Monday, 2016-01-11

*** dgonzalez has joined #openstack-keystone		00:01
*** agireud has quit IRC		00:02
*** agireud has joined #openstack-keystone		00:04
*** agireud has quit IRC		00:12
*** topol has quit IRC		00:15
*** dgonzalez has quit IRC		00:16
*** dgonzalez has joined #openstack-keystone		00:17
*** dgonzalez has quit IRC		00:17
*** dgonzalez has joined #openstack-keystone		00:18
*** dgonzalez has quit IRC		00:20
*** dgonzalez has joined #openstack-keystone		00:23
*** dgonzalez has quit IRC		00:29
*** dgonzalez has joined #openstack-keystone		00:29
*** dgonzalez has quit IRC		00:30
*** dgonzalez has joined #openstack-keystone		00:30
*** dgonzalez has quit IRC		00:31
*** dgonzalez has joined #openstack-keystone		00:32
*** dgonzalez has quit IRC		00:32
*** chlong has quit IRC		00:32
*** dgonzalez has joined #openstack-keystone		00:33
*** dgonzalez has quit IRC		00:34
*** dgonzalez has joined #openstack-keystone		00:34
*** dgonzalez has quit IRC		00:35
*** dgonzalez has joined #openstack-keystone		00:37
*** bjornar1 has joined #openstack-keystone		00:41
bjornar1	with stable/liberty I get an error when running keystone-manage db_sync (mysql backend):	00:42
bjornar1	"Duplicate column name 'relay_state_prefix'") [SQL: u"\nALTER TABLE service_provider ADD relay_state_prefix VARCHAR(256) NOT NULL DEFAULT 'ss:mem:'"]	00:42
bjornar1	this is starting from a empty db	00:42
bjornar1	INFO migrate.versioning.api [-] 7 -> 8...	00:42
bjornar1	..looks like it starts from 43->44 ... up to 86->87 .. and then: 0->1	00:44
bjornar1	looks wierd, is it correct?	00:44
*** chlong has joined #openstack-keystone		00:49
*** dancn has quit IRC		00:56
*** dancn has joined #openstack-keystone		00:59
*** dims has quit IRC		01:03
*** spzala has joined #openstack-keystone		01:04
*** chlong has quit IRC		01:09
*** agireud has joined #openstack-keystone		01:10
*** markvoelker has joined #openstack-keystone		01:14
*** markvoelker has quit IRC		01:19
*** EinstCrazy has joined #openstack-keystone		01:21
*** chlong has joined #openstack-keystone		01:23
*** shoutm has joined #openstack-keystone		01:25
*** agireud has quit IRC		01:28
*** agireud has joined #openstack-keystone		01:31
*** dims has joined #openstack-keystone		01:37
*** dancn has quit IRC		01:56
*** dancn has joined #openstack-keystone		02:05
*** agireud has quit IRC		02:05
*** dims has quit IRC		02:07
*** agireud has joined #openstack-keystone		02:08
*** itlinux has joined #openstack-keystone		02:24
*** topol has joined #openstack-keystone		02:27
*** ChanServ sets mode: +v topol		02:27
*** itlinux has quit IRC		02:30
*** topol has quit IRC		02:31
*** agireud has quit IRC		02:38
*** agireud has joined #openstack-keystone		02:40
*** henrynash has joined #openstack-keystone		02:51
*** ChanServ sets mode: +v henrynash		02:51
*** markvoelker has joined #openstack-keystone		02:53
*** henrynash has quit IRC		02:56
stevemar	bjornar1: those are the federation extension migrations running	03:08
*** agireud has quit IRC		03:10
stevemar	bjornar1: did you already run those migrations before?	03:11
*** agireud has joined #openstack-keystone		03:13
*** csoukup has joined #openstack-keystone		03:20
*** davechen has joined #openstack-keystone		03:26
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: remove oslo-incubator apiclient https://review.openstack.org/257127	03:29
*** topol has joined #openstack-keystone		03:31
*** ChanServ sets mode: +v topol		03:31
bjornar1	stevemar: no, seems this is fixed in master, but this is apparently a bug in stable/liberty	03:31
stevemar	bknudson_: you have a bug reference?	03:31
bjornar1	stevemar: no, could not find anything regarding this online, but easy to reproduce, checkout stable/liberty and do a db_sync	03:32
stevemar	bjornar1: hmm, strange this doesn't happen during the CI tests/runs	03:33
bjornar1	082 runs first and adds relay_state_prefix .. then the (now removed in master) 008 federation runs and fails	03:33
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove eventlet support https://review.openstack.org/249486	03:38
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove eventlet support https://review.openstack.org/249486	03:38
*** topol has quit IRC		03:46
*** topol has joined #openstack-keystone		03:46
*** ChanServ sets mode: +v topol		03:46
*** links has joined #openstack-keystone		03:48
notmorgan	bjornar1: do you have a lingering .pyc file?	03:55
notmorgan	bjornar1: because .pyc files can live on and cause migraiton issues	03:55
davechen	stevemar: thanks for the helpful on this one - https://review.openstack.org/#/c/262768/	04:10
davechen	stevemar, dolphm: I still think the testcases are redundant , but it's okay to keep there anyway. Thanks!	04:10
stevemar	bjornar1: hmmm 082 shouldn't live in liberty, that was done in mitaka, at least i hope	04:14
stevemar	gonna check now	04:14
stevemar	davechen: np	04:14
stevemar	bjornar1: yeah, liberty is capped at 075: https://github.com/openstack/keystone/tree/stable/liberty/keystone/common/sql/migrate_repo/versions	04:16
stevemar	must happen when you are switching between branches and stale pyc files like notmorgan mentioned	04:16
notmorgan	stevemar: ++	04:17
notmorgan	bjornar1: find . -name *.pyc \| xargs rm	04:19
openstackgerrit	Merged openstack/keystone: OAuth1 driver doesnt inherit its interface https://review.openstack.org/265632	04:24
openstackgerrit	Dave Chen proposed openstack/keystone: Add testcases to check cache invalidation https://review.openstack.org/258785	04:25
*** agireud has quit IRC		04:26
*** agireud has joined #openstack-keystone		04:28
*** agireud has quit IRC		04:39
*** agireud has joined #openstack-keystone		04:41
*** agireud has quit IRC		04:48
*** csoukup has quit IRC		04:49
*** agireud has joined #openstack-keystone		04:52
*** EinstCrazy has quit IRC		04:58
*** agireud has quit IRC		04:59
*** david-lyle has quit IRC		05:00
*** david-lyle has joined #openstack-keystone		05:00
*** agireud has joined #openstack-keystone		05:02
*** agireud has quit IRC		05:06
*** EinstCrazy has joined #openstack-keystone		05:07
*** agireud has joined #openstack-keystone		05:09
*** davechen has quit IRC		05:16
stevemar	notmorgan: do you have any idea why this keeps failing jenkins? https://review.openstack.org/#/c/259733/	05:30
stevemar	i have searched the logs and can't find a reason	05:30
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove eventlet support https://review.openstack.org/249486	05:32
*** Nirupama has joined #openstack-keystone		05:39
*** roxanagh_ has joined #openstack-keystone		05:45
*** roxanagh_ has quit IRC		05:50
*** jaosorior has joined #openstack-keystone		05:50
*** GB21 has joined #openstack-keystone		05:59
*** dave-mccowan has joined #openstack-keystone		06:02
*** dave-mcc_ has joined #openstack-keystone		06:03
*** dave-mccowan has quit IRC		06:06
*** GB21 has quit IRC		06:15
*** GB21 has joined #openstack-keystone		06:15
*** dave-mcc_ has quit IRC		06:21
*** ankit_ag has joined #openstack-keystone		06:34
*** EinstCrazy has quit IRC		06:38
*** EinstCrazy has joined #openstack-keystone		06:38
*** henrynash has joined #openstack-keystone		06:47
*** ChanServ sets mode: +v henrynash		06:47
*** henrynash has quit IRC		06:47
*** GB21 has quit IRC		06:51
*** GB21 has joined #openstack-keystone		06:54
*** EinstCrazy has quit IRC		06:56
*** EinstCrazy has joined #openstack-keystone		06:57
*** EinstCrazy has quit IRC		06:59
*** EinstCrazy has joined #openstack-keystone		07:02
*** EinstCrazy has quit IRC		07:05
*** EinstCrazy has joined #openstack-keystone		07:06
*** EinstCrazy has quit IRC		07:07
*** EinstCrazy