Monday, 2015-09-28

« Sunday, 2015-09-27 Index Tuesday, 2015-09-29 »
*** mylu has quit IRC00:08
*** EinstCrazy has quit IRC00:08
*** mylu has joined #openstack-keystone00:12
*** Navid_ has joined #openstack-keystone00:21
*** wwwjfy has joined #openstack-keystone00:22
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** Kennan_Vacation2 has quit IRC00:25
*** ngupta has quit IRC00:25
*** ngupta has joined #openstack-keystone00:28
*** Kennan_Vacation has joined #openstack-keystone00:30
openstackgerritMerged openstack/keystoneauth: remove references to keystone CLI  https://review.openstack.org/22765800:32
*** Kennan_Vacation is now known as Kennan00:34
*** markvoelker has joined #openstack-keystone00:38
*** hidekazu has joined #openstack-keystone00:40
*** markvoelker has quit IRC00:42
*** Kennan has left #openstack-keystone00:56
*** EinstCrazy has joined #openstack-keystone01:00
*** mylu has quit IRC01:01
*** Navid_ has quit IRC01:03
*** david-lyle has joined #openstack-keystone01:03
*** lhcheng has quit IRC01:10
*** mylu has joined #openstack-keystone01:11
*** lhcheng has joined #openstack-keystone01:12
*** ChanServ sets mode: +v lhcheng01:12
*** dims_ has quit IRC01:28
*** wwwjfy_ has joined #openstack-keystone01:32
*** BrAsS_mO- has joined #openstack-keystone01:36
*** dobson` has joined #openstack-keystone01:36
*** dobson has quit IRC01:38
*** wwwjfy has quit IRC01:38
*** sileht has quit IRC01:38
*** BrAsS_mOnKeY has quit IRC01:38
*** dimsum__ has joined #openstack-keystone01:40
*** sileht has joined #openstack-keystone01:40
openstackgerritayoung proposed openstack/keystone-specs: Implied  Roles  https://review.openstack.org/12570401:46
*** akanksha_ has quit IRC01:48
openstackgerritayoung proposed openstack/keystone-specs: Implied  Roles  https://review.openstack.org/12570401:48
openstackgerritayoung proposed openstack/keystone-specs: Implied  Roles  https://review.openstack.org/12570401:49
openstackgerritayoung proposed openstack/keystone-specs: Implied  Roles  https://review.openstack.org/12570401:50
*** mylu has quit IRC01:52
*** Daisy has joined #openstack-keystone01:56
*** ankita_wagh has joined #openstack-keystone01:56
*** ankita_wagh has quit IRC02:01
*** markvoelker has joined #openstack-keystone02:08
*** markvoelker has quit IRC02:13
*** davechen has joined #openstack-keystone02:13
*** su_zhang has joined #openstack-keystone02:26
*** dimsum__ has quit IRC02:48
*** davechen has quit IRC02:58
*** ankita_wagh has joined #openstack-keystone03:01
*** davechen has joined #openstack-keystone03:02
*** Ephur has quit IRC03:06
*** dimsum__ has joined #openstack-keystone03:09
*** davechen1 has joined #openstack-keystone03:10
*** dims_ has joined #openstack-keystone03:10
*** hidekazu has quit IRC03:11
*** davechen has quit IRC03:13
*** dimsum__ has quit IRC03:14
*** lhcheng has quit IRC03:15
*** roxanaghe has joined #openstack-keystone03:21
*** Nirupama has joined #openstack-keystone03:22
*** dimsum__ has joined #openstack-keystone03:25
*** dimsum__ has quit IRC03:27
*** dims_ has quit IRC03:28
*** ngupta has quit IRC03:42
*** wwwjfy_ has quit IRC03:48
*** Daisy has quit IRC03:49
*** wwwjfy_ has joined #openstack-keystone03:50
*** roxanaghe has quit IRC03:55
*** roxanaghe has joined #openstack-keystone04:07
*** mylu has joined #openstack-keystone04:12
*** mylu has quit IRC04:16
*** roxanaghe has quit IRC04:26
*** dimsum__ has joined #openstack-keystone04:27
*** dimsum__ has quit IRC04:34
*** Daisy has joined #openstack-keystone04:57
*** wwwjfy_ has quit IRC04:57
*** wwwjfy_ has joined #openstack-keystone05:23
*** hrou has quit IRC05:24
*** roxanaghe has joined #openstack-keystone05:31
*** roxanaghe has quit IRC05:33
*** EinstCrazy has quit IRC05:47
*** EinstCrazy has joined #openstack-keystone05:48
*** boris-42 has joined #openstack-keystone05:56
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/22811906:08
*** mylu has joined #openstack-keystone06:13
*** mylu has quit IRC06:17
*** marzif has joined #openstack-keystone06:19
*** Nirupama has quit IRC06:22
*** ankita_wagh has quit IRC06:22
*** Nirupama has joined #openstack-keystone06:22
*** ParsectiX has joined #openstack-keystone06:27
*** lhcheng has joined #openstack-keystone06:29
*** ChanServ sets mode: +v lhcheng06:29
*** dimsum__ has joined #openstack-keystone06:31
*** ankita_wagh has joined #openstack-keystone06:33
*** roxanaghe has joined #openstack-keystone06:34
*** dimsum__ has quit IRC06:36
*** roxanaghe has quit IRC06:39
*** marzif has quit IRC06:39
*** su_zhang has quit IRC06:46
*** e0ne has joined #openstack-keystone06:49
*** kiran-r has joined #openstack-keystone06:55
jamielennoxi don't suppose anyone is here, but where is xmldsig coming from? what brings it in?06:59
*** e0ne has quit IRC06:59
*** urulama has joined #openstack-keystone07:03
*** e0ne has joined #openstack-keystone07:03
*** e0ne has quit IRC07:05
jamielennoxfound it, it's a dependency of pysaml2 2.X but not pysaml2 3.0.0 released 2015-07-1307:06
jamielennoxi'm surprised this isn't breaking our stable branches07:06
*** rajesht has joined #openstack-keystone07:07
*** e0ne has joined #openstack-keystone07:09
*** chlong has quit IRC07:17
rajeshthi cores,07:32
rajeshtneed one more +2 before gets into merge conflict07:32
rajeshthttps://review.openstack.org/#/c/226677/07:32
rajeshtI have already addressed Tom's comment,07:33
rajeshtthanks07:33
*** lhcheng has quit IRC07:39
*** topol has joined #openstack-keystone07:41
*** ChanServ sets mode: +v topol07:41
*** pnavarro has joined #openstack-keystone07:41
*** jamielennox is now known as jamielennox|away07:50
*** ParsectiX has quit IRC07:53
*** e0ne has quit IRC07:57
*** Daisy has quit IRC07:59
*** akanksha_ has joined #openstack-keystone08:00
*** e0ne has joined #openstack-keystone08:01
*** ParsectiX has joined #openstack-keystone08:14
*** marekd has joined #openstack-keystone08:18
*** ChanServ sets mode: +v marekd08:19
*** topol has quit IRC08:23
*** topol has joined #openstack-keystone08:23
*** ChanServ sets mode: +v topol08:23
*** roxanaghe has joined #openstack-keystone08:23
*** topol has quit IRC08:23
*** ankita_wagh has quit IRC08:25
*** jaosorior has joined #openstack-keystone08:26
*** kiran-r has quit IRC08:26
*** roxanaghe has quit IRC08:28
*** dimsum__ has joined #openstack-keystone08:33
*** jaosorior has quit IRC08:34
*** jaosorior has joined #openstack-keystone08:38
*** dimsum__ has quit IRC08:38
*** ParsectiX has quit IRC08:44
*** ParsectiX has joined #openstack-keystone08:44
*** kiran-r has joined #openstack-keystone08:57
openstackgerritMerged openstack/keystoneauth-saml2: Change ignore-errors to ignore_errors  https://review.openstack.org/22574108:58
*** exploreshaifali has joined #openstack-keystone08:59
*** topol has joined #openstack-keystone09:05
*** ChanServ sets mode: +v topol09:05
*** topol has quit IRC09:10
openstackgerrithenry-nash proposed openstack/keystone-specs: Support virtual roles  https://review.openstack.org/22666109:13
