Sunday, 2015-12-06

« Saturday, 2015-12-05 Index Monday, 2015-12-07 »
*** davechen1 has joined #openstack-keystone00:05
*** davechen has quit IRC00:07
*** mylu has quit IRC00:07
*** mylu has joined #openstack-keystone00:08
*** mylu has quit IRC00:10
*** mylu has joined #openstack-keystone00:10
*** btully has quit IRC00:12
*** jdennis has quit IRC00:13
*** jdennis has joined #openstack-keystone00:14
*** btully has joined #openstack-keystone00:14
*** markvoelker has joined #openstack-keystone00:17
*** markvoelker has quit IRC00:21
*** diegows has joined #openstack-keystone00:22
*** diegows has quit IRC00:39
*** jimbaker has quit IRC00:56
*** lhcheng_ has quit IRC01:02
*** jimbaker has joined #openstack-keystone01:02
*** jimbaker has quit IRC01:02
*** jimbaker has joined #openstack-keystone01:02
notmorganstevemar: you should approve this: https://review.openstack.org/#/c/250476/ with the sigmavirus24_awa +101:12
notmorganwho here wants to help me finish configuring neutron?01:16
notmorgancause...01:16
notmorganneutron :(01:16
*** mylu has quit IRC01:38
*** dims has joined #openstack-keystone01:38
*** mylu has joined #openstack-keystone01:39
*** markvoelker has joined #openstack-keystone01:45
*** dims has quit IRC01:52
*** mylu has quit IRC01:56
*** mylu has joined #openstack-keystone01:56
*** mylu_ has joined #openstack-keystone01:57
*** henrynash has quit IRC02:00
*** mylu_ has quit IRC02:00
*** mylu has quit IRC02:01
*** jimbaker has quit IRC02:06
*** henrynash has joined #openstack-keystone02:09
*** ChanServ sets mode: +v henrynash02:09
*** henrynash has quit IRC02:10
*** jimbaker has joined #openstack-keystone02:12
*** jimbaker has quit IRC02:12
*** jimbaker has joined #openstack-keystone02:12
*** EinstCrazy has joined #openstack-keystone02:13
*** mylu has joined #openstack-keystone02:28
*** mylu has quit IRC02:35
*** mylu has joined #openstack-keystone02:35
*** mylu_ has joined #openstack-keystone02:38
*** mylu has quit IRC02:40
*** lhcheng has joined #openstack-keystone02:48
*** ChanServ sets mode: +v lhcheng02:48
*** lhcheng has quit IRC02:52
*** dims has joined #openstack-keystone02:55
*** jimbaker has quit IRC03:01
*** jimbaker has joined #openstack-keystone03:02
*** jimbaker has quit IRC03:03
*** jimbaker has joined #openstack-keystone03:03
*** davechen1 has quit IRC03:18
*** davechen has joined #openstack-keystone03:19
*** btully has quit IRC03:24
*** btully has joined #openstack-keystone03:25
*** dims has quit IRC03:34
*** dims has joined #openstack-keystone03:38
*** mylu_ has quit IRC04:08
*** mylu has joined #openstack-keystone04:09
*** dims has quit IRC04:10
*** mylu has quit IRC04:13
*** btully has quit IRC04:21
*** sileht has quit IRC04:31
*** navid_ has joined #openstack-keystone04:45
*** navid_ is now known as navidp04:51
*** navidp has quit IRC04:58
*** navidp has joined #openstack-keystone04:58
*** lhcheng has joined #openstack-keystone05:01
*** ChanServ sets mode: +v lhcheng05:01
*** lhcheng has quit IRC05:05
*** navid_ has joined #openstack-keystone05:12
*** jimbaker has quit IRC05:17
*** navidp has quit IRC05:19
*** jimbaker has joined #openstack-keystone05:30
*** navidp has joined #openstack-keystone05:30
*** jimbaker has quit IRC05:30
*** jimbaker has joined #openstack-keystone05:30
*** navidp has quit IRC05:30
*** navidp has joined #openstack-keystone05:31
*** navidp has quit IRC05:31
*** spandhe has joined #openstack-keystone05:47
*** btully has joined #openstack-keystone06:38
*** david_cu has joined #openstack-keystone07:04
*** boris-42_ has joined #openstack-keystone07:07
*** opilotte_ has quit IRC07:08
*** jimbaker has quit IRC07:18
*** jimbaker has joined #openstack-keystone07:29
*** jimbaker has quit IRC07:29
*** jimbaker has joined #openstack-keystone07:29
openstackgerritDave Chen proposed openstack/keystone: Deprecate LDAP Role backend  https://review.openstack.org/25266907:29
