Wednesday, 2015-02-11

ayoung	jamielennox, query as in locally or remotely will do something? Will it return different endpoints from the same fetched service catalog depending?	00:00
ayoung	jamielennox, like, this test right here: http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/tests/v3/test_service_catalog.py#n75	00:01
jamielennox	ayoung: the fetched catalog should always be the same (ignoring endpoint filtering)	00:01
jamielennox	ayoung: when you ask the catalog for a url you have to ask what region you want it in	00:01
ayoung	It uses the region name out of the token body, and returns differnt endpoints depending on which match	00:01
ayoung	that test sets the region in response the middle of the test and does not do a fetch from the server	00:02
*** nellysmitt has joined #openstack-keystone		00:04
jamielennox	so there is no region name in the token body returned from the server	00:06
*** dims__ has joined #openstack-keystone		00:07
jamielennox	there was some dumb hack that was made a long time ago that i think was so that you could set the region on the catalog and then just ask for the service_type	00:07
jamielennox	it meant that it didn't break what AccessInfo was doing	00:07
jamielennox	i think where it's still used i've commented that it's a bit dumb	00:08
*** nellysmitt has quit IRC		00:08
*** samueldmq_ is now known as samueldmq		00:09
*** markvoelker has quit IRC		00:17
*** tqtran is now known as tqtran_afk		00:29
*** dims__ has quit IRC		00:31
*** atiwari has joined #openstack-keystone		00:32
*** atiwari has quit IRC		00:47
*** r-daneel has quit IRC		00:49
*** gyee has joined #openstack-keystone		00:51
*** ChanServ sets mode: +v gyee		00:51
*** markvoelker has joined #openstack-keystone		00:52
*** dims__ has joined #openstack-keystone		00:53
*** dims_ has joined #openstack-keystone		00:54
*** markvoelker has quit IRC		00:56
*** markvoelker_ has joined #openstack-keystone		00:56
*** dims__ has quit IRC		00:58
*** carlosmarin has quit IRC		01:01
*** atiwari has joined #openstack-keystone		01:02
stevemar	lhcheng, there was a reason for that	01:03
stevemar	lhcheng, https://github.com/openstack/keystone/commit/474271683f5e44c6253b75102026cc8578c10d06	01:04
lhcheng	stevemar: yeah, I saw that. :)	01:05
lhcheng	I am thinking of removing: https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L133-L135	01:05
lhcheng	if any LDAP attribute has a value of "TRUE" or "FALSE" it is automatically converted to boolean	01:05
*** atiwari has quit IRC		01:06
lhcheng	stevemar: henry reported a bug around that: https://bugs.launchpad.net/keystone/+bug/1411478	01:06
openstack	Launchpad bug 1411478 in Keystone "Any attribute that is equal to 'TRUE' or 'FALSE' is treated as boolean by LDAP drivers" [High,New] - Assigned to Lin Hua Cheng (lin-hua-cheng)	01:06
ayoung	lhcheng, only if someone reports a bug	01:06
lhcheng	ayoung: yes :D	01:06
ayoung	did you actually see that as a propblem in production?	01:06
ayoung	Ah,, Henrynash	01:07
lhcheng	ayoung, no not yet	01:07
ayoung	so, yeah, that is wrong. Mr. True is going to be messed up by that one	01:07
lhcheng	ayoung: Heh okay, I'll remove that and add some test around it.	01:08
stevemar	lhcheng, yeah i think that makes sense	01:08
ayoung	I suspect that is in there for enabled. You might want to special case that one	01:08
stevemar	if it's 'enabled' then let the enabled2py handle, everything else ldap2py (without boolean handling)	01:09
lhcheng	ayoung: stevemar took care of that :)	01:09
stevemar	ayoung, 'enabled' is already handled separately	01:09
stevemar	before that, we were trying to decode all attributes as once, trying to convert to boolean, then int, then str... which caused problem for user ids that began with 0, since it would chop off the 0	01:10
stevemar	when boolean and int handling is really only needed for 'enabled' attributes	01:11
*** atiwari has joined #openstack-keystone		01:17
openstackgerrit	wanghong proposed openstack/keystone: add missing links for v3 OS-EC2 API response https://review.openstack.org/151592	01:21
lhcheng	stevemar: I'll submit a patch, let's how see what other folks think.	01:21
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Add deprecation message to Audit API https://review.openstack.org/154721	01:24
stevemar	lhcheng, sounds good	01:24
*** david-lyle has quit IRC		01:26
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Don't try to convert LDAP attributes to boolean https://review.openstack.org/154722	01:28
*** atiwari has quit IRC		01:33
*** rwsu is now known as rwsu-afk		01:39
*** abhirc has quit IRC		01:42
lhcheng	stevemar: thanks for the quick review!	01:50
stevemar	lhcheng, np at all	01:51
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Don't try to convert LDAP attributes to boolean https://review.openstack.org/154722	01:51
openstackgerrit	wanghong proposed openstack/keystone: add timestamp to project and role https://review.openstack.org/154370	01:52
*** lnxnut_ has quit IRC		01:52
*** lnxnut has joined #openstack-keystone		01:53
samueldmq	lbragstad, you around ?	01:53
*** erkules_ has joined #openstack-keystone		02:02
*** nellysmitt has joined #openstack-keystone		02:05
*** erkules has quit IRC		02:05
*** abhirc has joined #openstack-keystone		02:07
*** david-lyle has joined #openstack-keystone		02:08
*** nellysmitt has quit IRC		02:10
*** amerine has quit IRC		02:13
*** richm has quit IRC		02:16
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Don't try to convert LDAP attributes to boolean https://review.openstack.org/154722	02:22
*** gyee has quit IRC		02:31
openstackgerrit	Ian Wienand proposed openstack/oslo.policy: Turn off missing-directory log output for default case https://review.openstack.org/154742	02:40
*** ayoung has quit IRC		02:41
*** rdo has quit IRC		02:45
*** david-lyle has quit IRC		02:46
*** harlowja is now known as harlowja_away		02:46
*** lhcheng has quit IRC		02:49
*** thedodd has joined #openstack-keystone		02:49
*** david-lyle has joined #openstack-keystone		02:50
*** rdo has joined #openstack-keystone		02:52
*** ayoung has joined #openstack-keystone		02:53
*** ChanServ sets mode: +v ayoung		02:53
*** diegows has quit IRC		02:54
*** tqtran_afk has quit IRC		02:54
*** erkules has joined #openstack-keystone		03:00
*** junhongl has quit IRC		03:02
*** erkules_ has quit IRC		03:02
*** junhongl has joined #openstack-keystone		03:09
*** ljfisher has quit IRC		03:12
*** ljfisher has joined #openstack-keystone		03:12
*** ljfisher has quit IRC		03:13
*** junhongl has quit IRC		03:22
*** krtaylor has quit IRC		03:24
*** junhongl has joined #openstack-keystone		03:27
*** david-lyle has quit IRC		03:31
*** abhirc has quit IRC		03:32
ayoung	jamielennox, in the kc/access.py we set and read the region value from body['token']['region_name'] is that part of the token spec? I don't see it?	03:32
jamielennox	no it's not	03:33
jamielennox	ayoung: somewhere it can get set on the accessinfo object	03:34
jamielennox	which would get inherited to the service catalog	03:34
ayoung	jamielennox, so if I get a token from the server, the only place I would expect to see the region is in the endpoint entry itself, right?	03:34
jamielennox	and that meant you didn't need to add a region parameter to the management_url property	03:34
jamielennox	was the best i could ever figure out what the point was	03:35
jamielennox	which is a huge part of the reason i tried to deprecate a bunch of that stuff	03:35
ayoung	jamielennox, I can see you pain shining through this code	03:35
ayoung	your pain	03:35
ayoung	it really should be part of the token request.	03:36
jamielennox	ayoung: so long as you know i didn't write it	03:36
ayoung	Or, better yes, associated with the project, I would think	03:36
ayoung	better yet	03:36
jamielennox	ayoung: i've thought that as well - with hierarchical regions we should be able to have region as part of the auth	03:36
*** krtaylor has joined #openstack-keystone		03:36
ayoung	of course, the way people use projects, a single project could be talking to endpoints in two regions, so we can't force it	03:37
jamielennox	yep	03:37
jamielennox	but it works as an additional	03:37
jamielennox	there just isn't good enough support for hierarchical regoins	03:37
ayoung	so to keep this test working...	03:37
ayoung	http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/tests/v3/test_service_catalog.py#n75	03:38
jamielennox	haha	03:38
ayoung	I need to deal with ['token']['region_name'] being optionally in the body...	03:38
ayoung	OK, so long as I know why...I can make that work	03:38
jamielennox	right - the wonder or the AccessInfo objects, they didn't just put new properties on the dicts they made those properties part of the items	03:39
ayoung	I'm cartrying that stuff forward, but isolating it into its own class	03:39
jamielennox	ayoung: this is kind of why i'm not sure it's worth the effort, is the new way turning out any cleaner?	03:39
*** rushiagr_away is now known as rushiagr		03:39
ayoung	I'm down to 35 failing tests....this should knock out another 3 or 4	03:39
jamielennox	extract a clean subclass and put all the crap on top?	03:39
ayoung	this is a good exercise for me regardless, as I've not had to deal with it	03:39
jamielennox	that was always my thought - except i didn't want to subclass dict at all at the bottom	03:40
ayoung	let me get the tests running and I'll post, and expect a thorough drubbing from you at that point	03:40
jamielennox	it's also how i was thinking about getting rid of some old code from auth_token middleware	03:40
*** BrAsS_mOnKeY has quit IRC		03:42
*** marg7175 has joined #openstack-keystone		03:44
*** marg7175 has quit IRC		03:47
*** marg7175 has joined #openstack-keystone		03:47
ayoung	failures=33	03:50
*** abhirc has joined #openstack-keystone		03:51
*** g2` has joined #openstack-keystone		03:55
*** samueldmq has quit IRC		04:00
*** dims_ has quit IRC		04:01
*** rushiagr is now known as rushiagr_away		04:04
openstackgerrit	wanghong proposed openstack/keystone: add timestamp to project and role https://review.openstack.org/154370	04:04
*** g2` has quit IRC		04:04
*** nellysmitt has joined #openstack-keystone		04:06
ayoung	failures=30	04:09