openstackgerrithenry-nash proposed openstack/keystone-specs: Support virtual roles  https://review.openstack.org/22666109:15
*** sdake has joined #openstack-keystone09:15
*** ParsectiX has quit IRC09:18
*** davechen1 has left #openstack-keystone09:29
*** henrynash has quit IRC09:29
*** e0ne has quit IRC09:33
*** su_zhang has joined #openstack-keystone09:35
*** dimsum__ has joined #openstack-keystone09:36
*** e0ne has joined #openstack-keystone09:38
*** su_zhang has quit IRC09:40
*** dimsum__ has quit IRC09:45
*** dimsum__ has joined #openstack-keystone09:51
*** ParsectiX has joined #openstack-keystone09:54
samueldmqmorning keystoners10:08
*** wwwjfy_ has quit IRC10:10
*** roxanaghe has joined #openstack-keystone10:11
*** exploreshaifali has quit IRC10:11
*** mylu has joined #openstack-keystone10:14
*** roxanaghe has quit IRC10:16
*** mylu has quit IRC10:18
*** kiran-r has quit IRC10:22
*** jlvillal has quit IRC10:31
*** jlvillal has joined #openstack-keystone10:31
*** amakarov_away is now known as amakarov10:36
*** e0ne has quit IRC10:44
*** e0ne has joined #openstack-keystone10:49
*** topol has joined #openstack-keystone10:54
*** ChanServ sets mode: +v topol10:54
*** e0ne has quit IRC10:57
*** topol has quit IRC10:58
*** wwwjfy_ has joined #openstack-keystone10:59
*** e0ne has joined #openstack-keystone11:01
*** doug-fish has joined #openstack-keystone11:10
*** mylu has joined #openstack-keystone11:15
*** pnavarro is now known as pnavarro|lunch11:18
*** mylu has quit IRC11:19
*** urulama has quit IRC11:23
*** urulama has joined #openstack-keystone11:23
*** ParsectiX has quit IRC11:30
*** wwwjfy_ has quit IRC11:36
*** gordc has joined #openstack-keystone11:37
*** e0ne has quit IRC11:43
*** chlong has joined #openstack-keystone11:43
openstackgerritDolph Mathews proposed openstack/keystone: Rename v3_authenticate_token() to v3_create_token()  https://review.openstack.org/22688111:45
*** Nirupama has quit IRC11:47
*** e0ne has joined #openstack-keystone11:47
*** EinstCrazy has quit IRC11:49
*** ParsectiX has joined #openstack-keystone11:50
*** panbalag has joined #openstack-keystone11:51
*** jamielennox|away is now known as jamielennox11:52
*** raildo-afk is now known as raildo11:57
*** nicodemos has joined #openstack-keystone11:57
*** roxanaghe has joined #openstack-keystone11:59
panbalagHi..Has anyone tested federation for keystone? Wondering which one works best (SAML/OpenID) ? http://docs.openstack.org/developer/keystone/configure_federation.html11:59
openstackgerritDolph Mathews proposed openstack/keystone-specs: Unified namespaced is_admin policy  https://review.openstack.org/18948612:01
*** roxanaghe has quit IRC12:04
*** agireud has quit IRC12:08
*** agireud has joined #openstack-keystone12:10
*** EinstCrazy has joined #openstack-keystone12:12
*** iurygregory has joined #openstack-keystone12:15
marekdpanbalag: both work correctly.12:24
marekdpanbalag: keystone doesn't handle protocol specific details, it's apache modules that do so12:25
marekdwe usually test saml more intensively here.12:25
openstackgerritMarek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth  https://review.openstack.org/18685412:26
panbalagmarekd: ok. I'll start with SAML first.12:26
marekdpanbalag: sure12:26
*** jamielennox is now known as jamielennox|away12:33
*** ParsectiX has quit IRC12:33
*** edmondsw has joined #openstack-keystone12:35
*** dimsum__ is now known as dims12:45
*** markvoelker has joined #openstack-keystone12:46
*** henrynash has joined #openstack-keystone12:46
*** ChanServ sets mode: +v henrynash12:46
openstackgerrithenry-nash proposed openstack/keystone-specs: Support virtual roles  https://review.openstack.org/22666112:52
*** pauloewerton has joined #openstack-keystone13:00
*** ParsectiX has joined #openstack-keystone13:01
henrynashdolphm: there’s a new version of https://review.openstack.org/#/c/227023/ - if you’re still OK with this, then maybe a +2/A….13:03
*** diegows has joined #openstack-keystone13:06
*** wwwjfy_ has joined #openstack-keystone13:07
dolphmhenrynash: left in an inline comment, but +A13:13
*** dims_ has joined #openstack-keystone13:15
*** pauloewerton has quit IRC13:15
openstackgerritMerged openstack/keystone-specs: Align API spec for Liberty (3.5) with the changes that merged  https://review.openstack.org/22702313:16
samueldmqhenrynash: dolphm when were those versions released ?  3/5 vs 3.613:16
samueldmq3.5*13:16
dolphmsamueldmq: it'd be nice if the document included the dates for the recent releases, huh?13:17
*** dims has quit IRC13:17
samueldmqdolphm: I think so, it would't hurt13:17
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799513:18
samueldmqdolphm: and I agree with your comment there, we really need to separate what (already?) has impact in the API (and consequently the enduser/deployer) and what doesn't13:18
*** dsirrine has joined #openstack-keystone13:18
dolphmlbragstad: i've now seen every single race condition test return both 404 and 200 for fernet https://review.openstack.org/#/c/227995/7/keystone/tests/unit/test_v3_os_revoke.py,unified13:20
*** pauloewerton has joined #openstack-keystone13:20
*** hrou has joined #openstack-keystone13:20
lbragstaddolphm: awesome, I just dug that up to look at it.13:21
lbragstaddolphm: what was the reason for the changes to rest.py?13:21
dolphmlbragstad: i also added a ton of docs on friday13:21
dolphmlbragstad: because we don't have a way to "expect" one of multiple response codes, so i hacked it in13:21
lbragstaddolphm: gotcha13:21
*** richm has joined #openstack-keystone13:22
dolphmlbragstad: next step is to figure out the boundary conditions causing these races like (1.999 -> 2.000 -> 2.001)13:22
dolphmlbragstad: and then write more specific tests with hardcoded start times13:22
*** Guest6879 is now known as zeus13:23
*** urulama has quit IRC13:24
*** zeus is now known as Guest1509313:24
*** urulama has joined #openstack-keystone13:24
*** pnavarro|lunch is now known as pnavarro13:25
samueldmqdolphm: was reviewing and noticed that two sequences were identical, drafted comments and then:13:31
samueldmqdolphm: "two of these sequences are mathematically identical. But let's not take that theory for granted!"13:31
samueldmqdolphm: that's a trap13:31
*** dsirrine is now known as dsirrine|call13:31
dolphmsamueldmq: a trap?13:31
samueldmqdolphm: for reviewers I mean, because I left comments thinking they were valid .. and then you said you wanted to let them that way13:32
samueldmq:)13:32
henrynashdolphm: thx13:36
*** akanksha_ has quit IRC13:38
*** sigmavirus24_awa is now known as sigmavirus2413:41
openstackgerrithenry-nash proposed openstack/keystone-specs: Support virtual roles  https://review.openstack.org/22666113:41
htrutadstanek: hey are you around?13:42