*** spandhe has quit IRC07:30
*** topol has joined #openstack-keystone07:33
*** ChanServ sets mode: +v topol07:33
*** davechen has left #openstack-keystone07:33
*** topol has quit IRC07:38
*** josecastroleon has joined #openstack-keystone08:01
*** dims has joined #openstack-keystone08:12
*** opilotte_ has joined #openstack-keystone08:14
*** sileht has joined #openstack-keystone08:30
*** josecastroleon has quit IRC08:41
*** chlong has quit IRC08:48
*** dims has quit IRC08:51
*** jimbaker has quit IRC08:56
*** jimbaker has joined #openstack-keystone09:02
*** jimbaker has quit IRC09:02
*** jimbaker has joined #openstack-keystone09:02
*** dims has joined #openstack-keystone09:07
*** dims has quit IRC09:22
*** dims has joined #openstack-keystone09:31
*** btully has quit IRC09:33
*** henrynash has joined #openstack-keystone09:48
*** ChanServ sets mode: +v henrynash09:48
*** dims has quit IRC10:00
*** dims has joined #openstack-keystone10:02
openstackgerrithenry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user  https://review.openstack.org/24251310:02
*** dims has quit IRC10:03
*** henrynash has quit IRC10:30
*** e0ne has joined #openstack-keystone10:38
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/25389410:40
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/25389510:40
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/25164010:43
*** henrynash has joined #openstack-keystone10:52
*** ChanServ sets mode: +v henrynash10:52
openstackgerrithenry-nash proposed openstack/keystone: Create new version of assignment driver interface  https://review.openstack.org/24285310:55
openstackgerrithenry-nash proposed openstack/keystone: Create V9 Role Driver  https://review.openstack.org/24780511:01
*** henrynash has quit IRC11:01
*** e0ne has quit IRC11:26
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Remove invalid TODO in extensions  https://review.openstack.org/25355211:37
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Update extensions links  https://review.openstack.org/25358711:40
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create neutron service in sample_data.sh  https://review.openstack.org/20821511:54
*** topol has joined #openstack-keystone13:05
*** ChanServ sets mode: +v topol13:05
*** topol has quit IRC13:10
*** toddnni_ has joined #openstack-keystone13:38
*** boltR_ has joined #openstack-keystone13:41
*** noqa_v_q1ovnie has joined #openstack-keystone13:42
*** andreaf has quit IRC13:43
*** bigjools has quit IRC13:43
*** boltR has quit IRC13:43
*** ekarlso has quit IRC13:43
*** andreaf_ has quit IRC13:43
*** mhu has quit IRC13:43
*** toddnni has quit IRC13:43
*** noqa_v_qoovnie has quit IRC13:43
*** toddnni_ is now known as toddnni13:43
*** bigjools has joined #openstack-keystone13:43
*** bigjools has quit IRC13:43
*** bigjools has joined #openstack-keystone13:43
*** mylu has joined #openstack-keystone13:50
*** andreaf has joined #openstack-keystone13:51
*** andreaf_ has joined #openstack-keystone13:52
*** diegows has joined #openstack-keystone14:05
*** ramishra has quit IRC14:10
*** ramishra_ has joined #openstack-keystone14:10
*** johnthetubaguy has quit IRC14:13
*** johnthetubaguy has joined #openstack-keystone14:15
*** EinstCrazy has quit IRC14:15
*** EinstCrazy has joined #openstack-keystone14:16
*** ramishra_ has quit IRC14:25
*** ramishra_ has joined #openstack-keystone14:25
*** mhu has joined #openstack-keystone14:30
*** ekarlso has joined #openstack-keystone14:53
*** mylu has quit IRC14:54
*** mylu has joined #openstack-keystone14:55
*** hockeynut has quit IRC14:56
*** mylu has quit IRC14:57
*** hockeynut has joined #openstack-keystone14:58
*** mylu has joined #openstack-keystone14:58
*** mylu has quit IRC14:59
*** mylu has joined #openstack-keystone15:06
*** mylu has quit IRC15:08
*** mylu has joined #openstack-keystone15:14
*** lbragstad has quit IRC15:25
*** lbragstad has joined #openstack-keystone15:31
openstackgerritAkira YOSHIYAMA proposed openstack/oslo.policy: Fixes combined and and or rule handling  https://review.openstack.org/25376315:38
openstackgerritMorgan Fainberg proposed openstack/oslo.policy: Fixes combined "and" and "or" rule handling  https://review.openstack.org/25376315:43
