
morganfainbergtopol, lol16:08
*** saipandi has quit IRC16:08
*** gokrokve has quit IRC16:08
morganfainbergtopol, a follow up patch to change token_ref['user']['id'] to token_ref.user_id would be perfect but otherwise LGTM16:10
topolmorganfainberg, K makes sense16:11
topolhappy to do itin a follow up patch16:11
morganfainbergtopol, yep +2 on your notification patch16:11
topolmorganfainberg, THANKS16:12
*** f13o has quit IRC16:12
morganfainberghenrynash did that live test work for you?16:13
henrynashmorgainfaingerq: no..fails teh same way16:13
henrynashmorganfainberg: I tried teh simple thing of setting contraints checks to zero in teardown16:14
morganfainbergah16:14
henrynashmorgainfainberg: and that improved it but didn’t solve it , oddle16:14
henrynashoddly16:14
morganfainbergyeah ok. so we need some more smarts in there16:14
henrynashmorgainfainberg: I was trying to write something that read all the constraints and dropped them one by one…but had trouble getting it right… I Guess fall back is we add the fk constrainsts to the big table in 034 and drop them on down grade?16:15
morganfainberghenrynash, well except we don't want to support a downgrade below 034, it's *scary*16:16
henrynashmorgainfainberg: oh, I agree16:16
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Create SAML generation route and controller  https://review.openstack.org/11413816:16
henrynashmorganfainberg: I guess we could use that table in teardown to kill the FKs?16:17
morganfainberghenrynash, i think the solution is a smart cleanup or a per-test schema builder16:17
morganfainberghenrynash, doing schema introspection and dropping constraints is kinda ugly. but doable16:18
morganfainberghenrynash, it's something we need to look at fixing anyway if we want to run the test suite against a real DB (on my long list of things to do)16:19
henrynashmorganfainberg: agrred16:19
bknudsonI've run the test suite against db2 before, when I was working on initial support16:19
*** XEye has quit IRC16:20
bknudsonthe issues were typically related to hardcoded sql rather than using sqlalchemy to build the statement16:20
morganfainbergbknudson, i actually want to be able to do it as part of Gate.16:20
bknudsonit took a long time.16:20
bknudsonthat would slow things down.16:20
morganfainbergall of our restful tests are pretty much what the qa folks have been taking about when it comes to in-tree functional16:21
bknudsonmorganfainberg: that's what I was thinking too16:21
morganfainbergit would be solid to have all of that able to run against mysql or postgres (not just sqlite).16:21
bknudsonmorganfainberg: but it's easier for us in keystone since we don't need a keystone server running.16:22
morganfainbergsure.16:22
morganfainbergwe technically run keystone just locally.16:22
morganfainberga chunk of those tests could be done sharing a single keystone though, just requires changing what we're looking for (probably user/project isolation) rather than complete new schema16:23
henrynashmorganfainberq: I’m needing to test it since I’m trying to test a potential issue of clasing PK when we reduce column size….whicih I think will work in sqllite, but not in the others16:23
morganfainbergand better *cleanup* of each setup16:23
henrynashmorganfainberq: (I mean - which won’t error with sqllite, but is likely to on the others)16:24
morganfainberghenrynash, right16:24
openstackgerritDavid Stanek proposed a change to openstack/keystone: region.description is optional and be null  https://review.openstack.org/11761116:26
*** marcoemorais has joined #openstack-keystone16:27
openstackgerritDavid Stanek proposed a change to openstack/keystone: region.description is optional and be null  https://review.openstack.org/11761116:29
bknudsondstanek: string freeze is 9/4: https://wiki.openstack.org/wiki/Juno_Release_Schedule16:29
openstackgerritDavid Stanek proposed a change to openstack/keystone: region.description is optional and can be null  https://review.openstack.org/11761116:32
dstanekbknudson: halfway through rebasing that patch now - i think every file had a conflict16:32
*** marcoemorais has quit IRC16:33
*** marcoemorais has joined #openstack-keystone16:34
morganfainbergdstanek, :(16:34
dstanekmorganfainberg: ?16:34
morganfainbergdstanek, tons to rebase conflicts, sorry i feel your pain16:34
bknudsonthat change was proposed 2 months ago, I think.16:34
dstanekmorganfainberg: ah, yes.16:35
dstanekbknudson: last time it was modified was June 216:35