has joined #openstack-keystone		07:07
*** EinstCrazy has quit IRC		07:08
*** EinstCrazy has joined #openstack-keystone		07:09
*** EinstCrazy has quit IRC		07:10
*** EinstCrazy has joined #openstack-keystone		07:11
*** EinstCrazy has quit IRC		07:12
*** EinstCrazy has joined #openstack-keystone		07:13
*** EinstCrazy has quit IRC		07:14
*** EinstCrazy has joined #openstack-keystone		07:15
*** roxanagh_ has joined #openstack-keystone		07:17
*** EinstCrazy has quit IRC		07:17
*** roxanagh_ has quit IRC		07:21
*** markvoelker has quit IRC		07:22
*** EinstCrazy has joined #openstack-keystone		07:22
*** ktychkova has joined #openstack-keystone		07:34
*** chlong has quit IRC		07:39
*** csoukup has joined #openstack-keystone		07:45
*** csoukup has quit IRC		07:50
*** topol has quit IRC		07:52
*** GB21 has quit IRC		07:59
*** GB21 has joined #openstack-keystone		08:01
*** belmoreira has joined #openstack-keystone		08:05
*** GB21 has quit IRC		08:15
*** EinstCrazy has quit IRC		08:19
*** EinstCrazy has joined #openstack-keystone		08:19
*** boris-42 has joined #openstack-keystone		08:29
*** openstackgerrit has quit IRC		08:32
*** openstackgerrit has joined #openstack-keystone		08:32
*** fhubik has joined #openstack-keystone		08:42
*** fhubik is now known as fhubik_brb		08:47
*** topol has joined #openstack-keystone		08:53
*** ChanServ sets mode: +v topol		08:53
*** markvoelker has joined #openstack-keystone		08:54
*** rha has joined #openstack-keystone		08:54
*** vgridnev has joined #openstack-keystone		08:55
*** topol has quit IRC		08:57
*** fhubik_brb is now known as fhubik		08:58
*** markvoelker has quit IRC		08:59
*** davechen has joined #openstack-keystone		09:01
*** fhubik is now known as fhubik_brb		09:03
*** roxanagh_ has joined #openstack-keystone		09:05
*** e0ne has joined #openstack-keystone		09:05
*** fhubik_brb is now known as fhubik		09:08
*** EinstCrazy has quit IRC		09:09
*** roxanagh_ has quit IRC		09:09
*** EinstCrazy has joined #openstack-keystone		09:09
*** EinstCrazy has quit IRC		09:10
*** EinstCrazy has joined #openstack-keystone		09:11
*** EinstCrazy has quit IRC		09:11
*** EinstCrazy has joined #openstack-keystone		09:11
*** EinstCrazy has quit IRC		09:13
*** EinstCrazy has joined #openstack-keystone		09:13
*** EinstCrazy has quit IRC		09:13
*** EinstCrazy has joined #openstack-keystone		09:13
*** davechen1 has joined #openstack-keystone		09:14
*** daemontool has joined #openstack-keystone		09:14
*** EinstCrazy has quit IRC		09:16
*** EinstCrazy has joined #openstack-keystone		09:16
*** davechen has quit IRC		09:16
*** pnavarro has joined #openstack-keystone		09:22
*** EinstCrazy has quit IRC		09:24
*** EinstCra_ has joined #openstack-keystone		09:24
*** daemontool has quit IRC		09:25
*** jistr has joined #openstack-keystone		09:25
*** daemontool has joined #openstack-keystone		09:25
*** fhubik is now known as fhubik_brb		09:26
*** daemontool has quit IRC		09:27
*** daemontool has joined #openstack-keystone		09:29
*** GB21 has joined #openstack-keystone		09:29
*** EinstCrazy has joined #openstack-keystone		09:30
*** EinstCra_ has quit IRC		09:30
*** itlinux has joined #openstack-keystone		09:39
*** fhubik_brb is now known as fhubik		09:41
*** itlinux has quit IRC		09:44
*** daemontool has quit IRC		09:53
*** daemontool has joined #openstack-keystone		09:53
*** daemontool has quit IRC		09:55
*** daemontool has joined #openstack-keystone		09:56
*** daemontool has quit IRC		09:57
*** daemontool has joined #openstack-keystone		09:59
*** daemontool_ has joined #openstack-keystone		10:10
*** EinstCrazy has quit IRC		10:11
*** daemontool has quit IRC		10:13
*** daemontool_ has quit IRC		10:17
*** daemontool_ has joined #openstack-keystone		10:17
*** fhubik is now known as fhubik_brb		10:31
*** aix has joined #openstack-keystone		10:35
bjornar1	notmorgan: does not do it	10:38
bjornar1	notmorgan: its installed fresh in a venv	10:38
bjornar1	notmorgan: master is fine, but "stable"/liberty is not	10:39
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Fix incorrect links in OS-EP-FILTER docs https://review.openstack.org/265761	10:42
*** GB21 has quit IRC		10:43
*** roxanagh_ has joined #openstack-keystone		10:53
*** jaosorior has quit IRC		10:53
*** jaosorior has joined #openstack-keystone		10:54
*** markvoelker has joined #openstack-keystone		10:55
*** jaosorior has quit IRC		10:57
*** jaosorior has joined #openstack-keystone		10:58
*** roxanagh_ has quit IRC		10:58
*** markvoelker has quit IRC		11:00
openstackgerrit	Merged openstack/keystone: Replace deprecated library function os.popen() with subprocess https://review.openstack.org/262731	11:02
*** mhickey has joined #openstack-keystone		11:08
*** GB21 has joined #openstack-keystone		11:15
*** dims_ has joined #openstack-keystone		11:18
*** fhubik_brb is now known as fhubik		11:28
*** daemontool_ is now known as daemontool		11:32
*** einarf has joined #openstack-keystone		11:39
*** einarf_ has joined #openstack-keystone		11:43
*** GB21 has quit IRC		11:44
openstackgerrit	Dave Chen proposed openstack/keystonemiddleware: Deprecate class AuthTokenPlugin properly https://review.openstack.org/220509	11:44
*** einarf has quit IRC		11:44
*** einarf_ is now known as einarf		11:44
*** aix has quit IRC		11:47
*** daemontool_ has joined #openstack-keystone		11:53
*** Tridde has quit IRC		11:54
*** Tridde has joined #openstack-keystone		11:54
*** daemontool has quit IRC		11:55
*** markvoelker has joined #openstack-keystone		11:56
*** chlong has joined #openstack-keystone		11:57
*** markvoelker has quit IRC		12:00
*** GB21 has joined #openstack-keystone		12:02
*** EinstCrazy has joined #openstack-keystone		12:07
*** GB21 has quit IRC		12:07
*** Tridde has quit IRC		12:10
*** daemontool has joined #openstack-keystone		12:12
*** daemontool_ has quit IRC		12:14
*** pauloewerton has joined #openstack-keystone		12:15
*** Tridde has joined #openstack-keystone		12:16
openstackgerrit	Dave Chen proposed openstack/keystone: Remove eventlet support https://review.openstack.org/249486	12:21
*** raildo-afk is now known as raildo		12:21
*** aix has joined #openstack-keystone		12:22
*** fhubik is now known as fhubik_brb		12:23
*** peter-hamilton has joined #openstack-keystone		12:26
*** fhubik_brb is now known as fhubik		12:26
*** davechen1 has left #openstack-keystone		12:27
*** gordc has joined #openstack-keystone		12:27
openstackgerrit	Einar Forselv proposed openstack/keystone: Missing service 'region' and endpoint name for EndpointFilterCatalog https://review.openstack.org/265797	12:28
*** einarf has quit IRC		12:30
*** einarf has joined #openstack-keystone		12:30
*** jaosorior has quit IRC		12:33
*** jaosorior has joined #openstack-keystone		12:34
*** Nirupama has quit IRC		12:35
*** Tridde has quit IRC		12:38
*** Tridde has joined #openstack-keystone		12:39
*** roxanagh_ has joined #openstack-keystone		12:42
*** alejandrito has joined #openstack-keystone		12:45
*** alejandrito has quit IRC		12:46
*** pnavarro has quit IRC		12:46
*** alejandrito has joined #openstack-keystone		12:46
*** roxanagh_ has quit IRC		12:47
*** markvoelker has joined #openstack-keystone		12:57
openstackgerrit	Marek Denis proposed openstack/keystone: Add asserts for service providers https://review.openstack.org/265809	12:58
*** ankit_ag has quit IRC		12:59
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	13:00
*** markvoelker has quit IRC		13:01
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	13:02
*** daemontool has quit IRC		13:07
openstackgerrit	Marek Denis proposed openstack/keystone: Add asserts for service providers https://review.openstack.org/265809	13:08
