Wednesday, 2016-01-13

*** spzala has quit IRC		00:00
*** jmccrory has quit IRC		00:04
*** dims has joined #openstack-keystone		00:09
*** henrynash has quit IRC		00:10
*** henrynash has joined #openstack-keystone		00:12
*** ChanServ sets mode: +v henrynash		00:12
*** aginwala has quit IRC		00:13
openstackgerrit	henry-nash proposed openstack/keystone: Update v3policysample tests to use admin_project not special domain_id https://review.openstack.org/266617	00:15
*** thetrav has joined #openstack-keystone		00:16
henrynash	lbragstad: see patch above	00:17
*** aginwala has joined #openstack-keystone		00:18
*** sigmavirus24 is now known as sigmavirus24_awa		00:21
*** spzala has joined #openstack-keystone		00:24
*** jsavak has quit IRC		00:24
*** shoutm_ has joined #openstack-keystone		00:28
*** spzala has quit IRC		00:28
*** shoutm has quit IRC		00:30
*** Ephur has quit IRC		00:31
jamielennox	notmorgan: memorycache is dead!	00:42
notmorgan	jamielennox: huzzah	00:42
jamielennox	i'm sure there was something i wanted to do after that but i can't remember what it was	00:43
jamielennox	stevemar: are you planning releases for ksm?	00:45
stevemar	jamielennox: yeah, just waiting on the PKI by pass fixes to go in	00:45
jamielennox	oh, release notes are merging	00:45
stevemar	jamielennox: that's fine, we can release for mitaka	00:46
jamielennox	stevemar: no rush, i just saw that you were planning them from the other day	00:46
stevemar	liberty and kilo fixes for it are here: https://review.openstack.org/#/q/topic:bug/1490804	00:46
stevemar	jamielennox: if you could review these: https://review.openstack.org/#/q/topic:bug/1490804+status:open that would help me out so much	00:49
stevemar	that would get me setup for a kilo and liberty release of both ksm and keystone	00:50
*** Ephur has joined #openstack-keystone		00:51
*** Ephur has quit IRC		00:56
*** aginwala has quit IRC		01:00
openstackgerrit	Steve Martinelli proposed openstack/keystone: Fix incorrect signature in federation legacy V8 wrapper https://review.openstack.org/266559	01:01
jamielennox	stevemar: i've only got +1 on stable	01:01
jamielennox	stevemar: both look good	01:03
stevemar	how the hell do you only have +1 on stable	01:04
stevemar	hmm, i can't even add you easily, i need to bug mriedem about that	01:05
*** aginwala has joined #openstack-keystone		01:05
stevemar	jamielennox: can you review the middleware patches too? https://review.openstack.org/#/q/topic:bug/1490804+status:open :)	01:05
stevemar	i think those were more complex	01:06
*** ankita_wagh has quit IRC		01:07
jamielennox	i think that's normal it's a different group or something	01:09
*** shaleh has quit IRC		01:09
*** itlinux has quit IRC		01:10
*** ekarlso has quit IRC		01:10
openstackgerrit	Merged openstack/keystonemiddleware: create release notes for ksm 4.1.0 https://review.openstack.org/266474	01:14
*** doug-fish has quit IRC		01:18
*** _zouyee has joined #openstack-keystone		01:18
*** doug-fish has joined #openstack-keystone		01:19
jamielennox	stevemar: is there a reason we don't test audit_ids on cached tokens?	01:19
jamielennox	stevemar: do we only care about audit ids for PKI	01:20
openstackgerrit	henry-nash proposed openstack/keystone: Update v3policysample tests to use admin_project not special domain_id https://review.openstack.org/266617	01:20
*** ankita_wagh has joined #openstack-keystone		01:21
*** aginwala has quit IRC		01:23
*** ankita_wagh has quit IRC		01:24
*** aginwala has joined #openstack-keystone		01:25
*** _cjones_ has quit IRC		01:27
*** lhcheng has quit IRC		01:28
*** EinstCrazy has joined #openstack-keystone		01:30
*** doug-fish has quit IRC		01:33
*** dims has quit IRC		01:38
*** davechen has joined #openstack-keystone		01:39
*** spzala has joined #openstack-keystone		01:40
stevemar	jamielennox: not sure :\|	01:40
*** KarthikB_ has joined #openstack-keystone		01:42
*** KarthikB_ has quit IRC		01:44
*** KarthikB_ has joined #openstack-keystone		01:45
*** KarthikB_ has quit IRC		01:50
*** KarthikB_ has joined #openstack-keystone		01:50
*** chlong is now known as chlong-afk		01:53
stevemar	jamielennox: can i bug you for some investimagative work?	02:03
jamielennox	stevemar: hmm	02:03
stevemar	jamielennox: i think this patch https://review.openstack.org/#/c/257220/2 needs extra massaging, but i can't tell where	02:03
stevemar	looks like it uses filter_factory and AuthProtocol from auth_token	02:04
stevemar	those should be easily hot swapped right?	02:04
*** aginwala has quit IRC		02:10
*** aginwala has joined #openstack-keystone		02:17
*** aginwala has quit IRC		02:19
*** thetrav has quit IRC		02:29
*** dave-mccowan has joined #openstack-keystone		02:30
jamielennox	stevemar: what is blazar?	02:31
stevemar	jamielennox: heck if i know	02:32
*** EinstCrazy has quit IRC		02:32
*** EinstCrazy has joined #openstack-keystone		02:32
jamielennox	stevemar: so i'm not sure you need https://review.openstack.org/#/c/257220/2/climate/api/v2/app.py	02:33
jamielennox	they're registering opts to a global CONF so that should be one for them	02:33
jamielennox	oh - nvm, it's a pecan thing	02:34
jamielennox	ergh	02:34
jamielennox	stevemar: so there's no reason i think to pass conf=keystone_config or do any of that dict handling	02:35
jamielennox	just do AuthProtocol(app) and it will read the options from the global config option	02:35
jamielennox	whether they are doing the right thing in their tests for that to work is another thing altogether	02:35
davechen	henrynash: when you online, could you pls help to take a look at this one again? - https://review.openstack.org/#/c/215041/	02:36
davechen	henrynash: does my change for driver interface is correct?	02:36
jamielennox	i'l try it	02:37
*** slberger has left #openstack-keystone		02:40
*** KarthikB_ has quit IRC		02:44
*** KarthikB_ has joined #openstack-keystone		02:45
*** __zouyee has joined #openstack-keystone		02:49
*** shoutm_ has quit IRC		02:49
*** KarthikB_ has quit IRC		02:49
*** aginwala has joined #openstack-keystone		02:50
henrynash	davechen: will look in a short while	02:50
*** aginwala has quit IRC		02:50
*** aginwala has joined #openstack-keystone		02:51
openstackgerrit	Merged openstack/keystone: Create V9 version of resource driver interface https://review.openstack.org/262082	02:52
*** aginwala has quit IRC		02:53
*** aginwala has joined #openstack-keystone		02:53
davechen	henrynash: thanks you sir!	02:55
*** shoutm has joined #openstack-keystone		02:55
*** aginwala_ has joined #openstack-keystone		02:59
*** aginwala has quit IRC		03:00
*** spandhe has quit IRC		03:00
henrynash	davchen: looks good…see one comment (about a comment...)	03:01
*** sigmavirus24_awa is now known as sigmavirus24		03:02
*** spzala has quit IRC		03:04
*** spzala has joined #openstack-keystone		03:04
*** spzala has quit IRC		03:09
*** gildub has joined #openstack-keystone		03:10
*** sudorandom has quit IRC		03:14
*** shoutm_ has joined #openstack-keystone		03:14
*** sudorandom has joined #openstack-keystone		03:16
*** shoutm has quit IRC		03:16
*** dims has joined #openstack-keystone		03:17
*** henrynash has quit IRC		03:18
*** ekarlso has joined #openstack-keystone		03:19
davechen	henrynash: true! I will add a comment there.	03:19
*** links has joined #openstack-keystone		03:23
*** edmondsw has quit IRC		03:27
jamielennox	stevemar: https://review.openstack.org/257220 - i also stole authorship	03:28
*** sigmavirus24 is now known as sigmavirus24_awa		03:32
*** dims has quit IRC		03:33
*** gyee has quit IRC		03:34
openstackgerrit	Dave Chen proposed openstack/keystone: Enable `id`, `enabled` attributes filtering for list IdP API https://review.openstack.org/215041	03:34
*** vivekd has joined #openstack-keystone		03:36
davechen	henrynash: done. :)	03:36
*** woodster_ has quit IRC		03:36
*** hideme has joined #openstack-keystone		03:41
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Add project_name to the auth_token fixture https://review.openstack.org/266664	03:48
stevemar	jamielennox: by all means, steal away	03:55
stevemar	would have taken me 10x longer to figure that mess out	03:55
jamielennox	stevemar: yea, the fixture is notmorgan's and has proved really useful	03:55
jamielennox	but it hasn't been publicised much	03:55
* notmorgan perks up looks around, then goes and hides under a rock again		03:56
jamielennox	notmorgan: https://review.openstack.org/266664	03:59
jamielennox	and stevemar ^	03:59
jamielennox	really simple, can get it in release	03:59
stevemar	jamielennox: already +2'ed :)	03:59
notmorgan	oh project name?	03:59
jamielennox	stevemar: ah, damn that's quick	03:59
notmorgan	thats what is being added there?	04:00
stevemar	jamielennox: it was really easy	04:00
jamielennox	notmorgan: yea, it was just missed	04:00
stevemar	notmorgan: adding project_name to the keystonemiddleware fixture	04:00