htrutadstanek: if so, any possibility of merging bug 1479452 in liberty?13:42
openstackbug 1479452 in Keystone "Changing resource's domain_id should not be possible" [Wishlist,In progress] https://launchpad.net/bugs/1479452 - Assigned to Henrique Truta (henriquetruta)13:42
samueldmqhenrynash: hey13:42
henrynashsamuledmq: hi13:42
samueldmqhenrynash: are virtual roles == hierarchical roles + domain roles ?13:43
*** Guest15093 is now known as zeus-13:43
*** sdake_ has joined #openstack-keystone13:44
*** topol has joined #openstack-keystone13:44
*** ChanServ sets mode: +v topol13:44
*** zzzeek has joined #openstack-keystone13:44
dolphmlbragstad: somehow this passes http://cdn.pasteraw.com/89494noroi6npj0na4d7snggw4rw7hr .... so what are the transient cases?! grr13:46
*** Ephur has joined #openstack-keystone13:47
*** sdake has quit IRC13:47
dolphmlbragstad: any ideas on how to refactor that to step through the clock without writing a million test classes?13:47
*** topol has quit IRC13:48
*** sdake_ has quit IRC13:50
*** clayton has quit IRC13:51
lbragstaddolphm: checking13:52
lbragstaddolphm: it's the same pattern, just started at different times, right?13:54
dolphmlbragstad: yeah, i have a refactor that is at least easier to maintain ...13:55
*** ngupta has joined #openstack-keystone13:56
*** sdake has joined #openstack-keystone13:58
*** clayton has joined #openstack-keystone13:58
*** ParsectiX has quit IRC14:01
*** topol has joined #openstack-keystone14:02
*** ChanServ sets mode: +v topol14:02
*** su_zhang has joined #openstack-keystone14:02
openstackgerrithenry-nash proposed openstack/keystone-specs: Clarify is_domain project attribute in API version 3.5  https://review.openstack.org/22846914:04
*** stevemar has joined #openstack-keystone14:05
*** ChanServ sets mode: +v stevemar14:05
*** panbalag has quit IRC14:07
*** panbalag has joined #openstack-keystone14:11
lbragstaddolphm: I'm looking through keystone and the only places I see us using datetime.utcnow() is in test_revoke.py, test_auth.py, and test_v3_keystoneclient.py14:14
lbragstadeverything else appears to use timeutils14:14
*** slberger has joined #openstack-keystone14:14
dolphmoh f14:14
dolphmah, nvm. i read test_revoke as contrib/revoke14:14
stevemardolphm: o/14:15
stevemari am in your state14:15
dolphmstevemar: again? ugh14:15
* lbragstad prepares for bbq!14:15
stevemardolphm: lbragstad i doubt i have time to get to SA again :)14:16
dolphmlbragstad: black's? :D14:17
lbragstadstevemar: that's fine, Blacks is half way between ;)14:17
dolphmish14:20
*** phalmos has joined #openstack-keystone14:20
lbragstaddolphm: I'm stumped, everything seems to be using timeutils.utcnow(), which should be stubbed out in our tests...14:22
lbragstaddolphm: I'm baffled where the transients are...14:23
dolphmlbragstad: stumped by what?14:23
dolphmlbragstad: i'm not sure what you're debugging14:23
henrynashsamueldmq: well, that depends how you define hierarcical roles…as long as you don’t mean implied roles, then ys14:23
*** topol has quit IRC14:23
lbragstaddolphm: Friday, I was running those tests and one would fail, then three would fail, etc...14:24
lbragstadso they seemed to be transient14:24
samueldmqhenrynash: as virtual roles can contain virtual roles, it can define a kindof hierarchy14:24
samueldmqhenrynash: that's what I meant14:24
henrynashsamuedmq: yes14:25
lbragstadthe last time we discussed it, we thought it was because something wasn't using utcnow() from timeutils (i.e. not using the mocked time we created).14:25
openstackgerritayoung proposed openstack/keystone-specs: Catalog scoped roles  https://review.openstack.org/22847714:26
*** topol has joined #openstack-keystone14:26
*** ChanServ sets mode: +v topol14:26
openstackgerritBrant Knudson proposed openstack/keystone: Add user domain info to federated fernet tokens  https://review.openstack.org/21374214:31
openstackgerritBrant Knudson proposed openstack/keystone: Add user_domain_id, project_domain_id to auth context  https://review.openstack.org/21379214:31
openstackgerritBrant Knudson proposed openstack/keystone: Add unit test for creating RequestContext  https://review.openstack.org/22826914:31
openstackgerritBrant Knudson proposed openstack/keystone: More info in RequestContext  https://review.openstack.org/21359514:31
openstackgerritBrant Knudson proposed openstack/keystone: Unit tests for fernet validate_v3_token  https://review.openstack.org/22655714:31
*** e0ne has quit IRC14:32
openstackgerritMerged openstack/pycadf: Include changelog/history in docs  https://review.openstack.org/22758514:33
*** e0ne has joined #openstack-keystone14:34
*** dims has joined #openstack-keystone14:35
*** dims_ has quit IRC14:35
*** alextricity has quit IRC14:35
*** jorge_munoz has joined #openstack-keystone14:36
*** tonytan4ever has joined #openstack-keystone14:37
*** diazjf has joined #openstack-keystone14:39
lbragstaddolphm: can you get those to fail?14:44
lbragstaddolphm: nvm, it's probably because of the wildcard status14:45
dolphmlbragstad: oh yeah, see the current patchset14:45
dolphmlbragstad: i've gotten both responses on every test14:45
dolphmlbragstad: i'm trying to identify the edge cases where those occur now14:45
stevemarwho wants to review release notes?! :)14:45
*** zzzeek_ has joined #openstack-keystone14:45
*** ngupta has quit IRC14:47
*** zzzeek has quit IRC14:48
*** zzzeek_ is now known as zzzeek14:48
*** jorge_munoz has quit IRC14:48
*** iurygregory has quit IRC14:51
* dolphm *crickets*14:54
stevemardolphm: eh eh eh14:54
bknudsonstevemar: do you have a link?14:54
stevemarbknudson: the etherpad https://etherpad.openstack.org/p/keystone-liberty-release-notes14:55
htrutahenrynash: hey14:55
*** pauloewerton has quit IRC14:55
*** nicodemos has quit IRC14:55
bknudsonstevemar: where's the release notes? at the bottom?14:55
*** jorge_munoz has joined #openstack-keystone14:56
*** nicodemos has joined #openstack-keystone14:56
*** nicodemos has quit IRC14:57
stevemarbknudson: yep, i was thinking we could review them a bit more real time instead of leaving remarks on etherpad14:58
*** alextricity has joined #openstack-keystone14:59
*** tellesnobrega is now known as tellesnobrega_af14:59
*** ngupta has joined #openstack-keystone15:02
*** yottatsa has joined #openstack-keystone15:03
samueldmqhenrynash: there is a paragraph in the spec that you talk about system capabilities15:09
*** jdennis1 has quit IRC15:09
*** ayoung has joined #openstack-keystone15:09
*** ChanServ sets mode: +v ayoung15:09
samueldmqhenrynash: I wonder how realistic is that to get in openstack, in your opinion15:11
*** jdennis has joined #openstack-keystone15:12
*** arunkant has quit IRC15:15
*** tonytan4ever has quit IRC15:17
*** thiagop has quit IRC15:18
*** ericksonsantos has quit IRC15:19
*** arunkant has joined #openstack-keystone15:21
*** henrynash_ has joined #openstack-keystone15:21
*** ChanServ sets mode: +v henrynash_15:21
*** yottatsa has quit IRC15:23
*** henrynash has quit IRC15:23
*** henrynash_ is now known as henrynash15:23
*** urulama has quit IRC15:23
dolphmlbragstad: this bug is going to make me go insane15:24