*** gyee has joined #openstack-keystone16:36
*** Dafna has quit IRC16:36
morganfainbergdolphm, i don't know why your conf generation isn't working on OS X, it works fine for me :(16:36
*** pabelanger has joined #openstack-keystone16:38
pabelangermoreing16:38
pabelangermorning*16:38
pabelangeranybody else having some issues with python-keystoneclient and the new requests 2.4.0 release?16:39
pabelangerspecifically, error handling messages have changed16:39
* morganfainberg loves stable interfaces on minor point releases in 3rd party libararies.16:40
morganfainbergpabelanger, what kind of issues is that raising?16:40
dstanekbknudson: why are the hints (_LI, etc) not defined in oslo.i18n?16:40
pabelangerFor example running: /usr/local/bin/keystone --os-token=ADMIN --os-endpoint http://127.0.0.1:35357/v2.0/ service-list if keystone is not ready16:41
pabelangerrequests 2.3.0 = Unable to establish connection to http://127.0.0.1:35357/v2.0/OS-KSADM/services16:41
pabelangerrequests 2.4.0 = ('Connection aborted.', error(111, 'Connection refused'))16:41
bknudsondstanek: they don't know what translator you want.16:42
pabelangermorganfainberg, see example above16:42
morganfainbergpabelanger, ok less friendly message but it's not breaking things.16:42
bknudsondstanek: we have to create a translator that specifies the keystone domain16:42
pabelangermorganfainberg, well, for me, it breaks puppet-keystone16:42
bknudsondstanek: oslo.i18n doesn't know what domain the request is for.16:42
morganfainbergpabelanger, sure. puppet is looking for specific output? not a return code?16:43
pabelangerbut I don't think anything directly related to other openstack projects is affected16:43
bknudsondstanek: when we used oslo-incubator it knew because the script to copy the file over changed "oslo" to "keystone"16:43
pabelangermorganfainberg, Ya, the module parses the return message, not code16:43
morganfainbergpabelanger, ick!16:43
pabelangermorganfainberg, indeed16:43
morganfainbergpabelanger, i think that is broken behavior on the puppet module :P16:44
bknudsondstanek: I don't think anything should be using oslo.i18n except keystone.i18n.16:44
pabelangermorganfainberg, could be argued that error messages are breakage.  But, ya.   Could be fixed in both16:45
morganfainbergpabelanger, well if we just let the error message from requests fall through, then it's not really our message. i haven't looked at that in a bit16:45
*** lsmola has quit IRC16:45
pabelangermorganfainberg, Ya, it looks to be a new exception in requests that keystoneclient is not away of16:46
pabelangerI'm assuming, at some point, keystoneclient would trap the error and reformat it16:46
morganfainbergpabelanger, looking now16:46
morganfainbergyeah the exception must have changed16:47
morganfainberghttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/session.py#L348-L35016:47
pabelangermorganfainberg, https://github.com/kennethreitz/requests/commit/811ee4eb5d9edba50a62b906420dec8e079532ae16:47
pabelangeris the commit that adds it16:47
*** gokrokve has joined #openstack-keystone16:49
morganfainbergpabelanger, ugh.16:50
morganfainbergoookay i see the fix. we need16:50
morganfainbergwow, this is kind of sloppy16:50
morganfainbergpabelanger, mind filing a but for me at bugs.launchpad.net/python-keystoneclient16:51
morganfainbergs/but/bug16:51
pabelangermorganfainberg, ya, working on it16:51
morganfainberg?16:51
pabelangermorganfainberg, sorry, the bug report16:52
morganfainbergpabelanger, no worries.16:52
morganfainbergpabelanger, i think i have a fix ready just running tests. and let me know the bug number when you're ready16:57
pabelangermorganfainberg, bug 136317917:02
uvirtbot`Launchpad bug 1363179 in python-keystoneclient "requests 2.4.0 adds 'Connection aborted' error message when unable to establish connection" [Undecided,New] https://launchpad.net/bugs/136317917:02
*** nkinder has quit IRC17:02
morganfainbergoh boy this is actually worse than i thought, they changed how all of this worked17:06
dstanekmorganfainberg: what's that?17:06
morganfainbergdstanek, requests 2.4.017:06
morganfainbergdstanek, they restructured a ton of things and broke keystoneclient's error capturing17:07
morganfainbergactually looks like they also busted our unit tests badly17:07
dstanekmorganfainberg: were we relying on internals or did they change interfaces?17:07
morganfainbergbascially they "changed" from raising a simple ConnectionError to raising a ProtocolError and moved to urllib 1.917:07
morganfainbergdstanek, they changed the exception handling and the underlying urllib in a minor point patch.17:08
dstanekthat's not nice17:08