notmorgan	would have been easier to read the diff if user_id wasn't moved to the next line	04:00
notmorgan	btw	04:00
jamielennox	notmorgan: i just rearranged the vars a little bit so the _id and _name were on the same line	04:00
jamielennox	:) so it's easier to correlate	04:00
notmorgan	eh	04:01
* notmorgan shrugs		04:01
notmorgan	uhm.	04:01
notmorgan	jamielennox: can't do that	04:01
notmorgan	that doesn';t use @positional	04:01
notmorgan	so you can't add a new kwarg in the middle.	04:01
notmorgan	this has already been released	04:01
notmorgan	unless add_token_data is private?	04:02
jamielennox	notmorgan: gah, i just thought if we didn't invoke brant we'd just pass it, there's no way you're using args at that depth	04:02
notmorgan	i'm sorry	04:02
jamielennox	i really thought this one had @positional on it	04:02
notmorgan	so did i...	04:02
jamielennox	originally	04:02
notmorgan	did it get dropped?	04:02
notmorgan	cause someone dropped it then	04:02
*** itlinux has joined #openstack-keystone		04:03
jamielennox	I7b22d72f24ced08ee064f1e1ffb280e783a55ef7	04:03
stevemar	https://github.com/openstack/keystonemiddleware/commit/96f6668a27c34c7fd49c8a0df160c0789b0aa6ba	04:03
notmorgan	ugh	04:03
jamielennox	grrr	04:04
stevemar	we haven't released since that commit, so...	04:04
notmorgan	jamielennox: so.. need to revert that	04:04
stevemar	we could revert	04:04
jamielennox	still 14 days ago, not in a release	04:04
notmorgan	or move positional into ksm	04:04
notmorgan	or ksa... or something	04:04
stevemar	ehh	04:04
jamielennox	i don't disagree that keystoneclient.utils should be private but debtcollector didn't want it and i don't know where else to put it	04:04
jamielennox	and i didn't want debtcollector in ksa	04:04
notmorgan	put it in ksa.	04:04
jamielennox	i think it is	04:05
notmorgan	since the dep. graph is fine that way	04:05
notmorgan	oh wait it was private in ksa too...	04:05
notmorgan	ugh	04:05
jamielennox	but it's properly private there	04:05
stevemar	we could revert and figure it out later?	04:05
jamielennox	stevemar: ++	04:05
notmorgan	yeah	04:05
notmorgan	maybe we need keystone_utils	04:05
stevemar	jamielennox: wanna propose revert and rebase your dude on it?	04:05
jamielennox	there needs to be an easier way to get to the review page from having a commit id	04:05
stevemar	notmorgan: noooooo	04:06
stevemar	no more libs	04:06
notmorgan	and have stupid things that are common there	04:06
notmorgan	stevemar: seriously we have common things we've been copying around	04:06
notmorgan	or we can unpositonal this jamielennox	04:06
notmorgan	and roll with it as is in this release	04:06
stevemar	true	04:07
notmorgan	jamielennox: i would rather have @positional on it	04:07
*** jasonsb has joined #openstack-keystone		04:07
notmorgan	but..	04:07
notmorgan	if it's not doable, screw it.	04:07
notmorgan	jamielennox, stevemar: your call	04:07
*** shoutm has joined #openstack-keystone		04:08
jamielennox	notmorgan: reverting because it's quick and you're both here to approve, if it really becomes an issue we can do it with **kwargs in future.	04:09
notmorgan	jamielennox: or like i said, we can roll it w/o positional now	04:09
notmorgan	since it's safe to remove @positional	04:09
* jamielennox hates the way python handles positional args		04:09
notmorgan	but going forward we can't change arg order	04:09
stevemar	lets revert it, and push it through	04:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Add project_name to the auth_token fixture https://review.openstack.org/266664	04:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Revert "Stop using private keystoneclient functions" https://review.openstack.org/266669	04:10
notmorgan	ok so i +2'd the project_name one	04:10
stevemar	we can figure out a story for positional later on	04:10
*** shoutm_ has quit IRC		04:11
notmorgan	+2 on both	04:11
stevemar	donezo	04:12
notmorgan	oh crud. i can't make it to the store i needed to get to for my errand today	04:12
notmorgan	ugh. ok so tomorrow.	04:12
jamielennox	anyone else seen https://github.com/openstack/heat/blob/master/bin/heat-keystone-setup-domain ?	04:13
*** shoutm has quit IRC		04:13
jamielennox	how....	04:14
jamielennox	i mean there's domain in the name and they still haven't figured out v3	04:14
notmorgan	i... what?	04:14
notmorgan	what ... i....ss....	04:14
*** shoutm has joined #openstack-keystone		04:14
notmorgan	wow	04:17
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles API https://review.openstack.org/242614	04:18
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles API https://review.openstack.org/242614	04:18
*** richm has quit IRC		04:19
*** vivekd_ has joined #openstack-keystone		04:25
jamielennox	notmorgan, stevemar: maybe i could just turn it into: https://pypi.python.org/pypi/positional	04:25
openstackgerrit	Steve Martinelli proposed openstack/keystone: document the bootstrapping process https://review.openstack.org/259730	04:25
notmorgan	jamielennox: hehe	04:25
stevemar	notmorgan: ^	04:25
jamielennox	(that's a 404 for those lazy enough)	04:26
*** vivekd has quit IRC		04:27
jamielennox	actually i might just do that anyway	04:27
*** vivekd_ is now known as vivekd		04:27
jamielennox	moar libraries!	04:27
stevemar	jamielennox: don't you dare	04:27
jamielennox	stevemar: it wouldn't fall under your problem	04:28
stevemar	yay	04:28
jamielennox	probably wouldn't even bother submitting it into gerrit, just github it	04:28
*** spandhe has joined #openstack-keystone		04:29
*** spandhe_ has joined #openstack-keystone		04:32
*** spandhe has quit IRC		04:33
*** spandhe_ is now known as spandhe		04:33
*** EinstCra_ has joined #openstack-keystone		04:39
*** EinstCrazy has quit IRC		04:39
*** vivekd_ has joined #openstack-keystone		04:39
*** vivekd has quit IRC		04:41
*** dave-mccowan has quit IRC		04:41
*** vivekd_ is now known as vivekd		04:41
stevemar	jamielennox: i have no idea what you're talking about	04:43
*** sudorandom has quit IRC		04:45
*** sudorandom has joined #openstack-keystone		04:45
jamielennox	stevemar: if i do it i'll show you	04:45
stevemar	jamielennox: sometimes you scare me	04:46
*** dave-mccowan has joined #openstack-keystone		04:47
*** EinstCra_ has quit IRC		04:51
*** EinstCrazy has joined #openstack-keystone		04:51
notmorgan	jamielennox: maybe i'll do it before you can shiftyeyes	04:53
*** sudorandom has quit IRC		04:56
*** KarthikB_ has joined #openstack-keystone		04:57
*** sudorandom has joined #openstack-keystone		05:00
*** GB21 has joined #openstack-keystone		05:01
*** EinstCrazy has quit IRC		05:01
*** EinstCrazy has joined #openstack-keystone		05:02
*** boris-42 has quit IRC		05:03
*** EinstCrazy has quit IRC		05:05
*** EinstCrazy has joined #openstack-keystone		05:05
notmorgan	jamielennox: https://github.com/morganfainberg/positional	05:05
jamielennox	notmorgan: awww, i'm still stuck trying to get something other than pbr to run	05:06
*** EinstCrazy has quit IRC		05:06
notmorgan	jamielennox: :P	05:06
*** jbell8 has joined #openstack-keystone		05:06
notmorgan	jamielennox: PBR is great	05:06
*** EinstCrazy has joined #openstack-keystone		05:06
jamielennox	not pbr, testr	05:06
jamielennox	trying to figure out how python setup.py test works with pbr	05:07
jamielennox	also you've missed the tests and everything	05:07
notmorgan	jamielennox: you're jamielennox1 on github?	05:07
notmorgan	that was going to be the next commit	05:07
jamielennox	notmorgan: no, jamielennox	05:07
notmorgan	added you as a collaborator there too. was going to get tests in place and then push to pypi	05:08
jamielennox	bah, so quicker because you cheated	05:08
*** GB21 has quit IRC		05:08
notmorgan	never said i play fair	05:08
jamielennox	notmorgan: alright, you can add the tests and i'll clean up after that	05:09
jamielennox	i did notice doing that though that there are no tests in ksa for positional	05:10
jamielennox	gotta get them from ksc	05:10
notmorgan	feel free to add to readme.rst	05:12
notmorgan	or anything else	05:12
notmorgan	i'm adding tests to positional/tests/	05:12
*** EinstCra_ has joined #openstack-keystone		05:15
*** EinstCrazy has quit IRC		05:15
*** EinstCra_ has quit IRC		05:16
*** EinstCrazy has joined #openstack-keystone		05:17
*** KarthikB_ has quit IRC		05:18
*** EinstCra_ has joined #openstack-keystone		05:26
*** EinstCrazy has quit IRC		05:26
*** EinstCra_ has quit IRC		05:27
*** EinstCrazy has joined #openstack-keystone		05:28
*** EinstCrazy has quit IRC		05:31
*** EinstCrazy has joined #openstack-keystone		05:32
*** aginwala_ has quit IRC		05:36
*** dave-mccowan has quit IRC		05:36
notmorgan	jamielennox: tests added	05:37
notmorgan	and setup to run under travis.ci	05:37
