Wednesday, 2015-11-11

notmorgan	jamielennox: done and done	00:00
notmorgan	jamielennox: yeah that makes a lot of sense	00:00
*** samleon has quit IRC		00:02
jamielennox	surprised it hadn't come up before	00:02
notmorgan	jamielennox: i am always kind of shocked at what has/has not comeup before	00:04
*** dims has joined #openstack-keystone		00:08
*** richm has quit IRC		00:09
*** shaleh has joined #openstack-keystone		00:10
*** gordc has quit IRC		00:12
*** jasonsb has quit IRC		00:13
*** jasonsb has joined #openstack-keystone		00:13
*** shaleh is now known as shaleh\|away		00:15
*** shaleh\|away is now known as shaleh		00:15
*** dims has quit IRC		00:16
*** jasonsb has quit IRC		00:18
*** EinstCrazy has quit IRC		00:23
*** jbell8 has quit IRC		00:26
*** meker12 has quit IRC		00:26
*** sshen has joined #openstack-keystone		00:27
openstackgerrit	Sean Perry proposed openstack/keystone: WIP Use unit.new_user_ref consistently https://review.openstack.org/243877	00:28
sshen	Hello there, a question on revoking tokens. In Horizon/django_openstack_auth, horizon session token is revoked when switching project. How does this revocation affect a trust created with the revoked token? Does it get revoked as well?	00:30
sshen	This is when Keystone V3 is enabled. django_openstack_auth revokes the token by "DELETE /v3/auth/tokens".	00:32
sshen	I can see a revoke event from "GET /v3/OS-REVOKE/events" with "issued_before" and "audit_id" of the token.	00:33
sshen	Anyone please?	00:35
jamielennox	sshen: trusts should be fine, the trust is set up based on the user and project behind the token and not the token itself	00:39
sshen	jamielennox: Thanks. I'm seeing some issues with launching heat stack from horizon with failure to authenticate with keystone, and heat-engine is attempting with the revoked token in some of the failed cases.	00:45
jamielennox	i'm not sure what would be happening there	00:45
jamielennox	i mean if you instigate something with horizon to heat then it will do some operations with the user token	00:46
jamielennox	i think	00:46
sshen	I made some patch in horizon to issue a new token and pass it to heat client (instead of the horizon token that would be revoked), then I don't see any problem.	00:47
sshen	So if the trust is intacted when revoking the token, then it could be something happening between horizon and heat before the trust is created.	00:48
sshen	Thanks for the confirmation on the trust revocation.	00:49
openstackgerrit	Lin Hua Cheng proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	00:50
jamielennox	i'm mostly surprised that horizon is revoking tokens within a user session	00:55
*** gyee has joined #openstack-keystone		00:56
*** ChanServ sets mode: +v gyee		00:56
sshen	it's happening when switching projects - the token being revoked was project-scoped	00:57
sshen	https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/views.py#L237	00:59
*** mylu has joined #openstack-keystone		01:00
*** sshen_ has joined #openstack-keystone		01:06
*** sshen has quit IRC		01:06
*** spandhe has quit IRC		01:06
*** spandhe has joined #openstack-keystone		01:07
openstackgerrit	Jamie Lennox proposed openstack/keystone: Move AuthContext middleware into it's own file https://review.openstack.org/243882	01:11
*** EinstCrazy has joined #openstack-keystone		01:12
*** hidekazu has joined #openstack-keystone		01:14
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Use keystoneauth https://review.openstack.org/235090	01:24
*** shaleh has quit IRC		01:26
*** dims has joined #openstack-keystone		01:27
*** mylu has quit IRC		01:29
*** mylu has joined #openstack-keystone		01:30
*** mylu has quit IRC		01:30
*** mylu has joined #openstack-keystone		01:30
*** jasonsb has joined #openstack-keystone		01:31
*** mylu has quit IRC		01:31
*** mylu has joined #openstack-keystone		01:32
*** mylu has quit IRC		01:36
*** mylu_ has joined #openstack-keystone		01:36
*** harlowja has quit IRC		01:38
*** harlowja_ has joined #openstack-keystone		01:38
*** EinstCra_ has joined #openstack-keystone		01:40
*** mylu_ has quit IRC		01:40
*** EinstCrazy has quit IRC		01:43
*** tyagiprince2010 has quit IRC		01:49
openstackgerrit	Lin Hua Cheng proposed openstack/keystoneauth: Address hacking check H405. https://review.openstack.org/243889	01:54
openstackgerrit	Lin Hua Cheng proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	01:55
*** browne has quit IRC		01:56
*** edmondsw has quit IRC		02:04
*** RichardRaseley has joined #openstack-keystone		02:05
*** spandhe has quit IRC		02:12
*** woodster_ has quit IRC		02:29
*** RichardRaseley has quit IRC		02:40
*** mylu has joined #openstack-keystone		02:41
*** su_zhang has joined #openstack-keystone		02:42
*** RichardRaseley has joined #openstack-keystone		02:52
*** mylu has quit IRC		02:54
*** lhcheng_ has quit IRC		02:58
*** meker12 has joined #openstack-keystone		03:00
*** jamielennox is now known as jamielennox\|away		03:00
*** jamielennox\|away is now known as jamielennox		03:10
*** sshen_ is now known as sshen		03:12
*** su_zhang has quit IRC		03:15
*** RichardRaseley has quit IRC		03:16
*** RichardRaseley has joined #openstack-keystone		03:16
*** gildub has joined #openstack-keystone		03:16
openstackgerrit	Hidekazu Nakamura proposed openstack/python-keystoneclient: Add missing end single quote https://review.openstack.org/243902	03:17
*** sshen has quit IRC		03:22
*** hightall has joined #openstack-keystone		03:22
*** sshen has joined #openstack-keystone		03:23
*** gyee has quit IRC		03:23
*** pumaranikar has joined #openstack-keystone		03:29
*** btully has quit IRC		03:32
*** jerrygb has quit IRC		03:33
*** jerrygb has joined #openstack-keystone		03:34
*** agireud has joined #openstack-keystone		03:34
*** fawadkhaliq has joined #openstack-keystone		03:39
*** agireud has quit IRC		03:39
*** agireud has joined #openstack-keystone		03:41
*** dave-mcc_ has quit IRC		03:45
*** dims has quit IRC		03:46
*** r-daneel has quit IRC		03:47
*** pumaranikar has quit IRC		03:49
*** hightall has quit IRC		03:50
*** roxanaghe has joined #openstack-keystone		04:01
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/243923	04:03
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements https://review.openstack.org/243924	04:03
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/243925	04:03
*** RichardRaseley has quit IRC		04:05
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/239039	04:07
*** jbell8 has joined #openstack-keystone		04:08
*** stevemar_ has joined #openstack-keystone		04:13
*** ChanServ sets mode: +o stevemar_		04:13
*** lhcheng has joined #openstack-keystone		04:14
*** ChanServ sets mode: +v lhcheng		04:14
*** stevemar_ has quit IRC		04:16
*** fawadkhaliq has quit IRC		04:17
*** roxanaghe has quit IRC		04:21
*** RichardRaseley has joined #openstack-keystone		04:24
openstackgerrit	Merged openstack/keystone: Add exception unit tests with different message types https://review.openstack.org/239307	04:25
*** links has joined #openstack-keystone		04:28
*** RichardRaseley has quit IRC		04:29
*** meker12 has quit IRC		04:29
*** hogepodge has quit IRC		04:35
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	04:36