morganfainbergno17:08
morganfainberg^ that bug is the result, but it's not a simple fix, urllib is now complaining it can't detect if the FP is closed in our unit tests (might be a lacking in the requests mock lib17:09
morganfainbergin one of our tests that is. the rest seem "ok"17:09
*** marcoemorais has quit IRC17:11
*** marcoemorais has joined #openstack-keystone17:12
*** rustlebee is now known as russellb17:14
*** harlowja_away is now known as harlowja_17:15
*** Lordanat3 has joined #openstack-keystone17:19
morganfainbergdstanek, http://pasteraw.com/4x7qh64sq8gguw06101rjy6rtmkftpg :(17:20
*** chandankumar has joined #openstack-keystone17:20
*** marcoemorais has quit IRC17:21
*** Lordanat1 has quit IRC17:21
*** marcoemorais has joined #openstack-keystone17:21
*** saipandi has joined #openstack-keystone17:22
dstanekmorganfainberg: is that with your new fixture or in master?17:22
morganfainbergdstanek, master17:22
dstanekugg17:22
morganfainbergdstanek, you know let me make sure it's isn't an OSX ism17:23
morganfainbergdstanek, i *think* it's a legit failure, but....17:23
*** harlowja has joined #openstack-keystone17:24
morganfainbergdstanek, yep, master now fails.17:25
morganfainbergyay requests breaking tests for kystoneclient17:25
*** harlowja_ has quit IRC17:26
*** marcoemorais has quit IRC17:26
morganfainbergand with requests 2.3 it works17:26
morganfainbergok17:26
*** marcoemorais has joined #openstack-keystone17:26
morganfainbergso blah i'll keep hunting on this17:26
dstanekmorganfainberg: i don't know if this helps, but "sigmavirus24: i suspect it's either the 301 caching or connection keep-alive on by default"17:30
morganfainbergit might be17:30
morganfainbergdstanek, i'm going to breakfast, i let -infra know so if it starts exploding a lot of things besides ksc, they can wedge a pin in to <2.4 until post milestone17:34
morganfainbergdstanek, ill work on a fix unless someone beats me to it when i'm back from food.17:34
morganfainbergif it's only ksc exploding, it really is on us to fix it. (ksc and puppet) vs. needing a pin17:35
*** boris-42 has joined #openstack-keystone17:36
morganfainbergdstanek, went with High prio on this onehttps://bugs.launchpad.net/python-keystoneclient/+bug/1363179 or should it be critical?17:36
uvirtbot`Launchpad bug 1363179 in python-keystoneclient "requests 2.4.0 adds 'Connection aborted' error message when unable to establish connection" [High,Triaged]17:36
*** saipandi has quit IRC17:37
*** saipandi has joined #openstack-keystone17:38
dstanekmorganfainberg: high, is probably good enough - i'll start poking around in a few17:38
morganfainbergdstanek, thanks. infra is proposing a pin (WIP) patch so it's ready to go if things get ugly, but i *think* only affects KSC.17:38
morganfainbergor minimally other things17:39
*** grantbow has quit IRC17:54
*** grantbow has joined #openstack-keystone17:54
*** aix has quit IRC17:54
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054217:56
openstackgerritDavid Stanek proposed a change to openstack/keystone: add missing log hints for level C/E/I/W  https://review.openstack.org/9538117:57
*** andreaf_ has joined #openstack-keystone18:04
pabelangermorganfainberg, that is the work around I've done locally for my puppet manifests.18:04
*** andreaf has quit IRC18:05
*** amcrn has joined #openstack-keystone18:06
*** amirosh has joined #openstack-keystone18:24
henrynashdumb question….anyone know who how to easily test the length of a field return by sqlalchem?  i.e. i can’t seem to do len(region.id)...18:26
*** andreaf_ has quit IRC18:30
dstanekhenrynash: are you looking for the columns length or the data in a returned row?18:37
henrynashdstanek: yes…best I can come up with is len(str(region.id))18:38
dstanekhenrynash: region.id should be a unicode if you are looking for the length of the data in the DB18:38
dstanekwhat are you seeing it come back as?18:38
henrynashif i do len(region_.id) it says NoneType has no methof len()18:39
henrynash( or something liek that)18:39
dstanekhenrynash: if you are getting region from the database it should have an id - that's very strange18:40
henrynashso region.id is there…I just want teh length of the value….18:41
*** bambam1 has quit IRC18:41
henrynashso len(region.id) doesn’t seem to work18:41
dstanekis it not unicode for you?18:41
dstaneki just checked and i get a unicode value back18:41
*** bambam1 has joined #openstack-keystone18:42
henrynashi think it is unicode….since if I try somthing dump like region.id.length is says unicode type hasn’t got length, but then if i do len(region.id) it says NoneType doesn’t have len()18:43