*** dims has joined #openstack-keystone15:51
*** diegows has quit IRC15:55
*** e0ne has joined #openstack-keystone16:10
*** e0ne has quit IRC16:16
*** e0ne has joined #openstack-keystone16:20
*** e0ne has quit IRC16:29
*** e0ne has joined #openstack-keystone16:33
*** johnthetubaguy has quit IRC16:38
*** johnthetubaguy has joined #openstack-keystone16:40
*** e0ne has quit IRC16:42
*** e0ne has joined #openstack-keystone16:45
*** e0ne has quit IRC16:50
*** e0ne has joined #openstack-keystone16:54
*** e0ne has quit IRC16:57
*** e0ne has joined #openstack-keystone17:02
*** mylu has quit IRC17:02
*** e0ne has quit IRC17:06
*** mylu has joined #openstack-keystone17:09
*** mylu has quit IRC17:10
*** mylu has joined #openstack-keystone17:10
*** e0ne has joined #openstack-keystone17:11
*** mylu has quit IRC17:14
*** e0ne has quit IRC17:17
*** e0ne has joined #openstack-keystone17:21
*** topol has joined #openstack-keystone17:22
*** ChanServ sets mode: +v topol17:23
*** e0ne has quit IRC17:24
*** topol has quit IRC17:27
*** e0ne has joined #openstack-keystone17:28
*** e0ne has quit IRC17:31
*** e0ne has joined #openstack-keystone17:35
*** e0ne has quit IRC17:40
*** raginbajin has quit IRC17:43
*** e0ne has joined #openstack-keystone17:43
*** raginbajin has joined #openstack-keystone17:44
*** henrynash has joined #openstack-keystone17:46
*** ChanServ sets mode: +v henrynash17:46
openstackgerrithenry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user  https://review.openstack.org/24251317:47
*** EinstCrazy has quit IRC17:48
openstackgerrithenry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments  https://review.openstack.org/24256417:49
*** e0ne has quit IRC17:52
openstackgerrithenry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments  https://review.openstack.org/24257417:56
*** e0ne has joined #openstack-keystone17:56
*** mylu has joined #openstack-keystone17:56
*** mylu has quit IRC17:58
*** mylu has joined #openstack-keystone17:59
*** mylu_ has joined #openstack-keystone18:01
*** mylu has quit IRC18:02
*** mylu_ has quit IRC18:03
*** mylu has joined #openstack-keystone18:03
*** mylu has quit IRC18:08
*** e0ne has quit IRC18:11
*** mylu has joined #openstack-keystone18:12
*** johnthetubaguy has quit IRC18:12
*** johnthetubaguy has joined #openstack-keystone18:14
*** e0ne has joined #openstack-keystone18:15
*** mylu has quit IRC18:20
*** e0ne has quit IRC18:21
*** e0ne has joined #openstack-keystone18:25
*** mylu has joined #openstack-keystone18:28
*** e0ne has quit IRC18:28
*** e0ne has joined #openstack-keystone18:32
*** ramishra__ has joined #openstack-keystone18:35
*** ramishra_ has quit IRC18:36
*** ramishra__ is now known as ramishra_18:36
*** mylu has quit IRC18:36
*** mylu has joined #openstack-keystone18:37
*** e0ne has quit IRC18:39
*** mylu has quit IRC18:41
*** mylu has joined #openstack-keystone18:43
*** mylu has quit IRC18:45
*** johnthetubaguy has quit IRC18:50
*** mylu has joined #openstack-keystone18:51
*** johnthetubaguy has joined #openstack-keystone18:55
*** jimbaker has quit IRC18:55
*** jimbaker has joined #openstack-keystone18:57
*** jimbaker has quit IRC18:57
*** jimbaker has joined #openstack-keystone18:57
*** jerrygb has joined #openstack-keystone18:57
*** btully has joined #openstack-keystone19:33
*** btully has quit IRC19:38
*** flwang1 has joined #openstack-keystone19:44
*** johnthetubaguy has quit IRC19:48
*** johnthetubaguy has joined #openstack-keystone19:50
*** EinstCrazy has joined #openstack-keystone20:14
samueldmqhenrynash: hi20:14
*** EinstCrazy has quit IRC20:18
*** openstackgerrit has quit IRC20:32
*** openstackgerrit has joined #openstack-keystone20:32
henrynashsamueldmq: hi20:33
*** mylu has quit IRC20:36
*** mylu has joined #openstack-keystone20:36
*** flaper87 has quit IRC20:40
*** briancurtin has quit IRC20:40
*** briancurtin has joined #openstack-keystone20:40
*** mylu has quit IRC20:41
*** flaper87 has joined #openstack-keystone20:41
samueldmqhenrynash: oh, you still around ?20:42
henrynashsamuedlmq: indeed20:42