*** david-lyle has joined #openstack-keystone		04:09
*** nellysmitt has quit IRC		04:10
openstackgerrit	Steve Martinelli proposed openstack/oslo.policy: Use standard logging in oslo.policy https://review.openstack.org/154635	04:11
*** g2` has joined #openstack-keystone		04:12
*** abhirc has quit IRC		04:14
*** abhirc has joined #openstack-keystone		04:19
*** Novtopro has joined #openstack-keystone		04:20
*** Novtopro has quit IRC		04:21
*** g2` has quit IRC		04:22
*** Novtopro has joined #openstack-keystone		04:22
*** spandhe has quit IRC		04:22
*** Novtopro has quit IRC		04:22
*** g2` has joined #openstack-keystone		04:28
*** spandhe has joined #openstack-keystone		04:31
*** lnxnut has quit IRC		04:33
openstackgerrit	Steve Martinelli proposed openstack/oslo.policy: document the migration process and update the docs a bit https://review.openstack.org/154752	04:50
*** rushiagr_away is now known as rushiagr		04:52
*** avozza is now known as zz_avozza		04:55
*** zz_avozza is now known as avozza		04:56
*** zzzeek has quit IRC		04:59
*** dims__ has joined #openstack-keystone		05:02
*** dims__ has quit IRC		05:07
*** g2` has quit IRC		05:24
*** krtaylor has quit IRC		05:24
*** marg7175 has quit IRC		05:29
*** g2` has joined #openstack-keystone		05:30
*** krtaylor has joined #openstack-keystone		05:38
*** 21WABATV9 has joined #openstack-keystone		05:55
*** MasterPiece has joined #openstack-keystone		06:05
*** nellysmitt has joined #openstack-keystone		06:07
*** jay-lau-513 has joined #openstack-keystone		06:09
jay-lau-513	Does anyone can give some tips for how to restart keystone via devstack	06:09
jay-lau-513	I noticed that keystone was started by sudo tail -f /var/log/apache2/keystone.log & echo $! >/opt/stack/status/stack/key.pid; fg \|\| echo "key failed to	06:10
jay-lau-513	and even if I stop the screen for keystone, and restart, the process if of keystone still does not change	06:10
morganfainberg	You need to restart Apache.	06:11
morganfainberg	That screen is just tailing the Apache generated log.	06:11
*** nellysmitt has quit IRC		06:11
morganfainberg	Keystone is run under mod_wsgi in Apache.	06:11
jay-lau-513	so I need to "service Apache restart"?	06:12
jay-lau-513	I was using ubuntu	06:12
morganfainberg	I think that's it. Might be apache2	06:13
morganfainberg	I honestly use tab complete ;).	06:13
jay-lau-513	may I know why we are using this way to run keystone?	06:13
jay-lau-513	unlike nova, cinder etc?	06:14
morganfainberg	We rely on Apache to better manage integration with other systems. Example is federated identity relies on Apache modules to decode SAML via mod_shib	06:14
morganfainberg	Second the process management tends to be better with the blocking calls that keystone does rather than coroutines via eventlet.	06:15
*** MasterPiece\| has joined #openstack-keystone		06:16
*** MasterPiece has quit IRC		06:17
jay-lau-513	morganfainberg thanks for the help :)	06:17
morganfainberg	In short, it's a better model. Also https works better under Apache (as the ssl layer) than python's. ;)	06:17
morganfainberg	Sure thing!	06:17
jay-lau-513	I c, thanks	06:19
*** ajayaa has joined #openstack-keystone		06:19
*** spandhe has quit IRC		06:19
stevemar	morganfainberg, great recap of the reasons :)	06:20
morganfainberg	^_^	06:21
jay-lau-513	morganfainberg one more thing, so how can I debug keystone ?	06:22
jay-lau-513	with pdb?	06:22
jay-lau-513	I found that I cannot debug it in screen	06:22
stevemar	jay-lau-513, http://permalink.gmane.org/gmane.comp.cloud.openstack.devel/45923	06:23
ajayaa	Hi guys. While running keystone-all I am getting an import error. log is at http://paste.openstack.org/show/171189/	06:23
jay-lau-513	stevemar cool!	06:23
ajayaa	But I can import 'types' in a python interpreter.	06:23
ajayaa	I think it's weird. Please have a look.	06:23
morganfainberg	ajayaa: old venv?	06:24
stevemar	ajayaa, can you run $ python -c "from oslo_config import types"	06:24
morganfainberg	This looks like namespace oslo weirdness	06:24
ajayaa	stevemar, that works.	06:25
ajayaa	morganfainberg, I took latest keystone yesterday and struggling.	06:25
morganfainberg	ajayaa: are you using a venv to run keystone?	06:25
ajayaa	nope.	06:25
ajayaa	I think I should do that.	06:25
morganfainberg	Do you have the latest oslo.config installed?	06:26
stevemar	ajayaa, output of $ pip freeze \| grep oslo.config	06:26
stevemar	morganfainberg, yeah, i was going to suggest upgrading oslo.config	06:26
morganfainberg	stevemar: yeah this sounds related to the namespaces.	06:26
ajayaa	morganfainberg, Yes. 1.6.0	06:26
stevemar	blah	06:27
morganfainberg	Hmm.	06:27
ajayaa	here is a line from keystone requirements file. "oslo.messaging>=1.6.0"	06:27
stevemar	we're looking at config?	06:28
stevemar	not messaging right?	06:28
ajayaa	stevemar, nope.	06:28
morganfainberg	Right the error says oslo.config doesn't it?	06:28
*** spandhe has joined #openstack-keystone		06:28
ajayaa	morganfainberg, yes.	06:29
morganfainberg	Yeah your error says oslo_config (oslo.config) not oslo.messaging	06:29
ajayaa	oslo.config or oslo_config (whatever) seems to be the problem.	06:29
morganfainberg	Right so do you have the latest oslo.config ?	06:30
ajayaa	morganfainberg, yes.	06:30
ajayaa	I installed it from pypi.	06:31
stevemar	$ pip freeze \| grep oslo.config ->	06:31
stevemar	oslo.config==1.6.0	06:31
morganfainberg	Hm.	06:31
stevemar	if you're not running from a venv, and you have the latest installed, it should run	06:31
ajayaa	Shall I try running keystone-all in a venv?	06:31
ajayaa	Should*	06:32
stevemar	you are using the latest master branch code?	06:32
ajayaa	stevamar, yes.	06:32
ajayaa	stevemar*	06:32
morganfainberg	This is a wierd one. Like one of those errors that doesn't match.	06:32
stevemar	ajayaa, did you set this up using devstack?	06:33
ajayaa	stevemar, yes.	06:33
stevemar	was it running at all?	06:33
morganfainberg	but it's trying to import from oslo.config	06:33
morganfainberg	not oslo_config	06:33
morganfainberg	from oslo.config import types	06:34
ajayaa	It got stuck at the point where it waits for keystone service to start.	06:34
stevemar	morganfainberg, good point, that was changed a few days ago	06:34
ajayaa	because it does not start at all.	06:34
stevemar	ajayaa, can you paste your localrc file?	06:34
ajayaa	sure	06:34
morganfainberg	which is the master commit you're working from?	06:35
stevemar	i'd recommend setting RECLONE=True in that file, to make sure everything (oslo libs and keystone is at the latest)	06:35
ajayaa	stevemar, http://paste.openstack.org/show/171195/	06:35
stevemar	just make sure you backup any uncommitted code, it'll get nuked	06:35
morganfainberg	ajayaa, this commit is the one you need to verify you have: https://github.com/openstack/keystone/commit/fe50dbe9e94ed160b5821e6df355bb897362810d	06:36
ajayaa	I have RECLONE=yes in my localrc	06:36
morganfainberg	oh	06:36
stevemar	right, it should be yes	06:36
morganfainberg	i know what it is	06:36
morganfainberg	his bin is out of date	06:36
morganfainberg	keystone-all itself is out of date	06:36
stevemar	oh	06:36
stevemar	use sudo service apache2 restart,	06:36
stevemar	not keystone-all	06:36
morganfainberg	he's useing keystone-all	06:36
ajayaa	morganfainberg, I have that commit.	06:37
stevemar	ah did brant miss an oslo.config?	06:37
morganfainberg	but his bin is out of date. likely a re-run of setup will solve it	06:37
morganfainberg	checking but unlikely	06:37
ajayaa	morganfainberg, I ran "sudo python setup.py install" just now.	06:37
ajayaa	still the same problem while running keystone-all	06:38
morganfainberg	hm. maybe not.	06:38
ajayaa	If the gate is not broken it is some issue with my env, I guess.	06:39
morganfainberg	File "/usr/local/lib/python2.7/dist-packages/oslo_config/cfg.py", line 334, in <module	06:39
morganfainberg	this looks wrong.	06:39
morganfainberg	sorry	06:39
morganfainberg	File "/usr/local/lib/python2.7/dist-packages/oslo_config/cfg.py", line 334, in <module>	06:39
morganfainberg	from oslo.config import types	06:39
ajayaa	Why does that look wrong? If I open cfg.py file I can see comments of almost 300 lines.	06:41
morganfainberg	hm	06:41
morganfainberg	https://github.com/openstack/oslo.config/blob/master/oslo_config/cfg.py#L333-L334	06:41
morganfainberg	was this an old devstack?	06:41
ajayaa	yeah. Pypi and git are on the same line.	06:41
ajayaa	morganfainberg, Yes.	06:41
morganfainberg	that you just updated	06:41
ajayaa	morganfainberg, yes	06:41
morganfainberg	ok this is i think an issue with namespaced packages	06:42
morganfainberg	i'll bet you have mis-matched packages	06:42
ajayaa	example?	06:42
morganfainberg	one package owns oslo namespace and one is installing oslo.config directly as a symlink	06:42
morganfainberg	basically oslo/config is out of sync with the package that should own it	06:42
morganfainberg	it's the whole issue that led to dropping the name-space packages	06:42
morganfainberg	i recommend removing and reinstalling all of the oslo packages	06:43
morganfainberg	it's sucky :(	06:43
ajayaa	morganfainberg, I will do that. Thanks.	06:43
ajayaa	:)	06:44
morganfainberg	but pip does bad things with namespaced packages... i'll be one of them is installed in develop mode	06:44
morganfainberg	and the others aren't	06:44
ajayaa	What is a develop mode?	06:44
morganfainberg	where a symlink is used	06:44
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.policy and delete the sync'ed version https://review.openstack.org/148624	06:44
morganfainberg	e.g. how devstack installs the servers	06:44
morganfainberg	it means if you change something in /opt/stack/<keystone> [for example] you can just restart keystone not needing to re-run setup.py	06:45
ajayaa	ohk..got it.	06:45
ajayaa	I have the actual code in stack/ and there is symlink from dist-packages.	06:45
morganfainberg	right	06:45
morganfainberg	now, if the namespace is owned in develop mode for one of the olso.<things> and the package installs olso.config	06:46
morganfainberg	you get one and not the other, and one could be out of date	06:46
morganfainberg	it's been ugly to fix it all	06:46
morganfainberg	this is a fairly common type of issue (some stuff gets out of date in wierd ways) when upgrading a devstack.	06:47
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo_log instead of incubator https://review.openstack.org/152699	06:48