*** lhcheng has quit IRC		04:39
*** hightall has joined #openstack-keystone		04:39
*** lhcheng has joined #openstack-keystone		04:41
*** ChanServ sets mode: +v lhcheng		04:41
*** lhcheng has quit IRC		04:43
*** lhcheng has joined #openstack-keystone		04:44
*** ChanServ sets mode: +v lhcheng		04:44
*** jbell8 has quit IRC		04:51
*** mylu has joined #openstack-keystone		04:56
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the wrong method name https://review.openstack.org/243951	04:56
*** fawadkhaliq has joined #openstack-keystone		05:02
*** lhcheng has quit IRC		05:06
*** btully has joined #openstack-keystone		05:07
openstackgerrit	Hidekazu Nakamura proposed openstack/keystone: Update development environment set up doc https://review.openstack.org/223020	05:11
*** btully has quit IRC		05:11
*** rha has quit IRC		05:12
*** roxanaghe has joined #openstack-keystone		05:13
*** btully has joined #openstack-keystone		05:14
*** links has quit IRC		05:26
*** jerrygb has quit IRC		05:28
*** stevemar_ has joined #openstack-keystone		05:29
*** ChanServ sets mode: +o stevemar_		05:29
*** jerrygb has joined #openstack-keystone		05:29
*** su_zhang has joined #openstack-keystone		05:30
*** stevemar_ has quit IRC		05:31
*** jerrygb has quit IRC		05:33
*** su_zhang has quit IRC		05:47
*** roxanaghe has quit IRC		05:50
*** mylu has quit IRC		05:58
*** links has joined #openstack-keystone		05:58
*** roxanaghe has joined #openstack-keystone		06:00
*** fawadkhaliq has quit IRC		06:01
*** fawadkhaliq has joined #openstack-keystone		06:02
*** fawadk has joined #openstack-keystone		06:03
*** fawadkhaliq has quit IRC		06:04
*** marzif_ has joined #openstack-keystone		06:06
*** bttully has joined #openstack-keystone		06:06
*** btully has quit IRC		06:07
*** bttully is now known as btully		06:07
*** urulama__ is now known as urulama		06:07
*** btully is now known as Guest80839		06:08
*** daemontool has quit IRC		06:08
*** pnavarro has quit IRC		06:23
*** roxanaghe has quit IRC		06:28
*** jamielennox is now known as jamielennox\|away		06:29
*** jbell8 has joined #openstack-keystone		06:30
*** jaosorior has joined #openstack-keystone		06:34
*** spandhe has joined #openstack-keystone		06:36
*** gildub has quit IRC		06:43
*** browne has joined #openstack-keystone		06:57
*** mylu has joined #openstack-keystone		06:58
*** mylu has quit IRC		07:03
*** spandhe has quit IRC		07:07
*** lsmola has joined #openstack-keystone		07:16
*** henrynash has joined #openstack-keystone		07:22
*** ChanServ sets mode: +v henrynash		07:22
*** stevemar_ has joined #openstack-keystone		07:29
*** ChanServ sets mode: +o stevemar_		07:29
*** jerrygb has joined #openstack-keystone		07:30
*** stevemar_ has quit IRC		07:32
*** ninag has joined #openstack-keystone		07:35
*** jerrygb has quit IRC		07:36
*** ninag has quit IRC		07:40
*** jamielennox\|away has quit IRC		07:41
*** jasonsb_ has joined #openstack-keystone		07:41
*** jasonsb has quit IRC		07:43
*** x58 has quit IRC		07:43
*** afazekas\|sick has quit IRC		07:44
*** mordred has quit IRC		07:44
*** x58 has joined #openstack-keystone		07:45
*** rha has joined #openstack-keystone		07:48
*** rha has quit IRC		07:49
*** afazekas has joined #openstack-keystone		07:50
*** rha has joined #openstack-keystone		07:50
*** x58 has quit IRC		07:52
*** x58 has joined #openstack-keystone		07:53
*** fawadk has quit IRC		07:57
*** fawadkhaliq has joined #openstack-keystone		07:58
*** gb21 has quit IRC		08:12
*** fawadkhaliq has quit IRC		08:13
*** gb21 has joined #openstack-keystone		08:14
openstackgerrit	henry-nash proposed openstack/keystone-specs: Augment token to indicate if it is scoped to the admin project https://review.openstack.org/242232	08:15
*** henrynash has quit IRC		08:17
*** henrynash has joined #openstack-keystone		08:17
*** ChanServ sets mode: +v henrynash		08:17
*** spandhe has joined #openstack-keystone		08:19
*** spandhe_ has joined #openstack-keystone		08:20
*** spandhe has quit IRC		08:24
*** spandhe_ is now known as spandhe		08:24
*** jamielennox\|away has joined #openstack-keystone		08:31
*** jamielennox\|away is now known as jamielennox		08:31
*** ChanServ sets mode: +v jamielennox		08:31
*** Guest80839 has quit IRC		08:34
*** stevemar_ has joined #openstack-keystone		08:35
*** ChanServ sets mode: +o stevemar_		08:35
*** stevemar_ has quit IRC		08:38
*** mylu has joined #openstack-keystone		08:47
*** jbell8 has quit IRC		08:48
*** mylu has quit IRC		08:51
*** jbell8 has joined #openstack-keystone		08:56
*** spandhe has quit IRC		08:59
*** e0ne has joined #openstack-keystone		08:59
*** fhubik has joined #openstack-keystone		08:59
*** spandhe has joined #openstack-keystone		09:03
*** fhubik is now known as fhubik_brb		09:03
*** browne has quit IRC		09:09
*** yangyapeng has joined #openstack-keystone		09:11
*** fawadkhaliq has joined #openstack-keystone		09:12
*** fawadkhaliq has quit IRC		09:23
*** fhubik_brb is now known as fhubik		09:25
*** spandhe has quit IRC		09:25
*** fhubik is now known as fhubik_brb		09:29
*** hightall has quit IRC		09:30
*** henrynash has quit IRC		09:33
*** odyssey4me_ is now known as odyssey4me		09:33
*** btully has joined #openstack-keystone		09:39
*** belmoreira has joined #openstack-keystone		09:41
*** btully has quit IRC		09:44
*** fawadkhaliq has joined #openstack-keystone		09:44
*** mordred has joined #openstack-keystone		09:45
*** jistr has joined #openstack-keystone		09:45
*** hidekazu has quit IRC		09:59
*** aix has joined #openstack-keystone		10:08
*** fhubik_brb is now known as fhubik		10:25
*** jaosorior has quit IRC		10:26
*** urulama has quit IRC		10:26
*** urulama has joined #openstack-keystone		10:27
*** jaosorior has joined #openstack-keystone		10:27
*** jaosorior has quit IRC		10:30
*** jaosorior has joined #openstack-keystone		10:30
*** stevemar_ has joined #openstack-keystone		10:36
*** ChanServ sets mode: +o stevemar_		10:36
*** markvoelker has quit IRC		10:37
*** lhcheng has joined #openstack-keystone		10:37
*** ChanServ sets mode: +v lhcheng		10:37
*** stevemar_ has quit IRC		10:38
*** BAKfr has quit IRC		10:45
*** BAKfr has joined #openstack-keystone		10:47
*** yangyapeng has quit IRC		11:07
*** EinstCra_ has quit IRC		11:07
*** gildub has joined #openstack-keystone		11:17
*** stevemar_ has joined #openstack-keystone		11:23
*** ChanServ sets mode: +o stevemar_		11:23
*** fawadkhaliq has quit IRC		11:26
*** stevemar_ has quit IRC		11:26
*** btully has joined #openstack-keystone		11:27
openstackgerrit	Merged openstack/python-keystoneclient: Iterate over copy of session.adapters keys in Python2/3 https://review.openstack.org/231667	11:30
*** EinstCrazy has joined #openstack-keystone		11:31
*** btully has quit IRC		11:32
*** lhcheng has quit IRC		11:33
*** fawadkhaliq has joined #openstack-keystone		11:34
*** fawadkhaliq has quit IRC		11:35
*** fawadkhaliq has joined #openstack-keystone		11:36
*** urulama has quit IRC		11:36
*** fhubik is now known as fhubik_brb		11:36
*** urulama has joined #openstack-keystone		11:36
*** markvoelker has joined #openstack-keystone		11:37
*** fhubik_brb is now known as fhubik		11:40
*** dims has joined #openstack-keystone		11:41
*** markvoelker has quit IRC		11:42
*** fhubik is now known as fhubik_brb		11:47
openstackgerrit	Kseniya Tychkova proposed openstack/oslo.policy: Draft implementation of LDAP RBAC blueprint https://review.openstack.org/244059	11:57