samueldmqhenrynash: sorry for the delay20:42
samueldmqhenrynash: I'd like your view on https://review.openstack.org/#/c/24889220:42
samueldmqhenrynash: see my last comment, I think the bug is invalid20:43
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth-saml2: Updated from global requirements  https://review.openstack.org/24760420:43
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/25163920:43
*** btully has joined #openstack-keystone20:44
henrynashsamueldmq: so my is that there is a bug, and that bug is that you can’t do GEt /project on your own project as project admin20:45
henrynashsamueldmq: that fact that you can’t list role assignments is a knock-on effect of that bug20:45
samueldmqhenrynash: but actually you can20:46
henrynashsamueldmq: a point I did add to an earlier review of this20:46
samueldmqhenrynash: her new tests for the fix are passing on master20:46
henrynashsamueldmq: using which policy file?20:46
samueldmqhenrynash: the v3 one which is the one she's touching ?20:47
*** mylu has joined #openstack-keystone20:47
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/25164020:47
samueldmqhenrynash: I downloaded her code, then undo the policy change, then run 'tox -e py27 test_v3_protection'20:47
samueldmqhenrynash: all the list role assingment tests pass20:47
samueldmqhenrynash: see https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json#L9420:48
samueldmqhenrynash:  rule:admin_on_project_filter20:48
samueldmqhenrynash: I don't see how get_project relates to list_role_assignments20:49
henrynashsamueldmq: and I think I agree with you…it might if bound up in Horizon, but not as far as the API is concerned, since we don’t check multiple policy rules for one API20:50
henrynashsamueldmq: this fix should just fix and test Get project20:51
samueldmqhenrynash: yes that's exactly the point20:51
samueldmqhenrynash: okay, left a review there, thanks!20:57
henrynashsamueldmq: good analysis.  Nice20:57
samueldmqhenrynash: :)21:00
*** mylu has quit IRC21:03
*** mylu has joined #openstack-keystone21:04
*** mylu has quit IRC21:08
samueldmqstevemar: dolphm: I wonder if we should have a policy for abandoning very very old reveiws that have been -1ed and didn't receive any update21:14
samueldmqthat should catch author's attention on restoring and updating them or leaving them abandoned, so that anyone else is welcme to address the issue21:14
samueldmqand would help making our review lists consistent :)21:15
*** andrewbogott has quit IRC21:21
*** mylu has joined #openstack-keystone21:21
*** andrewbogott has joined #openstack-keystone21:22
bretonsamueldmq: just use dashboard21:22
bretonabandoning a patch means hiding it from our view21:23
bretononly if launchpad changed the status of bugs from "in progress" to "new" if a patch is abandoned...21:24
*** topol has joined #openstack-keystone21:25
*** ChanServ sets mode: +v topol21:25
samueldmqbreton: if they're abandoned you can easily filter them in gerrit with 'status:open'21:25
samueldmqfilter them out*21:25
samueldmqbreton: and I also think it's important to keep our list of on-going things clear21:26
*** topol has quit IRC21:29
*** lifeless has quit IRC21:36
*** andreaf has quit IRC21:38
*** andreaf_ is now known as andreaf21:38
*** mylu has quit IRC21:40
*** mylu has joined #openstack-keystone21:40
*** e0ne has joined #openstack-keystone21:42
*** mylu_ has joined #openstack-keystone21:43
*** mylu has quit IRC21:43
*** mylu_ has quit IRC21:44
*** e0ne has quit IRC21:45
*** freerunner has quit IRC21:47
*** andreaf_ has joined #openstack-keystone21:48
*** freerunner has joined #openstack-keystone21:49
*** e0ne has joined #openstack-keystone21:49
*** e0ne has quit IRC21:53
*** freerunner has quit IRC21:55
*** freerunner has joined #openstack-keystone21:57
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/25389521:58