henrynashweird18:43
henrynashlen(str(region.id)) seems to work, however….which I’m going with for now…but odd18:44
bknudsonhenrynash: you might want to ask zzzeek if he's around18:53
zzzeekim here18:53
*** amcrn has quit IRC18:55
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054218:57
*** chandankumar has quit IRC18:58
*** RicoLin has quit IRC19:04
*** sigmavirus24 has joined #openstack-keystone19:04
sigmavirus24morganfainberg: dstanek any luck tracking down what was going wrong in requests?19:05
*** saipandi has quit IRC19:11
*** chandankumar has joined #openstack-keystone19:12
bknudsonmorganfainberg: have you tried keystone-manage token_flush lately?19:16
*** saipandi has joined #openstack-keystone19:17
sigmavirus24morganfainberg: dstanek in case it wasn't obvious from the things I listed as possibilities I'm fairly confident this is the redirect cache that requests added in 2.4.019:22
openstackgerritRodrigo Duarte proposed a change to openstack/keystone: Improve list role assignments filters performance  https://review.openstack.org/11668219:26
dstaneksigmavirus24: i took a late lunch and just got back19:26
dstaneksigmavirus24: is there an easy way to turn it off?19:26
sigmavirus24we had discussed it and I'm forgetting19:27
sigmavirus24it's on the PR which I'm looking for19:27
*** amirosh has quit IRC19:29
*** amirosh has joined #openstack-keystone19:29
sigmavirus24https://github.com/kennethreitz/requests/pull/2095 is the relevant PR and https://github.com/kennethreitz/requests/pull/2095#issuecomment-45977320 was the solution19:30
*** andreaf has joined #openstack-keystone19:30
pabelangermorganfainberg, Looks like a bug has been reported upstream with requests: https://github.com/kennethreitz/requests/issues/219219:33
sigmavirus24ugh19:34
*** amirosh has quit IRC19:34
sigmavirus24Thanks for pointing that out pabelanger19:34
*** cjellick has quit IRC19:35
*** cjellick has joined #openstack-keystone19:35
*** chandankumar has quit IRC19:38
openstackgerritBrant Knudson proposed a change to openstack/keystone: Fix token flush fails with recursion depth exception  https://review.openstack.org/11786919:38
*** cjellick has quit IRC19:39
dstanekI'm not sure this is the same issue that I am seeing - i did the null session cache thing and i am still getting 'Unable to determine whether fp is closed'19:40
sigmavirus24hm19:41
sigmavirus24dstanek: can you get more detail in the stacktrace?19:45
dstaneksigmavirus24: this is a little bit more accurate http://paste.openstack.org/raw/102578/19:46
dstaneksomehow the Stream's _fp attribute is None when it shouldn't be19:46
sigmavirus24If you're mocking it out with fixtures though19:47
dstaneksigmavirus24: that's what i don't get yet. i'm not sure what jamielennox|away is actually mocking19:47
sigmavirus24yeah this level of mocking is making my head spin since I haven't dug into the clients much before19:48
openstackgerrithenry-nash proposed a change to openstack/keystone: Endpoint table is missing reference to region table  https://review.openstack.org/11318319:53
henrynashdolphm, dstanek: i have update the endpoint region patch (since it seemed to be lanquishing) - let me knwo if I missed anything (https://review.openstack.org/#/c/113183/)19:55
morganfainbergdstanek, back19:56
morganfainbergdstanek ah catching up on the scroll back19:57
dstanekmorganfainberg: for giggles, i'm converting to responses to see if that works better19:57
morganfainberglol19:57
morganfainbergdstanek, if it's easier we can have infra push the "pin this" and work to resolve the issue post milestone19:58
sigmavirus24morganfainberg: in all candor a bunch of requests endusers are going to be pinning to 2.3.019:59
dstanekmorganfainberg: that's probably a good idea19:59
morganfainbergsigmavirus24, that might be a good enough reason to do so for now.19:59
morganfainbergok19:59
*** diegows has quit IRC20:05
dolphmhenrynash: thank you!20:05
*** PsionTheory has quit IRC20:06
*** radez is now known as radez_g0n320:07
morganfainbergdstanek, hah, i just saw your recheck comment on a review i issued a recheck on after :P20:13
openstackgerrithenry-nash proposed a change to openstack/keystone: backend for policy endpoint extension  https://review.openstack.org/11536220:19
sigmavirus24dstanek: https://github.com/shazow/urllib3/blob/0cdc47e88141263717a173dd815e1756d1140a9f/urllib3/response.py#L255 is the line you're having trouble with. Requests streams every response at first and then caches it if stream=False on our end20:21