ajayaa	morganfainberg, I have removed everything starting with oslo. Now If I run setup.py it should install everything correctly, I guess.	06:48
morganfainberg	i'd use pip	06:48
morganfainberg	but setup should work	06:49
ajayaa	cool	06:49
morganfainberg	pip install -e <path to keystone>	06:49
morganfainberg	or pip install <path to keystone>	06:49
morganfainberg	the -e is "develop mode"	06:49
morganfainberg	pip does better dep resolving somehow	06:49
ajayaa	Just did that.	06:49
ajayaa	same issue.	06:52
ajayaa	not solved yet.	06:53
*** topol has joined #openstack-keystone		07:01
*** ChanServ sets mode: +v topol		07:01
*** afazekas has joined #openstack-keystone		07:03
*** spandhe has quit IRC		07:05
ajayaa	stevemar, I am still stuck with weird thing.	07:10
ajayaa	Trying all kind of crazy things.	07:11
stevemar	ajayaa, theres definitely a library mismatch going on :(	07:12
stevemar	uninstall all the things!	07:13
ajayaa	I have uninstalled everything oslo related packages	07:13
ajayaa	Is it a good idea to remove everything in dist-packages?	07:13
*** mzbik has joined #openstack-keystone		07:21
stevemar	ajayaa, i wouldn't go that far	07:23
stevemar	uninstalling the oslo related ones is good	07:23
*** markvoelker_ has quit IRC		07:28
*** marg7175 has joined #openstack-keystone		07:29
*** marg7175 has quit IRC		07:34
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo_log instead of incubator https://review.openstack.org/152699	07:36
*** jay-lau-513 has quit IRC		07:36
stevemar	cmonnn patch, i'm rooting for you	07:37
*** jay-lau-513 has joined #openstack-keystone		07:37
*** thedodd has quit IRC		07:40
*** DaveChen has quit IRC		07:42
*** avozza is now known as zz_avozza		07:44
*** topol has quit IRC		07:52
openstackgerrit	wanghong proposed openstack/keystone: add timestamp to project and role https://review.openstack.org/154370	07:58
*** chlong has quit IRC		08:00
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Move tests to the unit subdirectory https://review.openstack.org/154779	08:04
openstackgerrit	Steve Martinelli proposed openstack/keystone: Sync with oslo-incubator https://review.openstack.org/154780	08:06
*** nellysmitt has joined #openstack-keystone		08:07
*** 21WABATV9 has quit IRC		08:10
*** nellysmitt has quit IRC		08:12
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	08:14
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubator version of log and local https://review.openstack.org/154783	08:15
*** zz_avozza is now known as avozza		08:16
*** pnavarro has joined #openstack-keystone		08:37
*** jistr has joined #openstack-keystone		08:58
*** guimaluf has quit IRC		09:00
*** ajayaa has quit IRC		09:01
*** mflobo has left #openstack-keystone		09:04
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	09:07
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubator version of log and local https://review.openstack.org/154783	09:08
openstackgerrit	wanghong proposed openstack/keystone: add timestamp to project and role https://review.openstack.org/154370	09:08
*** mflobo has joined #openstack-keystone		09:10
*** henrynash has joined #openstack-keystone		09:10
*** ChanServ sets mode: +v henrynash		09:10
*** nellysmitt has joined #openstack-keystone		09:10
*** guimaluf has joined #openstack-keystone		09:12
*** ncoghlan has quit IRC		09:12
*** ajayaa has joined #openstack-keystone		09:16
*** lsmola has joined #openstack-keystone		09:21
jay-lau-513	does anyone know why keystone notification is setting context={}?	09:29
jay-lau-513	Just filed a bug for this: https://bugs.launchpad.net/keystone/+bug/1420688	09:29
openstack	Launchpad bug 1420688 in Keystone "keystone notification context is empty" [Undecided,New]	09:29
*** marg7175 has joined #openstack-keystone		09:30
*** karimb has joined #openstack-keystone		09:31
stevemar	jay-lau-513, those notifications are really for internal events, they shouldn't be used for auditing	09:31
jay-lau-513	stevemar i want to get those notification from nova	09:32
ajayaa	stevemar, found the issue. There was a oslo directory in /usr/lib/python2.7/dist-packages which was some old oslo.config	09:32
ajayaa	And now new stuff was going to /usr/local/lib	09:32
jay-lau-513	stevemar as there is no project_id and user_id, so the deserialize will be failed	09:32
jay-lau-513	failed in nova site	09:32
ajayaa	And I think the path /usr/lib comes before /usr/local/lib	09:33
ajayaa	When python looks for packages.	09:33
stevemar	ajayaa, glad it's all figured out :)	09:33
ajayaa	stevemar, not without frustration. :)	09:33
jay-lau-513	stevemar if we do not add project_id and user_id to context, then other componments cannot consume notification from keystone	09:35
stevemar	jay-lau-513, we are working on adding CADF notifications.... which should have at least user_id	09:35
*** marg7175 has quit IRC		09:35
stevemar	jay-lau-513, looks like i know what i'm working on tomorrow	09:35
jay-lau-513	stevemar What i cared is only for tenant and user operations, such as create tenant, delete tenant etc, but seems all of those operations are usingn ManagerNotificationWrapper	09:36
jay-lau-513	stevemar but not cadf notifications	09:36
jay-lau-513	stevemar https://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L83	09:38
openstackgerrit	Steve Martinelli proposed openstack/keystone: Sync with oslo-incubator https://review.openstack.org/154780	09:38
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	09:39
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	09:39
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubator version of log and local https://review.openstack.org/154783	09:39
stevemar	jay-lau-513, i'm off the the day	09:39
jay-lau-513	stevemar ok, thx, we can discuss tomorrow	09:40
stevemar	jay-lau-513, but i doubt we will be updating the 'basic' notifications that are currently used	09:40
jay-lau-513	I have filed a but	09:40
stevemar	we are aiming to be CADF compliant	09:40
jay-lau-513	stevemar so you mean we can add two decorators for create_project?	09:41
stevemar	jay-lau-513, nah, we will probably have a switch in the config file, for which type of notification you want emitted	09:41
jay-lau-513	cool, that's what I want ;-)	09:42
*** stevemar has quit IRC		09:47
ccard	david-lyle: did you find the bug id? I've tried looking for it, but I can't find anything likely (partly because I'm not quite sure what I'm looking for, or which part of openstack to look in)	09:52
openstackgerrit	henry-nash proposed openstack/keystone: Add support for data-driven backend assignment testing https://review.openstack.org/149178	09:53
*** aix has joined #openstack-keystone		10:31
openstackgerrit	David Charles Kennedy proposed openstack/keystone: Improves support for sample data script with ssl https://review.openstack.org/154074	10:34
*** MasterPiece\| has quit IRC		10:34
*** dims__ has joined #openstack-keystone		10:37
samueldmq-away	morning	11:01
*** samueldmq-away is now known as samueldmq		11:01
samueldmq	henrynash, hi - any suggestions on https://review.openstack.org/#/c/144702/17/keystone/common/controller.py ?	11:02
openstackgerrit	David Charles Kennedy proposed openstack/keystone: Improves support for sample data script with ssl https://review.openstack.org/154074	11:02
*** jay-lau-513 has quit IRC		11:07
henrynash	samueldmq: so my python’s not good enough to come up with the right answer for a generaic soltuion other than required named params (which I assum will work? kwargs always a starneg beast, imho)	11:07
*** jay-lau-513 has joined #openstack-keystone		11:08
henrynash	samueldmq: which is why I wrote the original calls without trying to be generic	11:09
henrynash	samueldmq: so we have to cahneg this….what’s teh rationale for moving away from the current solution?	11:10
henrynash	samueldmq: (so DO we have to change this...)	11:11
samueldmq	henrynash, well, it would save us some code, since all similar checks would repeat the logic	11:12
samueldmq	henrynash, I could assert kwargs has len > 1, but raise 500 internal error if not ?	11:13
samueldmq	henrynash, nahh, looks bad	11:13
henrynash	samueldmq: will named params work?	11:14
henrynash	samueldmq: (I know there’s an issue with that in that I don’t think we can enforce that someone is calling it in that way)	11:15
samueldmq	henrynash, if I keep the generic check, no.	11:15
samueldmq	henrynash, or we go for something generic or we go for one method for each check combination we need	11:16
henrynash	samuedmq: hmmm…in general, I’d take clarity over code saving in most cases (not everyone will agree with that view)….	11:17
openstackgerrit	henry-nash proposed openstack/keystone: Add support for effective & inherited mode in data driven tests https://review.openstack.org/151623	11:17
openstackgerrit	henry-nash proposed openstack/keystone: Add support for group membership to data driven assignment tests https://review.openstack.org/151962	11:17
openstackgerrit	henry-nash proposed openstack/keystone: Broaden domain-group testing of list_role_assignments https://review.openstack.org/154302	11:18
openstackgerrit	henry-nash proposed openstack/keystone: Test list_role_assignment in standard inheritance tests https://review.openstack.org/153897	11:18
openstackgerrit	henry-nash proposed openstack/keystone: Support project hierarchies in data driver tests https://review.openstack.org/154485	11:18
samueldmq	henrynash, ok, makes sense, I'll see how it would look like without something generic	11:19
samueldmq	henrynash, I'll take some time today to review your data driven tests	11:19
samueldmq	henrynash, you're reviewing my patches, but I'm not doing yours, sorry	11:19
*** f13o has quit IRC		11:19
henrynash	samueldmq: np….	11:20
*** henrynash has quit IRC		11:20
*** fmarco76 has joined #openstack-keystone		11:31
*** f13o has joined #openstack-keystone		11:43
*** boris-42 has quit IRC		11:52
*** boris-42 has joined #openstack-keystone		12:28
*** topol has joined #openstack-keystone		12:33
*** ChanServ sets mode: +v topol		12:33
*** davechen has joined #openstack-keystone		12:37
*** sluo_wfh has quit IRC		12:39
*** sluo_wfh has joined #openstack-keystone		12:39
*** jistr has quit IRC		12:43
*** jistr has joined #openstack-keystone		12:46
*** jistr has quit IRC		12:47
*** jistr has joined #openstack-keystone		12:48
*** markvoelker has joined #openstack-keystone		12:51
*** henrynash has joined #openstack-keystone		12:55
*** ChanServ sets mode: +v henrynash		12:55
*** rushiagr is now known as rushiagr_away		12:59
samueldmq	dstanek, you around ?	13:12