*** EinstCrazy has quit IRC		05:37
*** EinstCra_ has joined #openstack-keystone		05:37
*** lhcheng has joined #openstack-keystone		05:37
*** ChanServ sets mode: +v lhcheng		05:37
*** GB21 has joined #openstack-keystone		05:37
*** henrynash has joined #openstack-keystone		05:38
*** ChanServ sets mode: +v henrynash		05:38
*** henrynash has quit IRC		05:39
*** jaosorior has joined #openstack-keystone		05:41
*** EinstCra_ has quit IRC		05:41
notmorgan	jamielennox: and it's running travis-ci properly now.	05:41
notmorgan	and reports status in the README	05:41
*** EinstCra_ has joined #openstack-keystone		05:43
*** Nirupama has joined #openstack-keystone		05:48
*** ankita_wagh has joined #openstack-keystone		05:57
*** GB21 has quit IRC		06:05
*** shoutm has quit IRC		06:06
*** shoutm has joined #openstack-keystone		06:08
notmorgan	jamielennox: so i think we need docs and fix to the README and it's ready unless there is other cleanup you want	06:12
*** vgridnev has joined #openstack-keystone		06:13
openstackgerrit	Xiaoyang Zhang proposed openstack/keystone: Modify comment https://review.openstack.org/266707	06:13
*** aginwala has joined #openstack-keystone		06:19
*** aginwala_ has joined #openstack-keystone		06:20
*** vivekd has quit IRC		06:23
*** aginwala has quit IRC		06:24
*** GB21 has joined #openstack-keystone		06:24
*** ankita_wagh has quit IRC		06:24
*** aginwala has joined #openstack-keystone		06:27
*** markvoelker has quit IRC		06:27
*** aginwala_ has quit IRC		06:29
*** amit213 has quit IRC		06:35
*** amit213 has joined #openstack-keystone		06:36
*** EinstCra_ has quit IRC		06:40
*** vivekd has joined #openstack-keystone		06:40
*** EinstCrazy has joined #openstack-keystone		06:40
*** jaosorior has quit IRC		06:57
*** josecastroleon has joined #openstack-keystone		07:02
*** med_ has quit IRC		07:12
*** med_ has joined #openstack-keystone		07:14
*** med_ is now known as Guest77121		07:14
*** vivekd has quit IRC		07:15
*** gildub has quit IRC		07:19
*** henrynash has joined #openstack-keystone		07:24
*** ChanServ sets mode: +v henrynash		07:24
*** aginwala has quit IRC		07:25
openstackgerrit	Xiaoyang Zhang proposed openstack/keystone: update https://review.openstack.org/266737	07:25
*** markvoelker has joined #openstack-keystone		07:28
*** markvoelker has quit IRC		07:33
*** gwei3 has joined #openstack-keystone		07:35
openstackgerrit	Xiaoyang Zhang proposed openstack/keystone: Update https://review.openstack.org/266737	07:35
openstackgerrit	Merged openstack/keystonemiddleware: Revert "Stop using private keystoneclient functions" https://review.openstack.org/266669	07:37
*** e0ne has joined #openstack-keystone		07:41
*** vgridnev has quit IRC		07:42
*** pnavarro has quit IRC		07:48
openstackgerrit	ting wang proposed openstack/keystone: Python3: replace dumps with dump_as_bytes https://review.openstack.org/266315	07:58
*** shoutm_ has joined #openstack-keystone		08:00
*** shoutm has quit IRC		08:03
*** henrynash has quit IRC		08:04
*** vgridnev has joined #openstack-keystone		08:04
*** jistr has joined #openstack-keystone		08:07
*** jistr is now known as jistr\|doc		08:07
*** jimbaker has quit IRC		08:08
openstackgerrit	Merged openstack/keystonemiddleware: Add project_name to the auth_token fixture https://review.openstack.org/266664	08:09
*** e0ne has quit IRC		08:18
*** vgridnev has quit IRC		08:25
*** shoutm has joined #openstack-keystone		08:26
*** shoutm_ has quit IRC		08:27
*** GB21 has quit IRC		08:30
openstackgerrit	Merged openstack/keystone: Adds an explicit utils import in test_v3_protection.py https://review.openstack.org/266570	08:33
*** shoutm has quit IRC		08:33
*** shoutm has joined #openstack-keystone		08:36
*** daemontool has joined #openstack-keystone		08:40
*** fhubik has joined #openstack-keystone		08:41
*** fhubik has left #openstack-keystone		08:41
*** pnavarro has joined #openstack-keystone		08:41
openstackgerrit	Merged openstack/keystone: Tidy up release notes for V9 drivers https://review.openstack.org/266581	08:41
*** daemontool_ has joined #openstack-keystone		08:43
*** daemontool has quit IRC		08:43
*** daemontool_ is now known as daemontool		08:44
*** pnavarro has quit IRC		08:53
*** markvoelker has joined #openstack-keystone		08:54
openstackgerrit	Wang Bo proposed openstack/python-keystoneclient: Replaced filter() with a list comprehension https://review.openstack.org/266787	08:54
*** markvoelker has quit IRC		08:59
openstackgerrit	Dave Chen proposed openstack/keystone: Add schema for OAuth1 consumer API https://review.openstack.org/266791	09:04
*** pnavarro has joined #openstack-keystone		09:05
*** shoutm has quit IRC		09:05
openstackgerrit	Dave Chen proposed openstack/keystone: Add schema for OAuth1 consumer API https://review.openstack.org/266791	09:09
*** vivekd has joined #openstack-keystone		09:15
*** jaosorior has joined #openstack-keystone		09:18
openstackgerrit	Marek Denis proposed openstack/keystone: Add asserts for service providers https://review.openstack.org/265809	09:22
*** GB21 has joined #openstack-keystone		09:25
*** mhickey has joined #openstack-keystone		09:29
*** vgridnev has joined #openstack-keystone		09:29
openstackgerrit	Dave Chen proposed openstack/keystone: Add schema for OAuth1 consumer API https://review.openstack.org/266791	09:30
*** e0ne has joined #openstack-keystone		09:33
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers and Projects associations https://review.openstack.org/264854	09:40
*** lhcheng has quit IRC		09:40
*** oomichi is now known as oomichi_away		09:47
*** gwei3 has quit IRC		09:50
*** davechen has left #openstack-keystone		09:56
*** EinstCrazy has quit IRC		10:06
*** jistr\|doc is now known as jistr		10:19
*** vivekd_ has joined #openstack-keystone		10:22
*** vivekd has quit IRC		10:23
*** vivekd_ is now known as vivekd		10:23
*** jistr has quit IRC		10:26
*** gildub has joined #openstack-keystone		10:30
*** vivekd has quit IRC		10:33
*** vivekd_ has joined #openstack-keystone		10:33
*** vivekd_ is now known as vivekd		10:33
*** rletrocquer has joined #openstack-keystone		10:36
rletrocquer	hello i'm facing of an issue with fernet (in ldap+domain configuration). I have an response "HTTP401 Unauthorized" when i try to communicate with nova :"openstack flavor list"(no problem with cinder,glance... and no problem with nova if i remove fernet configuration).	10:41
*** zqfan has joined #openstack-keystone		10:48
*** jistr has joined #openstack-keystone		10:51
*** markvoelker has joined #openstack-keystone		10:55
*** markvoelker has quit IRC		11:00
*** daemontool_ has joined #openstack-keystone		11:01
*** daemontool has quit IRC		11:05
*** jaosorior has quit IRC		11:05
*** jaosorior has joined #openstack-keystone		11:05
*** Nirupama has quit IRC		11:05
*** jaosorior has quit IRC		11:06
*** jaosorior has joined #openstack-keystone		11:07
*** pnavarro has quit IRC		11:10
*** hughsaunders has quit IRC		11:10
openstackgerrit	ting wang proposed openstack/keystone: Python3: replace dumps with dump_as_bytes https://review.openstack.org/266315	11:10
*** hughsaunders has joined #openstack-keystone		11:12
*** pnavarro has joined #openstack-keystone		11:13
*** gildub has quit IRC		11:15
*** aix has joined #openstack-keystone		11:28
*** pnavarro has quit IRC		11:37
*** pnavarro has joined #openstack-keystone		11:37
*** aix has quit IRC		11:43
*** ktychkova has quit IRC		11:44
*** ktychkova has joined #openstack-keystone		11:45
*** flwang1 has quit IRC		11:48
*** flwang1 has joined #openstack-keystone		11:49
*** shoutm has joined #openstack-keystone		11:54
*** daemontool_ has quit IRC		11:54
*** markvoelker has joined #openstack-keystone		11:56
*** EinstCrazy has joined #openstack-keystone		11:57
*** vgridnev has quit IRC		11:57
*** daemontool has joined #openstack-keystone		11:57
*** jbell8 has quit IRC		11:58
*** peter-hamilton has joined #openstack-keystone		11:58
*** vgridnev has joined #openstack-keystone		11:59
*** markvoelker has quit IRC		12:00
*** aix has joined #openstack-keystone		12:01
*** doug-fish has joined #openstack-keystone		12:01
*** wasmum- has quit IRC		12:03
*** vgridnev has quit IRC		12:03
*** vgridnev has joined #openstack-keystone		12:18
*** pauloewerton has joined #openstack-keystone		12:20
*** davechen has joined #openstack-keystone		12:25
*** GB21 has quit IRC		12:27
*** vivekd has quit IRC		12:28
*** dims has joined #openstack-keystone		12:28
*** gordc has joined #openstack-keystone		12:30
*** vivekd has joined #openstack-keystone		12:32
*** EinstCrazy has quit IRC		12:52
*** EinstCrazy has joined #openstack-keystone		12:52
*** raildo-afk is now known as raildo		12:55
*** markvoelker has joined #openstack-keystone		12:57
*** markvoelker has quit IRC		13:02
*** vgridnev has quit IRC		13:02
*** links has quit IRC		13:04
*** vivekd has quit IRC		13:05
*** browne has joined #openstack-keystone		13:07
*** rcernin has joined #openstack-keystone		13:09
*** browne has quit IRC		13:16
*** jsavak has joined #openstack-keystone		13:18
*** vivekd has joined #openstack-keystone		13:23
*** dims has quit IRC		13:25
*** dims has joined #openstack-keystone		13:26
*** dslev has joined #openstack-keystone		13:27
*** vgridnev has joined #openstack-keystone		13:29
*** markvoelker has joined #openstack-keystone		13:31
*** browne has joined #openstack-keystone		13:31
*** _zouyee has quit IRC		13:37
*** __zouyee has quit IRC		13:37
*** edmondsw has joined #openstack-keystone		13:39
openstackgerrit	David Stanek proposed openstack/keystone: Use an in memory database for tests https://review.openstack.org/266914	13:41