dstaneksigmavirus24: that's the line indeed20:21
sigmavirus24Whatever requests-mock/fixtures is doing to mock out the HTTPResponse would seem to be causing the problem20:22
dstanekself._fp is None when it gets there20:22
sigmavirus24It defaults to None https://github.com/shazow/urllib3/blob/0cdc47e88141263717a173dd815e1756d1140a9f/urllib3/response.py#L9020:22
openstackgerrithenry-nash proposed a change to openstack/keystone: Add index for actor_id in assignments table.  https://review.openstack.org/11754120:22
sigmavirus24If the body passed in has no read method it stays None20:22
bknudsonmorganfainberg: what is [token] driver supposed to be set to now? keystone.token.backends.sql.Token or keystone.token.persistence.backends.sql.Token ?20:22
dstaneksigmavirus24: that is my feeling as well, but i've bailed temporarily to focus on reviews that need to be done20:22
morganfainbergbknudson, the latter20:22
sigmavirus24Fix the body used in mocking, fix the regression20:22
sigmavirus24dstanek: where did you leave off (if anywhere)?20:23
morganfainbergbknudson, he backends.sql.Token is for compat so we don't break anyone20:23
dstaneksigmavirus24: i'd love revisit and see if we can use what already existed instead of inventing our own20:23
morganfainbergit just is effectively an alias to the .persistence one20:23
bknudsonmorganfainberg: devstack looks like it's using the former20:23
morganfainbergbknudson, ah need to fix that then in devstack.20:23
morganfainbergbknudson, easy fix thankfully20:24
openstackgerritguang-yee proposed a change to openstack/keystone: Use id attribute map for read-only LDAP  https://review.openstack.org/11765820:24
dstaneksigmavirus24: i was in the process of converting to use responses; not very far was working on getting the first test running20:24
morganfainbergbknudson, have a patch ready to go if you haven't pushed one yet20:25
bknudsonmorganfainberg: to devstack?20:26
morganfainbergyeah20:26
bknudsonmorganfainberg: I haven't been looking at it.20:26
morganfainbergbknudson, ok, i'll push it, it was a 3 line change20:26
sigmavirus24dstanek: I might just fix requests-mock20:26
bknudsonmorganfainberg: if the old value is supposed to work, it wasn't with token_flush for some reason.20:26
dstaneksigmavirus24: that would be great20:26
morganfainbergbknudson, huh,20:27
henrynashdolphm, dstanek: quick one to push through: https://review.openstack.org/#/c/117804/20:27
morganfainbergbknudson, ok i'll take a look at that, but it *should* work even with token_flush20:27
sigmavirus24I fortunately have a lot of experience mocking out HTTPResonse objects20:27
bknudsonmorganfainberg: bug 136322420:27
uvirtbot`Launchpad bug 1363224 in keystone "token_flush is failing with recursion depth error" [Undecided,In progress] https://launchpad.net/bugs/136322420:27
bknudsonand I proposed a fix: https://review.openstack.org/#/c/117869/20:27
morganfainbergbknudson, ah yeah20:28
morganfainbergbknudson, thanks! that looks like the correct fix.20:28
morganfainbergor probably should go through token_provider_api, but eh. that will work too20:28
bknudsonmorganfainberg: ok, thanks... I was seeing if I could write up a test.20:28
morganfainbergbknudson, yeah i think thats the best approach, not sure how to test it, but def. that fix looks good20:30
bknudsonit should be easy to call cli.TokenFlush.main()... not sure why it's proving difficult to recreate.20:30
morganfainbergbknudson, https://review.openstack.org/117878 for devstack fix20:31
*** saipandi has quit IRC20:38
*** raildo has left #openstack-keystone20:41
bknudsonthe debugger seems to make something weird happen when there's a stack recursion.20:47
*** arborism has joined #openstack-keystone20:53
*** shakamunyi has quit IRC20:58
dolphmhenrynash: have time for another patchset? only found a couple slightly-bigger-than-nits https://review.openstack.org/#/c/113183/21:01
henrynashdolphm: yep, already working on it21:01
openstackgerritBrant Knudson proposed a change to openstack/keystone: Fix token flush fails with recursion depth exception  https://review.openstack.org/11786921:03
*** marcoemorais has quit IRC21:03
*** marcoemorais has joined #openstack-keystone21:03
dolphmhenrynash: +A'd the trust kvs one21:05
henrynashdolphm: gerat21:05
openstackgerrithenry-nash proposed a change to openstack/keystone: Endpoint table is missing reference to region table  https://review.openstack.org/11318321:11
henrynashdolphm: new patch for: https://review.openstack.org/#/c/113183/21:11