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	13:08
*** doug-fish has joined #openstack-keystone		13:09
*** daemontool has joined #openstack-keystone		13:10
*** edmondsw has joined #openstack-keystone		13:11
*** links has quit IRC		13:13
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	13:18
*** markvoelker has joined #openstack-keystone		13:20
*** daemontool_ has joined #openstack-keystone		13:23
*** iurygregory has quit IRC		13:25
*** daemontool has quit IRC		13:26
openstackgerrit	Dave Chen proposed openstack/keystonemiddleware: Deprecate class AuthTokenPlugin properly https://review.openstack.org/220509	13:35
*** jsavak has joined #openstack-keystone		13:39
*** EinstCrazy has quit IRC		13:40
*** iurygregory has joined #openstack-keystone		13:40
*** ayoung has joined #openstack-keystone		13:44
*** ChanServ sets mode: +v ayoung		13:44
*** shoutm has quit IRC		14:01
*** shoutm has joined #openstack-keystone		14:01
*** richm has joined #openstack-keystone		14:11
*** dslev has quit IRC		14:14
*** med_ has quit IRC		14:15
*** med_ has joined #openstack-keystone		14:20
*** med_ is now known as Guest74023		14:20
*** topol has joined #openstack-keystone		14:23
*** ChanServ sets mode: +v topol		14:23
*** pnavarro has joined #openstack-keystone		14:29
*** roxanagh_ has joined #openstack-keystone		14:29
*** petertr7_away is now known as petertr7		14:30
*** roxanagh_ has quit IRC		14:34
*** rderose has joined #openstack-keystone		14:40
marekd	dstanek: replied to your comment on https://review.openstack.org/#/c/265761	14:52
*** peter-hamilton has quit IRC		15:02
*** henrynash has joined #openstack-keystone		15:03
*** ChanServ sets mode: +v henrynash		15:03
*** einarf has quit IRC		15:06
*** dave-mccowan has joined #openstack-keystone		15:06
dstanek	marekd: already saw and responded :)	15:07
*** peter-hamilton has joined #openstack-keystone		15:07
*** dave-mcc_ has joined #openstack-keystone		15:07
marekd	dstanek: yeah, i am struggling with new jenkins	15:08
marekd	dstanek: can i change commit msg on the dashboard?	15:08
dstanek	marekd: i feel you pain. i still don't like it	15:08
marekd	like i could in the old jenkins	15:08
*** KarthikB has joined #openstack-keystone		15:09
dstanek	i don't know. i just looked and if you can it's not obvious	15:09
marekd	dstanek: but, you know how to do this or i will need to apply git and my terminal?	15:09
marekd	dstanek: and what the button 'follow up' does?	15:10
marekd	dstanek: iffff you happen to know...	15:10
dstanek	i have no idea. click it!	15:10
dstanek	it allows you to write a comment. not sure why though	15:11
*** dave-mccowan has quit IRC		15:11
*** henrynash has quit IRC		15:11
dstanek	i can see a way to edit the commit msg from the interface	15:12
dstanek	can't*	15:12
tjcocozz	dstanek, its in the files	15:12
anteaya	can either of you join us in -meeting? a third party ci operator is having a keystone auth issue	15:12
*** jsheeren has joined #openstack-keystone		15:13
*** jsheeren has quit IRC		15:15
dstanek	tjcocozz: ah, if you are looking at the file diff itself. thanks!	15:16
dstanek	anteaya: sure	15:16
tjcocozz	dstanek, i thought the "follow up" button creates a follow up patch. but idk how...	15:16
anteaya	dstanek: I think a solution has been found	15:16
*** petertr7 is now known as petertr7_away		15:18
*** ninag has joined #openstack-keystone		15:22
openstackgerrit	Marek Denis proposed openstack/keystone-specs: following up https://review.openstack.org/265877	15:22
*** topol has quit IRC		15:22
lbragstad	dolphm patch that jorge_munoz and I were working on Friday - https://review.openstack.org/#/c/265455/	15:22
*** belmoreira has quit IRC		15:24
*** timcline has joined #openstack-keystone		15:26
openstackgerrit	Marek Denis proposed openstack/keystone-specs: Fix incorrect links in OS-EP-FILTER docs https://review.openstack.org/265761	15:26
marekd	dstanek: ^^	15:26
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	15:29
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles API https://review.openstack.org/242614	15:29
openstackgerrit	ayoung proposed openstack/keystone: implied roles driver and manager https://review.openstack.org/264260	15:29
*** vivekd has joined #openstack-keystone		15:30
*** peter-hamilton has quit IRC		15:32
*** breitz has quit IRC		15:32
*** breitz has joined #openstack-keystone		15:32
*** fhubik is now known as fhubik_brb		15:33
*** GB21 has joined #openstack-keystone		15:35
*** spzala has joined #openstack-keystone		15:35
*** fhubik_brb is now known as fhubik		15:44
*** vgridnev has quit IRC		15:46
*** petertr7_away is now known as petertr7		15:49
*** tonytan4ever has joined #openstack-keystone		15:53
*** slberger has joined #openstack-keystone		15:54
*** jorge_munoz has quit IRC		15:57
*** topol has joined #openstack-keystone		15:58
*** ChanServ sets mode: +v topol		15:58
*** spzala has quit IRC		15:58
*** spzala has joined #openstack-keystone		15:59
*** fhubik is now known as fhubik_brb		16:00
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	16:03
*** spzala has quit IRC		16:04
*** jsavak has quit IRC		16:04
*** jorge_munoz has joined #openstack-keystone		16:08
*** csoukup has joined #openstack-keystone		16:08
*** fhubik_brb is now known as fhubik		16:08
*** rderose has quit IRC		16:09
*** rderose has joined #openstack-keystone		16:09
*** GB21 has quit IRC		16:10
*** GB21 has joined #openstack-keystone		16:11
*** tsymanczyk has joined #openstack-keystone		16:13
*** tsymanczyk is now known as Guest58072		16:13
marekd	bknudson_: Hi, with the review https://review.openstack.org/#/c/264854 i am having problem with tests failing in test_versions.py What I added there is https://review.openstack.org/#/c/264854/9/keystone/tests/unit/test_versions.py but still no success. Could you take a look at help me fixing that? Thanks a lot.	16:13
bjornar1	Help text on keystone-manage db_sync is wrong	16:13
bjornar1	it says BOOTSTRAP_* environment variables, but the correct is OS_BOOTSTRAP_*	16:14
marekd	bjornar1: if you know what's exactly wrong feel free to file a bug and patch that fixes that at the same time.	16:15
openstackgerrit	Merged openstack/keystone-specs: Fix incorrect links in OS-EP-FILTER docs https://review.openstack.org/265761	16:16
*** sigmavirus24_awa is now known as sigmavirus24		16:16
*** daemontool_ has quit IRC		16:21
*** jsavak has joined #openstack-keystone		16:21
*** shoutm has quit IRC		16:23
stevemar	bjornar1: ah missing OS_	16:25
stevemar	i can patch that quickly	16:25
notmorgan	marekd: you can change commit. There is an edit button, then you click commit file, edit the file, save, close, publish edit	16:27
*** nkinder has joined #openstack-keystone		16:27
notmorgan	marekd: you can actually edit any file from the web ui now	16:28
marekd	notmorgan: thanks	16:28
marekd	cc dstanek ^^	16:28
marekd	notmorgan: oh, that's handy!	16:28
*** rderose has quit IRC		16:28
notmorgan	Be warned, line wrap is wonky from the web ui	16:28
marekd	i would not plan ding real coding through web interface	16:29
marekd	rather typo fixes etc	16:29
notmorgan	And there is a way to make a new review from it directly as well	16:30
marekd	notmorgan: you mean?	16:31
notmorgan	I think that is the create followup	16:31
notmorgan	Thing	16:31
dstanek	marekd: yeah, tjcocozz mentioned that earlier	16:33
stevemar	marekd: click the "publish edit" button	16:34
*** jsavak has quit IRC		16:35
marekd	stevemar: notmorgan dstanek: THanks! I will also very much appreciate your help on how to propelly fill this file as my tests are failing on json home : https://review.openstack.org/#/c/264854/9/keystone/tests/unit/test_versions.py	16:36