*** stevemar_ has joined #openstack-keystone		12:00
*** ChanServ sets mode: +o stevemar_		12:00
*** doug-fis_ is now known as doug-fish		12:02
*** fawadkhaliq has quit IRC		12:02
*** e0ne has quit IRC		12:11
samueldmq	bknudson: hi	12:18
samueldmq	bknudson: about change #207226 "Config option for insecure responses"	12:18
*** e0ne has joined #openstack-keystone		12:18
samueldmq	bknudson: does it make sense to have "debug=False" and "insecure_debug=True" ?	12:19
*** fhubik_brb is now known as fhubik		12:28
*** openstackgerrit has quit IRC		12:31
*** openstackgerrit has joined #openstack-keystone		12:32
*** fhubik is now known as fhubik_brb		12:35
*** jerrygb has joined #openstack-keystone		12:37
*** urulama has quit IRC		12:38
*** urulama has joined #openstack-keystone		12:38
*** fhubik_brb is now known as fhubik		12:39
*** markvoelker has joined #openstack-keystone		12:53
*** markvoelker has quit IRC		12:58
*** dims has quit IRC		12:59
*** fawadkhaliq has joined #openstack-keystone		12:59
*** pauloewerton has joined #openstack-keystone		13:03
openstackgerrit	Dmitry Tantsur proposed openstack/keystonemiddleware: Make "Auth Token confirmed use of %s apis" debug level https://review.openstack.org/244092	13:05
*** gildub has quit IRC		13:10
*** gordc has joined #openstack-keystone		13:10
*** fhubik has quit IRC		13:24
openstackgerrit	Merged openstack/keystone: Add reno for release notes management https://review.openstack.org/243269	13:26
*** diana_clarke has left #openstack-keystone		13:30
*** edmondsw has joined #openstack-keystone		13:31
*** richm has joined #openstack-keystone		13:32
*** fawadkhaliq has quit IRC		13:32
*** fawadkhaliq has joined #openstack-keystone		13:32
*** ninag has joined #openstack-keystone		13:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	13:40
*** dave-mccowan has joined #openstack-keystone		13:41
openstackgerrit	ChangBo Guo(gcb) proposed openstack/keystone: Use the oslo.utils.reflection to extract the class name https://review.openstack.org/241494	13:54
*** markvoelker has joined #openstack-keystone		13:54
*** markvoelker has quit IRC		13:58
*** gb21 has quit IRC		14:02
*** gordc has quit IRC		14:02
openstackgerrit	Merged openstack/python-keystoneclient: Add missing end single quote https://review.openstack.org/243902	14:03
*** links has quit IRC		14:04
*** gordc has joined #openstack-keystone		14:04
*** josecastroleon has joined #openstack-keystone		14:04
*** petertr7_away is now known as petertr7		14:05
*** tyagiprince2010 has joined #openstack-keystone		14:06
tyagiprince2010	Hello everyone.. I want to understand the caching in the keystone.. Please guide me to the right path..	14:06
*** fawadkhaliq has quit IRC		14:07
*** agireud has quit IRC		14:08
*** arif-ali has quit IRC		14:08
*** bdossant has joined #openstack-keystone		14:10
openstackgerrit	Merged openstack/keystone: Create tests for set_default_is_domain in LDAP https://review.openstack.org/229536	14:11
*** su_zhang has joined #openstack-keystone		14:13
*** dims has joined #openstack-keystone		14:15
*** agireud has joined #openstack-keystone		14:15
*** arif-ali has joined #openstack-keystone		14:15
*** markvoelker has joined #openstack-keystone		14:15
*** tyagiprince2010 has quit IRC		14:16
*** aix has quit IRC		14:18
*** csoukup has quit IRC		14:19
*** dims has quit IRC		14:23
*** urulama has quit IRC		14:25
*** urulama has joined #openstack-keystone		14:25
*** dims has joined #openstack-keystone		14:26
*** marzif_ has quit IRC		14:29
openstackgerrit	Alexander Makarov proposed openstack/keystone-specs: Unified delegation spec https://review.openstack.org/189816	14:32
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	14:39
*** bradjones\|away is now known as bradjones		14:40
*** btully has joined #openstack-keystone		14:40
*** david-ly_ has joined #openstack-keystone		14:41
*** su_zhang has quit IRC		14:42
*** david-lyle has quit IRC		14:42
lbragstad	i just scrolled through the open reviews in gerrit, but checking here too. No one has a patch for migrating revocation_events to core do they?	14:48
*** aix has joined #openstack-keystone		14:49
*** fhubik has joined #openstack-keystone		14:52
*** thiagop has joined #openstack-keystone		14:55
lbragstad	ah, found it - https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bp/move-extensions,n,z	15:01
lbragstad	stevemar_ do all of those have to be worked in a series?	15:01
*** fawadkhaliq has joined #openstack-keystone		15:01
stevemar_	lbragstad: not necessarily, but the db migrations have to be ordered, 082, 083, and so forth	15:02
stevemar_	lbragstad: i think most of those are ready or close to ready	15:03
*** dims has quit IRC		15:03
openstackgerrit	Alexander Makarov proposed openstack/keystone: Move region configuration to a critical section https://review.openstack.org/222173	15:05
openstackgerrit	Alexander Makarov proposed openstack/keystone: Move region configuration to a critical section https://review.openstack.org/222173	15:05
amakarov	bknudson, hi!	15:05
amakarov	^^	15:05
*** slberger has joined #openstack-keystone		15:06
amakarov	bknudson, I've answered your comments there and will be grateful if you suggest me how to do that race condition test correctly :)	15:06
*** csoukup has joined #openstack-keystone		15:07
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Manager support for project delete cascade https://review.openstack.org/244149	15:09
lbragstad	stevemar_ cool, it if makes it easier to do them in order that's fine	15:11
lbragstad	stevemar_ just curious if they were required to be that way	15:11
lbragstad	stevemar_ I'll review that series	15:11
stevemar_	lbragstad: that would be awesome, bknudson took a few good hacks at them already	15:12
*** marzif_ has joined #openstack-keystone		15:20
*** petertr7 is now known as petertr7_away		15:24
*** timcline has joined #openstack-keystone		15:26
*** HenryG has quit IRC		15:34
*** henrynash has joined #openstack-keystone		15:34
*** ChanServ sets mode: +v henrynash		15:34
*** HenryG has joined #openstack-keystone		15:38
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get assignments by role_id https://review.openstack.org/242529	15:39
openstackgerrit	henry-nash proposed openstack/keystone: Create new version of assignment driver interface https://review.openstack.org/242853	15:42
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user https://review.openstack.org/242513	15:43
*** tonytan4ever has joined #openstack-keystone		15:44
openstackgerrit	henry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242564	15:44
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	15:45
*** henrynash has quit IRC		15:45
*** roxanaghe has joined #openstack-keystone		15:54
*** diazjf has joined #openstack-keystone		15:58
openstackgerrit	Nathan Kinder proposed openstack/keystone: Remove hardcoded LDAP group schema from emulated enabled mix-in https://review.openstack.org/244173	15:59