dstanek	samueldmq: yes	13:13
samueldmq	dstanek, nice :) I need an advice	13:13
samueldmq	dstanek, please look at gyee's comment on https://review.openstack.org/#/c/144702/17/keystone/common/controller.py	13:13
samueldmq	dstanek, and let me know what you think	13:13
dstanek	samueldmq: his first comment?	13:15
samueldmq	yes	13:15
samueldmq	dstanek, the problem is that we can't ensure kwargs lenght there ... bit it's an internal method and we should have tests for the caller	13:16
dstanek	samueldmq: the way i read that code is that you are checking all provided kwargs to find that only 1 has a value, but 1 must have a value - is that correct?	13:16
samueldmq	dstanek, yes	13:17
samueldmq	dstanek, but gyee's concern is about calling that method without any argument, then the message would be 'Specify one of '	13:17
samueldmq	dstanek, however the problem is not in the message, but in the way you're calling an internal method	13:18
dstanek	then the only problem is that you will not tell the user all possible keys for a given call because they may not be there	13:18
dstanek	for example, you build a dict and pass it in like _assert_single_arg(**some_dict)	13:19
*** dims__ has quit IRC		13:19
samueldmq	we will not tell to the developer ...	13:19
dstanek	samueldmq: if there any reason you are trying to make these generic instead of leaving the specific named methods?	13:20
samueldmq	dstanek, just saving code	13:20
*** dims__ has joined #openstack-keystone		13:20
samueldmq	dstanek, like that we don't need separate methods for (domain, project) (user, groups) and for validations on list role assignments filters (in next patch)	13:21
dstanek	i don't think this makes it more readable and it makes the error messages different	13:21
*** henrynash has quit IRC		13:22
samueldmq	dstanek, ok so : + saving code - readbility = not worth it	13:23
samueldmq	?	13:23
dstanek	yes, code is cheap, but our time is expensive - i can see this being one of those things that someone spends a few hours looking at only to have an 'ah ha' moment	13:24
samueldmq	dstanek, lesson learned	13:25
samueldmq	dstanek, thanks	13:25
samueldmq	dstanek, makes sense to me	13:25
dstanek	samueldmq: np	13:25
marekd	dstanek: so i guess this is one of success-factors of Python	13:26
dstanek	marekd: one of many :-)	13:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Refactor check of targets and actors on RoleV3 https://review.openstack.org/144702	13:38
samueldmq	dstanek, ^	13:38
dstanek	samueldmq: why move it up a level? is it used my multple controllers now?	13:48
*** bknudson has joined #openstack-keystone		13:49
*** ChanServ sets mode: +v bknudson		13:49
*** jaosorior has joined #openstack-keystone		13:50
samueldmq	dstanek, the next patch set will need _assert_domain_nand_project , that can be reused there	13:53
samueldmq	dstanek, see http://paste.openstack.org/show/171372/	13:53
samueldmq	dstanek, this is in the context of listing role assingments, where you can filter by domain or project or none of them, but not both	13:53
dstanek	samueldmq: i'm sure what yet, but something is wrong with out object structure in that it's forcing us to expose things like that	13:55
*** ajayaa has quit IRC		13:56
dstanek	samueldmq: i can see why you are trying to fix it	13:56
samueldmq	dstanek, now (without something generic) the only reason is: fix the message that says to not provide both even if none were provided	13:57
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	13:58
samueldmq	dstanek, and ..	13:58
samueldmq	dstanek, do code reuse here https://review.openstack.org/#/c/144703/20/keystone/common/controller.py	13:58
samueldmq	dstanek, if domain_id and project_id:	13:58
samueldmq	msg = _('Specify a domain or project, not both')	13:58
samueldmq	raise exception.ValidationError(msg)	13:58
samueldmq	dstanek, but we obviously can have it in the separate controllers	13:59
dstanek	samueldmq: what will reuse that code outside of the assignment controller?	13:59
samueldmq	dstanek, RoleAssignmentV3 controller will call _assert_domain_nand_project and _assert_user_nand_group	14:00
samueldmq	dstanek, and RoleV3 _require_domain_xor_project and _require_user_xor_group	14:01
samueldmq	dstanek, in which _assert* can be reused by _require*	14:01
dstanek	samueldmq: but that's in the assignment package right?	14:01
samueldmq	dstanek, yes	14:01
samueldmq	dstanek, but we have different controllers	14:02
dstanek	i don't think that those methods should go into the parent controller in common since no other package will (or should) use them	14:03
samueldmq	dstanek, got it.. so I can put them at assingment/controllers.py	14:03
samueldmq	dstanek, outside the scope of classes	14:03
samueldmq	dstanek, right?	14:03
dstanek	if those methods are all needed by multiple controllers either a new base should be created (probably not in this case) or they should be turned into validation functions	14:03
dstanek	samueldmq: that sums up my long winded response nicely, yes :-)	14:04
samueldmq	dstanek, yes, agreed !	14:04
samueldmq	dstanek, thanks	14:04
samueldmq	:)	14:04
*** ljfisher has joined #openstack-keystone		14:06
dstanek	samueldmq: my pleasure. thanks for fixing the funk!	14:06
*** lnxnut has joined #openstack-keystone		14:10
*** abhirc has quit IRC		14:14
*** lnxnut has quit IRC		14:14
*** mzbik has quit IRC		14:18
*** joesavak has joined #openstack-keystone		14:23
dstanek	bknudson: you there?	14:24
bknudson	dstanek: y	14:24
bknudson	dstanek: where?	14:24
dstanek	anywhere!	14:25
*** radez is now known as radez_g0n3		14:25
dstanek	looking at https://review.openstack.org/#/c/143188/2 again. won't they take warnings from stderr and add them to logging?	14:25
bknudson	dstanek: yes, exactly	14:26
bknudson	when running a daemon there's no place for stderr.	14:26
dstanek	so it would generate extra logging, but at the warning level. would that impact deployers?	14:26
bknudson	I hope it will convince them to not use deprecated functions.	14:27
bknudson	and report bugs if keystone is using deprecated functions	14:27
openstackgerrit	Boris Bobrov proposed openstack/keystone: oslo_log https://review.openstack.org/154888	14:28
*** ctina has joined #openstack-keystone		14:30
*** zzzeek has joined #openstack-keystone		14:34
*** gordc has joined #openstack-keystone		14:36
*** r-daneel has joined #openstack-keystone		14:48
*** unixlike has joined #openstack-keystone		14:53
unixlike	Hi there !	14:54
unixlike	Does someone see something like that "AttributeError: 'Token' object has no attribute 'get_events' " in /var/log/keystone/keystone.log	14:55
unixlike	I have this message after running keystone token-get	14:55
unixlike	i unset OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT in my bash environment before running this command	14:56
unixlike	Also please exсuse me for my speaking	14:57
ayoung	unixlike, weeeird	14:57
ayoung	any more context around that error unixlike ?	14:57
unixlike	nope	14:59
unixlike	i was try to find answer in google but it was not any positive result	15:00
unixlike	sorry i made an mistake	15:02
unixlike	i see that error after running keystone tenant-list	15:03
*** richm has joined #openstack-keystone		15:04
unixlike	keystone --os-username ... token-get is exiting without errors and shows me new token	15:05
dstanek	unixlike: is it possible that you have a token driver configured for the revocation backend?	15:06
lbragstad	samueldmq: o/	15:12
*** mflobo has quit IRC		15:12
*** ajayaa has joined #openstack-keystone		15:13
*** mflobo has joined #openstack-keystone		15:13
unixlike	a have following driver in keystone.conf under section [token]	15:14
unixlike	driver = keystone.token.persistence.backends.sql.Token	15:14
dstanek	unixlike: what do you have under 'revoke'?	15:15
unixlike	driver = keystone.token.persistence.backends.sql.Token	15:15
unixlike	this in section [revoke]	15:15
dstanek	that won't work. you need to use a revoke backend. it's like putting a round peg in a square hole.	15:16
*** amakarov_away is now known as amakarov		15:17
unixlike	Big thanks !, will try to use your solution	15:17
dstanek	unixlike: here is the default - http://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone.conf.sample#n1308	15:17
amakarov	lbragstad, hi! Can you please look at https://review.openstack.org/#/c/141854/ ? It's a fix for revocation.	15:18
lbragstad	amakarov: sure	15:18
*** krtaylor has quit IRC		15:21
*** unixlike has left #openstack-keystone		15:21
*** fmarco76 has left #openstack-keystone		15:24
*** topol has quit IRC		15:25
*** timcline has joined #openstack-keystone		15:26
*** unixlike has joined #openstack-keystone		15:31
*** krtaylor has joined #openstack-keystone		15:34
*** ayoung has quit IRC		15:34
*** carlosmarin has joined #openstack-keystone		15:42
openstackgerrit	Alexander Makarov proposed openstack/keystone: Correct initialization order for logging to use eventlet locks https://review.openstack.org/154915	15:46
openstackgerrit	Marek Denis proposed openstack/keystone: Add local rules in the federation mapping tests. https://review.openstack.org/154916	15:47
openstackgerrit	Alexander Makarov proposed openstack/keystone: Correct initialization order for logging to use eventlet locks https://review.openstack.org/154915	15:48
*** TheJulia has joined #openstack-keystone		15:48
*** atiwari has joined #openstack-keystone		15:50
*** rushiagr_away is now known as rushiagr		16:03
*** rwsu-afk is now known as rwsu		16:04
*** david-lyle_ has joined #openstack-keystone		16:06
*** marg7175 has joined #openstack-keystone		16:07
*** marg7175 has quit IRC		16:07
*** marg7175 has joined #openstack-keystone		16:08
*** marg7175 has quit IRC		16:09
*** nicodemos has joined #openstack-keystone		16:10
*** marg7175 has joined #openstack-keystone		16:11
*** david-lyle_ has quit IRC		16:11
*** topol has joined #openstack-keystone		16:12
*** ChanServ sets mode: +v topol		16:12
*** lnxnut has joined #openstack-keystone		16:13
openstackgerrit	Marek Denis proposed openstack/keystone: Add a domain to federated users https://review.openstack.org/110858	16:19