lbragstaddolphm: ++15:24
*** urulama has joined #openstack-keystone15:24
lbragstaddolphm: this one is tough...15:24
dolphmi'm now fighting a race condition between the tests and the test suite.15:24
lbragstaddolphm: two fridays ago it made me start rethinking my life choices15:24
lbragstaddolphm: so you get different behavior between running a single test versus the whole test suite?15:25
dolphmlbragstad: no... because we're freezing the clock, sometimes the "admin" token being used to run the tests becomes invalid15:26
lbragstaddolphm: weird...15:26
dolphmlbragstad: at your desk?15:27
*** wwwjfy_ is now known as wwwjfy15:27
*** browne has joined #openstack-keystone15:27
lbragstadyeah...15:27
lbragstaddolphm: yep15:27
dolphmlbragstad: alright, i'll swing by in 15 min or so15:27
lbragstaddolphm:  I need a coffee though15:27
stevemarour lack of v2 tests in keystone is unsettling15:31
stevemarwe don't really have things that test the routes, afaict15:31
openstackgerritTom Cocozzello proposed openstack/keystone: Deprecate httpd/keystone.py  https://review.openstack.org/22197515:31
bknudsonstevemar: we have a bunch of REST tests in test_v2_* that uses the routes -- http://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/unit/test_v2.py#n13815:32
stevemarbknudson: i dont see many user or tenant creates there15:33
bknudsonwhy would anyone use v2 to create a user or tenant?15:33
stevemarbknudson: i was looking for straight CRUD tests15:34
stevemarbknudson: cause everyone still does that :)15:34
bknudsonstevemar: there's tests that use the client to do the rest call: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/unit/test_v2_keystoneclient.py#n21815:35
stevemarbknudson: yep, i knows15:35
stevemarbknudson: i was looking to resolve https://bugs.launchpad.net/keystone/+bug/1485035 and creating the tests was a bit wonky15:36
openstackLaunchpad bug 1485035 in Keystone "cadf payload doesn't have initiator for v2 calls" [Medium,Triaged] - Assigned to Sam Leong (chio-fai-sam-leong)15:36
*** yottatsa has joined #openstack-keystone15:37
stevemari ended up just calling the controller with a mocked up context15:37
bknudsonthat's the right way to do it15:37
stevemar\o/15:37
stevemari'll put that up soonish15:37
*** roxanaghe_ has quit IRC15:41
*** btully has quit IRC15:43
*** dims has quit IRC15:46
*** dims has joined #openstack-keystone15:46
*** phalmos has quit IRC15:47
openstackgerritTony Wang proposed openstack/keystone: Show v3 endpoints in v2 endpoint list  https://review.openstack.org/21587015:50
*** doug-fish has quit IRC15:50
*** doug-fish has joined #openstack-keystone15:51
*** ngupta_ has joined #openstack-keystone15:54
*** doug-fish has quit IRC15:55
*** geoffarnold has joined #openstack-keystone15:56
openstackgerritMerged openstack/keystone: Add unit tests for token_to_auth_context  https://review.openstack.org/21379715:57
*** ngupta has quit IRC15:57
*** mylu has joined #openstack-keystone15:58
stevemardstanek: new patch up ^15:59
openstackgerritMerged openstack/keystone: Fix order of arguments in assertEqual  https://review.openstack.org/22667716:00
*** akanksha_ has joined #openstack-keystone16:02
*** phalmos has joined #openstack-keystone16:03
*** yottatsa has quit IRC16:04
*** mylu has quit IRC16:10
*** mylu has joined #openstack-keystone16:10
*** su_zhang has quit IRC16:11
*** iurygregory has joined #openstack-keystone16:12
*** tellesnobrega_af is now known as tellesnobrega16:13
*** mylu has quit IRC16:15
dolphmlbragstad: http://cdn.pasteraw.com/1q48rrzcek35s7yr834ke3uwg8i5cnd16:16
*** yottatsa has joined #openstack-keystone16:18
*** e0ne has quit IRC16:22
*** EinstCrazy has quit IRC16:23
*** jdennis has quit IRC16:24
*** jdennis has joined #openstack-keystone16:24
*** e0ne has joined #openstack-keystone16:24
*** topol has quit IRC16:26
*** gyee has joined #openstack-keystone16:28
*** ChanServ sets mode: +v gyee16:28
*** roxanaghe has joined #openstack-keystone16:31
*** tonytan4ever has joined #openstack-keystone16:32
*** _cjones_ has joined #openstack-keystone16:32
*** yottatsa has quit IRC16:33
*** ayoung has quit IRC16:37
*** alejandrito has joined #openstack-keystone16:39
*** yottatsa has joined #openstack-keystone16:43
*** yottatsa has quit IRC16:43
bknudsondstanek: https://bugs.launchpad.net/keystone/+bug/150050916:45
openstackLaunchpad bug 1500509 in Keystone "Define paste entrypoints" [Wishlist,New]16:45
*** lhcheng has joined #openstack-keystone16:45
*** ChanServ sets mode: +v lhcheng16:45
*** sdake_ has joined #openstack-keystone16:46
*** yottatsa has joined #openstack-keystone16:48
*** sdake has quit IRC16:49
*** su_zhang has joined #openstack-keystone16:51
*** yottatsa has quit IRC16:53
*** ankita_wagh has joined #openstack-keystone17:00
*** gyee has quit IRC17:03
*** ankita_wagh has quit IRC17:05
openstackgerritAlexander Makarov proposed openstack/keystone: Materialized path mixin for hierarchical models  https://review.openstack.org/19841817:09
*** topol has joined #openstack-keystone17:12
*** ChanServ sets mode: +v topol17:12
*** stevemar has quit IRC17:13
*** r-daneel has joined #openstack-keystone17:16
*** ayoung has joined #openstack-keystone17:17
*** ChanServ sets mode: +v ayoung17:17
*** stevemar has joined #openstack-keystone17:19
*** ChanServ sets mode: +v stevemar17:19
*** gyee has joined #openstack-keystone17:19
*** ChanServ sets mode: +v gyee17:19
*** ankita_wagh has joined #openstack-keystone17:23
*** browne has quit IRC17:23
iurygregoryHey people, just a doubt about K2K Federation, the file generated by "keystone-manage saml_idp_metadata" need to be readable by everyone (mode 664) ?17:29
stevemariurygregory: oh, that's probably the default that is generated17:37
dstanekbknudson: ++ i definitely support that idea17:38
iurygregorythanks stevemar ^^ ,  richm please take a look17:40
richmiurygregory: ok, that's the default, but does it really need to be world readable?17:42
iurygregoryrichm, I think in puppet we can let this file just be readable by the user who is the owner of the keystone directory17:46
richmok17:47
*** pnavarro has quit IRC17:49
*** zeus- is now known as zeus17:51
*** zeus has quit IRC17:51
*** zeus has joined #openstack-keystone17:51
*** geoffarnold has quit IRC17:52
*** geoffarn_ has joined #openstack-keystone17:52
*** doug-fish has joined #openstack-keystone17:52
*** doug-fish has quit IRC17:57
*** doug-fish has joined #openstack-keystone17:58
*** ankita_w_ has joined #openstack-keystone17:59
stevemarayoung: bknudson dstanek gyee lhcheng henrynash marekd make sure y'all read https://review.openstack.org/#/c/181393/ -- it's a cross-project spec that impacts keystone18:01