*** ninag has quit IRC		16:00
*** ninag has joined #openstack-keystone		16:00
*** openstackgerrit has quit IRC		16:02
*** openstackgerrit has joined #openstack-keystone		16:03
*** hogepodge has joined #openstack-keystone		16:03
*** tonytan4ever has quit IRC		16:04
*** ninag has quit IRC		16:05
*** thedodd has joined #openstack-keystone		16:05
*** ninag has joined #openstack-keystone		16:06
*** david-ly_ is now known as david-lyle		16:07
*** ninag has quit IRC		16:08
*** ninag has joined #openstack-keystone		16:08
*** woodster_ has joined #openstack-keystone		16:10
*** marzif__ has joined #openstack-keystone		16:11
*** timcline_ has joined #openstack-keystone		16:12
*** jasonsb has joined #openstack-keystone		16:12
*** belmoreira has quit IRC		16:13
*** boris-42_ has joined #openstack-keystone		16:13
lbragstad	stevemar_ ok, i reviewed most of that series	16:14
lbragstad	stevemar_ it looks like most of those patches are being maintained by various people?	16:14
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/243923	16:15
*** notmorga1 has joined #openstack-keystone		16:16
*** ChanServ sets mode: +v notmorga1		16:16
*** gordc_ has joined #openstack-keystone		16:16
*** EmilienM has quit IRC		16:17
*** notmorgan has quit IRC		16:17
*** gordc has quit IRC		16:17
*** jasonsb_ has quit IRC		16:17
*** timcline has quit IRC		16:17
*** marzif_ has quit IRC		16:17
*** boris-42 has quit IRC		16:17
*** sileht has quit IRC		16:17
*** EmilienM_ has joined #openstack-keystone		16:17
*** EmilienM_ is now known as EmilienM		16:18
*** notmorga1 is now known as notmorgan		16:18
*** ayoung has joined #openstack-keystone		16:18
*** ChanServ sets mode: +v ayoung		16:18
*** sileht has joined #openstack-keystone		16:19
*** albertom has joined #openstack-keystone		16:19
*** boris-42_ is now known as boris-42		16:19
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/239039	16:20
*** fhubik is now known as fhubik_brb		16:21
openstackgerrit	Dave Chen proposed openstack/keystone: Fix the wrong method name https://review.openstack.org/243951	16:24
*** fhubik_brb is now known as fhubik		16:25
*** davechen has joined #openstack-keystone		16:28
*** gyee has joined #openstack-keystone		16:28
*** ChanServ sets mode: +v gyee		16:28
*** josecastroleon has quit IRC		16:32
*** haneef_ has quit IRC		16:36
*** marzif__ has quit IRC		16:39
*** fhubik has quit IRC		16:45
*** slberger1 has joined #openstack-keystone		16:48
*** slberger has quit IRC		16:50
*** urulama has quit IRC		16:52
*** urulama has joined #openstack-keystone		16:53
*** tonytan4ever has joined #openstack-keystone		17:01
*** thedodd has quit IRC		17:04
*** thedodd has joined #openstack-keystone		17:04
*** bdossant has quit IRC		17:05
*** RichardRaseley has joined #openstack-keystone		17:10
*** petertr7_away is now known as petertr7		17:11
*** diazjf has quit IRC		17:13
*** diazjf has joined #openstack-keystone		17:14
*** diazjf has quit IRC		17:15
*** jistr is now known as jistr\|off		17:16
*** jistr\|off has quit IRC		17:16
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/243923	17:19
*** petertr7 is now known as petertr7_away		17:22
*** petertr7_away is now known as petertr7		17:22
*** urulama has quit IRC		17:24
*** urulama has joined #openstack-keystone		17:25
*** ayoung has quit IRC		17:27
*** davechen has left #openstack-keystone		17:31
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: API support for project cascade delete https://review.openstack.org/244248	17:35
*** markvoelker has quit IRC		17:35
*** diazjf has joined #openstack-keystone		17:36
*** spandhe has joined #openstack-keystone		17:38
*** browne has joined #openstack-keystone		17:44
*** shaleh has joined #openstack-keystone		17:46
*** e0ne has quit IRC		17:47
openstackgerrit	Nathan Kinder proposed openstack/keystone: Remove hardcoded LDAP group schema from emulated enabled mix-in https://review.openstack.org/244173	17:49
*** petertr7 is now known as petertr7_away		17:50
*** petertr7_away is now known as petertr7		17:51
*** su_zhang has joined #openstack-keystone		17:53
*** tonytan4ever has quit IRC		17:58
*** ninag has quit IRC		18:02
*** ninag has joined #openstack-keystone		18:02
*** ninag_ has joined #openstack-keystone		18:04
*** ninag has quit IRC		18:06
*** mylu has joined #openstack-keystone		18:08
*** harlowja_ has quit IRC		18:08
*** ninag_ has quit IRC		18:09
*** henrynash has joined #openstack-keystone		18:11
*** ChanServ sets mode: +v henrynash		18:11
*** itlinux has joined #openstack-keystone		18:12
*** diazjf has quit IRC		18:13
*** mylu has quit IRC		18:13
*** mylu has joined #openstack-keystone		18:14
*** diazjf has joined #openstack-keystone		18:15
*** itlinux has quit IRC		18:16
openstackgerrit	Alberto Murillo proposed openstack/keystone: disable admin_token by default https://review.openstack.org/185464	18:17
*** jaosorior has quit IRC		18:17
*** ninag has joined #openstack-keystone		18:18
*** mylu has quit IRC		18:18
*** itlinux has joined #openstack-keystone		18:20
stevemar_	lbragstad: i did the first few migrations, then davechen came in with endpoint filter	18:21
lbragstad	stevemar_ ah, cool	18:21
*** e0ne has joined #openstack-keystone		18:22
stevemar_	lbragstad: might be a while til i get back to those patches, i came down with a cold and it's kicking my ass :(	18:22
shaleh	lbragstad: did you see my reply to your comment on the new_endpoint_ref review? I'd like you to turn that -1 into a + :-)	18:23
shaleh	lbragstad: thanks for the nitpicks BTW. Learning a bunch from the process.	18:23
shaleh	lbragstad: stanek has not been around much the last few days or I would have badgered him already :-)	18:24
*** mylu has joined #openstack-keystone		18:25
*** urulama has quit IRC		18:26
*** urulama has joined #openstack-keystone		18:26
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	18:26
lbragstad	shaleh awesome, checking now	18:27
lbragstad	stevemar_ was that an invitation to address comments in your reviews?!	18:27
*** diazjf has quit IRC		18:27
*** boris-42 has quit IRC		18:28
openstackgerrit	henry-nash proposed openstack/keystone-specs: Augment token to indicate if it is scoped to the admin project https://review.openstack.org/242232	18:29
*** mylu has quit IRC		18:29
*** mylu has joined #openstack-keystone		18:29
*** itlinux has quit IRC		18:29
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	18:31
*** itlinux has joined #openstack-keystone		18:31
*** markvoelker has joined #openstack-keystone		18:31
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_endpoint_ref consistently https://review.openstack.org/237758	18:31
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently https://review.openstack.org/238283	18:32
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently https://review.openstack.org/238302	18:32
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_domain_ref consistently https://review.openstack.org/242615	18:32
*** mylu has quit IRC		18:33
*** mylu has joined #openstack-keystone		18:34
lbragstad	shaleh ok, looks good to me.	18:34