*** jaosorior has quit IRC		16:36
*** jaosorior has joined #openstack-keystone		16:36
stevemar	notmorgan: so, bootstrap	16:37
notmorgan	Yessss	16:37
notmorgan	Fix typos. Win.	16:37
openstackgerrit	Ian Cordasco proposed openstack/oslo.policy: CLI Policy Check tool https://review.openstack.org/170978	16:37
stevemar	notmorgan: http://paste.openstack.org/show/483447/	16:37
*** jsavak has joined #openstack-keystone		16:38
stevemar	notmorgan: seems like to fix it, we'd have to prefix the CLI option with os- as well	16:38
notmorgan	Nah	16:38
notmorgan	Can use the direct source of env I am doing	16:39
notmorgan	And hard-set the var names in the help	16:39
*** fhubik is now known as fhubik_brb		16:39
*** vivekd has quit IRC		16:40
* sigmavirus24 hids		16:40
notmorgan	Oh actually	16:40
notmorgan	That isn't a bug	16:40
notmorgan	There is a difference between the cli param and the env var	16:40
stevemar	yesh	16:40
notmorgan	So maybe #wontfix	16:40
*** fhubik_brb is now known as fhubik		16:40
notmorgan	sigmavirus24: no hiding	16:41
* sigmavirus24 could just /part		16:42
notmorgan	sigmavirus24: I actually need to poke at you re: requests (don't hurt me), specifically around the CA bundle.	16:42
* sigmavirus24 is unsurprised		16:42
notmorgan	sigmavirus24: it makes me cry.	16:42
sigmavirus24	poke away	16:42
sigmavirus24	notmorgan: ah good. I love fresh tears. /s	16:42
notmorgan	How can we make it better? I have run into a lot of issues lately where I can't pass env vars down and have to directly patch the CA bundle	16:43
notmorgan	Or break my venvs to accept system packages that have patched it	16:43
notmorgan	I really want to not need to do that. (Think sudo/subcommands that spin up new shells)	16:44
*** vgridnev has joined #openstack-keystone		16:44
sigmavirus24	notmorgan: my vpn connection dropped. I'm I missed something after "it makes me cry"	16:44
sigmavirus24	*I'm assuming I missed something	16:44
notmorgan	sigmavirus24: doh!	16:44
notmorgan	Yah	16:44
sigmavirus24	http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/latest.log.html hasn't updated either	16:45
* sigmavirus24 is in the airport		16:45
sigmavirus24	ah there we go	16:45
sigmavirus24	that updated	16:45
stevemar	notmorgan: we should get them aligned (cli vs env) before it goes out into the wild	16:45
notmorgan	sigmavirus24: was retyping but slow on phone	16:45
sigmavirus24	notmorgan: let me grab lukasa too quickly	16:45
notmorgan	sigmavirus24: I want to help. And to be frank, the bundles CA makes me want to fork requests. And I really kind of don't want to.	16:46
notmorgan	sigmavirus24: so since you're here, I am asking if I can help in some way to make this better ;)	16:47
*** lukasa has joined #openstack-keystone		16:47
lukasa	You rang?	16:47
sigmavirus24	notmorgan: understood. I think lukasa and I need to better understand your limitations	16:47
notmorgan	So in cases where sudo, or other subshells get used	16:47
sigmavirus24	lukasa: context: notmorgan needs to update the CA bundle (or provide their own) but can't use environment variables and obviously can't monkey-patch the entire service	16:47
notmorgan	Often it isn't possible to guarantee the env vars are passed through to override requests CA bundle	16:48
notmorgan	If working in venvs and the like, this means I need to patch the CA bundle directly because it doesn't use the system ca	16:48
lukasa	notmorgan: I take it subshells are the actual concern here?	16:49
notmorgan	Or I need to allow the system parched requests package to break into the venv	16:49
lukasa	Like, that's what prevents keystone from taking a CLI arg and using it to set os.environ?	16:49
notmorgan	lukasa: mostly	16:49
lukasa	Though shouldn't subshells inherit os.environ from the parent process?	16:49
notmorgan	But think of it like from things deep in nova and theblike	16:49
notmorgan	Not with sudo and other similar things	16:49
notmorgan	Also venvs wreak havoc on env vars at times	16:50
lukasa	notmorgan: What I'm thinking about here is actually having keystone take a CLI arg	16:50
lukasa	And then when that CLI arg is set setting os.environ directly from inside keystone	16:50
lukasa	Trying to puzzle out why that won't work	16:50
notmorgan	We do that. But if something is calling something that is calling something that is calling keystone it tends to becomes hard to patch it all	16:50
notmorgan	Or in all locations	16:50
*** phalmos has joined #openstack-keystone		16:51
lukasa	notmorgan: Yeah, I can believe that. Does keystone have a config file that can be used to override this?	16:52
notmorgan	It's not specific to keystone	16:52
lukasa	(I'm basically trying to work out if we can solve this in one fell swoop for Keystone)	16:52
notmorgan	It is more in the depths of libraries	16:52
lukasa	notmorgan: So the goal here is to update the cert bundle used by all requests installs on the entire system regardless of what virtualenv they're in?	16:53
notmorgan	I've been working on a poc that uses letsencrypt, the CA hasn't been updated in requests as of my last build	16:53
lukasa	notmorgan: The LetsEncrypt CA is absolutely in requests	16:53
lukasa	Or rather, the root that cross-signs it	16:53
notmorgan	Like I said as of my last build	16:53
notmorgan	I needed to add their CA too iirc	16:54
lukasa	notmorgan: Sure, I'm just trying to pursue the option that hurt less, before we tackle the big scary request. =)	16:54
lukasa	notmorgan: What OS were you using?	16:54
lukasa	Distro and version specifically. =)	16:54
notmorgan	Ubuntu but with venvs	16:54
notmorgan	14.04	16:54
notmorgan	So I was installing a very new at the time rewuests	16:54
lukasa	Ugh, yeah, so the OpenSSL in that distro is ancient and can't validate the cross-signed root.	16:54
notmorgan	Yeah	16:54
lukasa	If you had OpenSSL 1.0.2 this wouldn't have been a problem. =P	16:54
lukasa	You're sitting in a real edge-case scenario here!	16:55
*** fhubik has quit IRC		16:55
notmorgan	So, I want to help here. But every time I run into these issues I want to just fork requests and never use it again	16:55
*** mhickey has quit IRC		16:55
notmorgan	And I've run into these issues in many various scenarios this is just the latest	16:55
lukasa	notmorgan: Your fix for the issue would be to use the system trust store, I take it?	16:55
*** opilotte has left #openstack-keystone		16:55
*** dims has joined #openstack-keystone		16:56
lukasa	As in, set the CA path to /etc/openssl/cert.pem or whatever Ubuntu is using?	16:56
notmorgan	Ideally, use system if no system exists fall back on the bundled one	16:56
*** dims_ has quit IRC		16:56
notmorgan	There aren't a lot of places for the stores to live in the distros, so it wouldn't be too bad to check them	16:56
lukasa	notmorgan: Whatever approach we take has to work on Windows and OS X too.	16:57
notmorgan	Hence the fallback	16:57
lukasa	Nah, the fallback's not good enough. If we're using the built-in trust on one platform we need to use it on all of them, or the debugging starts getting fairly painful fairly fast.	16:57
lukasa	I have the beginnings of a project for this.	16:57
lukasa	But it's not even close to done yet.	16:57
*** spzala has joined #openstack-keystone		16:58
notmorgan	OK cool. Glad you're working on it ;)	16:58
lukasa	https://github.com/python-hyper/certitude	16:58
lukasa	In the meantime, we need to solve the problem you have right now	16:58
notmorgan	I can work around my problems	16:58
openstackgerrit	Steve Martinelli proposed openstack/keystone: correct help text for bootstrap command https://review.openstack.org/265929	16:58