dolphm	rletrocquer: o/ I think we just had a similar bug report a week or so ago	13:47
*** jistr has quit IRC		13:48
*** jistr has joined #openstack-keystone		13:49
davechen	dolphm: could you pls take a look at this one - https://review.openstack.org/#/c/262768/?	13:49
davechen	dolphm: anything else i missed?	13:49
dolphm	rletrocquer: are you running code more recent than december? i believe the cause was a regression introduced somewhere at that point	13:49
dolphm	davechen: i'll add it to my queue	13:49
davechen	dolphm: okay, thanks sir!	13:49
*** browne has quit IRC		13:50
dolphm	rletrocquer: i'm struggling to find a relevant bug report, but lbragstad might know more when he gets in (next hour or two)	13:50
rletrocquer	dolphm : thanks for your answer. No i thinks the code is older than december, i'am pretty sure.	13:51
dolphm	rletrocquer: stable/liberty?	13:52
marekd	davechen: why is the line removed here: https://review.openstack.org/#/c/262768/5/tox.ini ?	13:52
dolphm	marekd: he deleted the entire file in the same patch	13:53
*** vivekd has quit IRC		13:53
dolphm	marekd: thanks for your email the other day, btw!	13:53
rletrocquer	dolphm : no, kilo (packaged by fuel/mirantis).	13:54
marekd	dolphm: hey, no problem. I am not sure it actually answered your question, though.	13:55
dolphm	rletrocquer: oh! i didn't know they were using fernet in kilo -- do you have a SHA of keystone?	13:55
*** dslev has quit IRC		13:55
davechen	marekd: the whole file is removed :)	13:55
davechen	dolphm: today, i googled for jsonschema and found this blog from you - http://dolphm.com/how-to-disallow-an-attribute-in-json-schema-draft-3/	13:57
dolphm	davechen: lol	13:57
davechen	dolphm: it's helpful, and another way and more latest usage is using 'not'	13:57
davechen	dolphm: https://github.com/json-schema/json-schema/wiki/anyOf,-allOf,-oneOf,-not	13:57
davechen	just fyi.	13:57
*** jbell8 has joined #openstack-keystone		13:59
davechen	marekd: thank you!	13:59
rletrocquer	dolphm : in fact, we have realized a post-configuration to using fernet. it's not provided by fuel/mirantis.	14:00
dolphm	marekd: it's far more information / context than i had though! if i have follow up questions, do you mind if i reply to both you and Hannah?	14:04
*** links has joined #openstack-keystone		14:04
dolphm	rletrocquer: back in june/july we had a couple patches to fernet specifically intended to fix some issues with user IDs coming out of LDAP. any chance you're running a really old kilo deploy?	14:06
dolphm	rletrocquer: that's why i was asking for the SHA	14:06
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Add backend support for deleting a projects list https://review.openstack.org/245916	14:06
dolphm	rletrocquer: the latest stable/kilo has code like this to handle LDAP & federation: https://github.com/openstack/keystone/blob/stable/kilo/keystone/token/providers/fernet/token_formatters.py#L292-L293	14:07
*** davechen has left #openstack-keystone		14:08
*** links has quit IRC		14:09
rletrocquer	dolphm : Ok, this is what i know about keystone package : http://paste.openstack.org/show/483771/	14:09
*** links has joined #openstack-keystone		14:09
openstackgerrit	Merged openstack/keystone: Delete checks for default domain delete https://review.openstack.org/264342	14:09
dolphm	rletrocquer: 2015.1.0 would not include the fixes i'm referring to. update keystone!	14:09
*** dslev has joined #openstack-keystone		14:10
dolphm	rletrocquer: 2015.1.2 is available	14:10
marekd	dolphm: go ahead, she is responsible for all this political/agreement stuff when it comes to CERN federation.	14:10
dolphm	rletrocquer: and contains LOTS of patches to Fernet	14:10
dolphm	rletrocquer: i would NOT recommend touching Fernet is 2015.1.0 at all	14:11
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: API support for project cascade delete https://review.openstack.org/244248	14:11
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Manager support for project cascade delete https://review.openstack.org/244149	14:11
dolphm	marekd: cool, good people to know!	14:11
*** GB21 has joined #openstack-keystone		14:12
*** GB21 has quit IRC		14:12
*** richm has joined #openstack-keystone		14:13
marekd	dolphm: :)	14:13
openstackgerrit	Paulo Ewerton Gomes Fragoso proposed openstack/keystone: Add backend support for deleting a projects list https://review.openstack.org/245916	14:15
lbragstad	dolphm rletrocquer what's up?	14:16
*** __zouyee has joined #openstack-keystone		14:17
*** _zouyee has joined #openstack-keystone		14:17
*** pai15 has joined #openstack-keystone		14:17
rletrocquer	dolphm : ok thanks, we will try to update keystone	14:18
*** ayoung has joined #openstack-keystone		14:25
*** ChanServ sets mode: +v ayoung		14:25
*** links has quit IRC		14:25
*** links has joined #openstack-keystone		14:25
*** Ephur has joined #openstack-keystone		14:26
*** dslev has quit IRC		14:29
*** links has quit IRC		14:29
*** links has joined #openstack-keystone		14:30
dolphm	lbragstad: rletrocquer was running 2015.1.0 and ran into a fernet+ldap bug that we fixed in 2015.1.1 or .2	14:31
lbragstad	dolphm ah - so you guys figured it all out?	14:32
dolphm	lbragstad: i think so	14:32
lbragstad	good deal	14:33
dolphm	lbragstad: rletrocquer: it likely either https://bugs.launchpad.net/keystone/+bug/1459382 or https://bugs.launchpad.net/keystone/+bug/1497461	14:33
openstack	Launchpad bug 1459382 in OpenStack Identity (keystone) kilo "Fernet tokens can fail with LDAP identity backends" [High,Fix released] - Assigned to Dolph Mathews (dolph)	14:33
openstack	Launchpad bug 1497461 in OpenStack Identity (keystone) liberty "Fernet tokens fail for some users with LDAP identity backend" [High,Fix committed] - Assigned to Eric Brown (ericwb)	14:33
*** browne has joined #openstack-keystone		14:34
dolphm	lbragstad: taco(s)? i owe you.	14:35
lbragstad	sure	14:35
lbragstad	i'm running tests anyway	14:35
rletrocquer	dolphm : lbragstad : what is strange is that everything works except nova command (neutron, glance, cinder works fine)	14:36
*** ninag has joined #openstack-keystone		14:36
raildo	lbragstad: ping, do you think that we can close this bug, or we need more work on it? https://bugs.launchpad.net/keystone/+bug/1506653	14:39
openstack	Launchpad bug 1506653 in OpenStack Identity (keystone) "Retrieving either a project's parents or subtree as_list does not work" [Medium,Confirmed] - Assigned to Lance Bragstad (lbragstad)	14:39
openstackgerrit	LiuNanke proposed openstack/keystoneauth: Replace deprecated library function os.popen() with subprocess https://review.openstack.org/266950	14:41
openstackgerrit	LiuNanke proposed openstack/keystoneauth: Replace deprecated library function os.popen() with subprocess https://review.openstack.org/266950	14:45
*** EinstCrazy has quit IRC		14:45
openstackgerrit	LiuNanke proposed openstack/keystonemiddleware: Replace deprecated library function os.popen() with subprocess https://review.openstack.org/266953	14:47
*** spzala has joined #openstack-keystone		14:52
*** itlinux has quit IRC		14:56
*** petertr7_away is now known as petertr7		14:56
*** alextricity_h has joined #openstack-keystone		15:03
*** links has quit IRC		15:07
lbragstad	raildo sure - i'm fine with closing it as long as people are happy with the provided documentation	15:09
*** dave-mccowan has joined #openstack-keystone		15:09
dstanek	wow. our catalog driver interface doubled in size since the last time i looked at it	15:09
lbragstad	dstanek feature!	15:10
mfisch	do you guys know why services have a /tmp/keystone-signing- folder? what's that used for?	15:10
mfisch	glance, cinder, nova, neutron all have one	15:10
dstanek	lbragstad: more like a dozen features	15:10
mfisch	I can't find any docs on it	15:10
dstanek	mfisch: i thought that was a tmp folder when generating keys. wouldn't expect it all over the place	15:10
mfisch	why is nova/neutron/cinder/glance generating keys?	15:11
*** dave-mccowan has quit IRC		15:13
dstanek	mfisch: actually i don't see that in the code at all. maybe lbragstad knows	15:16
dstanek	mfisch: what's in the directory?	15:16
mfisch	nothing	15:16
lbragstad	dstanek mfisch I don't think there should be fernet keys in there at all	15:16
mfisch	no keyst	15:16
mfisch	this is on a non-keystone node	15:17
mfisch	folders owned by cinder, glance, nova, etc	15:17