lbragstad	shaleh i'll let dstanek follow up separately if he has additional concerns	18:34
lbragstad	stevemar_ I have a few cycles now if you want me to respin them	18:35
shaleh	lbragstad: thanks. I am playing the rebase shell game now.	18:35
*** gordc_ is now known as gordc		18:35
lbragstad	stevemar_ or I can wait and be the one to +2 when they are ready	18:35
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_role_ref consistently https://review.openstack.org/242704	18:39
*** mylu has quit IRC		18:39
*** mylu has joined #openstack-keystone		18:40
shaleh	that "rebase change" button is noisy	18:40
samueldmq	shaleh: after that, don't forget another 'git review -d' in the case you need further changes later	18:42
*** mylu_ has joined #openstack-keystone		18:42
*** harlowja has joined #openstack-keystone		18:42
*** RichardRaseley has quit IRC		18:42
*** mylu has quit IRC		18:42
samueldmq	shaleh: because that's going to be a commit you don't have locally, that's why I use to rebase locally and re-submit :)	18:42
*** mylu_ has quit IRC		18:43
*** mylu has joined #openstack-keystone		18:44
*** harlowja_ has joined #openstack-keystone		18:44
shaleh	samueldmq: the rebase button does not appear to drop existing reviews whereas a new upload does	18:44
*** harlowja has quit IRC		18:44
shaleh	samueldmq: BTW for thanks for nits, much appreciated.	18:45
*** fawadkhaliq has quit IRC		18:45
*** tyagiprince2010 has joined #openstack-keystone		18:46
*** mylu has quit IRC		18:46
samueldmq	shaleh: my pleasure :)	18:46
*** mylu has joined #openstack-keystone		18:46
*** mylu has quit IRC		18:47
shaleh	these changes have been very monotonous. I have some emacs functions to help but it was easy to get lost in the braces and parens.	18:47
*** mylu has joined #openstack-keystone		18:47
tyagiprince2010	Hii, I am trying to configure keystone according to my needs but I am unable to understand it. The thing I want to understand now is regarding caching.	18:48
*** dims has joined #openstack-keystone		18:48
tyagiprince2010	I made a user and assigned it a token.. I am using pki token mechanism.	18:48
tyagiprince2010	Hii, I am trying to configure keystone according to my needs but I am unable to understand it. The thing I want to understand now is regarding caching. I made a user and assigned it a pki token. Then i deleted the user but the token was in the cache (I guess) and the user was still able to boot an instance and do various other activities.	18:49
openstackgerrit	henry-nash proposed openstack/keystone-specs: Correct a few token examples https://review.openstack.org/244266	18:49
shaleh	who wants to tell tyagiprince2010 about PKI?	18:50
tyagiprince2010	Anyone please.. :P	18:51
shaleh	tyagiprince2010: sorry, not my experience	18:51
*** mylu has quit IRC		18:52
tyagiprince2010	shaleh: no issue. Waiting for adam young to come help me with some issues :P	18:52
*** itlinux has quit IRC		18:54
*** itlinux has joined #openstack-keystone		18:55
tyagiprince2010	shaleh: whats ur expertise?	18:55
*** doug-fish has quit IRC		18:56
shaleh	tyagiprince2010: I am still a journeyman, no expertise yet :-) My focus has been on K2K federation thus far.	18:56
*** doug-fish has joined #openstack-keystone		18:57
*** ayoung has joined #openstack-keystone		18:58
*** ChanServ sets mode: +v ayoung		18:58
*** daemontool has joined #openstack-keystone		18:59
*** petertr7 is now known as petertr7_away		18:59
slberger1	what major problems could I run into if I upgraded Keystone to Liberty while all other services were still Kilo?	19:01
*** slberger1 has left #openstack-keystone		19:01
*** slberger1 has joined #openstack-keystone		19:02
*** petertr7_away is now known as petertr7		19:02
*** doug-fish has quit IRC		19:02
*** mylu has joined #openstack-keystone		19:03
shaleh	slberger1: which token type are you using?	19:04
slberger1	@shaleh, fernet	19:05
*** mylu has quit IRC		19:06
*** tonytan4ever has joined #openstack-keystone		19:06
*** mylu has joined #openstack-keystone		19:07
*** mylu has quit IRC		19:07
shaleh	slberger1: hmm, dunno. I have heard of success with UUID. Maybe others here or on the ops channel would know.	19:07
*** mylu has joined #openstack-keystone		19:08
slberger1	@shaleh, thanks	19:09
*** doug-fish has joined #openstack-keystone		19:16
*** RichardRaseley has joined #openstack-keystone		19:18
*** petertr7 is now known as petertr7_away		19:20
*** urulama has quit IRC		19:21
*** urulama has joined #openstack-keystone		19:21
*** itlinux has quit IRC		19:22
*** diazjf has joined #openstack-keystone		19:25
tyagiprince2010	shaleh: hey shaleh, could you provide me a web written document in simple language cuz I couldnt get why there is a need for federation.	19:26
shaleh	tyagiprince2010: federation enables clouds ran by different people to share. Simple as that. Today it is only identity, so my ID badge let's me into your building. Eventually it will allow sharing resources. So my ID badge will let me use the vehicles from your factory at my factory.	19:28
*** lhcheng has joined #openstack-keystone		19:29
*** ChanServ sets mode: +v lhcheng		19:29
tyagiprince2010	shaleh: but why do we need this? I mean suppose i own a cloud. Why would I want somebody to use my resource? and what kind of resource are you talking about?	19:30
*** lhcheng_ has joined #openstack-keystone		19:30
*** josecastroleon has joined #openstack-keystone		19:32
*** andery-mp has joined #openstack-keystone		19:32
*** lhcheng has quit IRC		19:33
*** aix has quit IRC		19:33
andery-mp	dstanek: Could you please see one more time my review https://review.openstack.org/#/c/215481/ I've added one patch as Brant asked me to add some tests. Thank you.	19:34
*** mnaser has joined #openstack-keystone		19:34
mnaser	I've ran into this article that shows Fernet tokens are 400% slower to validate overall, "Determining why Fernet appears to be significantly slower that previously reported is my next mission. Stay tuned!" had no updates... has there been any investigations regarding the performance of fernet tokens? - http://dolphm.com/benchmarking-openstack-keystone-token-formats/#devstack-stable-kilo	19:35
lbragstad	mnaser yes	19:36
mnaser	lbragstad awesome, I found this outstanding issue as well .. https://bugs.launchpad.net/keystone/+bug/1489061 - dont know if that has to be updated	19:36
openstack	Launchpad bug 1489061 in OpenStack Identity (keystone) "fernet token validation is slow" [Medium,Confirmed]	19:36
*** RichardRaseley has quit IRC		19:36
*** josecastroleon has quit IRC		19:36
lbragstad	we introduced a couple patches to add caching around catalog retrieval and getting role assignments (both of which can be expensive).	19:36
openstackgerrit	Nathan Kinder proposed openstack/keystone: Remove hardcoded LDAP group schema from emulated enabled mix-in https://review.openstack.org/244173	19:37
lbragstad	mnaser the patch to add caching to get_catalog landed in master, after liberty was cut	19:37
lbragstad	mnaser the patch to add caching to role assignments is still in review	19:37