openstackgerrit	Marek Denis proposed openstack/keystone: Make user an object in mapping engine. https://review.openstack.org/154934	16:19
openstackgerrit	Marek Denis proposed openstack/keystone: Make user an object in mapping engine https://review.openstack.org/154934	16:20
*** MasterPiece has joined #openstack-keystone		16:23
*** atiwari has quit IRC		16:24
*** atiwari has joined #openstack-keystone		16:24
*** radez_g0n3 is now known as radez		16:25
*** atiwari has quit IRC		16:26
*** stevemar has joined #openstack-keystone		16:26
*** ChanServ sets mode: +v stevemar		16:26
*** atiwari has joined #openstack-keystone		16:29
*** ayoung has joined #openstack-keystone		16:29
*** ChanServ sets mode: +v ayoung		16:29
amakarov	ayoung, hi! We've found a bug locking keystone under high load. I have a quick solution, it works, but I'm not sure if it nice and sexy enough to propose :) Can you look at it? https://review.openstack.org/#/c/154915/ Bug is definitely nasty!	16:34
ayoung	amakarov, is the :if monkeypath_thread check necessary? shouldn't that code alwyas be called?	16:35
ayoung	and shouldn't there be a partnered removal of the line where it is called now?	16:36
amakarov	ayoung, that is the question: I'm not sure if it even can be false	16:36
ayoung	amakarov, I think you are on the right path, but need to handle the non-eventlet code path in your patch	16:36
amakarov	ayoung, that's the problem: logging is already used before patching :)	16:37
ayoung	let me see....	16:37
amakarov	and after the patching logging system needs reloading to use patched locks	16:37
amakarov	We run into this on 100 nodes environment (3 controllers) under rally load testing	16:38
ayoung	amakarov, probably should be in here http://git.openstack.org/cgit/openstack/keystone/tree/keystone/server/common.py	16:39
amakarov	ayoung, eventlet patching?	16:40
*** MasterPiece has quit IRC		16:40
ayoung	amakarov, read the code.	16:40
ayoung	that whole directory is supposed to handle the eventlet/wsgi differences	16:40
*** MasterPiece has joined #openstack-keystone		16:40
ayoung	that is called very early on	16:41
amakarov	it's clear to me	16:41
ayoung	start here: http://git.openstack.org/cgit/openstack/keystone/tree/bin/keystone-all and compare with http://git.openstack.org/cgit/openstack/keystone/tree/httpd/keystone.py	16:41
ayoung	cool. nice detective work	16:41
amakarov	the issue is that patching must be ASAP	16:42
ayoung	you mean before logging starts, yes	16:42
stevemar	ayoung, heads up there is a trust related question on the ML, with an aptly named subject [keystone][nova]	16:42
amakarov	and before initializing the log	16:42
*** unixlike has quit IRC		16:45
ayoung	amakarov, you are close. Just bump it to the function that calls the eventlet code and I think you will have it.	16:47
amakarov	ayoung, I'm lost :) Bump what? )))	16:48
amakarov	logging setup?	16:49
ayoung	amakarov, you always need to initialize logging	16:49
ayoung	not just in the eventlet case	16:49
amakarov	++	16:49
ayoung	just make sure it is done after the eventlet mokeypatch call would have been done, but before the first logging cal and you will have the same effect	16:49
amakarov	ayoung, the problem is that the first logging call is done just before eventlet monkeypatching	16:50
*** _cjones_ has joined #openstack-keystone		16:50
ayoung	so move it later	16:50
*** thedodd has joined #openstack-keystone		16:50
amakarov	ayoung, http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/utils.py	16:52
amakarov	http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/utils.py	16:52
ayoung	what line	16:52
amakarov	http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/utils.py#n239	16:52
ayoung	amakarov, that is for debugging, and is a fatal error, so not aproblem	16:53
ayoung	you can leave that	16:53
amakarov	ayoung, exactly my question :) If we can ignore tis particular log then everything is fine!	16:54
amakarov	s/tis/this	16:54
*** MasterPiece has quit IRC		16:55
openstackgerrit	Alexander Makarov proposed openstack/keystone: Correct initialization order for logging to use eventlet locks https://review.openstack.org/154915	16:56
amakarov	ayoung, ^^ :)	16:56
*** amerine has joined #openstack-keystone		16:57
*** _cjones_ has quit IRC		16:58
*** ayoung has quit IRC		17:00
amakarov	stevemar, I'll contact that Nova guy about trust issue	17:00
*** _cjones_ has joined #openstack-keystone		17:01
amakarov	btw, can you please recheck: https://review.openstack.org/#/c/141854/ ?	17:01
stevemar	amakarov, cool	17:01
*** MasterPiece has joined #openstack-keystone		17:03
*** gyee has joined #openstack-keystone		17:04
*** ChanServ sets mode: +v gyee		17:04
*** MasterPiece has quit IRC		17:07
*** guimaluf has quit IRC		17:07
*** MasterPiece has joined #openstack-keystone		17:08
openstackgerrit	Donagh McCabe proposed openstack/keystonemiddleware: Delay denial when service token is invalid https://review.openstack.org/153247	17:08
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	17:10
*** EmilienM is now known as EmilienM\|afk		17:10
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubator version of log and local https://review.openstack.org/154783	17:10
*** ctina has quit IRC		17:11
*** lhcheng has joined #openstack-keystone		17:11
*** karimb has quit IRC		17:12
openstackgerrit	Alexander Makarov proposed openstack/keystone: Correct initialization order for logging to use eventlet locks https://review.openstack.org/154915	17:13
*** ctina has joined #openstack-keystone		17:14
*** krtaylor has quit IRC		17:15
*** lnxnut has quit IRC		17:18
*** lnxnut has joined #openstack-keystone		17:19
*** lnxnut_ has joined #openstack-keystone		17:22
openstackgerrit	Steve Martinelli proposed openstack/oslo.policy: document the migration process and update the docs a bit https://review.openstack.org/154752	17:23
*** lnxnut has quit IRC		17:23
*** davechen has quit IRC		17:24
*** atiwari has quit IRC		17:25
*** jistr is now known as jistr\|off		17:25
*** lnxnut_ has quit IRC		17:27
*** afazekas has quit IRC		17:27
*** tqtran_afk has joined #openstack-keystone		17:28
*** tqtran_afk is now known as tqtran		17:28
*** krtaylor has joined #openstack-keystone		17:28
*** krtaylor has quit IRC		17:33
*** _cjones_ has quit IRC		17:33
*** _cjones_ has joined #openstack-keystone		17:34
*** akuznetsova has joined #openstack-keystone		17:34
akuznetsova	Hi	17:34
*** lnxnut has joined #openstack-keystone		17:35
samueldmq	akuznetsova, hi :-)	17:36
akuznetsova	samueldmq, I have a question about v3	17:36
samueldmq	akuznetsova, sure, here is the right place to ask, so please do it	17:36
*** marg7175 has quit IRC		17:37
akuznetsova	when I am trying to execute some command via cli to /v3 enpoint I get 404 error and Auth token not in the request header. in the log	17:37
akuznetsova	but with token from v2.0 it works	17:38
samueldmq	akuznetsova, cli you mean keystone client? like keystone user-list, keystone tenant-list	17:38
akuznetsova	samueldmq, yes	17:39
samueldmq	akuznetsova, we don't support v3 there	17:39
samueldmq	akuznetsova, in addition I think it is deprecated .... bknudson can confirm ?	17:40
bknudson	openstack unified CLI supports identity v3.	17:40
samueldmq	bknudson, ^	17:40
samueldmq	bknudson, ++ yes, openstack user list ... and so on	17:40
bknudson	keystone CLI isn't officially deprecated ... maybe "pending deprecation" ?	17:40
samueldmq	bknudson, maybe, I'm not sure	17:40
akuznetsova	samueldmq, http://paste.openstack.org/show/171478/	17:40
samueldmq	akuznetsova, so you should you openstack unified cli	17:41
*** atiwari has joined #openstack-keystone		17:41
bknudson	I think we just need confirmation that the unified CLI is supported.	17:41
stevemar	bknudson, it's supported	17:41
stevemar	:P	17:41
stevemar	does that not work?	17:41
bknudson	stevemar: let's deprecate keystone CLI then	17:41
stevemar	it's had v2 parity for a while,	17:42
bknudson	I think for a long time dtroyer wasn't willing to say that the interface is stable...	17:42
*** _cjones_ has quit IRC		17:42
samueldmq	akuznetsova, https://wiki.openstack.org/wiki/OpenStackClient	17:42
stevemar	bknudson, the only downside is that on ubuntu 12.04, the only supported release is an old version of OSC	17:42
*** _cjones_ has joined #openstack-keystone		17:42
samueldmq	akuznetsova, the keystone cli you're using doesnt support v3, as we said	17:43
stevemar	bknudson, and they aren't going to ship a new one, cause it's lts	17:43
bknudson	stevemar: is keystone CLI also old?	17:43
stevemar	bknudson, yeah, but the one that was shipped in 12.04 was still a bit buggy	17:43
bknudson	this is why nobody uses ubuntu anymore.	17:43
*** MasterPiece has quit IRC		17:45
stevemar	bknudson, yeah that is a pretty silly reason, i tried asking for a refresh of the library, but nope	17:46
*** lsmola has quit IRC		17:46
stevemar	fwiw, someone set it up in a private repo	17:46
stevemar	the latest version	17:46
bknudson	stevemar: I was asking if keystone CLI is also old on ubuntu 12.04 ... are they updating keystone CLI?	17:47
dtroyer	bknudson: FWIW, as of the 1.0.0 release we made the commitment to a backward-compatability process for CLI changes…	17:47
*** harlowja_away is now known as harlowja		17:47
stevemar	bknudson, probably not	17:47
akuznetsova	actually it is not my initial problem	17:47
*** ayoung has joined #openstack-keystone		17:48
*** ChanServ sets mode: +v ayoung		17:48
dtroyer	… in OpenStackClient	17:48
samueldmq	akuznetsova, we found a solution for your problem	17:48
bknudson	I think we can deprecate keystone CLI then... probably needs a blueprint or a spec is all	17:48
samueldmq	akuznetsova, keystone cli ..... doesnt support v3, just v2	17:48
samueldmq	akuznetsova, you cant use v3 urls there	17:48
akuznetsova	we are using v3 in Mistral and when I am trying to call some keystone command via keystoneclient, I seeKeystoneAction.users.list failed: <class 'keystoneclient.openstack.common.apiclient.exceptions.EndpointNotFound'>:	17:48
samueldmq	akuznetsova, to use identity api (keystone) v3, please use openstack unified cli	17:49
stevemar	bknudson, the latest they have on 14.04 is ksc 1.0.7, and osc 0.30	17:49
stevemar	http://packages.ubuntu.com/search?keywords=python-keystoneclient&searchon=names&suite=all&section=all and http://packages.ubuntu.com/search?keywords=python-openstackclient&searchon=names&suite=all&section=all	17:49