notmorgan	I was looking for how I can help to solve the long term problem rather than forking requests	16:58
lukasa	Yeah, so it's tricky, because the solution to this is moderately political.	16:59
notmorgan	And advocating using that fork in say keystone auth	16:59
notmorgan	Because, that would long term move OpenStack away from requests	16:59
lukasa	There's plenty of reason not to want to trust the system trust store.	16:59
lukasa	But many (most) people want one place to configure trust.	16:59
notmorgan	I think it is fine to still override	17:00
lukasa	Which is fair and reasonable.	17:00
notmorgan	Like requests allows and does	17:00
lukasa	notmorgan: Heh, sure, but as you're discovering, overriding isn't necessarily totally easy. And defaults matter.	17:00
*** rderose has joined #openstack-keystone		17:00
lukasa	Regardless, I think we should consider switching to system trust in 3.0.0	17:00
notmorgan	But I think default behavior makes more sense to use system	17:00
lukasa	And I should polish up certitude	17:00
notmorgan	But also in certitude or another similar project it could be easy to set at a system level a way to do the override	17:01
stevemar	notmorgan: https://review.openstack.org/#/c/265929/	17:01
notmorgan	If requests used it exclusively for exanple	17:01
lukasa	notmorgan: I don't really know how we could do it at a system level without using environment variables, which encounters this same problem.	17:01
notmorgan	I think that we could go as far as offering a config	17:01
notmorgan	But anyway I am looking to help here	17:02
lukasa	I hate it when libraries add a config file. ;)	17:02
lukasa	notmorgan: I know, and I appreciate that	17:02
lukasa	And we're really looking at it	17:02
notmorgan	Rather than burn energy on a fork or something else nuclear ;)	17:02
openstackgerrit	Lance Bragstad proposed openstack/keystone: Consolidate trusts crud tests https://review.openstack.org/265931	17:02
*** spzala has quit IRC		17:02
*** lhcheng has joined #openstack-keystone		17:02
*** ChanServ sets mode: +v lhcheng		17:02
notmorgan	So let me know how I can help even if it is stoking the fire with a "so this sucks"	17:03
lukasa	notmorgan: I'm opening an issue on GitHub right now, I'm happy to CC you in it for you to give us your 2 cents	17:03
notmorgan	But I have some spare cycles to contribute too. Hence the asking you and sigmavirus24 ;)	17:03
notmorgan	Will do when on a laptop and not a phone ;)	17:04
sigmavirus24	:+1:	17:04
sigmavirus24	Sorry, got tangled up in something else. I'll read the scrollback on my next flight	17:04
notmorgan	And happy to contribute to certitude if that is the place that needs help too.	17:04
*** jaosorior has quit IRC		17:04
sigmavirus24	notmorgan: every project needs help ;)	17:04
*** jaosorior has joined #openstack-keystone		17:04
sigmavirus24	how much help can you give :P	17:04
lukasa	notmorgan: Certitude may well be the place to contribute	17:04
lukasa	If we can get certitude working on Linux and Windows then I'm much more inclined to try to make the switch	17:05
notmorgan	I don't think a library that loads a config is terrible. But I am a huge fan of os-client-config for example. Specifically targeted config for specific reasons	17:05
notmorgan	Not general config	17:05
notmorgan	OK I'll take a look at it then.	17:05
notmorgan	lukasa: ;) thanks! :)	17:05
lukasa	notmorgan: I can understand that, but it gives me the willies. Libraries that think they have permission to go romping around the system make me al kinds of nervous.	17:06
lukasa	The risks of bugs or side-channel attacks on those libraries becomes quite high.	17:06
lukasa	Or the risk of breaking things that are vital to the system	17:06
notmorgan	I'll argue that bundling urlib opens similar doors due to not knowing what fixes have been/have not been applied. But that is not a argument I want to really go too deep on	17:07
notmorgan	It's kind of 6 of one 1/2 dozen of another	17:07
sigmavirus24	notmorgan: are you going to PyCon?	17:07
lukasa	=P I disagree, but you're right that we don't really want to dive into this argument too much.	17:07
notmorgan	Perhaos	17:07
notmorgan	I live in Portland. :p	17:08
*** gyee has joined #openstack-keystone		17:08
*** ChanServ sets mode: +v gyee		17:08
notmorgan	But haven't decided if I am goinf	17:08
*** Guest58072 is now known as tsymanczyk		17:08
notmorgan	Didn't submit a talk or anything.	17:08
*** sigmavirus24 is now known as sigmavirus24_awa		17:09
*** petertr7 is now known as petertr7_away		17:09
notmorgan	lukasa: i mean I kinda hate all openssl things at the moment a d wish it would all be replaced. Buuuuuttttt... That isn't going to happen soon.	17:09
lukasa	notmorgan: Heh, each new release of OpenSSL is better than the last. I have an ongoing frustration for Linux LTS releases right now because they are missing some really vital OpenSSL features.	17:10
notmorgan	Yeah. =/	17:10
notmorgan	Though rh based tends to be better due to backports	17:10
*** daemontool has joined #openstack-keystone		17:10
notmorgan	Ubuntu lts gets really frustrating at times	17:11
lukasa	Yeah, admittedly I've noticed very few Red Hat users complaining about being unable to chain up to cross-signed root certs	17:11
lukasa	They're almost always Ubuntu users	17:11
lukasa	Which I had genuinely not noticed before now. Hmm. =\	17:11
notmorgan	Long term letsencrypt probbaly should have their CA in the bundle.too anyway. But that is really a minor argument on CA s and the like	17:11
stevemar	marekd: no way to use these in an existing test? https://review.openstack.org/#/c/265809/2/keystone/tests/unit/test_v3.py	17:11
*** daemontool_ has joined #openstack-keystone		17:12
notmorgan	So, I'll look into certitude. See what I can do on that front so we can consider a move that way ;)	17:12
notmorgan	Seems like it.might be the easiest (and most contained) way to move this towards making requests better on this front long term	17:13
notmorgan	Because that is what I want.	17:13
lukasa	notmorgan: LetsEncrypt is nearly in the mozilla bundle	17:13
lukasa	So, notmorgan, what's your GH username so I can tag you?	17:14
notmorgan	Morganfainberg I think	17:14
notmorgan	I rarely use gh so... I am guessing	17:14
lukasa	notmorgan: Heh, sure. =)	17:14
notmorgan	Stopped doing much gh work when I stopped contributing to saltstack	17:15
lukasa	notmorgan: That looks plausible	17:15
*** petertr7_away is now known as petertr7		17:15
*** daemontool has quit IRC		17:15
notmorgan	And dogpile/sqla is on bitbucket	17:15
*** rderose has quit IRC		17:15
notmorgan	lukasa: cool and thnx for the time ;)	17:16
lukasa	notmorgan: My pleasure. Feel free to ping me whenever. =)	17:16
*** jorge_munoz has quit IRC		17:16
notmorgan	And yah it was me just got the email from gh for being tagged	17:16
notmorgan	stevemar: what was that review?	17:17
notmorgan	stevemar: on a phone and scroll back is being wonky	17:17
stevemar	notmorgan: oh, fixing up env var in help	17:18
stevemar	notmorgan: https://review.openstack.org/#/c/265929/	17:18
*** GB21 has quit IRC		17:19
roxanaghe	hi marekd, I've been trying to help out testing this patch https://review.openstack.org/#/c/242512/ and I've come through some struggle with mapping the code doc with how to run it against my ADFS server, so I'll submit a patch with my findings if you don't mind	17:20
*** lukasa has left #openstack-keystone		17:20
notmorgan	stevemar: +2 but can't review via phone	17:22
notmorgan	So, will publish soonish	17:22