*** freerunner has quit IRC21:58
*** freerunner has joined #openstack-keystone22:00
*** freerunner has quit IRC22:02
*** freerunner has joined #openstack-keystone22:04
*** freerunner has quit IRC22:06
*** freerunner has joined #openstack-keystone22:09
*** freerunner has quit IRC22:10
*** lifeless has joined #openstack-keystone22:12
*** freerunner has joined #openstack-keystone22:13
*** mylu has joined #openstack-keystone22:19
*** henrynash has quit IRC22:38
*** jamielennox|away is now known as jamielennox22:46
*** btully has quit IRC22:46
openstackgerritMerged openstack/keystone: Updated from global requirements  https://review.openstack.org/25389422:48
notmorganoooh look keystoneauth is starting to become a thing in server projects!22:48
notmorganyay mordred!22:49
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/25374522:49
jamielennoxnotmorgan: sorry nit on https://review.openstack.org/#/c/250476/22:50
jamielennoxnotmorgan: otherwise sigmavirus24_awa gave the +1 so i'm good22:51
notmorganjamielennox: yah.22:54
notmorganjamielennox: i can re-spin/roll this in a few to solve your specific concern.22:55
jamielennoxnotmorgan: yep, figured it'd be quick22:55
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Add BetaMax Fixture  https://review.openstack.org/25047622:57
notmorganoops sec22:57
notmorganeh there is a typo in a #NOTE somewhere22:58
notmorganbut idon't care that much22:58
notmorganjamielennox: ^ there is addressing your main concern. The instance method vs function we can look into benefits/detractions later and wont affect the public interfaces22:59
notmorganjamielennox: the name of the file i don't want to change22:59
jamielennoxnotmorgan: oh - yea, i don't care about that, i had forgotten it was on there22:59
jamielennoxnotmorgan: oh?22:59
notmorganjamielennox: because people often end up doing: from keystoneauth1.fixtures import betamax as keystoneauth_betamax23:00
jamielennoxcause you'll import betamax23:00
notmorganbecause colliding names in places.23:00
notmorganthe class name, totally with you dropping the "keystoneauth" prefix23:00
jamielennoxyea - kind of have that problem in a few places23:00
jamielennoxmost annoying is having to call everything sess = because otherwise it conflicts with from keystoneauth import esssion23:00
notmorganjamielennox: so lets leave the prefix on the filename/module23:01
notmorganjamielennox: but the class name, yeah it was redundant23:01
notmorgan:)23:01
jamielennoxnotmorgan: sounds good to me23:02
notmorganjamielennox: so if you +2, i know mordred will +2 again, and it should land w/ a +A anywhere along the lines23:02
notmorganand then yay23:02
notmorganimprovements23:02
notmorganjamielennox: also, i'm going to go circle up on the ceilometer "mocking" of our memcache interface for KSM *rolls eyes*23:03
jamielennoxwhat do they do?23:04
jamielennoxi saw a bug report come through for gnocchi - is that the same thing now?23:04
notmorganjamielennox: i'm sure they do23:04
notmorganit's insanity23:04
notmorganbut since we have the KSM fixture now23:04
notmorgangonna make it use that23:04
jamielennoxthat merged?23:04
notmorganmerged and released23:04
notmorganoh reminds me i need to bump the minimum KSM in g-r for that23:05
jamielennoxbah - behind sorry23:05
notmorgandon't be sorry :)23:05
jamielennoxbe better :)23:05
jamielennoxcompletely missed the blueprint window for that service authentication stuff we discussed at summit as well23:06
jamielennoxhow are you looking at passing auth contexts around?23:06
notmorganhacking KSM to just accept the headers w/o talking to keystone23:06
notmorganwith a "validation" of some sort23:06
jamielennoxoh, the X-23:06
notmorganyah23:06
notmorgani'm going to use a shared-secret for the POC23:07
notmorganand the LUA in HAProxy will do the hard part of token validation already.23:07
jamielennoxdid you hack ksm or subclass the base?23:07
notmorgani have to re-hack it23:07
notmorgannow that i almost have a fully working cloud23:07
notmorganhttps://api.tempusfrangit.org/ [horizon is busted atm]23:08
notmorganand nova <-> glance is unhappy but that is sub-url mounting issues23:08
notmorganand i *think* i have neutron working.23:09
notmorganthink...23:09