akuznetsova	samueldmq, and the same message Auth token not in the request header. Will not build auth context.	17:50
bknudson	there is no 1.0.7 tag as far as I can tell.	17:50
stevemar	bknudson, it's probably 0.7.1	17:51
samueldmq	akuznetsova, using the OpenStackClient ? you should be able to use v3 with it	17:51
samueldmq	akuznetsova, please red the docs	17:51
samueldmq	read*	17:51
stevemar	bknudson, don't know why there is a 1: prepended	17:51
samueldmq	akuznetsova, https://wiki.openstack.org/wiki/OpenStackClient	17:51
bknudson	stevemar: that's confusing.	17:52
stevemar	samueldmq, actually, better docs are here: http://docs.openstack.org/developer/python-openstackclient/	17:52
akuznetsova	samueldmq, no, we just import keystoneclient.v3 and initialize it	17:52
akuznetsova	samueldmq, ok, thanks	17:52
stevemar	bknudson, the world of packaging ¯\_(ツ)_/¯	17:52
bknudson	should be a table flip	17:52
morganfainberg	Zzzzzzz	17:53
morganfainberg	Yay packaging >.>	17:53
*** MasterPiece has joined #openstack-keystone		17:53
*** MasterPiece\| has joined #openstack-keystone		17:54
stevemar	morganfainberg, what are your thoughts on deprecating the cli?	17:55
stevemar	we have to visit this topic at least once per release	17:55
bknudson	is devstack still using it?	17:56
*** nellysmitt has quit IRC		17:57
stevemar	bknudson, yup	17:57
stevemar	for keystone operations	17:57
*** nellysmitt has joined #openstack-keystone		17:58
stevemar	and i think for swift ops too... i should go back and try to replace all the cinder commands	17:58
*** MasterPiece has quit IRC		17:58
*** nellysmitt has quit IRC		18:02
morganfainberg	stevemar: honestly I think that was the point of the "where do we put backwards incompatible changes" and we were told "sdk".	18:04
*** samueldmq_ has joined #openstack-keystone		18:07
*** krtaylor has joined #openstack-keystone		18:09
*** spandhe has joined #openstack-keystone		18:10
*** timcline has quit IRC		18:11
*** timcline has joined #openstack-keystone		18:11
richm	In the default v3 policy, almost every rule allows rule:cloud_admin except for identity:list_user_projects and identity:list_groups_for_user - why?	18:13
*** timcline has quit IRC		18:16
*** ajayaa has quit IRC		18:22
*** atiwari has quit IRC		18:23
mfisch	morganfainberg: I'm happy to help review or draft policies/suggestions on prepping for db upgrades or recovering from a bad one	18:26
morganfainberg	mfisch, great any help is of course welcome!	18:27
mfisch	We have some real world failures occur due to a mysql bug that caused mysql to abort during migrations	18:27
mfisch	so that was fun	18:27
mfisch	in dev env which mititgated	18:27
*** rushiagr is now known as rushiagr_away		18:29
*** pnavarro has quit IRC		18:30
*** david-lyle is now known as david-lyle_afk		18:31
morganfainberg	mfisch, i just tossed you into a comment on the downgrade spec saying you indicated you'd help with the documentation	18:32
*** avozza is now known as zz_avozza		18:33
mfisch	oh man ok	18:33
mfisch	have we had anyone come forward and say "hey downgrades are a great idea!"?	18:34
morganfainberg	mfisch, no. the only concerns are "well what if we ran for a while then determined we need to downgrade because XXX is broken"	18:34
morganfainberg	to be fair i've never heard of someone actually doing that	18:35
morganfainberg	just the theoretical	18:35
morganfainberg	"it could be something people want"	18:35
mfisch	at that point, I'd claim that a downgrade doesnt help	18:35
mfisch	you'd have to nuke all resources created in between	18:35
mfisch	may as well nuke and go back to a backup	18:36
morganfainberg	and the statement from mikal is "well i dont want to nuke the vms that were created there, what harm is it in letting them run"	18:36
morganfainberg	honestly i don't have an argument, afaict, that will win that.	18:36
mfisch	might have issues deleteing them I guess	18:36
morganfainberg	not even deleting them	18:36
morganfainberg	the question is why do they need to be deleted	18:37
morganfainberg	my view is if something is that broken i wouldn't trust anything created during that timeframe	18:37
morganfainberg	re: new feature magic, etc	18:37
mfisch	yeah me either	18:37
mfisch	cattle etc etc	18:37
mfisch	just nuke it	18:37
morganfainberg	especially because a downgrade is more likely to totally break something than it is to let things keep working	18:38
morganfainberg	so, my problem is i've run large scale deployments and we'd either fix the issue, or rollback to a known-good point	18:38
mfisch	yep	18:38
morganfainberg	we wouldn't try to "revert all the data manipulation" and hope for the best	18:38
mfisch	my first goal is to get out of the outage, the shortest path there is restore	18:38
morganfainberg	especially if new data was added to the system	18:38
mfisch	if I find it the next morning, then I might investigate more	18:38
stevemar	bknudson, can you elaborate on your comment here: https://review.openstack.org/#/c/154321/ - how would i go about deprecating the old ones?	18:38
morganfainberg	mfisch, yes.	18:39
morganfainberg	mfisch, so i want more info on what mikal wants before we try and respin the spec/fix the issues	18:39
mfisch	if its something like some odd corner case boot option doesnt work, I'd just try to fix	18:39
morganfainberg	then we can address those concerns somewhat	18:39
*** atiwari has joined #openstack-keystone		18:39
*** EmilienM\|afk is now known as EmilienM		18:39
mfisch	a tool nobody uses and nobody invests in is just plain dangerous	18:39
mfisch	more info from him would be good	18:39
*** atiwari has quit IRC		18:40
morganfainberg	but in general when you're involving migrations either a) you're QAing the hell out of this and shouldn't release without confidence the core features work - so minor bugs aren't catestrophic	18:40
morganfainberg	and b) you'd roll forward for a fix if something is really that broken / employ someone who could at least tack a fix in until a real fix rolls down the line	18:40
morganfainberg	it's how you'd handle an issue with apache webserver afaik	18:41
morganfainberg	except this doesn't require recompiling a binary ;)	18:41
mfisch	we let it stew in dev, staging, etc until we're sure its oka	18:41
mfisch	okay	18:41
mfisch	let the team and tests bang on it	18:41
*** jaosorior has quit IRC		18:41
morganfainberg	so lets see what mikal comes up with and then we can address it in the spec	18:42
morganfainberg	and work on docs.	18:42
mfisch	sure	18:42
*** timcline has joined #openstack-keystone		18:42
bknudson	anybody else find --debug output from keystone-manage db_sync in devstack useful? https://review.openstack.org/#/c/153870/	18:42
morganfainberg	and i'll add you to the spec as on the hook for some doc writing next revision	18:42
bknudson	otherwise I'll just abandon it.	18:42
morganfainberg	bknudson, i hate migration debugging	18:42
morganfainberg	this could be useful in general	18:43
mfisch	bknudson: when we had the mysql crashes, we 1) turned off every service, 2) enabled query logging, 3) ran the migrations	18:43
bknudson	morganfainberg: y, I always just modify my lib/keystone to enable it.	18:43
mfisch	we didn't use --debug	18:43
morganfainberg	bknudson, i usually don't use devstack to debug migrations though	18:43
morganfainberg	bknudson, i always run migrations isolated environment	18:43
morganfainberg	in an*	18:44
lhcheng	morganfainberg, stevemar: did you guys figured out the oslo.config import issue that ajayaa had last night?	18:44
mfisch	same morganfainberg	18:44
*** timcline has quit IRC		18:44
bknudson	ok, I'll abandon the devstack patch.	18:44
mfisch	we have a vagrant based mutli-node env that simulates our prod/stagng envs	18:44
morganfainberg	lhcheng, old devstack - namespace packages vs non-namespace packages	18:44
*** timcline has joined #openstack-keystone		18:44
morganfainberg	lhcheng, so one installtion owned the oslo/config and one owned oslo.config symlink or such	18:44
lhcheng	morganfainberg: ugh!	18:45
morganfainberg	lhcheng, the solution was either a) new devstack or b) remove oslo libs and re-install	18:45
morganfainberg	lhcheng, it was the core reason we're removing namespace packages	18:45
*** atiwari has joined #openstack-keystone		18:45
lhcheng	morganfainberg: cool, good to know.	18:46
lhcheng	morganfainberg: sometimes it is just faster to have a create new devstack than to debug issue. :P	18:48
*** atiwari has quit IRC		18:49
gordc	morganfainberg: since your name is on oslo graduation page... is there an oslo.cache lib hidden somewhere?	18:49
*** raildo has quit IRC		18:50
*** samueldmq has quit IRC		18:50
*** atiwari has joined #openstack-keystone		18:50
*** nicodemos has quit IRC		18:50
*** htruta has quit IRC		18:50
*** henrique_ has quit IRC		18:50
*** abrito has quit IRC		18:50
*** tellesnobrega has quit IRC		18:50
*** atiwari has quit IRC		18:52
*** atiwari has joined #openstack-keystone		18:54
morganfainberg	gordc, nope there is a spec for it	18:56
morganfainberg	gordc, but i haven't had time to write the code :(	18:56
gordc	morganfainberg: cool cool. so i guess cache code in oslo-incubator was prematurely marked as deprecated	18:59
*** atiwari has quit IRC		18:59
morganfainberg	well sortof.	18:59
*** MasterPiece\| has quit IRC		19:00
*** atiwari has joined #openstack-keystone		19:00
*** _cjones_ has quit IRC		19:00
*** _cjones_ has joined #openstack-keystone		19:01
*** atiwari has quit IRC		19:03
*** MasterPiece\| has joined #openstack-keystone		19:04
*** zz_avozza is now known as avozza		19:06
*** marg7175 has joined #openstack-keystone		19:08
*** marg7175 has quit IRC		19:09
*** marg7175 has joined #openstack-keystone		19:10
*** atiwari has joined #openstack-keystone		19:10
david8hu	morganfainberg: On the token provider cleanup topic, I called persistence.create_token with token_id and AccessInfo object, but persistence.get_token returns dict object as oppose to AccessInfo object.	19:11
*** atiwari has quit IRC		19:12
david8hu	morganfainberg: Why would persistence manager get_token strip out AccessInfo related stuff, and how did it do it? Maybe I need to look at how persistence manager works.	19:13
*** amakarov is now known as amakarov_away		19:13
morganfainberg	in a meeting	19:13
morganfainberg	will answer when done	19:13
david8hu	ok	19:14