roxanaghe	marekd, also, if you have any idea about this error on the ADFS server: http://paste.openstack.org/show/483451/ I got this with or without the patch after sending the assertion to the service provider and that kind of blocks me moving forward	17:23
*** tonytan4ever has quit IRC		17:23
openstackgerrit	Navid Pustchi proposed openstack/keystone: Delete checks for default domain delete https://review.openstack.org/264342	17:26
*** doug-fish has quit IRC		17:41
*** doug-fish has joined #openstack-keystone		17:42
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Manager support for project cascade update https://review.openstack.org/243584	17:43
*** doug-fish has quit IRC		17:47
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: API support for project cascade update https://review.openstack.org/243585	17:47
*** mrghort has joined #openstack-keystone		17:48
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Improve Conflict error message in IdP creation https://review.openstack.org/265279	17:50
*** timcline has quit IRC		17:52
*** jbell8 has joined #openstack-keystone		17:52
openstackgerrit	ayoung proposed openstack/keystone-specs: Tokens with subsets of roles or endpoints https://review.openstack.org/186979	17:54
*** pnavarro has quit IRC		17:55
*** e0ne has quit IRC		18:01
stevemar	bknudson_: this is ready right? https://review.openstack.org/#/c/258143/ and should resolve that PKI bug?	18:05
stevemar	ayoung: dolphm notmorgan dstanek ^^^ can we get a review of that?	18:05
openstackgerrit	guang-yee proposed openstack/keystonemiddleware: Enforce endpoint constraint https://review.openstack.org/177661	18:10
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Add backend support for deleting a projects list https://review.openstack.org/245916	18:10
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Manager support for project delete cascade https://review.openstack.org/244149	18:11
*** tsymanczyk has quit IRC		18:12
*** jistr has quit IRC		18:15
*** sileht has quit IRC		18:17
*** topol has quit IRC		18:17
*** csoukup has quit IRC		18:18
*** _cjones_ has joined #openstack-keystone		18:18
*** spandhe has joined #openstack-keystone		18:19
*** jimbaker has joined #openstack-keystone		18:25
*** timcline has joined #openstack-keystone		18:26
*** timcline_ has joined #openstack-keystone		18:29
*** timcline has quit IRC		18:29
*** daemontool_ has quit IRC		18:30
*** sileht has joined #openstack-keystone		18:33
*** aix has quit IRC		18:35
*** tsymanczyk has joined #openstack-keystone		18:37
*** tsymanczyk is now known as Guest2475		18:38
stevemar	dstanek: curious, why you didn't +A https://review.openstack.org/#/c/258143/ ? waiting for others to chime in?	18:38
*** petertr7 is now known as petertr7_away		18:41
*** jorge_munoz has joined #openstack-keystone		18:45
dstanek	stevemar: no, accident. none of my tooling works with the new interface	18:45
stevemar	yay	18:48
stevemar	now to cherry-pick to liberty and kilo	18:48
stevemar	gah, merge conflict with kilo -_-	18:49
*** e0ne has joined #openstack-keystone		18:49
*** jaosorior has quit IRC		18:53
*** jaosorior has joined #openstack-keystone		18:54
*** Guest41804 is now known as mgagne		18:54
*** mgagne is now known as Guest84419		18:55
*** topol has joined #openstack-keystone		18:56
*** ChanServ sets mode: +v topol		18:56
*** spzala has joined #openstack-keystone		18:56
stevemar	anyone want to backport https://review.openstack.org/#/c/258141/ to liberty and kilo ? :)	18:58
*** doug-fish has joined #openstack-keystone		19:03
*** tsymancz1k has joined #openstack-keystone		19:04
*** Guest2475 has quit IRC		19:04
tjcocozz	stevemar, i can do it.	19:06
stevemar	tjcocozz: <3	19:06
*** doug-fish has quit IRC		19:07
*** doug-fish has joined #openstack-keystone		19:07
tjcocozz	stevemar, to be honest i had to look up what that ment. :/	19:08
stevemar	tjcocozz: aren't you the new young person in the group?	19:11
stevemar	i thought i was cool and hip	19:11
notmorgan	stevemar: pKI bug?	19:11
notmorgan	oh the rev. bypass thing	19:11
stevemar	yeshhh	19:12
stevemar	tjcocozz: https://en.wikipedia.org/wiki/Heart_(symbol)#Encoding wiki agrees with me	19:12
tjcocozz	stevemar, ha i was never the cool kid.	19:12
*** jasonsb has joined #openstack-keystone		19:12
stevemar	lies	19:13
*** tsymancz1k has quit IRC		19:13
*** csoukup has joined #openstack-keystone		19:14
gyee	stevemar, we don't support WebSSO via CLI do we?	19:15
notmorgan	gyee: i'll websso you via cli [wait that doesn't make sense]	19:18
gyee	notmorgan, yeah, I thought so too	19:18
*** Guest84419 is now known as mgagne		19:18
gyee	so this ADFSPassword plugin for CLI doesn't add up for me	19:18
*** mgagne has quit IRC		19:18
*** mgagne has joined #openstack-keystone		19:18
* gyee is looking for Houdini		19:19
notmorgan	gyee: he's dead	19:21
notmorgan	gyee: you might want to wait for gadot	19:21
notmorgan	i hear he'll "be right back"	19:22
gyee	hah	19:22
*** tsymancz1k has joined #openstack-keystone		19:22
notmorgan	stevemar: less than 3? what's less than 3 :P	19:22
notmorgan	shiftyeyes	19:22
notmorgan	gyee: https://review.openstack.org/#/c/265002/	19:23
notmorgan	if you don't mind.	19:23
notmorgan	it's a real problem	19:23
gyee	yes sir	19:23
notmorgan	dstanek: ah beat me to the middleware thing	19:23
gyee	don't know we do revoke by audit_id	19:27
notmorgan	gyee: we support it now	19:27
notmorgan	well	19:27
notmorgan	more that we support revocations and include audit ids of tokens	19:27
notmorgan	which prevents the PKI bypass	19:28
gyee	clever	19:28
notmorgan	stevemar: master for v2 users outside default domain is +W	19:29
notmorgan	stevemar: https://review.openstack.org/#/c/265023/ should be considered as should the kilo one now.	19:29
notmorgan	gyee: also https://review.openstack.org/#/c/265024/ the reno for that change you just +W'd	19:30
gyee	normorgan, done	19:31
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity https://review.openstack.org/262045	19:31
*** petertr7_away is now known as petertr7		19:33
*** jaosorior has quit IRC		19:33
*** spzala has quit IRC		19:33
*** spzala has joined #openstack-keystone		19:34
*** spzala_ has joined #openstack-keystone		19:37
*** spzala has quit IRC		19:38
stevemar	gyee: whats this swift ACL issue you keep talking about?	19:38
gyee	stevemar, you can setup a Swift ACL with username only	19:39
gyee	username, project name	19:39
*** ankita_wagh has joined #openstack-keystone		19:39
gyee	instead of using IDs	19:39
stevemar	there a bug you referring to?	19:40
stevemar	cause i still have no idea what you're talking about :)	19:40
gyee	stevemar, https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py#L143	19:41
gyee	let me dig up the bug	19:41
*** spzala_ has quit IRC		19:41
*** jsavak has quit IRC		19:42
*** jsavak has joined #openstack-keystone		19:42
gyee	stevemar, https://bugs.launchpad.net/swift/+bug/1299146	19:43
openstack	Launchpad bug 1299146 in openstack-manuals "keystoneauth middleware not domain aware (keystone v3 issue)" [Medium,Fix released] - Assigned to Anne Gentle (annegentle)	19:43
gyee	sorry that was mostly the mess I created	19:43
* gyee feels like that Vikins placekicker		19:44
tjcocozz	gyee, only a 99% chance of him making that kick :/	19:44
stevemar	tjcocozz, you must be sad about that	19:45
tjcocozz	stevemar, this was suppose to be our year!	19:45
openstackgerrit	Merged openstack/keystonemiddleware: auth_token verify revocation by audit_id https://review.openstack.org/258143	19:46
stevemar	tjcocozz: guess not :O	19:46
tjcocozz	stevemar, https://s-media-cache-ak0.pinimg.com/originals/91/ac/19/91ac196c8a6f22963e660fb14388152b.gif	19:46
tjcocozz	stevemar, my reaction exatly	19:47