stevemarbknudson: you've already taken a looksy18:01
*** doug-fish has quit IRC18:02
ayoungstevemar, so...yes, and we should also look at how we transition the token used when going from one service to another.   Getting things out of the service catalog good, but then the client needs to know that it needs to get antoher token....18:03
ayoungkindof the K2K excahnge, but local18:03
*** browne has joined #openstack-keystone18:03
*** ankita_wagh has quit IRC18:03
ayoungI know, I know, I always take up  a notch...18:03
*** iurygregory has quit IRC18:04
stevemaryou wouldn't be you if you didn't :)18:04
*** mylu has joined #openstack-keystone18:04
*** gabriel-bezerra has quit IRC18:04
ayoungstevemar, wrote some stuff over the weekend whoich kindof applied:18:04
gyeestevemar, thanks, SC's my favorite topic :)18:04
*** mylu has quit IRC18:04
*** amakarov is now known as amakarov_away18:05
ayoungstevemar, https://review.openstack.org/#/c/228477/  was based on a suggestiong by dolphm , to deal with the "we deleted the project but we still have vms" issue...and it should solve bug 96869618:05
openstackbug 968696 in OpenStack Compute (nova) ""admin"-ness not properly scoped" [High,Confirmed] https://launchpad.net/bugs/96869618:05
ayoungI also got implied roles working...but I'm keeping that in github as I try to get the patch clean; don18:06
ayoung't18:06
ayoungdon't want 100 iterations on that one18:06
ayoungbut I did redo the spec for it;18:06
gyeeayoung, I like implied roles, but why can't we call them role groups?18:06
*** doug-fish has joined #openstack-keystone18:06
ayounghttps://review.openstack.org/#/c/125704/18:06
gyeethey are essentially nested role groups aren't they?18:07
ayounggyee, because they are not groups.  They are rules which build sets18:07
ayounggyee, its inference from rules.  And, they are directed, so not really a proper group either18:07
ayounggyee, also, it leads in to what henrynash wanted, which is we should be able to make some roles that are only used to infer other roles, but don't end up in the token themselves18:08
ayoungbut that is follow on18:08
*** roxanaghe has quit IRC18:08
samueldmqayoung: gyee: henrynash has a new spec for 'virtual roles', which is strongly related to what is being proposed18:08
samueldmqayoung: gyee: see https://review.openstack.org/#/c/226661/18:08
*** doug-fis_ has joined #openstack-keystone18:08
ayoungsamueldmq, ah, I knew he was working on it18:08
gyeeah, let me read up18:08
ayoungsamueldmq, I think I can implement that now18:09
ayoungsamueldmq, my branch is here: https://github.com/admiyo/keystone/tree/implied_roles18:09
samueldmqayoung: what is in that spec ?18:09
samueldmqayoung: what do you have so far?18:09
ayoungsamueldmq, it coveres the implied-roles spec...link in a sec18:09
ayounghttps://review.openstack.org/#/c/125704/18:10
gyeelooks like henrynash and ayoung needs to consolidate, I see similarities18:10
ayounggyee, his should build on mine18:10
*** doug-fish has quit IRC18:10
samueldmqayoung: yes, I agree with gyee, and yes again, looks like his idea builds on yours, but we need to ensure things are synced from the start18:11
samueldmqto avoid .. you know18:11
*** su_zhang has quit IRC18:11
*** su_zhang_ has joined #openstack-keystone18:12
samueldmqayoung: I am gonna abandon the old dynamic policies changes for now18:12
ayoungsamueldmq, I want to get this on the Agenda for tomorrow18:12
samueldmqayoung: I feel bad to see them in my gerrit page ehhe18:12
samueldmqayoung: ++18:12
*** nisha_ has joined #openstack-keystone18:13
ayoungsamueldmq, yeah, we'll loop back around.  I want to discuss splitting policy first, and the n dynamic policy should be a lot less threatening18:13
ayoungsamueldmq, leave them active18:13
samueldmqayoung: also, we are in another approach now, looking at roles first18:13
ayoungwe want them reviewed and discusseds leading in to the summit...right now is the most important time in keystone development18:13
gyeeayoung, I don't understand, I see the same idea between you and henrynash, except his also contains domain-owned roles18:13
ayounggyee, yeah, we are very close in concept18:14
*** tonytan4ever has quit IRC18:14
ayounghis also incorporate role namespacing, which mine does not18:14
ayoungits really 3 separate mechanisms which build up;18:14
ayounginference, namespacing, virtual18:14
*** tonytan4ever has joined #openstack-keystone18:14
gyeeyeah, there are pros and cons with namespacing18:15
*** raildo is now known as raildo-afk18:16
*** tellesnobrega is now known as tellesnobrega_af18:16
gyeeand I don't think we need the virtual flag either18:16
*** gabriel-bezerra has joined #openstack-keystone18:17
nisha_ Hello! I am Nisha, an outreachy aspirant and I want to contribute in keystone. I am beginner so, I would really appreciate if anyone could please suggest me something.18:17
*** iurygregory has joined #openstack-keystone18:18
ayoungnisha_, excellent.  We have a weekly meeting on Tuesdays...I'd joing18:19
ayoungnisha_, https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting#Agenda_for_next_meeting18:19
gyeenisha_, where I work I usually have a beginner start with documentation validation, tests, and code reviews18:19
*** tellesnobrega_af is now known as tellesnobrega18:20
ayoungnisha_, just wrote this;  might not be a bad way to start;  http://adam.younglogic.com/2015/09/keystone-unit-tests/18:20
ayoungstart with devtack, make sure you can run unit tests...start looking at reviews nisha_18:20
*** mylu has joined #openstack-keystone18:20
*** topol has quit IRC18:21
nisha_thanks a lot ayoung :D18:22
*** mestery_afk is now known as mestery18:22
*** ankita_wagh has joined #openstack-keystone18:23
*** gabriel-bezerra has quit IRC18:23
*** pnavarro has joined #openstack-keystone18:23
*** iurygregory has quit IRC18:24
*** ankita_w_ has quit IRC18:26
*** sdake has joined #openstack-keystone18:29
nisha_ayoung, I am not able to open the second link, can you please resend me ?18:30
ayounghttp://adam.younglogic.com/2015/09/keystone-unit-tests/  that one?18:31
*** sdake_ has quit IRC18:31
samueldmqnisha_: heelo, I saw your pm and tried to reply earlier, but looks like someone else owned that nickname :)18:32
nisha_yeah, it is not opening, says connection timed out. Otherwise I will try it again later18:32
nisha_haha, I am so glad that people are so eager to help the newbies here :D18:33
nisha_thanks samueldmq18:33
*** pnavarro has quit IRC18:36
*** tellesnobrega is now known as tellesnobrega_af18:37
*** topol has joined #openstack-keystone18:44
*** ChanServ sets mode: +v topol18:44
samueldmqayoung: gyee this week I will work in a doc for new developers ..18:45
ayoungsamueldmq, nice18:45
samueldmqI plan to do something guided by example18:45