shaleh	tyagiprince2010: Imagine you have a collection of interesting data sitting around as Swift objects. I have some interesting code that could work on your data. Through federation (one day) I could process your data from my cloud and we both have quotas, history, CADF, etc.	19:37
mnaser	lbragstad: ah, so the latest liberty release is likely affected by this issue then	19:38
lbragstad	mnaser we're also looking at refactoring performance around revocation_events, which is something that is required by fernet	19:38
lbragstad	mnaser yes	19:38
*** mylu has quit IRC		19:38
lbragstad	mnaser mfisch was one of the first people to hit the problem	19:38
lbragstad	if not the first	19:38
*** petertr7_away is now known as petertr7		19:38
mnaser	lbragstad: i see, i appreciate the information.. i'll see if slowly moving to working on master for our deployment is a possiblity..	19:38
*** mylu has joined #openstack-keystone		19:38
*** RichardRaseley has joined #openstack-keystone		19:39
lbragstad	mnaser fwiw, the performance related issued around fernet are closely tied to the size of the catalog in your deployment	19:39
mnaser	11 endpoints in total	19:40
lbragstad	mnaser since fernet doesn't store a token reference in the backend, keystone rebuilds the catalog and auth context when it validates a token, resulting in trips to the database to rebuild everything	19:40
mnaser	yeah i can imagine this causing a load, i can imagine a small workaround is moving to the templated catalog backend	19:40
mnaser	service catalogs don't exactly change that often	19:41
lbragstad	mnaser exactly	19:41
*** andery-mp has quit IRC		19:41
lbragstad	mnaser which was another reason for us to add caching to it	19:41
lbragstad	mnaser https://review.openstack.org/#/c/215212/ and https://review.openstack.org/#/c/215715/	19:41
mnaser	i really wish we could track off master but that would be a lot of work	19:42
mnaser	and im not sure howi t would work on a stability point of view	19:43
lbragstad	mnaser these were the performance improvements we notices with those two patches - https://gist.github.com/dolph/3bf24039b83a147eeb5c	19:43
lbragstad	mnaser yeah, i'm not sure if we can backport those to liberty, but i can check	19:43
*** mylu has quit IRC		19:44
*** mylu has joined #openstack-keystone		19:45
*** mylu has quit IRC		19:45
*** swebb has joined #openstack-keystone		19:46
*** RichardRaseley has quit IRC		19:48
*** mylu has joined #openstack-keystone		19:50
mnaser	lbragstad: from a deployment standpoint, it would be very ideal	19:50
samueldmq	hey keystoners!	19:50
samueldmq	Identity API v3 only job is now non-voting in DevStack! https://review.openstack.org/#/c/241452/	19:50
samueldmq	stevemar_: jamielennox ^	19:51
lbragstad	mnaser understandable, let me do some checking	19:51
samueldmq	o/	19:51
*** itlinux has joined #openstack-keystone		19:53
*** RichardRaseley has joined #openstack-keystone		19:54
*** lhcheng_ is now known as lhcheng		19:54
*** ChanServ sets mode: +v lhcheng		19:54
*** su_zhang has quit IRC		19:55
*** su_zhang has joined #openstack-keystone		19:56
shaleh	samueldmq: yay	20:01
openstackgerrit	Lin Hua Cheng proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	20:02
openstackgerrit	Lin Hua Cheng proposed openstack/keystoneauth: Address hacking check H405. https://review.openstack.org/243889	20:05
*** e0ne has quit IRC		20:06
samueldmq	shaleh: o/	20:06
*** mylu has quit IRC		20:07
*** mylu has joined #openstack-keystone		20:07
*** su_zhang has quit IRC		20:08
*** mylu has quit IRC		20:11
*** petertr7 is now known as petertr7_away		20:13
*** petertr7_away is now known as petertr7		20:13
openstackgerrit	werner mendizabal proposed openstack/keystone: Consolidate the fernet provider validate_v3_token() https://review.openstack.org/196877	20:16
openstackgerrit	Merged openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/239039	20:16
*** RichardRaseley has quit IRC		20:20
*** petertr7 is now known as petertr7_away		20:23
*** petertr7_away is now known as petertr7		20:23
*** petertr7 is now known as petertr7_away		20:25
*** tonytan4ever has quit IRC		20:26
*** petertr7_away is now known as petertr7		20:28
*** urulama has quit IRC		20:28
*** urulama has joined #openstack-keystone		20:29
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_group_ref consistently https://review.openstack.org/243276	20:32
openstackgerrit	Sean Perry proposed openstack/keystone: WIP Use unit.new_user_ref consistently https://review.openstack.org/243877	20:33
openstackgerrit	ayoung proposed openstack/keystone: implied roles https://review.openstack.org/242614	20:37
htruta	guys that understand bandit	20:42
htruta	why isn't it ok to use try/except/pass specifying an exception in the except	20:42
htruta	IMO, it should only catch the raw try/except/pass logic	20:42
*** itlinux has quit IRC		20:43
*** tonytan4ever has joined #openstack-keystone		20:46
*** csoukup has quit IRC		20:47
*** belmoreira has joined #openstack-keystone		20:53
*** su_zhang has joined #openstack-keystone		20:53
tjcocozz	htruta +1	20:57
*** su_zhang has quit IRC		20:57
openstackgerrit	Merged openstack/keystone: Add test for security error with no message https://review.openstack.org/239300	20:58
*** su_zhang has joined #openstack-keystone		20:59
*** zao has left #openstack-keystone		20:59
*** lnxnut has joined #openstack-keystone		20:59
shaleh	I see some test using "assertIs(True, foo)" and others using "assertTrue(foo)". Which one is preferred?	21:02
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for projects acting as domains https://review.openstack.org/211219	21:02
openstackgerrit	Henrique Truta proposed openstack/keystone: Manager support for projects acting as domains https://review.openstack.org/213448	21:02
openstackgerrit	Henrique Truta proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	21:03
openstackgerrit	Henrique Truta proposed openstack/keystone: Removes project.domain_id FK https://review.openstack.org/233274	21:03
openstackgerrit	Henrique Truta proposed openstack/keystone: Change project name constraints https://review.openstack.org/158372	21:03
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	21:03
shaleh	htruta: https://github.com/openstack/bandit/blob/master/examples/try_except_pass.py	21:04
shaleh	htruta: if that helps	21:04
henrynash	dstanek, gyee, ayoung: any chance that one of you could take a quick look at https://review.openstack.org/#/c/242529/ - pretty easy I think and looks ready to go in…	21:05
ayoung	henrynash, was just reviewing your changes to the is_admin spec	21:05
ayoung	henrynash, do we really need to support V2 tokens this way?	21:06
htruta	shaleh: thanks. It did. but I still don't understand why the second case is bad, even if we put a specific exception	21:06
henrynash	ayoung: so I wasn’t sure, to be honest, execpt if we think v2 tokens are going to be arround for a long time, then that means people couldn’t change their policy files to the new mechanism while they still had to cope with v2 tokens	21:07
shaleh	htruta: because it does not handle any OTHER exception that might occur	21:07
shaleh	htruta: try: foo; except FooException: pass	21:07