*** gokrokve has quit IRC21:21
sigmavirus24jamielennox|away: https://review.openstack.org/#/c/117890/ is crucial to the bug that morganfainberg and dstanek were researching earlier21:23
dstaneksigmavirus24: you rock - thx!21:23
morganfainbergsigmavirus24, ++ agree w/ dstanek21:23
*** saipandi has joined #openstack-keystone21:23
sigmavirus24It was easy to miss21:24
*** andreaf has quit IRC21:31
*** andreaf has joined #openstack-keystone21:32
*** gordc has quit IRC21:32
dolphmdstanek: is this change correct? https://review.openstack.org/#/c/113183/26..27/keystone/common/sql/migrate_repo/versions/053_endpoint_to_region_association.py21:33
morganfainbergdolphm, did we want to revisit https://review.openstack.org/#/c/85210/ or should we just skip havana at this point (being that it's security maint only)21:38
morganfainbergi'm thinking we should just skip it.21:38
dolphmdstanek: morganfainberg: bknudson: can one of ya'll help stevemar get xmlsec1 installed in devstack for k2k?21:38
morganfainbergit also is changing the behavior.21:39
stevemardolphm, note that that's what we *think* the problem is21:39
bknudsondevstack is setting up a k2k configuratoin?21:39
dolphmstevemar: it's likely, unless it's already installed for some reason21:39
dolphmbknudson: oh not devstack. to run keystone unit tests21:39
dolphmfunctional test21:39
stevemarbknudson, we need it for tests21:39
dolphms21:39
morganfainbergah21:39
bknudsontempest?21:40
morganfainbergbknudson, pysaml lib i think21:40
bknudsonwhat is xmlsec1?21:40
morganfainbergLibrary providing support for "XML Signature" and "XML Encryption" standards21:40
stevemarbknudson, yeah what morganfainberg said... http://www.aleksey.com/xmlsec/21:41
bknudsonlooks like sudo apt-get install xmlsec121:41
bknudsonon my ubuntu 12.0421:41
stevemaryep21:41
dolphmmorganfainberg: abandoned that stable/havana backport21:43
morganfainbergk21:43
dolphmbknudson: or xmlsec1-dev ?21:43
dolphmactually i guess it needs the binary21:43
dolphmnvm21:43
stevemardolphm, bknudson i think I might have to skip that test in our test suite until it's installed21:43
dolphmstevemar: or check if it's installed first?21:44
*** zzzeek_ has joined #openstack-keystone21:44
*** marzif__ has joined #openstack-keystone21:45
stevemardolphm, should just be xmlsec121:50
dolphmstevemar: yeah, test.skipIf( < something about subprocess.call which xmlsec1 return code happiness > )21:51
*** boris-42_ has joined #openstack-keystone21:51
*** notmyname_ has joined #openstack-keystone21:51
openstackgerrithenry-nash proposed a change to openstack/keystone: Add index for actor_id in assignments table.  https://review.openstack.org/11754121:51
*** sigmavirus24 is now known as sigmavirus24_awa21:51
openstackgerrithenry-nash proposed a change to openstack/keystone: backend for policy endpoint extension  https://review.openstack.org/11536221:52
*** boris-42 has quit IRC21:52
*** zzzeek has quit IRC21:52
*** bknudson has quit IRC21:52
*** richm has quit IRC21:52
*** med_ has quit IRC21:52
*** marzif_ has quit IRC21:52
*** grantbow has quit IRC21:52
*** notmyname has quit IRC21:52
*** notmyname_ is now known as notmyname21:52
*** zzzeek_ is now known as zzzeek21:52
stevemardolphm, thats what i'm doing now21:54
openstackgerrithenry-nash proposed a change to openstack/keystone: controller for the endpoint policy extension  https://review.openstack.org/11574621:54
*** stevemar2 has joined #openstack-keystone22:01
*** stevemar has quit IRC22:01
*** bknudson has joined #openstack-keystone22:03
*** richm has joined #openstack-keystone22:03
stevemar2dolphm, alright, i got something cookin22:04
*** dolphm is now known as dolphm222:04
dolphm2stevemar2: k22:04
*** dolphm2 is now known as dolphm22:04
bknudsonwe're all 2 now22:04
stevemar2either my isp or wifi drops a lot22:04
stevemar2probably wifi22:04
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054222:05
*** stevemar2 is now known as bknudson322:06
bknudson3bknudson, 3>222:08
henrynashdolphm, dstanek, morganfainberq: another relatively small one (https://review.openstack.org/#/c/117541/), more stats on performance issue in the big report22:09
henrynash(or bug report, even)22:09
*** med_ has joined #openstack-keystone22:11
bknudson3lbragstad, ping22:11
*** bknudson3 is now known as bknudsondplgner22:12
bknudsonI think the doppleganger problem only exists when your names are close and noone can tell you apart22:12
*** med_ has quit IRC22:12
bknudsonlike stevemar and stevelle22:12
bknudsonand HenryG and henrynash22:13
morganfainberghenrynash, i am leery of the index=True kwarg22:14