*** urulama has quit IRC18:45
dolphmlbragstad: other than having to pass datetimes to it as strings, this seems to freeze whatever non-timeutils source of time that keystone is picking up https://github.com/spulec/freezegun18:46
samueldmqlike, let' add a new field to domain objects, how to do so ?18:46
*** urulama has joined #openstack-keystone18:46
samueldmqayoung: gyee and then I go through the keystone layers, explain what we do in each one, tests, etc.. and at the end we will have the feature implemented (add an attribute to domain)18:46
*** topol has quit IRC18:46
samueldmqayoung: gyee where to write tests, etc18:47
samueldmqsounds worth it ?18:47
gyeesamueldmq, like extending developer.rst?18:47
*** topol has joined #openstack-keystone18:47
*** ChanServ sets mode: +v topol18:47
gyeesamueldmq, https://github.com/openstack/keystone/blob/master/doc/source/developing.rst18:47
samueldmqgyee: yes, a new subsection there18:47
samueldmqgyee: yes, but something to be done by the new contributor, not just definitions, and theory, but some complete change one can do18:49
samueldmqand see how it happens to work18:49
lbragstaddolphm: interesting, i saw that project but i haven't played with it18:50
gyeesamueldmq, hey look, there's  Getting Started section missing. :) https://github.com/openstack/keystone/blob/master/doc/source/index.rst18:50
samueldmqgyee: is that page waiting for me ?18:51
samueldmqlooks to be the case18:51
samueldmqgyee: :)18:51
gyeesamueldmq, its calling out to you18:51
*** topol has quit IRC18:52
*** mylu has quit IRC18:53
*** su_zhang_ has quit IRC18:53
*** mylu has joined #openstack-keystone18:53
openstackgerritBrant Knudson proposed openstack/keystone: Enable try_except_pass Bandit test  https://review.openstack.org/22573818:54
openstackgerritBrant Knudson proposed openstack/keystone: Enable subprocess_without_shell_equals_true Bandit test  https://review.openstack.org/22569218:54
openstackgerritBrant Knudson proposed openstack/keystone: Enable Bandit 0.13.2 tests  https://review.openstack.org/22534718:54
openstackgerritBrant Knudson proposed openstack/keystone: Enable hardcoded_bind_all_interfaces Bandit test  https://review.openstack.org/22569018:54
openstackgerritBrant Knudson proposed openstack/keystone: Enable password_config_option_not_marked_secret Bandit test  https://review.openstack.org/22569118:54
openstackgerritBrant Knudson proposed openstack/keystone: Update bandit blacklist_calls config  https://review.openstack.org/22532718:54
openstackgerritBrant Knudson proposed openstack/keystone: Update bandit blacklist_imports config  https://review.openstack.org/22534118:54
dolphmlbragstad: PYPI/CRYPTOGRAPHY!18:54
dolphmlbragstad: the source of fernet token creation times!18:54
samueldmqgyee: okay, let's see what can be done there o/18:54
*** ankita_wagh has quit IRC18:56
*** mylu has quit IRC18:57
lbragstaddolphm: ?18:57
lbragstaddolphm: how is that breaking things?18:57
dolphmlbragstad: i don't know exactly, but it's certainly not using timeutils.utcnow() to generate fernet tokens18:58
lbragstaddolphm: nope, it uses time.time()18:58
dolphmlbragstad: so it could be creating tokens in the future, or in the past18:58
lbragstadhttps://github.com/pyca/cryptography/blob/master/src/cryptography/fernet.py#L4918:58
dolphmrelative to frozen time18:59
*** boris-42 has quit IRC18:59
*** ayoung has quit IRC19:01
*** mylu has joined #openstack-keystone19:04
lbragstaddolphm: that would make sense... because that's the time that we base the creation off of19:05
*** mylu has quit IRC19:05
*** topol has joined #openstack-keystone19:07
*** ChanServ sets mode: +v topol19:07
dolphmlbragstad: I GOT IT! woo19:09
lbragstaddolphm: \o/19:09
lbragstaddolphm: did you stub it out?19:09
dolphmlbragstad: now we either need to carry this new dep or re-implemnt it19:09
lbragstaddolphm: doesn't look like it's in global reqs19:10
dolphmi figured now19:12
dolphmnot*19:12
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799519:13
dolphmlbragstad: if you install freezegun, the two edge cases we're aware of are the only two that fail against fernet ^19:13
lbragstaddolphm:  and those are expected.19:14
lbragstadwith the current implementation19:14
lbragstadof fernet and revocation19:14
morganUgh time.time() really?!19:14
morgan...19:14
dolphmmorgan: what's wrong with time.time()?19:14
morganWell i guess most of the time creation doesnt matter19:15
morganTime.time is tz affected isnt t?19:15
morganIt is system clock not utc19:15
* morgan may be misremembering19:15
*** jdennis1 has joined #openstack-keystone19:16
lbragstadit returns a number - 1443467753.32538319:16
dolphmmorgan: correct, so set your system clock to UTC like a sane person :)19:16
*** jdennis has quit IRC19:16
morgandolphm: except we use utc explictly in revocation events19:16
morganMeaning we have a potential issue if system clock is set differently19:16
dolphmactually...19:17
morganWe may need to introduce a tzoffset value in the fernet payload ?19:17
morganI mean - that is easy.19:18
morganBut it is something we need to address.19:18
dolphmmorgan: it's based on the system clock, of course, but it seems to be in UTC, not system tz19:19
morganAnd time.time() also usually wont include leap seconds19:19
morganFwiw19:19
*** ankita_wagh has joined #openstack-keystone19:19
morganAh epoch is defined as utc19:20
morganOk so we only have some cases where leap seconds are omitted.19:20
morganMeh19:20
morgan http://stackoverflow.com/questions/11845803/is-pythons-time-time-timezone-specific19:20
morganPypy may return something else as may jython, or ironpython, or stackless. But only cpython is tested for keystone19:22
bknudsonadd a unit test19:22
dolphmmorgan: http://cdn.pasteraw.com/zbnkax5mc0bsplid3vcp2syi503iog19:22
morgandolphm: yeah19:23
dolphmmorgan: ah, the explanation makes sense19:23
morganYep. :)19:23
morganThough i am going to hazard a guess utcnow does much the same thing19:24
morganExcept it uses a datetime object out the other end19:24
morganSo less ambiguity regarding "what is epoch"19:25
dolphmthis freezegun project is particularly well done19:26
dolphmlbragstad: i doubt it would have any trouble landing in global requirements ^19:27
lbragstaddolphm: think we could get in it g-r?19:27
lbragstadif it helps us with timing tests, chances are other projects could use it, too19:28
*** e0ne has quit IRC19:28
dolphmwe could replace the implementation of frozen time in timeutils with this, but then it wouldn't be a test requirement19:28
dolphm(it'd be implicit for everyone except timeutils)19:28
*** urulama has quit IRC19:29
*** urulama has joined #openstack-keystone19:29
*** e0ne has joined #openstack-keystone19:41
*** packet has joined #openstack-keystone19:41
*** woodster_ has joined #openstack-keystone19:42
*** btully has joined #openstack-keystone19:43
lbragstaddolphm: maybe we could ask dhellmann?19:46