stevemar	lol	19:47
*** petertr7 is now known as petertr7_away		19:48
gyee	tjcocozz, sorry about that	19:48
raildo	tjcocozz: haha	19:48
stevemar	gyee: i'm still not seeing how not validating domain IDs affects swift ACLs	19:50
tjcocozz	gyee, its all good. its just a game........	19:50
notmorgan	uhmm. stevemar http://logs.openstack.org/86/249486/14/check/gate-tempest-dsvm-keystone-eventlet-full/f52f535/ remove the eventlet-full job from post liberty on keystone to drop eventlet support	19:50
notmorgan	stevemar: zuul cange	19:50
notmorgan	change*	19:50
*** ninag has quit IRC		19:51
*** ninag has joined #openstack-keystone		19:51
*** iurygregory has quit IRC		19:51
gyee	stevemar, say you get a token for a non-default domain user using V2 and validated it using v2, the domain information is omitted	19:51
stevemar	notmorgan: we're waiting til we have a uwsgi job in place before removing eventlet	19:51
notmorgan	stevemar: just pointing out that is why that is failing	19:52
stevemar	notmorgan: yeah, i know	19:52
gyee	for legacy accounts, Swift will assume it is a default domain user	19:52
stevemar	notmorgan: was this in regard to a review i requested?	19:52
notmorgan	stevemar: a couple days ago i think	19:52
stevemar	notmorgan: oh maybe it was a copy paste fail, i meant this one: https://review.openstack.org/#/c/259733/	19:53
notmorgan	ah	19:53
*** petertr7_away is now known as petertr7		19:53
*** ninag has quit IRC		19:53
*** ninag has joined #openstack-keystone		19:53
stevemar	gyee: so you can't create an ACL that takes into account the domain?	19:54
notmorgan	stevemar: might not be your fault: http://logs.openstack.org/33/259733/10/check/gate-devstack-dsvm-updown/411324e/logs/devstack-subnodes-early.txt.gz	19:54
notmorgan	stevemar: you might need to ask someone familiar with the updown test	19:55
notmorgan	not sure what that does	19:55
gyee	stevemar, for cross-tenant ACLs, only names or IDs	19:56
gyee	if you crate an ACL with IDs only, you are safe	19:56
notmorgan	and/or use a v3 aware middleware	19:56
notmorgan	vs. a v2 specific one	19:56
gyee	exactly	19:56
notmorgan	basically, this was silly to begin with	19:57
notmorgan	and continues to be silly	19:57
gyee	though the latest Swift code account for domains during account provisioning	19:57
notmorgan	the fix is "don't use v2 swift middware"	19:57
notmorgan	keystone v2 swift middleware	19:57
*** spzala has joined #openstack-keystone		20:00
openstackgerrit	Lance Bragstad proposed openstack/keystone: Separate trust crud tests from trust auth tests https://review.openstack.org/265931	20:01
*** jsavak has quit IRC		20:01
*** jsavak has joined #openstack-keystone		20:01
*** ninag has quit IRC		20:01
openstackgerrit	Henrique Truta proposed openstack/keystone: Constraint to prevent duplicate endpoints https://review.openstack.org/134095	20:02
*** ninag has joined #openstack-keystone		20:02
*** ninag_ has joined #openstack-keystone		20:03
*** ninag has quit IRC		20:06
*** ninag_ has quit IRC		20:08
*** fpatwa has quit IRC		20:15
*** mhickey has joined #openstack-keystone		20:19
*** aginwala has joined #openstack-keystone		20:23
*** slberger has quit IRC		20:27
openstackgerrit	Henrique Truta proposed openstack/keystone: Removes project.domain_id FK https://review.openstack.org/233274	20:30
*** ankita_wagh has quit IRC		20:31
*** jsavak has quit IRC		20:32
*** jsavak has joined #openstack-keystone		20:35
*** henrynash has joined #openstack-keystone		20:37
*** ChanServ sets mode: +v henrynash		20:37
henrynash	stevemar, ayoung, gyee, dtsanek, dolphm: there are couple of “create V9 driver” patches (all using the same technique): we’ve already validated the approach with V9Assignment - let’s get these in (easy reviews) so the various dependent patches can proceeed: https://review.openstack.org/#/c/262082/ https://review.openstack.org/#/c/262307/	20:40
ayoung	henrynash, will do, after fininshing up adding the list-all function for implied roles	20:41
*** aginwala has quit IRC		20:41
henrynash	ayoung: (thx)….I on that, should it take query params? I was thinking if you could specify implied_role_id adn prior_role_id then maybe you would not need the formal paramter?	20:42
tjcocozz	keystone liberty backport: Add audit IDs to revocation events https://review.openstack.org/#/c/266022/	20:43
openstackgerrit	Lance Bragstad proposed openstack/keystone: Separate trust crud tests from trust auth tests https://review.openstack.org/265931	20:44
notmorgan	tjcocozz: uhmm..	20:45
tjcocozz	notmorgan, hi	20:45
tjcocozz	notmorgan, what did i do wrong?	20:45
notmorgan	tjcocozz: that might not be backportable	20:45
openstackgerrit	Ron De Rose proposed openstack/keystone: Shadow users: unified identity https://review.openstack.org/262045	20:45
tjcocozz	notmorgan, why's that?	20:45
notmorgan	tjcocozz: nothing, except it changes the resulting data in the revocation list	20:46
notmorgan	and if someone is consuming that data	20:46
notmorgan	it might break them	20:46
tjcocozz	stevemar, ^^	20:46
notmorgan	i was worried about that in the initial implementation fwiw	20:46
stevemar	notmorgan: someone consuming the result of the database or an API call?	20:47
notmorgan	API call	20:47
notmorgan	the revocation list is something we expose.	20:47
notmorgan	sure it's a dict, but people do silly things	20:47
notmorgan	for what it's worth i really wanted it to be revocations?by_audit_id	20:48
notmorgan	or something	20:48
notmorgan	at the API layer	20:48
notmorgan	that way no one is broken.	20:48
*** timcline_ has quit IRC		20:48
stevemar	hmmm	20:49
dstanek	notmorgan: wow, really?	20:49
notmorgan	dstanek: changing the data returned from an API materially like this is not something i think we should be doing	20:50
notmorgan	dstanek: but then again i am in the boat that every single proposed feature this cycle should be -2'd.	20:50
dstanek	notmorgan: don't we add things all the time?	20:50
notmorgan	dstanek: somewhat. but we have had cases where adding things has broken people	20:51
notmorgan	even in adict	20:51
notmorgan	esp. on the token-related fronts	20:51
stevemar	notmorgan: but we're just adding extra content	20:51
*** tsymancz1k has quit IRC		20:51
stevemar	we should update: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-revoke-ext.html#list-revocation-events	20:52
notmorgan	anyway. be very careful backporting those things	20:53
notmorgan	thats all	20:53
*** doug-fish has quit IRC		20:54
*** doug-fish has joined #openstack-keystone		20:55
tjcocozz	stevemar, should i do the kilo backport now. or do i wait till this liberty one get merged?	20:56
ayoung	henrynash, yeah, we could do that, but I think for now I just want to implement the spec as written. Its a little more verbose, but less surprising. Look at it once it is written and we can reconsider.	20:57
stevemar	tjcocozz: toss it up please, we can discuss it tomorrow at the meeting	20:57
henrynash	ayoung: np	20:57
tjcocozz	stevemar, cool!	20:57
*** aginwala has joined #openstack-keystone		20:57
stevemar	tjcocozz: add it to the agenda too :O	20:57
tjcocozz	stevemar, okay. should i delete whats there?	20:59
tjcocozz	https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting <- this is the right link?	20:59
gyee	henrynash, yeah, they look fine	20:59
henrynash	gyee: txh	20:59
*** doug-fish has quit IRC		20:59
gyee	henrynash, just a question on the common pattern, but otherwise the look fine	21:00
henrynash	gyee: thx (even)	21:00
notmorgan	stevemar: yeah not gonna block it just concerned - also is there a point to backport it? can we backport the KSM change w/o breaking folks who haven't updated their keystone	21:00