*** tellesnobrega has joined #openstack-keystone		19:16
*** atiwari has joined #openstack-keystone		19:18
*** atiwari has quit IRC		19:18
openstackgerrit	Merged openstack/keystone: Split the assignments controller https://review.openstack.org/132634	19:19
*** atiwari has joined #openstack-keystone		19:19
ayoung	failures=28	19:20
stevemar	yay	19:20
ayoung	david8hu, ^^	19:20
ayoung	that is how close I am to having unified access info for you to use in the token provider cleanup	19:20
david8hu	ayoung: lol	19:21
ayoung	It was 35 this morning...spiked up to 50+ when I broken summat	19:21
*** _cjones_ has quit IRC		19:21
*** atiwari has quit IRC		19:22
david8hu	ayoung: Better not 100+ tomorrow :)	19:22
ayoung	david8hu, actually, jumps in the count usually come from me having to add functionality for one thing that breaks across all token parsings	19:22
ayoung	those are easy. It is the ones like this:	19:23
ayoung	File "keystoneclient/models/auth_context.py", line 243, in auth_url	19:23
ayoung	if self._service_catalog:	19:23
ayoung	AttributeError: 'AuthContext' object has no attribute '_service_catalog'	19:23
*** atiwari has joined #openstack-keystone		19:23
ayoung	actually...that looks pretty easy to fix...	19:24
morganfainberg	ok done now	19:24
morganfainberg	david8hu yes, because .get_token has only really been used to issue stuff to the wire. places that do the other level of work convert to access_info type object (model) in the auth_context manager	19:25
*** raildo has joined #openstack-keystone		19:26
morganfainberg	david8hu, erm auth_context middleware	19:26
*** samueldmq has joined #openstack-keystone		19:26
david8hu	morganfainberg: Perhaps, I can call AccessInfo factory right after get_token. That will work.	19:28
morganfainberg	david8hu, right. - we can adjust things and make it better as we move forward	19:29
morganfainberg	remember do the work in bite-sized peices	19:29
morganfainberg	easier to review	19:29
morganfainberg	even if it takes more patches, it'll be easier to understand some of the changes.	19:30
*** atiwari has quit IRC		19:30
david8hu	morganfainberg: Will keep it under 299 loc.	19:30
david8hu	morganfainberg: lol	19:30
*** boris-42 has quit IRC		19:32
morganfainberg	david8hu, sometimes it's easy to let patches get out of hand.	19:33
*** nicodemos has joined #openstack-keystone		19:34
david8hu	morganfainberg: ok. wild patch on the loose	19:36
morganfainberg	:)	19:37
*** jsavak has joined #openstack-keystone		19:37
*** joesavak has quit IRC		19:40
ayoung	failures=26	19:43
morganfainberg	ayoung, nice	19:44
morganfainberg	ayoung, thanks for slogging through this.	19:44
ayoung	morganfainberg, I'm learning a lot of stuff I wish I didn't know.	19:45
ayoung	poor jamielennox	19:45
morganfainberg	ayoung, this is also why doing it is good.	19:45
*** aix has quit IRC		19:45
morganfainberg	we have more people identifying the cruft we have and thinking about making it better	19:45
ayoung	all of the cruft should be isolated to one facade called auth_context	19:45
morganfainberg	which is WAY better ;)	19:45
morganfainberg	and it means we can work on making that as good as can be - being that it has cruft	19:46
ayoung	yeah, I know. I just wish we could do all of this in one project. DOing it in the client and then having to make a relelase, and then using it in the server seems like it is going to have along turn around time	19:46
morganfainberg	ayoung, i'm fine with releasing client as soon as this is done	19:46
morganfainberg	the hard part will be the global req bump	19:47
ayoung	But, I think it is going to be the start of a long push toward moving as much of the business logic into the client as we can	19:47
morganfainberg	actually i want to move this stuff out of client - into keystone.common - or such [just like session shouldn't be in client really]	19:47
morganfainberg	but thats a different conversation	19:47
ayoung	yeah, common	19:48
*** diegows has joined #openstack-keystone		19:49
*** diegows has quit IRC		19:50
*** david-lyle_afk is now known as david-lyle		19:51
*** joesavak has joined #openstack-keystone		19:52
*** lhcheng has quit IRC		19:54
*** jsavak has quit IRC		19:54
*** atiwari has joined #openstack-keystone		19:56
*** nellysmitt has joined #openstack-keystone		19:58
*** afazekas has joined #openstack-keystone		20:00
*** _cjones_ has joined #openstack-keystone		20:01
*** jsavak has joined #openstack-keystone		20:01
ayoung	failures=24	20:01
*** lhcheng_ has joined #openstack-keystone		20:01
ayoung	morganfainberg, instead of us all spending a metric ton on cognac in Vancouver, how about we have a night where each person brings a bottle of their favorite label?	20:02
*** joesavak has quit IRC		20:02
morganfainberg	ayoung, i'm thinking i might bring the bottle of Cachaça with me.	20:03
*** htruta has joined #openstack-keystone		20:03
ayoung	Glenmorngie or something like that for me	20:03
*** nellysmitt has quit IRC		20:03
morganfainberg	atiwari, can you clarify your comment on https://review.openstack.org/#/c/130050/25/specs/kilo/ae-tokens.rst ?	20:04
morganfainberg	atiwari, i'd like to know more of the security gap you see.	20:04
atiwari	sure give me 5 mins	20:05
*** pnavarro has joined #openstack-keystone		20:05
atiwari	in a nutshell encryption is not needed and the message on which the signature generated is weak	20:05
atiwari	I will explain in 5 min	20:06
morganfainberg	atiwari, yeah no worries.	20:06
morganfainberg	atiwari, added a comment in the spec as well asking for more clarification. thanks - take your time writing it up :)	20:06
atiwari	np, did you look at my proposal ?	20:07
morganfainberg	atiwari, i've looked over some of it, but been swamped with meetings yesterday/today	20:08
*** samueldmq_ has quit IRC		20:08
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.log instead of incubator https://review.openstack.org/152699	20:08
openstackgerrit	Steve Martinelli proposed openstack/keystone: Sync with oslo-incubator https://review.openstack.org/154780	20:08
atiwari	np	20:08
*** jsavak has quit IRC		20:09
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubator version of log and local https://review.openstack.org/154783	20:10
samueldmq	dstanek, ping - regarding your comment on the '/%s/%s/%s/%s/%s/%s' thing :p	20:10
samueldmq	dstanek, yes that work, tests in the same patch are using that call, and they pass	20:11
samueldmq	dstanek, https://review.openstack.org/#/c/144544/16/keystone/tests/test_v3_assignment.py	20:11
*** atiwari has quit IRC		20:11
*** atiwari has joined #openstack-keystone		20:14
*** krtaylor has quit IRC		20:15
*** dnalezyt has joined #openstack-keystone		20:21
dstanek	samueldmq: really? i'll have to download the patch to check - if you run '%s/%s' % ('something') Python should fail with an exception	20:23
breton	morganfainberg: excuse me, but what's with https://review.openstack.org/131531? Why is it not -2 anymore?	20:24
morganfainberg	Was re proposed against the backlog.	20:25
morganfainberg	If it is accepted to the backlog it is a spec we want. But has not been targeted to a release. Someone can pick it up.	20:25
morganfainberg	breton: ^^	20:25
breton	err, well, ok, but I have an implementation of it already	20:26
morganfainberg	Right. We were waiting on oslo.db right?	20:26
breton	as we discussed on the meeting, we are waiting for oslo.db	20:26
breton	yes	20:26
morganfainberg	Yeah so we could Accept it to the backlog and as soon as oslo.db with fixes is released we can move it to the next appropriate keystone release. (Probably l)	20:27
morganfainberg	The idea behind the backlog is "we want this but for whatever reason we haven't targeted a specific release yet)	20:28
breton	oh, ok then.	20:28
*** krtaylor has joined #openstack-keystone		20:28
dstanek	morganfainberg: how Agile of you!	20:28
*** nellysmitt has joined #openstack-keystone		20:28
morganfainberg	In general it lowers the barrier to entry for those who want to contribute but don't have a specific idea or want to work on something we've already decided we like.	20:28
morganfainberg	dstanek: sigh :P	20:29
openstackgerrit	Boris Bobrov proposed openstack/keystone: Fix invalid super() usage in memcache pool https://review.openstack.org/154095	20:29
dstanek	next thing you know we'll have kanban boards!	20:29
*** aix has joined #openstack-keystone		20:30
breton	I have not seen anything in the backlog for the last 3 months I'm here ;)	20:30
morganfainberg	Yeah we've been slow to use it.	20:31
morganfainberg	It's fairly new.	20:31
ayoung	agile good	20:31
*** lnxnut has quit IRC		20:31
ayoung	backlog good	20:31
dstanek	ayoung: would you like a bowl of SOA with your Agile?	20:32
ayoung	No	20:32
ayoung	SOA was tainted by a consultant from a company to remain nameless	20:32
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add a check to see if a federation token is being used for v2 auth https://review.openstack.org/154368	20:33
ayoung	dstanek, I thought to make an object act like a dictionary I needed to implemtn get and __getitem_- but is there anything else?	20:34
morganfainberg	If you want a set __setitem__	20:35
morganfainberg	and an __iter__ if you want it to be an iter able.	20:35
ayoung	I don't want __setitem__	20:35
dstanek	yep, and there are other dunders depending on what you want to do	20:36
morganfainberg	Do you need iteritems or iterkeys it itervalues?	20:36
ayoung	I'm getting a failure on	20:36
ayoung	'token' not in <keystoneclient.models.auth_context.AuthContext object at 0x7f2aa4dd64d0>	20:36
morganfainberg	Or items/keys/values methods.	20:36
samueldmq	dstanek, just if number of provided params are not enough to match with %s	20:36
samueldmq	dstanek, yes please try it	20:36
ayoung	something doing a['token']	20:36
ayoung	but that should be a regular property of my object	20:36
morganfainberg	__getitem__ should be sufficient for a lookup like that.	20:37
dstanek	samueldmq: isn't that the case in your patch?	20:37
openstackgerrit	Merged openstack/oslo.policy: Use standard logging in oslo.policy https://review.openstack.org/154635	20:37
dstanek	samueldmq: ah, i see what you are doing. that's way confusing	20:38
ayoung	self.assertThat(haystack, Contains(needle), message)	20:39
*** lhcheng_ is now known as lhcheng		20:39
samueldmq	dstanek, I'm feeling bad now, because it looks like all my patches are confusing	20:39