lbragstad	that's good	15:17
lbragstad	I wonder if it's something pki related?	15:17
mfisch	https://gist.github.com/matthewfischer/7590c9dd97789b94346f	15:17
lbragstad	what else does keystone use keys for?	15:17
lbragstad	mfisch dstanek I think this is what you're looking for - https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_signing_dir.py	15:18
lbragstad	which is owned by keystonemiddleware	15:19
*** breitz has quit IRC		15:19
lbragstad	which would make sense if its on other non-keystone nodes in the deployment	15:19
dstanek	lbragstad: yeah, looks like maybe CMS?	15:19
mfisch	is that just for PKI?	15:19
*** boris-42 has joined #openstack-keystone		15:20
lbragstad	mfisch not sure - but it looks like it's setup in auth_token - https://github.com/openstack/keystonemiddleware/blob/5ba3d06b2063e10cf30dafd3bd6886f8fc24244d/keystonemiddleware/auth_token/__init__.py#L685	15:20
dstanek	mfisch: maybe revocations too	15:20
mfisch	why would services store revocations?	15:21
mfisch	they're in the db	15:21
dstanek	mfisch: nope, not it. was looking at the wrong file	15:21
dstanek	mfisch: i don't think that directory is intended for storage, just a (secure?) place to sign	15:22
openstackgerrit	Lance Bragstad proposed openstack/keystone: Make fernet default token provider https://review.openstack.org/258650	15:22
dstanek	lbragstad: so we make it all of the time it appears	15:22
lbragstad	interesting	15:22
mfisch	so we had a control node that hadn't been rebooted in a long time	15:23
mfisch	and these thousands of folders contributed to the reboot taking forever	15:23
*** pnavarro has quit IRC		15:24
*** chris_19 has joined #openstack-keystone		15:26
mfisch	dstanek: so these are only for PKI?	15:26
*** kbringard has joined #openstack-keystone		15:27
*** chris_19 has left #openstack-keystone		15:27
*** timcline has joined #openstack-keystone		15:28
dstanek	mfisch: it looks like pki and revocations afaict	15:28
mfisch	PKI and PKI revocations	15:29
mfisch	so I can kill the folders	15:29
dstanek	mfisch: i'm pretty sure you can kill the old ones. i looks like every time the middle in instantiated it'll create a new one	15:30
dstanek	mfisch: it's used to CMS verify the revocation list	15:31
mfisch	CMS?	15:31
mfisch	sorry Im not sure what CMS means other than drupal	15:33
mfisch	[PROD] root@chrcnc01-control-002:/tmp# ls -al \| grep keystone-sign \| wc -l	15:33
mfisch	144200	15:33
*** tonytan4ever has joined #openstack-keystone		15:34
bknudson_	typically you would set the signing directory for each service so it's not creating a new one every time the service restarts	15:35
mfisch	144k is crazy	15:35
mfisch	we can discuss it here too: https://bugs.launchpad.net/keystone/+bug/1533724	15:35
openstack	Launchpad bug 1533724 in OpenStack Identity (keystone) "keystone-signing folders fill /tmp and seriously slow down reboots" [Undecided,New]	15:35
mfisch	I have to do night mainentance again tonight now :(	15:36
*** pai15 has quit IRC		15:36
*** phalmos has joined #openstack-keystone		15:36
*** pai15 has joined #openstack-keystone		15:36
dstanek	mfisch: cryptographic message syntax - we use openssl for it	15:38
*** pai15 has quit IRC		15:39
*** pai15 has joined #openstack-keystone		15:40
*** fawadkhaliq has joined #openstack-keystone		15:40
mfisch	dstanek: thanks for clairfiying	15:42
lbragstad	dstanek sidenote - i think there is an outstanding bug to switch all of that from popen calls to using the actual openssl python library	15:43
*** jimbaker has joined #openstack-keystone		15:46
dstanek	lbragstad: yeah, i'm looking at the review right now	15:49
dstanek	lbragstad: i got part way through hacking together a notifications thing. just have to finish it up	15:50
* dstanek is not happy that lunch time will involve snow shoveling		15:53
marekd	dstanek: think of it as a physical excercise	15:54
marekd	and a reason to get up from the chair	15:54
*** alextricty25 has joined #openstack-keystone		15:54
*** KarthikB_ has joined #openstack-keystone		15:55
*** alextricty25 has quit IRC		15:56
*** alextricity_h has joined #openstack-keystone		15:57
*** __zouyee has quit IRC		16:03
*** _zouyee has quit IRC		16:03
*** jsavak has quit IRC		16:03
*** jsavak has joined #openstack-keystone		16:04
*** sigmavirus24_awa is now known as sigmavirus24		16:07
*** slberger has joined #openstack-keystone		16:09
*** spandhe has quit IRC		16:10
*** roxanagh_ has joined #openstack-keystone		16:13
lbragstad	dstanek awesome - thank you	16:16
*** dims_ has joined #openstack-keystone		16:18
*** dims has quit IRC		16:21
lbragstad	ayoung down to 106 failures - https://review.openstack.org/#/c/258650/	16:21
lbragstad	ayoung seeing quite a few weird inconsistencies with test_auth.py though	16:22
ayoung	lbragstad, like?	16:22
lbragstad	ayoung like this assertion failing because metadata doesn't contain any roles - https://github.com/openstack/keystone/blob/master/keystone/tests/unit/test_auth.py#L285	16:23
ayoung	lbragstad, that is a scoped token fetched from an unscoped. It should have a role	16:24
ayoung	body_dict = _build_user_auth(	16:24
ayoung	token=unscoped_token["access"]["token"],	16:24
ayoung	tenant_name="BAR")	16:24
*** tonytan4ever has quit IRC		16:24
lbragstad	ayoung yep - it has a role in the token reference, but not in the metadata	16:24
ayoung	use should have the role self.role_member['id'] on BAR	16:24
ayoung	lbragstad, so the conversion is whacked	16:25
raildo	lbragstad: sorry, I was at lunch time... so how we know if the people are happy with the provided documentation? just ask for other cores here?	16:25
ayoung	probably v3 to v2 type code	16:25
lbragstad	raildo yeah - that wouldn't be a bad idea	16:25
raildo	lbragstad: ok :)	16:25
lbragstad	ayoung yeah - that's kinda what I was thinking... still looking into it	16:25
raildo	dolphm: I'd rather see you talk about next-review on the summit :) https://etherpad.openstack.org/p/austin-upstream-dev-track-ideas	16:26
openstackgerrit	Lance Bragstad proposed openstack/keystone: Make fernet default token provider https://review.openstack.org/258650	16:30
openstackgerrit	Merged openstack/keystone: Remove redundant check after enforcing schema validation https://review.openstack.org/262768	16:31
lbragstad	ayoung test_auth_unscoped_token_project() with fernet - http://cdn.pasteraw.com/nni8xtbgjsl3934vlwv7j5ktry2fl73	16:32
lbragstad	test_auth_unscoped_token_project() with uuid - http://cdn.pasteraw.com/risvg2ggcueuaobl7echlefanezuto0	16:32
ayoung	lbragstad, different code paths to create the token?	16:33
*** mc_nair has joined #openstack-keystone		16:34
ayoung	lbragstad, I think this is driving home the fact that we need to make the way that Fernet composes tokens called by all of the token providers	16:34
lbragstad	ayoung yeah - https://github.com/openstack/keystone/blob/master/keystone/token/providers/fernet/core.py#L39	16:34
lbragstad	ayoung I actually have a patch for that	16:34
lbragstad	ayoung - https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:consolidate-fernet-provider	16:35
ayoung	lbragstad, I wonder if we should rebase on top of that.	16:35
*** petertr7 is now known as petertr7_away		16:35
*** pai15 has quit IRC		16:36
lbragstad	ayoung yeah - maybe we should make the consolidation merges a requirement before flipping the default?	16:36
ayoung	lbragstad, let's see if it fixes the test failures.	16:37
ayoung	If not, then it probably is not completely done. I think this is the real flush out effort Fernet needs	16:38
lbragstad	ayoung yeah	16:38
*** pai15 has joined #openstack-keystone		16:39
*** roxanagh_ has quit IRC		16:41
*** spandhe has joined #openstack-keystone		16:41
lbragstad	ayoung alright - working on fixing all the consolidation patches; i'll try rebasing after that	16:42
lbragstad	rebasing your patch	16:42
*** spandhe has quit IRC		16:46
ayoung	I have an idea for the developers track "How to get your code to pass pep8" can deal with thing like long lines and automating whitespace cleanup	16:46
*** spandhe has joined #openstack-keystone		16:49
*** bradjones has quit IRC		16:49
*** bradjones has joined #openstack-keystone		16:50
*** bradjones has quit IRC		16:50
*** bradjones has joined #openstack-keystone		16:50
*** vgridnev has quit IRC		16:50
htruta	hey guys, I'm having a problem with versioned backend drivers. The legacy backend tests are failing because it is using the manager layer cache	16:51
htruta	and the cache is only valid to the new driver	16:51
*** rcernin has quit IRC		16:51
stevemar	dolphm: around today?	16:52
dolphm	stevemar: for the morning	16:52
stevemar	so another hour :P	16:52
*** spzala has quit IRC		16:52
*** spzala has joined #openstack-keystone		16:53
stevemar	i wanted eyes on stable, so i could release a liberty release: https://review.openstack.org/#/q/project:openstack/keystone+branch:stable/liberty+status:open	16:53