jamielennoxnotmorgan: ah, you made the fix i suggested for the auth_token fixture anyway23:09
notmorgani mean... that is kinda hard to tell23:09
jamielennoxthat was all i wanted to check on anyway23:09
notmorganjamielennox: oh what fix did you suggest that i did? i remember i did something.23:09
*** topol has joined #openstack-keystone23:09
*** ChanServ sets mode: +v topol23:09
notmorganthe positional(1) vs (0)?23:10
*** jamielennox is now known as jamielennox|away23:18
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use keystoneauth for auth_token fixture  https://review.openstack.org/25396623:21
*** david-lyle_ has quit IRC23:22
*** EinstCrazy has joined #openstack-keystone23:23
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/25163923:23
*** jamielennox|away is now known as jamielennox23:26
*** EinstCrazy has quit IRC23:28
notmorganjamielennox: also sorry for the -2 on the "prompt for password" bit23:35
jamielennoxnotmorgan: oh - yea23:35
notmorganjamielennox: but i really feel strongly we shouldn't be doing interactive prompting in ksa23:35
jamielennoxi want to figure something out there23:35
notmorganOCC?23:35
notmorgansince everything *should* move to OCC23:35
notmorganmordred: ^ cc23:35
jamielennoxright - so that's the reason i put it on the opts23:36
notmorganpinging him since he had some ideas on it.23:36
jamielennoxin ksc we had it only in the load_from_argparse_arguments function23:36
notmorgani just feel like KSA is too low level to encode interactive prompting23:36
notmorganever23:36
notmorganit really is the job of the consumer to do that.23:36
jamielennoxbut i don't want to say that any of the keystoneauth "loaders" are more important than ones that might live outside23:36
notmorgani'd be ok with a way to say "hey you *might* want to prompt for this option"23:37
jamielennoxso that's what https://review.openstack.org/#/c/248524/3/keystoneauth1/loading/opts.py is23:37
notmorganbut i am strongly opposed to KSA having any prompt logic in it23:37
jamielennoxso that'd be ok but we have a load_from_argparse register_argparse_arguments functions23:38
jamielennoxgiven occ maybe we should have only had the conf functions in ksa23:38
jamielennoxbut it was kinda there23:38
jamielennoxbut neither occ or osc use that argparse loader because they want t o do their own things23:39
notmorgani am just against the actual use of getpass in ksa23:39
notmorganmaybe we need a way to pass in a callback the parent program can use to prompt?23:40
notmorgani am going to hold the line here on "no interactive prompting in the KSA codebase"23:40
mordredI think the _only_ think that should prompt is OSC23:40
mordredand I think it should prompt if the user is importing a new set of creds23:40
mordredusing something we haven't written yet23:40
mordredprompting is impossible otherwise23:40
mordredbecause with auth plugins23:41
mordredyou don't know if it should be the password plugin23:41
mordredunless there is a password23:41
mordredso if the password is missing23:41
mordredthen it's just a thing that breaks plugin discovery23:41
jamielennoxmordred: so this is why i didn't do it the way we did in ksc23:41
jamielennoxbut how is OSC or whoever supposed to know that you can prompt for an option?23:42
jamielennoxis it purely special casing the v2/v3/password plugins? because there are all sorts of saml password auth i'd like this to work for23:42
mordredit should never prompt23:42
mordredever23:42
jamielennoxOSC?23:42
mordredno. only when you're adding credentials23:42
mordredcheck this: https://cloud.google.com/compute/docs/tutorials/python-guide23:42
jamielennoxwhat is adding credentials in an osc sense?23:43
mordredyou'll notice step one is "gcloud init"23:43
jamielennoxah - you want to go down that path23:43
mordredI think we should add an osc command "openstack cloud add" or "openstack cloud import"23:43
jamielennoxgcloud init/kinit/...23:43
mordredthat can take an openrc file or a clouds.yaml file23:43
mordredyah23:43
mordredwell - it's not like kinit23:43
mordredit's a thing that sets up your local config file23:43