*** _cjones_ has quit IRC		20:39
samueldmq	:/	20:39
dstanek	samueldmq: it looks like you've been playing with lisp	20:39
ayoung	if self.needle not in matchee:	20:40
samueldmq	dstanek, ahha, no :p	20:40
samueldmq	dstanek, I'll change that and do in the conventional way: if domain_id: url += /domains/domain_id , etc	20:40
ayoung	what is the in operator doing in this case? Do I need the __iter__ for this?	20:40
morganfainberg	ayoung not sure what magic method is needed for "x in y" notation. And I think the marchers use that.	20:40
atiwari	morganfainberg, added my comments in specs	20:40
ayoung	hub 2 3 4	20:41
morganfainberg	atiwari: appreciate it.	20:41
ayoung	Oh, I think you meant matchers	20:41
atiwari	morganfainberg, yrw	20:41
ayoung	morganfainberg, that is exactly the issue. I'm guessing I need an __iter__	20:41
morganfainberg	Damn that autocorrect.	20:41
samueldmq	dstanek, guideline: don't try to be too smart on coding .... stop at the point where legibility is being highly decreased	20:43
samueldmq	dstanek, unless you're coding in lisp :p	20:43
*** nellysmitt has quit IRC		20:46
*** atiwari has quit IRC		20:46
*** lhcheng has quit IRC		20:47
openstackgerrit	henry-nash proposed openstack/keystone: Broaden domain-group testing of list_role_assignments https://review.openstack.org/154302	20:47
openstackgerrit	henry-nash proposed openstack/keystone: Broaden domain-group testing of list_role_assignments https://review.openstack.org/154302	20:47
*** nellysmitt has joined #openstack-keystone		20:48
*** _cjones_ has joined #openstack-keystone		20:48
*** henrynash has joined #openstack-keystone		20:49
*** ChanServ sets mode: +v henrynash		20:49
ayoung	dstanek, what does the 'in' operator do? I can see that the code is calling __getattr__ but the attribute being passed in is 0	20:49
dstanek	ayoung: it iterates over something looking for a match	20:49
dstanek	should call __len__ and __getitem__	20:50
dstanek	or i think it can call __iter__ if that is defined	20:50
ayoung	dstanek, so if I don't implement __len__?	20:50
ayoung	OK, so to act like a dict, I should implement __iter__ and return the names of the attributes?	20:50
*** nellysmitt has quit IRC		20:51
dstanek	if you want 'in' for your dict i think you should implement __iter__ and return the keys as a generator	20:51
ayoung	dstanek, I'll try that.	20:52
ayoung	dstanek, so I have a bunch of @properties that don't show up in __dict__, but dir(self) returns too many things. Is there a just-right approach?	20:54
dstanek	do you have an example of what you are trying to do?	20:55
*** marg7175 has quit IRC		20:56
ayoung	dstanek, well, I am trying to make the access_info class I showed way back when act like a dict	20:57
*** htruta has quit IRC		20:57
*** samueldmq has quit IRC		20:57
ayoung	dstanek, I have an old review up. one sec	20:57
*** raildo has quit IRC		20:57
*** tellesnobrega has quit IRC		20:57
ayoung	dstanek, argh...but that is so old it doesn't show what I am now battling	20:58
ayoung	https://review.openstack.org/#/c/138519/	20:58
ayoung	dstanek, let me post my lates	20:58
*** htruta has joined #openstack-keystone		20:58
*** tellesnobrega has joined #openstack-keystone		21:00
ayoung	failures=23	21:04
*** joesavak has joined #openstack-keystone		21:06
*** krtaylor has quit IRC		21:09
*** gyee has quit IRC		21:09
openstackgerrit	Merged openstack/pycadf: Use oslo_context https://review.openstack.org/152803	21:10
openstackgerrit	David Stanek proposed openstack/keystone: Fixes a type check to make it work in Python 3 https://review.openstack.org/125410	21:10
openstackgerrit	David Stanek proposed openstack/keystone: Updates Python3 requirements https://review.openstack.org/130579	21:10
openstackgerrit	David Stanek proposed openstack/keystone: Mocks out the memcache library for tests https://review.openstack.org/125409	21:10
openstackgerrit	David Stanek proposed openstack/keystone: Adds a fork of python-ldap for Py3 testing https://review.openstack.org/95827	21:10
*** samueldmq has joined #openstack-keystone		21:13
ayoung	failures=21	21:19
*** marg7175 has joined #openstack-keystone		21:20
*** henrynash has quit IRC		21:21
*** krtaylor has joined #openstack-keystone		21:22
openstackgerrit	ayoung proposed openstack/python-keystoneclient: Access Info https://review.openstack.org/138519	21:22
*** atiwari has joined #openstack-keystone		21:23
*** marg7175 has quit IRC		21:23
ayoung	dstanek, see __iter__ in https://review.openstack.org/#/c/138519/9/keystoneclient/models/auth_context.py,cm	21:23
*** marg7175 has joined #openstack-keystone		21:24
*** Tahmina has joined #openstack-keystone		21:31
stevemar	for those brave enough: https://review.openstack.org/#/c/152699/	21:36
stevemar	use oslo.log instead of incubated log	21:36
stevemar	it's got some finnicky parts	21:36
dstanek	ayoung: that's interesting	21:40
ayoung	dstanek, in a chinese fortune sort of way	21:40
dstanek	ayoung: so you only want to @properties?	21:40
ayoung	nah, I also want the actual properties	21:40
breton	stevemar: in progress ;)	21:40
ayoung	just not the __ named ones	21:40
stevemar	breton, ty!	21:41
*** atiwari has quit IRC		21:44
dstanek	ayoung: i have a hack if you want to play with it	21:44
ayoung	dstanek, sure	21:45
dstanek	ayoung: let me type it up and pastebin it	21:45
ayoung	dstanek, thanks. Good to know what I am asking is non-trivial enough that I should not have found it from the google	21:46
dstanek	ayoung: http://paste.openstack.org/show/171618/	21:47
dstanek	ayoung: something like that should work, but i don't really like it	21:47
dstanek	ayoung: another approach would be a customer property decorator	21:48
ayoung	yeah...	21:48
ayoung	shouldn't there be a yield there?	21:48
dstanek	that i need to actually test the code i write :-)	21:49
ayoung	:)	21:49
dstanek	actually i don't think that would actually work without lots of harmful magic since a property doesn't know the object on which it was defined	21:50
ayoung	dstanek, BTW, thanks for the pointer to rpdb. I use it exclusively now	21:51
ayoung	works nicely with gud inside emacs.	21:52
dstanek	nice	21:52
dstanek	hopefully that saved you some time	21:52
ayoung	dstanek, I'm going write a blog post on it. You can use it to debug into a live server...its flipping grand	21:52
openstackgerrit	Merged openstack/keystone: log wsgi requests at INFO level https://review.openstack.org/153692	21:53
ayoung	failures=20	21:56
*** ctina has quit IRC		22:02
*** lhcheng has joined #openstack-keystone		22:06
*** henrynash has joined #openstack-keystone		22:06
*** ChanServ sets mode: +v henrynash		22:06
*** samueldmq_ has joined #openstack-keystone		22:07
*** radez is now known as radez_g0n3		22:16
*** topol has quit IRC		22:17
*** timcline has quit IRC		22:18
*** joesavak has quit IRC		22:19
*** atiwari has joined #openstack-keystone		22:19
ayoung	dstanek, what do you use for integrated debugging in vi?	22:21
*** r-daneel has quit IRC		22:31
*** atiwari has quit IRC		22:31
stevemar	we all love oslo syncs right? https://review.openstack.org/#/c/154780/	22:32
dstanek	ayoung: vimpdb sometimes, but i usually don't use a debugger - if i see and issue i'll write a test to debug	22:35
*** darrenc is now known as darrenc_afk		22:42
*** ljfisher has quit IRC		22:43
*** Tahmina has quit IRC		22:44
*** __TheDodd__ has joined #openstack-keystone		22:47
*** thedodd has quit IRC		22:47
*** nellysmitt has joined #openstack-keystone		22:51
morganfainberg	rodrigods, you know your blog on k2k federation is getting a lot of references ;)	22:51
morganfainberg	rodrigods, i keep sending people to it as part of the reference material when takling about k2k stuf	22:52
morganfainberg	f	22:52
*** gyee has joined #openstack-keystone		22:54
*** ChanServ sets mode: +v gyee		22:54
*** nellysmitt has quit IRC		22:56
*** atiwari has joined #openstack-keystone		22:59
*** __TheDodd__ has quit IRC		22:59
*** jorge_munoz has quit IRC		23:02
*** abhirc has joined #openstack-keystone		23:03
*** darrenc_afk is now known as darrenc		23:04
*** spandhe has quit IRC		23:06
*** carlosmarin has quit IRC		23:07
*** spandhe has joined #openstack-keystone		23:09
*** erkules has quit IRC		23:14
openstackgerrit	Bob Thyne proposed openstack/keystonemiddleware: Add Endpoint Enforcement to Keystonemiddleware https://review.openstack.org/153296	23:16
*** abhirc has quit IRC		23:20
*** abhirc has joined #openstack-keystone		23:24
*** erkules has joined #openstack-keystone		23:26
breton	morganfainberg: could you send me to it too please?	23:29
breton	nevermind, found it	23:30
morganfainberg	breton, http://blog.rodrigods.com/playing-with-keystone-to-keystone-federation/	23:30
rodrigods	looking forward to write the Kilo version :)	23:31
rodrigods	breton, you don't need to deactivate shibboleth's security policy anymore, gyee has fixed that issue :)	23:31
*** nicodemos has quit IRC		23:35
*** atiwari has quit IRC		23:37
breton	yes, I'd really appreciate Kilo version to understand what's going on there now	23:37
*** atiwari has joined #openstack-keystone		23:37
*** chlong has joined #openstack-keystone		23:37
*** atiwari has quit IRC		23:39
*** MasterPiece\| is now known as MasterPiece		23:40
*** abhirc has quit IRC		23:42
*** erkules has quit IRC		23:46
stevemar	morganfainberg, it really was an awesome blog, good job rodrigods :)	23:46
stevemar	rodrigods, except you need to update the mapping example :)	23:46
morganfainberg	breton, almost 100% the same	23:47
morganfainberg	breton, but the nullsecurity thing si fixed and the IDP is changing how we represent the SPs in the catalog	23:47
rodrigods	thanks stevemar , you are right, will update it	23:47
openstackgerrit	Merged openstack/oslo.policy: document the migration process and update the docs a bit https://review.openstack.org/154752	23:47
*** nicodemos has joined #openstack-keystone		23:48
*** dims__ has quit IRC		23:49
*** dims__ has joined #openstack-keystone		23:50
*** erkules has joined #openstack-keystone		23:52
*** joesavak has joined #openstack-keystone		23:53
*** dims__ has quit IRC		23:54
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add a check to see if a federation token is being used for v2 auth https://review.openstack.org/154368	23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!