openstackgerrit	ayoung proposed openstack/keystone: implied roles driver and manager https://review.openstack.org/264260	16:53
stevemar	dolphm: and there are only two here: https://review.openstack.org/#/q/project:openstack/keystone+branch:stable/kilo+status:open	16:53
stevemar	dolphm: and lastly: https://review.openstack.org/#/q/topic:bug/1490804+status:open	16:54
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles API https://review.openstack.org/242614	16:54
*** petertr7_away is now known as petertr7		16:55
dolphm	stevemar: will do!	16:55
stevemar	dolphm: yay!	16:55
stevemar	dolphm: the keystonemiddleware ones may be tricky, save them for last :P	16:55
stevemar	the liberty ones are super easy	16:55
*** vgridnev has joined #openstack-keystone		16:56
*** spzala has quit IRC		16:56
*** vgridnev has quit IRC		16:56
*** spzala has joined #openstack-keystone		16:57
*** roxanagh_ has joined #openstack-keystone		16:57
*** zqfan has quit IRC		17:01
*** _cjones_ has joined #openstack-keystone		17:07
*** _cjones_ has quit IRC		17:07
*** _cjones_ has joined #openstack-keystone		17:07
*** jistr has quit IRC		17:08
breton	http://paste.openstack.org/show/483790/	17:09
*** KarthikB_ has quit IRC		17:09
breton	got this failure on unrelated change	17:09
*** lhcheng has joined #openstack-keystone		17:10
*** ChanServ sets mode: +v lhcheng		17:10
*** Ephur has quit IRC		17:13
*** KarthikB_ has joined #openstack-keystone		17:16
*** spzala has quit IRC		17:17
*** spzala has joined #openstack-keystone		17:17
openstackgerrit	Brant Knudson proposed openstack/keystone: Update bandit.yaml https://review.openstack.org/267044	17:18
stevemar	breton: what did you do :O	17:18
breton	stevemar: tox -e py27 while testing ldap changes	17:19
breton	on the second run everything was fine	17:19
stevemar	breton: weirdness	17:22
*** spzala has quit IRC		17:22
*** henrynash has joined #openstack-keystone		17:27
*** ChanServ sets mode: +v henrynash		17:27
openstackgerrit	Brant Knudson proposed openstack/keystone: Enable bandit tests https://review.openstack.org/267051	17:27
*** ayoung has quit IRC		17:28
*** fesp has joined #openstack-keystone		17:32
*** fesp has quit IRC		17:34
bknudson_	KarthikB https://pypi.python.org/pypi/bandit/	17:39
samueldmq	bknudson_: ping - about this patch for bandit tests ^	17:40
samueldmq	bknudson_: how does it detect hardcoded_password_* ?	17:40
samueldmq	bknudson_: is it necessary to have any annotation on a field that is expected to be a passwd?	17:41
bknudson_	samueldmq: good question, let me find the code.	17:42
*** jasonsb has quit IRC		17:42
*** ankita_wagh has joined #openstack-keystone		17:42
bknudson_	samueldmq: it's a hardcoded list, see http://git.openstack.org/cgit/openstack/bandit/tree/bandit/plugins/general_hardcoded_password.py#n67	17:44
*** vgridnev has joined #openstack-keystone		17:46
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Bandit profile updates https://review.openstack.org/267065	17:48
samueldmq	bknudson_: nice thanks	17:48
*** pai15 has quit IRC		17:48
*** KarthikB has quit IRC		17:49
stevemar	bknudson_: thats a lot of changes	17:49
bknudson_	stevemar: y, bandit devs can't stop messing with the profile	17:50
bknudson_	actually the next version of bandit is going to have no profile with the extra config stuff	17:51
bknudson_	I wanted to bring the current version up to date so that it's easier to switch	17:51
samueldmq	nice, make sense	17:53
*** pai15 has joined #openstack-keystone		17:54
*** petertr7 is now known as petertr7_away		17:56
*** raildo is now known as raildo-afk		17:57
*** e0ne has quit IRC		18:04
*** peter-hamilton has quit IRC		18:04
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	18:04
*** raildo-afk is now known as raildo		18:06
*** boris-42 has quit IRC		18:08
*** jed56 has quit IRC		18:08
*** briancurtin has quit IRC		18:08
*** ramishra_ has quit IRC		18:08
*** tpeoples has quit IRC		18:08
*** jraim has quit IRC		18:08
*** DuncanT has quit IRC		18:08
*** serverascode has quit IRC		18:08
*** zhiyan has quit IRC		18:08
*** andrewbogott has quit IRC		18:08
*** tonytan4ever has joined #openstack-keystone		18:10
*** timcline has quit IRC		18:11
*** jsavak has quit IRC		18:12
*** jsavak has joined #openstack-keystone		18:12
htruta	henrynash: I've submitted bug 1533778 related to this comment of yours here: https://review.openstack.org/#/c/210600/42/keystone/tests/unit/test_backend.py@592	18:13
openstack	bug 1533778 in OpenStack Identity (keystone) "Resource legacy backend driver is using v9's cache" [Undecided,New] https://launchpad.net/bugs/1533778	18:13
*** KarthikB_ has quit IRC		18:14
*** DuncanT has joined #openstack-keystone		18:14
*** serverascode has joined #openstack-keystone		18:17
stevemar	bknudson_: got a few minutes to look at: https://review.openstack.org/#/c/256101/ ?	18:17
stevemar	actually, nvm	18:17
bknudson_	I'm at the security meetup this week so I'm focusing on what I can help with here	18:17
*** jraim has joined #openstack-keystone		18:17
*** KarthikB has joined #openstack-keystone		18:17
*** KarthikB has quit IRC		18:18
*** KarthikB has joined #openstack-keystone		18:18
*** andrewbogott has joined #openstack-keystone		18:18
*** ramishra_ has joined #openstack-keystone		18:18
stevemar	bknudson_: yeah, i just remembered that, hence the 'nvm'	18:18
stevemar	go about your security business	18:18
*** gyee has joined #openstack-keystone		18:18
*** ChanServ sets mode: +v gyee		18:18
*** shoutm has quit IRC		18:21
*** zhiyan has joined #openstack-keystone		18:24
*** pauloewerton has quit IRC		18:24
*** tpeoples has joined #openstack-keystone		18:24
*** ericksonsantos has quit IRC		18:25
*** briancurtin has joined #openstack-keystone		18:25
*** iurygregory has quit IRC		18:27
*** jasonsb has joined #openstack-keystone		18:28
*** timcline has joined #openstack-keystone		18:29
*** jed56 has joined #openstack-keystone		18:29
*** dims_ has quit IRC		18:30
*** mgagne has quit IRC		18:30
*** rcernin has joined #openstack-keystone		18:30
*** mgagne has joined #openstack-keystone		18:31
*** mgagne is now known as Guest82803		18:31
*** dims has joined #openstack-keystone		18:32
*** Guest82803 is now known as mgagne		18:32
openstackgerrit	ayoung proposed openstack/keystone: Implied roles driver and manager https://review.openstack.org/264260	18:33
*** mgagne has quit IRC		18:33
*** mgagne has joined #openstack-keystone		18:33
*** ayoung has joined #openstack-keystone		18:33
*** ChanServ sets mode: +v ayoung		18:33
*** woodster_ has joined #openstack-keystone		18:36
ayoung	henrynash, I refactored the filter-by-role aspect of list_effective_roles. Tell me if this makes sense: Skip any filtering on role_id until the end, and then always filter if role_id is set.	18:38
*** e0ne has joined #openstack-keystone		18:38
*** aginwala has joined #openstack-keystone		18:38
*** raildo is now known as raildo-afk		18:39
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Improve Conflict error message in IdP creation https://review.openstack.org/265279	18:40
*** ninag has quit IRC		18:43
*** ig0r_ has joined #openstack-keystone		18:43
*** tonytan4ever has quit IRC		18:43
*** ninag has joined #openstack-keystone		18:43
*** ninag has quit IRC		18:44
*** ninag has joined #openstack-keystone		18:44
*** ninag has quit IRC		18:45
*** pai15 has quit IRC		18:45
*** ankita_w_ has joined #openstack-keystone		18:49
*** ankita_wagh has quit IRC		18:49
*** ayoung has quit IRC		18:51
*** ankita_w_ has quit IRC		18:51
*** ankita_wagh has joined #openstack-keystone		18:52
*** aginwala has quit IRC		18:52
*** daemontool has quit IRC		18:54
*** daemontool has joined #openstack-keystone		18:54
*** andrewbogott has quit IRC		18:56
*** andrewbogott has joined #openstack-keystone		18:56
*** tonytan4ever has joined #openstack-keystone		18:57
*** aginwala has joined #openstack-keystone		18:57
*** pauloewerton has joined #openstack-keystone		19:01
*** ericksonsantos has joined #openstack-keystone		19:01
*** iurygregory has joined #openstack-keystone		19:03
*** raildo-afk is now known as raildo		19:03
*** jaosorior has quit IRC		19:05
*** jaosorior has joined #openstack-keystone		19:05
openstackgerrit	Henrique Truta proposed openstack/keystone: Make project.domain_id column nullable https://review.openstack.org/264533	19:08
samueldmq	henrynash: hi	19:09
samueldmq	henrynash: about "Correct docstrings for federation driver interface" and its followon patch	19:11
*** vivekd has joined #openstack-keystone		19:13
*** mhickey has quit IRC		19:14
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Update bandit.yaml https://review.openstack.org/267113	19:16
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Update bandit test list https://review.openstack.org/267114	19:16
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Enable passing bandit checks https://review.openstack.org/267115	19:16