*** mylu has quit IRC23:43
notmorganlike git -config user.name|email23:44
mordredand creates a ~/.config/gcloud/credentials23:44
mordredyah23:44
mordredit's like that23:44
mordredit walks you through an interactive prompt session23:44
mordredand it's a _very_ pleasant experience23:44
jamielennoxassuming you've run it, does gcloud init do that? create a local file with your password?23:45
mordredyup23:45
mordredI have23:45
jamielennoxmy first guess would be it used that password to create some form of token23:45
mordredwell, gcloud uses oauth23:45
mordredso it does the oauth authorize dance23:45
mordredand writes the into into a json file23:45
jamielennoxright, so that has the advantage of not putting your password in a file23:46
mordredeveryone is always putting their password in a file23:46
mordredright now it's an openrc shell script file - or clouds.yaml23:46
*** mylu has joined #openstack-keystone23:47
jamielennoxsure, but the plan for OSC initially at least was that you ommited the password from accrc, got prompted once and then it would cache the token23:47
jamielennox... obviously that didn't work out23:47
mordred:)23:47
notmorganhehe23:47
jamielennoxbut caching should be possible now and i was looking to see if we could23:47
mordredyah - gota have that password to renew the token23:47
mordredso - fwiw, a majority of the clouds I have accounts on give me a generated password that is long and unweildy to type23:48
mordredso copying in to a file is the only feasible way to use it23:48
jamielennoxso even in the osc could init case - how do you know which fields you can prompt for?23:48
*** mylu has quit IRC23:48
*** mylu has joined #openstack-keystone23:49
mordredI think it depends ... if you do "osc init downloaded-clouds.yaml" we could expect that such a file should include the auth_plugin (since a deployer should always know that)23:49
mordredand if you know the plugin ahead of time, you should know which fields are missing and prompt for them23:49
mordredif you don't have a declared plugin23:49
mordredthen you're using password23:49
jamielennoxor... https://review.openstack.org/#/c/248524/3/keystoneauth1/loading/opts.py23:50
mordredand you could prompt for all of them honestly23:50
notmorganmordred: ++23:50
mordredI think there's two different things potentially here - depending on what we're setting up to allow23:50
mordredone is "what are reasonable to maybe prompt for from a CLI tool during operation"23:51
mordredthe other is "what are values that could be prompted for in an init command"23:51
mordredfor the second - I'd say you could honestly prompt for all of the normal ones23:51
mordred"what's your auth_url?" "what's your username?" "what's your domain? (leave empty if you don't have one)"23:51
*** mylu_ has joined #openstack-keystone23:52
*** mylu has quit IRC23:53
jamielennoxyea, if you're doing it from a set up everything scenario then you can prompt for everything23:54
jamielennoxbut as you say i think if you know the answers to all those questions you probably already know openstack well enough to do the exports yourself23:54
jamielennoxa provider would give you an accrc/clouds.yaml file23:54
mordredyah23:54
mordredor, currently, they give you an openrc file23:55
mordredand, amusingly, all of the openrc files are set up to prompt for password when you source them23:55
jamielennoxyea, that's because that's what horizon generates for you23:56
mordredlike this: http://paste.openstack.org/show/48097023:56
jamielennoxbecause obviously it doesn't know your password at that point23:56
mordredyup23:56
jamielennoxmordred, notmorgan: so even if i remove it from loda_from_argparse (which i understand at this point is superseeded by OCC) you'd be anti having the param in an opt?23:59
*** chlong has joined #openstack-keystone23:59
jamielennoxcause i would like to figure out the mess that is the OSC/OCC boundary23:59
jamielennoxand OSC is doing this already - just poorly23:59
« Saturday, 2015-12-05 Index Monday, 2015-12-07 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!