shaleh	htruta: what if that throws a BarException?	21:07
ayoung	henrynash, So the issue is that with V2, I am not certain how that would play with the policy check anyway	21:07
ayoung	I wasthinking along the lines of "make admins use V3"	21:08
htruta	shaleh: in my case, I don't care about BarException, it is a very specific logic that is successfull if FooException occurs, so I just move on	21:08
*** mylu has joined #openstack-keystone		21:08
ayoung	henrynash, so...the other issue was that I don't know how to update the V2 docs	21:09
*** pauloewerton has quit IRC		21:09
henrynash	ayoung: on that, nor do I !!	21:09
shaleh	htruta: so you need to add some kind of indicator that says "I am only handling FooException"	21:09
henrynash	ayoung: why don’t you thnk that v2 would work with policy checks?	21:10
ayoung	henrynash, because most of the V2 calls I've seen byopass policy inside Keystone...but I guess thatis orthoganal	21:10
henrynash	ayoung: in keystone, that’s true	21:11
ayoung	henrynash, I kindof suspect that policy is broken for V2	21:11
*** daemontool has quit IRC		21:11
htruta	shaleh: I see	21:11
ayoung	It just means a lot more testing	21:11
shaleh	htruta: if your are sure there is: https://github.com/openstack/bandit/blob/master/docs/source/tests/try_except_pass.rst#config-options	21:11
ayoung	henrynash, Will require two config values: `admin_domain_name` and	21:11
ayoung	`admin_project_name` to allow the specification for the `admin` project. If	21:11
ayoung	only `admin_domain_name` is specified, then the project acting as that	21:11
ayoung	domain will be used.	21:11
ayoung	I'd rather not do that	21:11
ayoung	henrynash, lets leave it that both admin_project_name and admin_project_domain_name must be specified. Period.	21:12
shaleh	htruta: if you add a "except Exception as e: raise e" below the pass line does that help?	21:12
shaleh	htruta: or is it specifically complaining that your are squelching FooException?	21:13
henrynash	ayoung: brb	21:13
htruta	shaleh: it does not help. raising FooException is the normal flow. If it is raised, nothing else is raised	21:13
htruta	shaleh: but IMO, this flag you showed should be set False	21:14
shaleh	htruta: Reading the docs, their assertion is you should log the fact that you dropped the Exception on the floor. The check is that you simply pass and do nothing else.	21:15
shaleh	htruta: would a log(DEBUG, "ignoreing XYZ") be acceptable?	21:15
openstackgerrit	Merged openstack/keystoneauth: Add XML matcher https://review.openstack.org/243271	21:16
*** timcline_ has quit IRC		21:16
*** nbalaji has joined #openstack-keystone		21:16
htruta	shaleh: hm... I guess that would work	21:17
shaleh	htruta: in my experience those "I am supposed to ignore them" exceptions end up biting you at some point. The logging may help someone some day.	21:18
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	21:19
htruta	shaleh: that's not exactly the case, cause I'm not ignoring it, I'm using it to control the flow. take a look at L110 https://review.openstack.org/#/c/158372/118/keystone/resource/core.py	21:19
nbalaji	random question:I am using keystone to authenticate the admin user and it looks like the first token to produce is not authorized for object storage but the tokens produced afterwards are fine to work as an auth token. Any ideas why this is hapenning?	21:20
*** lhcheng has quit IRC		21:23
shaleh	htruta: hmm. You are ignoring the ProjectNotFound. That just happens to be an acceptable thing in this code. The linter cannot know that. A debug log would quiet the linter. If I were writing that code, I would have the catch right after the call to self.driver.get_project_by_name() and use a return instead of a pass. That way the exception block is as small as possible.	21:24
*** RichardRaseley has joined #openstack-keystone		21:25
openstackgerrit	ayoung proposed openstack/keystone-specs: Augment token to indicate if it is scoped to the admin project https://review.openstack.org/242232	21:26
htruta	shaleh: cool. I'll consider that. thanks	21:26
*** gordc has quit IRC		21:27
shaleh	htruta: no problem	21:27
*** lnxnut has quit IRC		21:29
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Validate Distinguished Names https://review.openstack.org/241005	21:32
shaleh	htruta: I put my thought into the review	21:42
htruta	shaleh: cool. thanks	21:43
*** gordc has joined #openstack-keystone		21:44
*** timcline has joined #openstack-keystone		21:44
shaleh	htruta: I am not keen on your solution of having it return msg when the msg may be bogus because the project did not exist.	21:45
shaleh	htruta: simply returning with no value may be sufficient.	21:45
htruta	shaleh: just saw it. nice approach	21:46
*** belmoreira has quit IRC		21:46
shaleh	htruta: as I said, you should always try to make your exception blocks as small and directed as possible. You also want to convey intent. The implication of the existing try block is the return from get_project() is relevant. But it isn't.	21:47
*** RichardRaseley has quit IRC		21:47
openstackgerrit	Lance Bragstad proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	21:47
*** RichardRaseley has joined #openstack-keystone		21:48
*** mylu has quit IRC		21:59
*** csoukup has joined #openstack-keystone		22:00
openstackgerrit	Nathan Kinder proposed openstack/keystone: Remove hardcoded LDAP group schema from emulated enabled mix-in https://review.openstack.org/244173	22:02
*** thedodd has quit IRC		22:02
htruta	shaleh: perfect. thanks for the tips	22:02
*** thedodd has joined #openstack-keystone		22:02
shaleh	htruta: no worries	22:03
shaleh	tjcocozz: I just -1'ed your Validate DN review. If you would like to hash things out in a PM session, let me know.	22:05
* tjcocozz looking		22:05
*** lhcheng has joined #openstack-keystone		22:07
*** ChanServ sets mode: +v lhcheng		22:07
*** ninag has quit IRC		22:08
*** ninag has joined #openstack-keystone		22:08
*** ninag has quit IRC		22:13
openstackgerrit	Lin Hua Cheng proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	22:14
openstackgerrit	Lin Hua Cheng proposed openstack/keystoneauth: Address hacking check H405. https://review.openstack.org/243889	22:15
jamielennox	bknudson: i cannot see a way to get those exception strings generated	22:15
jamielennox	we would essentially need to stop autogenerating the api rst files	22:15
jamielennox	do you know any other way?	22:16
bknudson	jamielennox: I'd have to try some stuff out.	22:16
bknudson	There's http://sphinx-doc.org/domains.html#directive-py:exception	22:17
bknudson	and you can reference another excpetion in http://sphinx-doc.org/domains.html#role-py:exc	22:17
jamielennox	bknudson: right and i'm looking through the autodoc docs, but they are automatically generated and not something i think i have control off	22:17
*** petertr7 is now known as petertr7_away		22:17
shaleh	lbragstad: jenkins is happy now, please push by endpoint_ref review	22:18
jamielennox	bknudson: these would seem to go in the rst files though rather than something in the .py	22:19
jamielennox	where would they go? the module doc?	22:20