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Enable try_except_pass bandit check https://review.openstack.org/267116	19:16
bknudson_	keystonemiddleware py27 is broken	19:19
bknudson_	I assume by the release of keystoneclient or keystoneauth	19:19
*** petertr7_away is now known as petertr7		19:19
*** KarthikB_ has joined #openstack-keystone		19:20
*** spzala has joined #openstack-keystone		19:22
bknudson_	looks like there's a change in keystoneclient that broke the tests and a change in keystoneauth1 that broke the tests in a different way	19:22
*** ayoung has joined #openstack-keystone		19:23
*** ChanServ sets mode: +v ayoung		19:23
*** Karthik__ has joined #openstack-keystone		19:23
*** KarthikB has quit IRC		19:24
bknudson_	the issues due to keystoneauth have to do with the user agent string, which I don't think auth_token middleware tests should be verifying.	19:24
*** KarthikB has joined #openstack-keystone		19:25
*** KarthikB_ has quit IRC		19:27
*** Karthik__ has quit IRC		19:29
*** fawadkhaliq has quit IRC		19:30
*** aginwala has quit IRC		19:38
openstackgerrit	Brant Knudson proposed openstack/keystonemiddleware: Fix tests to work with keystoneauth1 2.2.0 https://review.openstack.org/267129	19:39
bknudson_	^ that should fix part of it... but it's not going to pass due to keystoneclient breakage, too.	19:39
*** boris-42 has joined #openstack-keystone		19:40
*** ankita_wagh has quit IRC		19:41
samueldmq	stevemar: ping - see my comment on https://review.openstack.org/#/c/238047	19:47
*** petertr7 is now known as petertr7_away		19:47
*** petertr7_away is now known as petertr7		19:50
*** ayoung has quit IRC		19:51
*** KarthikB has quit IRC		19:54
*** KarthikB has joined #openstack-keystone		19:56
*** aginwala has joined #openstack-keystone		19:58
samueldmq	bknudson_: how is the user-agent string generated now ?	20:00
bknudson_	samueldmq: see https://review.openstack.org/#/c/256002/	20:00
samueldmq	bknudson_: is the string appended for each component it reaches ? in that case, ksauth append to tht string ?	20:00
* samueldmq 's looking		20:00
lbragstad	jorge_munoz added another comment - https://review.openstack.org/#/c/266052/1	20:01
notmorgan	bknudson_: ugh. we need a better integration test for KSM	20:01
*** aginwala has quit IRC		20:02
*** aginwala has joined #openstack-keystone		20:03
bknudson_	seems like it would be easy enough to co-gate keystonemiddleware on keystoneauth and ksc. not sure why we don't have ti.	20:03
*** tonytan4ever has quit IRC		20:03
notmorgan	bknudson_: i'll work on spinning something up for that next week.	20:04
bknudson_	this might be something that lifeless's x-project spec should help with	20:04
samueldmq	bknudson_: thanks for the link	20:04
notmorgan	since really we need a very basic test suite. it doesn't need to be full dsvm	20:04
notmorgan	at least KSA/KSM co-gate	20:04
notmorgan	i don't really care about ksc co-gate	20:04
bknudson_	unit tests would catch this	20:04
samueldmq	bknudson_: in that case (within the test), the expected useragent is what is being prepended	20:04
samueldmq	what is a co-gate ?	20:05
bknudson_	samueldmq: yes, the user-agent that auth_token is setting gets perpended to the ksa useragent	20:05
henrynash	samueldmq: hi	20:06
notmorgan	bknudson_: i'd want KSM to actually validate a token.	20:06
notmorgan	bknudson_: not just "unit test" with a confirmation from the echo/dummy app the right things happened	20:07
bknudson_	fancy	20:07
notmorgan	bknudson_: really easy w/ the functional hooks. i'll poke at it.	20:07
bknudson_	the unit tests it does now use requests-mock	20:07
bknudson_	I wouldn't expect a functional test to care what the user-agent is.	20:08
notmorgan	right. and it shouldn't	20:08
notmorgan	ever	20:08
samueldmq	henrynash: in that patch, I understood that the driver was implmeneting it as expected, but the driver signature was wrong	20:08
notmorgan	in fact... why do we care what our useragent is in ksm?	20:08
samueldmq	henrynash: is this right ?	20:08
notmorgan	we care that KSA does the right thing.	20:08
henrynash	samueldmq: the abstract signature in the manager was wrong, yes	20:08
bknudson_	auth_token sets the user agent to something so that you call tell it was auth_token.	20:08
samueldmq	henrynash: in this case, doesn't it deserve a release note ?	20:09
notmorgan	and if ksm isn't setting the agent when talking to ksa's lib, we should know... but i don't know if we care that it's tested.	20:09
bknudson_	the unit tests were assuming that the user-agent wasn't modified by ksa	20:09
notmorgan	ksa always formulating a rfc-compliant user-agent should be fine.	20:09
henrynash	samueldmq: perhaps, although nobody could have used the “wrong” signature, since their driver would not have worked	20:09
notmorgan	as a test	20:09
notmorgan	bknudson_: feel free to tell me i'm wrong though.	20:09
henrynash	samueldmq: so not sure it would really inform anyone	20:10
bknudson_	it probably excessive for auth_token to validate the request. should be ok just mocking ksa.	20:11
bknudson_	the tests are the way they are due to legacy reasons.	20:11
samueldmq	henrynash: okay, but that's really a case of changing the signature (regardless it's wrong or correct)	20:11
samueldmq	henrynash: and I thought that would require a new version?	20:11
bknudson_	auth_token should also be mocking keystoneclient.	20:11
samueldmq	henrynash: I was thinking about driver signatures regadless the implemetations (including ours ?)	20:12
samueldmq	henrynash: but I agree this is a special case ?	20:12
henrynash	samueldmq: so we signature we actually support is correct, the one we documented is not	20:12
henrynash	samuedlmq: and the abstarct signatures really seem to only be useful to tell you that you have missed a method altoghter	20:12
henrynash	samuedlmq: they don;t seem to complain if your param list is wroung, for instance	20:13
henrynash	(clearly, of what we had in Liberty) would have thown erros	20:13
samueldmq	henrynash: it's like we're not changing the abstract method because of functionality changes/inprovements	20:15
samueldmq	henrynash: that's just the documentation that was wrong	20:15
henrynash	samueldmq; correct	20:15
henrynash	samueldmq: yep	20:15
samueldmq	henrynash: hm, seems fair	20:15
samueldmq	henrynash: good, thanks for clarifying	20:16
henrynash	samuedlmq: np, fair questions	20:16
samueldmq	notmorgan: you working on a gate for keystone using ldap?	20:18
*** dims has quit IRC		20:18
*** dims has joined #openstack-keystone		20:18
notmorgan	samueldmq: no	20:19
notmorgan	samueldmq: i tried in the past and it was ugly	20:19
notmorgan	samueldmq: someone should finish https://review.openstack.org/#/c/231872/	20:20
samueldmq	notmorgan: should it be easier today ?	20:20
* samueldmq 's looking		20:20
notmorgan	samueldmq: and yeah it should be easier since we know LDAP is r/o and no assignment	20:20
*** rcernin has quit IRC		20:20
*** albertom has quit IRC		20:20
bknudson_	it would also help with ldap3 transition to get rid of the extra ldap code	20:21
samueldmq	notmorgan: want me to follow with that patch?	20:21
notmorgan	bknudson_: ++	20:21
samueldmq	bknudson_: basic question.. what kind of extra ldap code ? I am not aware of that transition	20:23
bknudson_	any ldap code that we don't need anymore, such as ldap assignment driver	20:23
samueldmq	bknudson_: got it	20:24
samueldmq	from what I can see now	20:24
samueldmq	first we would need to make devstack install openldap for us ?	20:24
bknudson_	devstack already has code to install openldap and configure it	20:25
*** e0ne has quit IRC		20:25
samueldmq	bknudson_: nice, so now the new gate would configure ldap and keystone accordingly	20:27
samueldmq	bknudson_: and it should work	20:27
*** ericksonsantos has quit IRC		20:27
bknudson_	the existing tests might do something that ldap driver doesn't support	20:28
samueldmq	agreed	20:28
*** jaosorior has quit IRC		20:30
*** jaosorior has joined #openstack-keystone		20:30
dims	stevemar : gate failures? https://jenkins03.openstack.org/job/gate-keystone-python27/1314/console	20:32
*** jsavak has quit IRC		20:33
dims	stevemar : due to new releases today?	20:33
stevemar	i hope not	20:33
bknudson_	this must be on stable	20:34
*** jaosorior has quit IRC		20:34
stevemar	dims: looks legit	20:34
*** tonytan4ever has joined #openstack-keystone		20:35
*** jsavak has joined #openstack-keystone		20:35
stevemar	bknudson_: why do you say that?	20:35
*** raildo is now known as raildo-afk		20:35
bknudson_	I thought we got rid of those tests on master	20:35
dims	bknudson_ : yep stable liberty https://review.openstack.org/#/c/265177/	20:37
*** daemontool has quit IRC		20:37
*** daemontool has joined #openstack-keystone		20:38
samueldmq	keystoners, I have news from our v2 only gate job (which has been only on devstack so far)	20:38