*** grantbow has joined #openstack-keystone22:14
morganfainberghenrynash, it got us into a bind in a migraiton in the past (not that you're using it as such now)22:14
morganfainberghenrynash, but even in the model it might make sense to explicitly declare the index expected22:15
*** morganfainberg is now known as dolphm322:15
dolphm3>.>22:15
dolphm3<.<22:15
*** dolphm3 is now known as morganfainberg22:15
henrynashmorgainfainberg: so origionally decalred it explicitely…it was dolphm who suggested to do it index=True :-)22:16
morganfainbergah22:16
morganfainbergyeah that is what caused us to need to rebuild the whole region table that one migration22:16
bknudsonis the index in the model going to make any difference?22:17
morganfainbergbknudson, it does if someone uses reflection to build the schema (our testing)22:17
*** topol has quit IRC22:17
morganfainberghenrynash, still +2 on that22:17
henrynashmorganfainberg: here’s how I used to do it: https://review.openstack.org/#/c/117541/3/keystone/assignment/backends/sql.py22:18
morganfainbergright22:19
morganfainberghenrynash, def not giving a -1 on using index=true22:19
morganfainberghenrynash, just saying i'm always leery of it22:19
*** bknudson has quit IRC22:21
*** marcoemorais has quit IRC22:32
*** marcoemorais has joined #openstack-keystone22:32
*** joesavak has quit IRC22:33
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Create SAML generation route and controller  https://review.openstack.org/11413822:40
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054222:43
openstackgerritDolph Mathews proposed a change to openstack/keystone: Implement validation on the Catalog V3 API  https://review.openstack.org/9626622:43
openstackgerritDolph Mathews proposed a change to openstack/keystone: Implement validation on Policy V3 API  https://review.openstack.org/10406522:43
openstackgerritDolph Mathews proposed a change to openstack/keystone: Implement validation on Credential V3  https://review.openstack.org/9852222:43
dolphmdstanek: addressed the 255 char limit of policy types in https://review.openstack.org/#/c/104065/22:44
dolphmmorganfainberg: henrynash: oh what was the bind?22:47
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054222:48
bknudsondplgnerdolphm, lbragstad thanks for reviewing ^22:48
lbragstadbknudsondplgner: yo22:51
lbragstadI had to scroll a while to figure out who you were ;)22:51
openstackgerritSarvesh Ranjan proposed a change to openstack/keystone: Fixed spelling error from sane to same  https://review.openstack.org/11790222:52
bknudsondplgnerhehe22:52
lbragstadbknudsondplgner: I have a question for you on the federation stuff22:52
*** bknudsondplgner is now known as ramevets22:52
ramevetslbragstad, certainly22:52
openstackgerritDolph Mathews proposed a change to openstack/keystone: Implement validation on the Catalog V3 API  https://review.openstack.org/9626622:52
openstackgerritDolph Mathews proposed a change to openstack/keystone: Implement validation on Credential V3  https://review.openstack.org/9852222:52
lbragstadramevets: ok, so you are leveraging the validator in the federation plugin (++, awesome)22:53
lbragstadwondering if if would make sense to structure the tests that test the validator specifically in /keystone/tests/test_validator.py as a new test class22:53
ramevetslemme take a look22:54
*** dolphm is now known as pong22:55
ramevetslbragstad, i dunno, they seem kinda genericy22:55
ramevetsgeneric-y22:55
*** pong is now known as Guest2467022:55
ramevetsGuest24670, the only gues to have mod priv22:56
ramevetsguest*22:56
lbragstadso, test_validator.py would house a new test class FederationTestCase22:56
lbragstadhttps://github.com/openstack/keystone/blob/master/keystone/tests/test_validation.py#L3722:56
lbragstadramevets: I think dstanek has some ideas for breaking that out too?22:57
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Create SAML generation route and controller  https://review.openstack.org/11413822:57
ramevetslbragstad, the only argument against it is that I already have some methods (used in test_v3_federation) that create the body22:58
ramevetslbragstad, tbh, i don't care where the tests exist, but i could certainly add things in a follow up patch or something if you want more coverage22:59
ramevetslbragstad, Guest24670 i'm out for a few hours23:04
Guest24670ramevets: noooooo23:04
*** notmyname has quit IRC23:04
lbragstadramevets: sure thing, I would be fine with an additional patch in the future23:05