*** pnavarro has joined #openstack-keystone19:48
*** ayoung has joined #openstack-keystone19:48
*** ChanServ sets mode: +v ayoung19:48
*** iurygregory has joined #openstack-keystone19:49
*** su_zhang has joined #openstack-keystone19:50
openstackgerritMonty Taylor proposed openstack/keystoneauth: Add url as a deprecated alias for endpoint  https://review.openstack.org/22545319:50
*** jlvillal has quit IRC19:51
*** tellesnobrega_af is now known as tellesnobrega19:51
*** jlvillal has joined #openstack-keystone19:51
*** pnavarro has quit IRC19:53
mordredbknudson: any suggestions on how to structure a test for that ^^ ?19:55
bknudsonmordred: is there a test already that uses the non-deprecated value?19:55
bknudson(if not there should be... and if so it's just use that with the other name)19:56
mordredbknudson: nope. all of the tests of that just instantiate the class with values19:56
*** gabriel-bezerra has joined #openstack-keystone19:57
*** raildo-afk is now known as raildo19:57
bknudsonthere's a keystoneauth1.tests.unit.test_token_endpoint.AdminTokenTest.test_token_endpoint_options which fails if I change the name of endpoint to endpoint2.19:58
mordredbknudson: nod. I can at least do something there19:58
*** su_zhang has quit IRC19:58
bknudsonshould be able to find the option and see the deprecated name.19:59
*** tonytan4ever has quit IRC20:01
*** jsavak has joined #openstack-keystone20:02
openstackgerrithenry-nash proposed openstack/keystone: Add API route for list role assignments for tree  https://review.openstack.org/22045220:04
*** pnavarro has joined #openstack-keystone20:05
openstackgerritMonty Taylor proposed openstack/keystoneauth: Add url as a deprecated alias for endpoint  https://review.openstack.org/22545320:06
mordredbknudson: how's that look?20:07
openstackgerritMonty Taylor proposed openstack/keystoneauth: Add url as a deprecated alias for endpoint  https://review.openstack.org/22545320:07
*** ngupta_ has quit IRC20:07
mordred(oops. commit message - had edited it via web before :) )20:07
*** jsavak has quit IRC20:08
*** jsavak has joined #openstack-keystone20:08
stevemarmordred: see, 3 hr meetings are good for working on patches20:09
mordredstevemar: SO GOOD20:09
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799520:10
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799520:13
*** david-lyle has quit IRC20:14
dolphmlbragstad: the gate job on that should pass ^^ and it includes an explanation of the bug/behavior that fernet is seeing, without really pointing fingers ;)20:15
lbragstaddolphm: awesome, checking20:17
*** sdake_ has joined #openstack-keystone20:25
*** su_zhang has joined #openstack-keystone20:27
*** sdake has quit IRC20:28
*** raildo is now known as raildo-afk20:29
stevemarhey, group list use printed all the groups in all the domains from the cli, that seems weird20:29
*** jdennis has joined #openstack-keystone20:32
*** ngupta has joined #openstack-keystone20:33
*** jdennis1 has quit IRC20:35
*** boris-42 has joined #openstack-keystone20:37
*** sdake_ is now known as sdake20:38
*** pnavarro has quit IRC20:41
*** sdake has quit IRC20:42
*** sdake has joined #openstack-keystone20:43
*** lhcheng has quit IRC20:44
openstackgerritHenrique Truta proposed openstack/keystone: Tests for projects acting as domains  https://review.openstack.org/21121920:45
openstackgerritHenrique Truta proposed openstack/keystone: Manager support for projects acting as domains  https://review.openstack.org/21344820:45
openstackgerritHenrique Truta proposed openstack/keystone: Honor domain operations in project table  https://review.openstack.org/14376320:45
openstackgerritHenrique Truta proposed openstack/keystone: Replicate domain info in projects table  https://review.openstack.org/21117020:45
openstackgerritHenrique Truta proposed openstack/keystone: Change project name constraints  https://review.openstack.org/15837220:45
openstackgerritHenrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name  https://review.openstack.org/21060020:45
*** lhcheng has joined #openstack-keystone20:46
*** ChanServ sets mode: +v lhcheng20:46
*** lhcheng_ has joined #openstack-keystone20:47
*** lhcheng has quit IRC20:47
openstackgerritMerged openstack/keystone: Adds interface tests for timeutils  https://review.openstack.org/22669720:51
*** tonytan4ever has joined #openstack-keystone20:52
*** ayoung has quit IRC21:01
*** jsavak has quit IRC21:01
*** jsavak has joined #openstack-keystone21:01
*** david-lyle has joined #openstack-keystone21:09
samueldmqwhen running tox, I got : Could not find any downloads that satisfy the requirement .[ldap,memcache,mongodb]21:12
*** doug-fis_ has quit IRC21:13
samueldmqis that related to the need of updating pbr to understand that new requirements' format ?21:13
samueldmqdstanek: bknudson: cc ^21:13
*** doug-fish has joined #openstack-keystone21:14
bknudsonsamueldmq: probably... what version of pbr are you using?21:16
*** diazjf has quit IRC21:18
*** doug-fish has quit IRC21:18
*** hrou has quit IRC21:19
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: only make token invalid when it really is  https://review.openstack.org/21737321:20
samueldmqbknudson: let me check (actually it is from an outreachy student, let me check with her)21:22
*** sigmavirus24 is now known as sigmavirus24_awa21:23
*** sigmavirus24_awa is now known as sigmavirus2421:23
*** doug-fish has joined #openstack-keystone21:24
*** sdake_ has joined #openstack-keystone21:25
*** jaosorior has quit IRC21:26
*** sdake__ has joined #openstack-keystone21:27
*** geoffarn_ has quit IRC21:28
*** sdake has quit IRC21:28
*** stevemar has quit IRC21:29
*** stevemar has joined #openstack-keystone21:29
*** ChanServ sets mode: +v stevemar21:29
*** geoffarnold has joined #openstack-keystone21:30
*** sdake_ has quit IRC21:30
*** stevemar has quit IRC21:32
*** doug-fish has quit IRC21:36
*** jsavak has quit IRC21:36
*** ayoung has joined #openstack-keystone21:39
*** ChanServ sets mode: +v ayoung21:39
*** sdake__ is now known as sdake21:41
*** bapalm_ has quit IRC21:41
*** bapalm has joined #openstack-keystone21:42
*** su_zhang_ has joined #openstack-keystone21:44
*** su_zhang has quit IRC21:47
samueldmqbknudson: she hadn't pbr installed21:48
samueldmqbknudson: is it installed with setuptools ?21:48
*** henrynash has quit IRC21:49
*** su_zhang has joined #openstack-keystone21:53
*** topol has quit IRC21:56
*** su_zhang_ has quit IRC21:56
*** phalmos has quit IRC21:57
dstaneksamueldmq: no, it's a separate library, but make sure her tox is updated too21:59
dstaneki don't think i ever installed pbr separately21:59
*** mylu has joined #openstack-keystone22:00
lifelesswe typically install pbr separately22:01
lifelessso that easy-install isn't triggereed22:01
slbergerIs there any plan in the works to implement memcache deletion or marking deleted items in memcache as deleted?  We are running into issues with auto resolving project ids that have been recently deleted and then recreated, with the same name.22:03