bknudson	jamielennox: you can put .. py:exception:: in the module docstring ... I did it before somewhere but I can't find it now.	22:20
bknudson	otherwise I wonder if you can't put """ """ right after the E1 = E2	22:20
*** timcline has quit IRC		22:21
bknudson	like """ :exc:`keystoneauth.exception.Whatever` """	22:21
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct docstring warnings https://review.openstack.org/244333	22:21
*** edmondsw has quit IRC		22:23
openstackgerrit	Lin Hua Cheng proposed openstack/keystonemiddleware: Address hacking check H405. https://review.openstack.org/238161	22:23
*** mylu has joined #openstack-keystone		22:24
shaleh	how can Lin both upload a change and +2 a change?	22:25
openstackgerrit	Lin Hua Cheng proposed openstack/keystoneauth: Address hacking check H405. https://review.openstack.org/243889	22:26
bknudson	shaleh: core reviewers can +2 any change in keystonemiddleware.	22:26
lhcheng	shaleh: I just fixed the nit from previous comment	22:26
*** doug-fish has quit IRC		22:27
shaleh	lhcheng: no offense intended lhcheng. It just surprised me.	22:27
openstackgerrit	Lance Bragstad proposed openstack/keystone: Add Fernet FAQ https://review.openstack.org/244337	22:27
*** doug-fish has joined #openstack-keystone		22:28
lhcheng	shaleh: by doing this, we try to to reduce overhead of waiting for author to fix the comment.	22:28
lbragstad	dolphm stevemar_ ^	22:28
shaleh	lhcheng: makes sense	22:28
lhcheng	shaleh: no worries :)	22:28
bknudson	I saw that the latest gerrit will allow you to make edits in the UI.	22:28
lhcheng	bknudson: sweet!	22:28
shaleh	lbragstad: jenkins is happy now, please push by endpoint_ref review	22:29
* shaleh puts the food down so he can type better		22:29
*** doug-fis_ has joined #openstack-keystone		22:30
openstackgerrit	Lin Hua Cheng proposed openstack/keystoneauth: Address hacking check H405 https://review.openstack.org/243889	22:31
shaleh	lbragstad: thanks	22:31
lbragstad	shaleh no problem, thanks for the quick turn-arounds	22:31
*** doug-fish has quit IRC		22:32
shaleh	lbragstad: np. The last two will be users and projects.	22:32
shaleh	Both are fairly large	22:32
lbragstad	sweet	22:32
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Validate Distinguished Names https://review.openstack.org/241005	22:33
shaleh	I am finishing projects currently. I need to spin up a devstack with LDAP to finish the users	22:33
shaleh	tjcocozz: is ldap3 working for your code too now?	22:33
*** mylu has quit IRC		22:33
openstackgerrit	Merged openstack/keystone: Use list_role_assignments to get assignments by role_id https://review.openstack.org/242529	22:33
tjcocozz	shaleh, yes it is :)	22:33
shaleh	tjcocozz: excellent	22:34
*** RichardRaseley has quit IRC		22:34
*** doug-fis_ has quit IRC		22:34
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	22:35
*** ninag has joined #openstack-keystone		22:38
*** gordc has quit IRC		22:38
*** RichardRaseley has joined #openstack-keystone		22:38
*** doug-fish has joined #openstack-keystone		22:43
*** pgbridge has quit IRC		22:44
openstackgerrit	Brant Knudson proposed openstack/keystone: Document release notes process https://review.openstack.org/244343	22:46
*** doug-fish has quit IRC		22:47
*** pgbridge has joined #openstack-keystone		22:49
shaleh	tjcocozz: is there a reason you use the ldap module in the tests instead of just mocking out a pass and an exception?	22:54
shaleh	tjcocozz: you only prove that errors occur. You never prove the code works :-)	22:55
*** ninag has quit IRC		22:57
*** ninag has joined #openstack-keystone		22:57
*** ninag has quit IRC		23:02
*** roxanaghe has quit IRC		23:07
*** roxanaghe has joined #openstack-keystone		23:08
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Map keystoneclient exceptions to keystoneauth https://review.openstack.org/243869	23:08
jamielennox	bknudson: it's not finished yet, but is the pattern ^ ok with you?	23:09
bknudson	jamielennox: y, if it works... not sure what "A link to" means?	23:10
bknudson	btw -- are all these symbols deprecated?	23:10
jamielennox	bknudson: I could use alias or reference to	23:10
jamielennox	umm, i'm going to say not yet	23:10
openstackgerrit	Ron De Rose proposed openstack/keystone: Limit the number of roles a user can be assigned within a project https://review.openstack.org/239948	23:10
bknudson	I think "Alias" is good.	23:10
jamielennox	at some point we're going to have to say that you should use keystoneauth1.session instead of the client one and deprecate ksc.session	23:11
jamielennox	i think we deprecate the exceptions at that time	23:11
bknudson	ok, not ready to deprecate yet.	23:11
jamielennox	but i don't want to worry about that just yet	23:11
bknudson	there are some references to these exceptions in docstrings so could switch those now	23:11
*** roxanaghe has quit IRC		23:12
jamielennox	i don't mind, i expect the keystoneclient.exceptions to be used with the keystoneclient.session and same with keystoneauth	23:13
*** BAKfr has quit IRC		23:14
*** csoukup has quit IRC		23:15
*** mylu has joined #openstack-keystone		23:15
*** BAKfr has joined #openstack-keystone		23:17
*** diazjf has quit IRC		23:18
jamielennox	bknudson: whilst your here your -1 on https://review.openstack.org/#/c/243882/ you just want me to update the entrypoint in setup.cfg rather than import it from __init__.py	23:18
bknudson	jamielennox: y, I figured you'd have to change setup.cfg	23:19
jamielennox	bknudson: ok, that's easy i just wanted to check that's what you meant	23:20
jamielennox	i just thought this way was a bit easier as i didn't have to update the class location in tests etc	23:21
bknudson	that's why we change setup.cfg and the paste file with #egg so that we had a level of indirection	23:21
bknudson	it's easier for now but I think it's going to be confusing going forward since it's harder to grep for uses of it.	23:22
*** gildub has joined #openstack-keystone		23:24
*** slberger1 has left #openstack-keystone		23:26
stevemar_	lbragstad: not an invitation, just a heads up :)	23:30
stevemar_	samueldmq: nice	23:30
*** diazjf has joined #openstack-keystone		23:33
*** boris-42 has joined #openstack-keystone		23:33
openstackgerrit	Steve Martinelli proposed openstack/keystone-specs: Correct a few token examples https://review.openstack.org/244266	23:37
openstackgerrit	Merged openstack/keystone: Use unit.new_endpoint_ref consistently https://review.openstack.org/237758	23:37
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Map keystoneclient exceptions to keystoneauth https://review.openstack.org/243869	23:39
*** su_zhang has quit IRC		23:41
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/238264	23:43
*** doug-fish has joined #openstack-keystone		23:47
*** doug-fish has quit IRC		23:50
shaleh	samueldmq: remember us talking about the possibility of a parent patchset due to groups with enabled=True. Yeah it might come to that. I had the ones in test_v3_identity because the tox run fails without it.	23:52
*** diazjf has quit IRC		23:54
stevemar_	looks like no more py26 anywhere	23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!