*** notmyname has joined #openstack-keystone23:05
lbragstadramevets: the functionality it tested, so at some point in the future we could test just the validators for the federation controller23:05
openstackgerritSarvesh Ranjan proposed a change to openstack/keystone: In https://github.com/openstack/keystone/blob/master/keystone/common/base64utils.py Typos: Line No : 143 "enconding" in place of "encoding" Line No : 296 and 300 "multple" in place of "multiple" Line No :313, 350 and 372 "whitepace" in place of "whitespac  https://review.openstack.org/11790623:07
*** ramevets has quit IRC23:08
Guest24670+2's on https://review.openstack.org/#/c/104065/ https://review.openstack.org/#/c/98522/ and https://review.openstack.org/#/c/96266/23:09
Guest24670if anyone wants to review them :) ^23:09
*** amerine_ has quit IRC23:15
openstackgerritRishabh proposed a change to openstack/keystone: Spelling errors fixed in the comments  https://review.openstack.org/11791123:21
*** jasondotstar has quit IRC23:21
*** jasondotstar has joined #openstack-keystone23:27
*** xianghui has quit IRC23:29
*** jamielennox|home has joined #openstack-keystone23:39
*** amerine has joined #openstack-keystone23:41
morganfainbergGuest24670 really guest eh?23:43
*** jamielennox|home has quit IRC23:43
*** morganfainberg is now known as SkepticalCore23:44
*** amerine has quit IRC23:46
Guest24670SkepticalCore: for sure23:46
Guest24670to whom it may concern some one please help me install the openstack i downloaded the ubuntu thank you23:47
*** david-lyle has quit IRC23:47
SkepticalCoreGuest24670, why cannot i obtain to connect? My internet is the cable and the error reads error23:48
Guest24670SkepticalCore: try plugging in the and spin in circle23:48
*** jamielennox has joined #openstack-keystone23:48
SkepticalCoreGuest24670, instructions unclear ... i'll just stop that meme before it goes too far...23:49
*** andreaf has quit IRC23:51
SkepticalCoreGuest24670, +2 on the first two in that series, no +A (pending jenkins vote, feel free and jump the +A if you want)23:52
SkepticalCoreGuest24670, still looking at the third one (it's a bit more complex)23:52
Guest24670SkepticalCore: YAY lbragstad23:52
SkepticalCoreomg, my open list of reviews is so much shorter now23:53
SkepticalCore(ones i initiated)23:53
SkepticalCoreit's... like i should be reviewing other code instead of rebasing my changes now! :P23:53
Guest24670SkepticalCore: we're definitely not sitting at a bar approving code reviews just sayin'23:53
SkepticalCoreGuest24670, damn, good point, maybe we need a meetup at a bar to approve code!23:54
SkepticalCorequick everyone descend on.. hmm.. it's a bit toasty in SAT now, maybe uhm.. where is the temperature nice? PDX? SEA?23:54
Guest24670SkepticalCore: both sound nice23:54
SkepticalCorePDX, close to deschuttes then :P23:55
openstackgerritDolph Mathews proposed a change to openstack/keystone: Transform a Keystone token to a SAML assertion  https://review.openstack.org/11054223:55
SkepticalCorethis validation code is so much easier to read than the old versions23:55
SkepticalCoreit's like i know what to expect the request to look like... or something23:56
Guest24670SkepticalCore: question!23:57
SkepticalCoreGuest24670, Dodgy Answer!23:57
Guest24670SkepticalCore: the bottom of this file https://review.openstack.org/#/c/110542/45/keystone/contrib/federation/idp.py23:57
SkepticalCoreyes23:57
Guest24670SkepticalCore: see the subprocess call?23:57
SkepticalCoresure do23:57
Guest24670SkepticalCore: we need to .wait() to avoid a race, right?23:57
SkepticalCoreuhm.23:57
SkepticalCoreoh.. actually we should use lockutils for this.23:58
SkepticalCoreprobably23:58
Guest24670SkepticalCore: ?23:58
Guest24670SkepticalCore: it's to a random tempfile23:58
SkepticalCoreoh wait random temp23:58
Guest24670SkepticalCore: what will lockutils provide23:58
SkepticalCorethen what is the race concern?23:58
*** arborism is now known as amcrn23:58
Guest24670SkepticalCore: trying to read the tempfile before the subprocess has written one?23:58
SkepticalCoreline 410 writes the file23:59
SkepticalCoreand closes it23:59
Guest24670SkepticalCore: oh. i mean reading the stdout before there is anything useful to read23:59
SkepticalCoreso no wait needed. it isn't a .flush() or buffer, you're already closed context on the file descriptor by using the write_to_tempfile23:59
SkepticalCoreooooooh23:59
SkepticalCoreOH23:59
Guest24670SkepticalCore: me facepalm23:59
Guest24670slash23:59
Guest24670insert23:59
« Thursday, 2014-08-28 Index Saturday, 2014-08-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!