*** mylu has quit IRC22:03
*** roxanaghe has joined #openstack-keystone22:04
samueldmqdstanek: lifeless yes, she installed it manually with pip, and now has pbr 1.8.022:04
samueldmqshe also run the command to install the dependencies indicated here http://docs.openstack.org/developer/keystone/setup.html#installing-dependencies22:04
samueldmqI don't remember to do anything different when I need to setup a new env :/22:05
lifelesssamueldmq: whats happening? I only saw the last little bit22:05
samueldmqdstanek: tox 1.6.022:06
samueldmqlifeless: http://paste.openstack.org/show/474523/22:06
samueldmqdstanek: bknudson cc ^ :)22:06
openstackgerritEric Brown proposed openstack/keystone: Multiple URLs may be specified for ldap url  https://review.openstack.org/22864422:06
*** packet has quit IRC22:07
*** lhcheng_ has quit IRC22:07
lifelesshttps://rbtcollins.wordpress.com/2015/07/12/bootstrapping-developer-environments-for-openstack/22:07
lifelesssamueldmq: ^22:07
*** lhcheng has joined #openstack-keystone22:08
*** ChanServ sets mode: +v lhcheng22:08
lifelesssamueldmq: the virtualenv's being created by tox have too-old pip in them, which is fixed by having the virtualenv package that tox imports be updated22:08
dstaneksamueldmq: why sudo?22:08
*** alejandrito has quit IRC22:09
samueldmqdstanek: yeah, doesnt' need to22:09
lifelesssamueldmq: it would be simple to fix tis by updating virtualenv -- as long as the system virtualenv isn't installed (because some environments have bad python paths with pip installed things using the system pip22:09
lifelesssamueldmq: (e.g. ubuntu )22:10
lifelesssamueldmq: thus the process I recommend on my blog post22:10
samueldmqlifeless: okay, I am going to take a look at it22:10
samueldmqalthough I am very surprised tht following the docs we didn't get it to work (without using virtalenv)22:11
lifelesssamueldmq: which docs?22:11
samueldmqlifeless: http://docs.openstack.org/developer/keystone/setup.html#installing-dependencies22:11
*** ankita_wagh has quit IRC22:12
samueldmqlifeless: and http://docs.openstack.org/developer/keystone/developing.html#testing22:12
lifelesssamueldmq: they don't cover tox at all22:12
lifelessah22:12
*** stevemar has joined #openstack-keystone22:12
*** ChanServ sets mode: +v stevemar22:12
lifelesskeystone should add a bindep file  if it hasn't22:13
lifelessbut thats separate22:13
*** hrou has joined #openstack-keystone22:13
lifelesssamueldmq: anyhow yes, those docs are incomplete22:13
samueldmqlifeless: hmmm... her tox is 1.6.0, mine's 2.1.122:14
samueldmqso that sounds to be the issue, yes22:14
openstackgerritMerged openstack/python-keystoneclient: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22765422:14
lifelessI don't know what min tox version we require22:14
lifelessis she on Ubuntu ?22:14
lifelesssamueldmq: keystone might want to link to http://docs.openstack.org/infra/manual/python.html#python-unit-tests22:16
lifelesswhich is also incomplete22:16
samueldmqlifeless: yes, ubuntu 1422:16
lifelesssamueldmq: 14.? [there were two major releases in 14.x22:17
*** dims has quit IRC22:17
samueldmqlifeless: 14.0422:17
*** stevemar has quit IRC22:17
lifelesshmm, I don't remember when they brought the bad pip patch in22:17
lifelessit might be that far back22:18
*** ankita_wagh has joined #openstack-keystone22:18
*** slberger has left #openstack-keystone22:20
*** stevemar has joined #openstack-keystone22:21
*** ChanServ sets mode: +v stevemar22:21
*** stevemar_ has joined #openstack-keystone22:23
*** ChanServ sets mode: +v stevemar_22:23
*** gordc has quit IRC22:24
openstackgerritMerged openstack/keystonemiddleware: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22765322:24
openstackgerritMerged openstack/keystonemiddleware: auto-generate release history  https://review.openstack.org/22765622:25
*** stevemar has quit IRC22:25
lifelesssamueldmq: https://review.openstack.org/22864722:27
*** stevemar_ has quit IRC22:28
*** stevemar has joined #openstack-keystone22:30
*** ChanServ sets mode: +v stevemar22:30
*** ayoung has quit IRC22:30
openstackgerritMerged openstack/keystoneauth: Add shields.io version/downloads links/badges into README.rst  https://review.openstack.org/22765222:30
*** stevemar_ has joined #openstack-keystone22:31
*** ChanServ sets mode: +v stevemar_22:31
*** tonytan4ever has quit IRC22:31
*** su_zhang has quit IRC22:32
samueldmqlifeless: why do we need to remove the old packages vs just updating them ?22:33
*** sigmavirus24 is now known as sigmavirus24_awa22:33
samueldmqremove/re-install22:33
lifelesssamueldmq: so they don't shadow the ones we install22:34
*** stevemar has quit IRC22:34
lifelesssamueldmq: some versions of ubuntu have the system pythonpath before user-local22:35
lifelesssamueldmq: *and* install user-local by default with pip22:35
lifelesssamueldmq: the combination means that apt-get install python-pip + pip install virtualenv would result in using the system installed virtualenv, not the pip installed one22:35
lifelesssamueldmq: its diabolical22:35
*** stevemar_ has quit IRC22:36
*** stevemar has joined #openstack-keystone22:36
*** ChanServ sets mode: +v stevemar22:36
samueldmqlifeless: yes, it is22:38
samueldmqomg, that's insane22:38
lifelesssamueldmq: its a combination of things that has a very poor outcome22:38
lifelesssamueldmq: IMO the right thing to do is to never use system installed tools for app development22:38
lifelessplatform tools to build the platform, dev tools to do dev22:38
*** nisha_ has quit IRC22:39
*** su_zhang has joined #openstack-keystone22:39
*** agireud has quit IRC22:39
*** nisha_ has joined #openstack-keystone22:39
samueldmqlifeless: hence use virtualenv22:39
*** e0ne has quit IRC22:40
*** stevemar has quit IRC22:41
lifelesssamueldmq: right, and se my blogpost for installing virtualenv without installing the &system& one22:41
samueldmqlifeless: nice, thanks for clarifying22:43
samueldmqlifeless: that makes sense to me now22:43
*** nisha_ has quit IRC22:43
openstackgerritBrant Knudson proposed openstack/keystone: Cleanup fernet validate_v3_token  https://review.openstack.org/22865222:44
*** urulama has quit IRC22:47
*** urulama has joined #openstack-keystone22:47
*** ngupta has quit IRC23:00
*** markvoelker has quit IRC23:03
*** ayoung has joined #openstack-keystone23:06
*** ChanServ sets mode: +v ayoung23:06
*** phalmos has joined #openstack-keystone23:10
*** jamielennox|away is now known as jamielennox23:13
*** gyee has quit IRC23:14
*** btully has quit IRC23:26
*** phalmos has quit IRC23:30
*** agireud has joined #openstack-keystone23:41
*** geoffarnold has quit IRC23:43
*** markvoelker has joined #openstack-keystone23:46
*** ankita_wagh has quit IRC23:53
« Sunday, 2015-09-27 Index Tuesday, 2015-09-29 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!