henrynash	gyee: jeah, just saw that	21:00
*** doug-fish has joined #openstack-keystone		21:00
*** timcline has joined #openstack-keystone		21:00
notmorgan	stevemar: i don't think we can backport the KSM change w/o making it fallback to using token_ids	21:00
notmorgan	stevemar: i think it would probably just be best to not backport either of these	21:00
*** Eva-i has left #openstack-keystone		21:00
henrynash	gyee: I might go back in after we merge these and make that bit common	21:01
henrynash	gyee: good idea	21:01
gyee	henrynash, excellent!	21:01
*** tsymanczyk has joined #openstack-keystone		21:01
stevemar	notmorgan: we can chat about it tomorrow i suppose, see what bknudson_thinks	21:01
notmorgan	yeah	21:01
stevemar	he's the brains behind the patch anyway	21:01
notmorgan	that would be best	21:01
*** jbell8 has quit IRC		21:02
*** tsymanczyk is now known as Guest52537		21:02
*** ninag has joined #openstack-keystone		21:04
*** slberger has joined #openstack-keystone		21:05
*** jsavak has quit IRC		21:05
*** jsavak has joined #openstack-keystone		21:06
tjcocozz	stevemar, on the keystone meeting page can update the date and remove the bullet points?	21:09
*** pauloewerton has quit IRC		21:09
stevemar	can someone approve https://review.openstack.org/#/c/263594/ ?	21:13
stevemar	tjcocozz: sure	21:13
tjcocozz	stevemar, done	21:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	21:14
htruta	henrynash: here you go ^	21:14
stevemar	notmorgan: got time to review: https://review.openstack.org/#/c/212345/8 for jamielennox ?	21:15
notmorgan	stevemar: yeah	21:15
stevemar	notmorgan: and https://review.openstack.org/205440	21:15
stevemar	notmorgan: that should make KSM ready for a release	21:15
*** Guest52537 is now known as tsymanczyk		21:16
stevemar	notmorgan: and push this simple one through: https://review.openstack.org/#/c/263594/ it's slowly being fixed in all projects	21:17
henrynash	htruta: looking	21:17
*** aginwala has quit IRC		21:17
stevemar	notmorgan: i'll be back later in the evening my time, gotta go look at closet organizers now :O	21:18
*** sigmavirus24_awa is now known as sigmavirus24		21:19
henrynash	stevemar: are those organizders of closets, or a new unrepresented class of minorities?	21:23
*** e0ne has quit IRC		21:25
*** jsavak has quit IRC		21:26
*** jsavak has joined #openstack-keystone		21:26
*** dslev has joined #openstack-keystone		21:28
*** jsavak has quit IRC		21:31
*** jsavak has joined #openstack-keystone		21:33
*** lhcheng has quit IRC		21:36
*** aginwala has joined #openstack-keystone		21:42
*** vgridnev has quit IRC		21:43
*** sigmavirus24 is now known as sigmavirus24_awa		21:51
*** dstanek has quit IRC		21:53
openstackgerrit	Lance Bragstad proposed openstack/keystone: Consolidate trust tests into a single class https://review.openstack.org/266052	21:53
openstackgerrit	Lance Bragstad proposed openstack/keystone: Run all trust tests with uuid token provider https://review.openstack.org/266053	21:53
openstackgerrit	Lance Bragstad proposed openstack/keystone: Run all trust tests with the fernet token provider https://review.openstack.org/266054	21:53
*** dstanek has joined #openstack-keystone		21:53
*** ChanServ sets mode: +v dstanek		21:53
openstackgerrit	Merged openstack/keystone: correct help text for bootstrap command https://review.openstack.org/265929	21:57
*** ankita_wagh has joined #openstack-keystone		21:57
lbragstad	jorge_munoz I was able to expose another bug with fernet and trusts in the latest patch ^	21:59
openstackgerrit	Merged openstack/keystone: Revert "Validate domain ownership for v2 tokens" https://review.openstack.org/265002	22:01
*** ryanpetrello has quit IRC		22:04
-openstackstatus- NOTICE: Gerrit is restarting to resolve java memory issues		22:05
*** woodster_ has joined #openstack-keystone		22:06
breton_	java memory issues	22:10
*** doug-fish has quit IRC		22:12
*** mrghort has quit IRC		22:13
*** doug-fish has joined #openstack-keystone		22:13
*** petertr7 is now known as petertr7_away		22:14
*** spzala has quit IRC		22:14
*** spzala has joined #openstack-keystone		22:14
*** doug-fish has quit IRC		22:17
*** spzala has quit IRC		22:19
openstackgerrit	Merged openstack/python-keystoneclient: Fix for the deprecated library function https://review.openstack.org/263594	22:20
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles API https://review.openstack.org/242614	22:22
openstackgerrit	ayoung proposed openstack/keystone: implied roles driver and manager https://review.openstack.org/264260	22:22
*** jed56 has quit IRC		22:23
*** Guest74023 is now known as med_		22:23
*** med_ has quit IRC		22:23
*** med_ has joined #openstack-keystone		22:23
*** aginwala has quit IRC		22:25
*** aginwala has joined #openstack-keystone		22:28
openstackgerrit	Tom Cocozzello proposed openstack/keystone: WIP List assignments with names https://review.openstack.org/249958	22:30
*** mhickey has quit IRC		22:33
*** jsavak has quit IRC		22:34
*** sigmavirus24_awa is now known as sigmavirus24		22:34
*** jsavak has joined #openstack-keystone		22:34
*** spzala has joined #openstack-keystone		22:37
*** ryanpetrello has joined #openstack-keystone		22:37
*** doug-fis_ has joined #openstack-keystone		22:42
*** doug-fis_ has quit IRC		22:46
jamielennox	notmorgan: i read some of the scrollback, but why does certitude help us?	22:48
notmorgan	jamielennox: encapsulation if it can already do OSX and Windows cert store stuff	22:49
notmorgan	jamielennox: rather than requests needing to learn it	22:49
*** topol has quit IRC		22:50
jamielennox	notmorgan: that's still not going to give you a default or anything though right? how do you point at it	22:50
jamielennox	from the readme it seems like it's a format problem for osx, that's not the case on linux (no idea for windows)	22:51
*** topol has joined #openstack-keystone		22:51
*** ChanServ sets mode: +v topol		22:51
notmorgan	jamielennox: you can ask OSX for "hey whats the certs" and if the tool translates great	22:54
notmorgan	just ask "give me cert store"	22:54
notmorgan	and get it, that is what requests needs more than "am i on windows, linux (yubuntu? RH? Suse?), OS X, BSD" etc	22:55
*** topol has quit IRC		22:55
jamielennox	notmorgan: hmm, i can see tht we need the abstraction, but that means we still need to change code everywhere	22:57
jamielennox	notmorgan: i guess it's the exact same abstraction we were considering putting into keystoneauth anyway	22:58
jamielennox	notmorgan: whoa, dep on cryptography	22:59
notmorgan	yeah	22:59
notmorgan	i think certitude was the thing we wanted	22:59
notmorgan	but i have been off in dealing with an expense report land for a short bit	22:59
*** dslev has quit IRC		23:00
*** dave-mcc_ has quit IRC		23:00
*** timcline has quit IRC		23:05
*** lhcheng has joined #openstack-keystone		23:08
*** ChanServ sets mode: +v lhcheng		23:08
*** jsavak has quit IRC		23:11
*** phalmos has quit IRC		23:13
*** jasonsb has quit IRC		23:13
*** lhcheng_ has joined #openstack-keystone		23:14
*** csoukup has quit IRC		23:17
*** lhcheng has quit IRC		23:17
*** sigmavirus24 is now known as sigmavirus24_awa		23:28
*** spzala has quit IRC		23:30
htruta	henrynash, are you still around?	23:31
*** spzala has joined #openstack-keystone		23:31
*** aginwala has quit IRC		23:31
*** spzala has quit IRC		23:32
*** spzala has joined #openstack-keystone		23:32
*** aginwala has joined #openstack-keystone		23:35
*** spzala has quit IRC		23:37
*** alejandrito has quit IRC		23:40
*** gordc has quit IRC		23:53

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!