samueldmq	we have room for one more gate in tempest, so I will propose it against tempest as well (as nonvoting)	20:39
samueldmq	and as it's failing in a 10% rate in periodic-qa jobs, it can't be made voting for now	20:39
samueldmq	http://status.openstack.org/openstack-health/#/g/build_queue/periodic-qa	20:39
samueldmq	I will investigate what's happening and reduce that rate to something near 0%, so we can get it voting	20:40
samueldmq	err, I meant v3 only job ...	20:41
stevemar	dims: bknudson_ okay, looks like its just the keystone/liberty branch that'll be affected	20:41
samueldmq	cc jamielennox ^	20:41
bknudson_	stevemar: keystonemiddleware master is also broken	20:41
stevemar	bknudson_: yeah, i noticed but for different reasons	20:42
stevemar	bknudson_: https://review.openstack.org/#/c/267129/	20:42
stevemar	someone is already on it	20:42
bknudson_	keystonemiddleware also has a problem with a keystoneclient change	20:43
bknudson_	which I haven't had a chance to look into yet	20:43
bknudson_	it's probably the same change that cause keystone tests to fail	20:43
bknudson_	we should probably revert the ksc change	20:44
stevemar	bknudson_: which ksc change is it? is it ec2 related?	20:45
bknudson_	I haven't had a chance to look at which change it was	20:45
bknudson_	maybe it's multiple changes	20:45
*** aginwala has quit IRC		20:46
*** rcernin has joined #openstack-keystone		20:49
*** aginwala has joined #openstack-keystone		20:50
*** belmoreira has joined #openstack-keystone		20:56
*** aix has quit IRC		20:56
openstackgerrit	David Stanek proposed openstack/keystone: Removes KVS catalog backend https://review.openstack.org/158442	20:57
*** rderose has joined #openstack-keystone		20:59
*** jbell8 has quit IRC		21:00
*** aginwala has quit IRC		21:01
*** ekarlso has quit IRC		21:01
*** ekarlso has joined #openstack-keystone		21:01
stevemar	dims: bknudson_: okay, i have gathered the facts	21:02
stevemar	dims: bknudson_ we removed the ksc tests from master keystone here: https://review.openstack.org/#/c/240474/	21:03
*** gildub has joined #openstack-keystone		21:03
stevemar	which is why it isn't bombing on master	21:03
*** aginwala has joined #openstack-keystone		21:03
stevemar	dims: bknudson_ this review looks like it's the one causing the failure: https://review.openstack.org/#/c/250473/	21:03
*** raildo-afk is now known as raildo		21:03
*** raildo is now known as raildo-afk		21:03
*** rcernin has quit IRC		21:04
stevemar	"KeystoneReturnedList" is in all the error messages of the failed test	21:04
stevemar	for reference, here are the tests: https://github.com/openstack/keystone/blob/stable/liberty/keystone/tests/unit/test_v2_keystoneclient.py (in liberty)	21:04
openstackgerrit	Lin Hua Cheng proposed openstack/python-keystoneclient: Address hacking check H405 https://review.openstack.org/267172	21:05
stevemar	so I'm OK with removing the ksc tests in liberty, but we need to investigate and make sure that 250473 isn't causing real world failures	21:05
stevemar	i need coffee	21:05
bknudson_	maybe we need to implement equals or something.	21:06
bknudson_	I expect this would cause real-world failures, since applications might want to test for []	21:06
stevemar	yeah, that's what worries me	21:08
stevemar	okay, fix ksc and re-release 2.1.1	21:09
stevemar	err, just release, not re-release	21:09
stevemar	dims: you guys running internal CI, you always find these first?!	21:09
dims	stevemar : i am watching http://status.openstack.org//zuul/	21:11
*** spzala has quit IRC		21:11
dims	stevemar : especially when we cut some release i watch it for a bit	21:11
*** ayoung has joined #openstack-keystone		21:11
*** ChanServ sets mode: +v ayoung		21:11
*** spzala has joined #openstack-keystone		21:11
stevemar	dims: http://vignette3.wikia.nocookie.net/batman/images/9/97/Bc.jpg/revision/latest?cb=20130907131318	21:12
*** mserngawy_ has joined #openstack-keystone		21:12
dims	stevemar yep i am the guy standing and watching :)	21:13
*** ig0r_ has quit IRC		21:14
stevemar	lol	21:15
*** pauloewerton has quit IRC		21:16
*** spzala has quit IRC		21:16
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Revert "Change default endpoint for Keystone v3 to public" https://review.openstack.org/267180	21:20
bknudson_	^ reverts the change in ksc that, along with https://review.openstack.org/#/c/267129/ , should get ksm working again.	21:22
*** ig0r_ has joined #openstack-keystone		21:23
*** timcline has quit IRC		21:31
*** ig0r_ has quit IRC		21:31
*** RichardRaseley has joined #openstack-keystone		21:34
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Revert "Support `truncated` flag returned by keystone" https://review.openstack.org/267187	21:36
stevemar	bknudson_: both are affecting ?	21:36
*** KarthikB_ has joined #openstack-keystone		21:36
*** ankita_wagh has joined #openstack-keystone		21:37
bknudson_	stevemar: the latest one is the one that you said is breaking keystone tests	21:37
stevemar	yeah, so why the first revert? -- change default endpoint to public	21:37
henrynash	htruta: hi	21:37
*** KarthikB has quit IRC		21:38
*** timcline has joined #openstack-keystone		21:38
bknudson_	stevemar: the first revert is affecting auth_token unit tests	21:39
stevemar	balls	21:39
stevemar	fine fine	21:40
stevemar	bknudson_: thanks for the investigating	21:40
bknudson_	no problem.	21:40
stevemar	dims: we'll release as soon as possible, provided we can get the patches merged and such	21:41
dims	stevemar : ack	21:41
*** ig0r_ has joined #openstack-keystone		21:44
*** ig0r_ has quit IRC		21:45
bknudson_	we also might want to change auth_token such that it picks the interface? Maybe it's a config option?	21:45
ayoung	henrynash, can we drop list_prior roles anyway?	21:46
samueldmq	stevemar: that job is already going to run for every patch, but as nonvoting :)	21:47
henrynash	ayoung: I think we can if we don’t want to call it in the early filtering stage…and I would agree that it probably impacts more performance than just post flyering by ro;e	21:47
henrynash	role	21:47
dims	stevemar : heat stable/liberty broke as well https://jenkins05.openstack.org/job/gate-heat-python27/5409/console	21:50
stevemar	dims: dang it!	21:50
ayoung	henrynash, What would happen if we just skip that check?	21:52
ayoung	henrynash, in your original code version that is.	21:52
henrynash	you’ll just get more rows back to process at the end	21:55
*** rcernin has joined #openstack-keystone		21:55
stevemar	dims: heat breakage looks unrelated to keystone?	21:55
stevemar	dims: "AttributeError: <class 'ceilometerclient.client.AuthPlugin'> does not have the attribute 'redirect_to_aodh_endpoint"	21:55
stevemar	maybe gordc knows about that one?	21:55
dims	stevemar: AuthPlugin raised doubts	21:55
stevemar	side_effect=exceptions.EndpointNotFound	21:56
gordc	stevemar: how far up do i need to read?	21:56
dims	gordc : around?	21:56
*** alextricity_h has quit IRC		21:56
stevemar	gordc: not at all	21:56
dims	gordc : 16:50:40	21:56
stevemar	gordc: https://jenkins05.openstack.org/job/gate-heat-python27/5409/console	21:56
gordc	stevemar: tehre should be a patch from sileht	21:56
stevemar	gordc is so surly! i love it	21:56
gordc	it's related to 2.2.0 ceilometerclient	21:56
stevemar	dims: yay not our fault!	21:56
gordc	basically that function is gone.	21:56
dims	haha. sorry :)	21:57
stevemar	dims: you in markham on friday!?	21:57
gordc	https://review.openstack.org/#/c/266825/	21:57
stevemar	dims: dammit, i meant gordc	21:57
dims	haha	21:57
stevemar	gordc: you around on friday?	21:57
gordc	dims: you welcome to markham too. :)	21:57
stevemar	dims: you are more than welcome to be in markham on friday too :)	21:57
dims	would love to take you up on that offer guys :)	21:58
gordc	stevemar: i'm staying in toronto friday	21:58
gordc	i'm here now	21:58
stevemar	gordc: darn, we're playing opposite that day	21:58
gordc	stevemar: do you go to office still?	21:58
ayoung	henrynash, so you OK with the new logic?	21:58
dstanek	stevemar: you're quick on the reviews :-) i was planning on marking the templated catalog thing as a WIP while i fix up its tests	21:58
*** Guest97710 has quit IRC		21:59
stevemar	gordc: i am planning on going in, i have lunch plans, but was extending them to you :P	21:59
stevemar	dstanek: i have an itchy trigger finger	21:59
gordc	stevemar: i see. yeah, i'm basically never in markham friday	21:59
henrynash	ayoung: not sure why we don’t filter if implied roels are diabled and role_id is specified	21:59
stevemar	gordc: good call	21:59
gordc	dims: do we need to revert and leave that redirect function in?	21:59
henrynash	ayoung: but it is no big deal	22:00
gordc	dims: wasn't really aware anyone was mocking that function	22:00
*** vgridnev has quit IRC		22:00
dims	gordc : dunno, ask folks on heat?	22:00
henrynash	ayoung: and filter by roled is a rare occurance anyway	22:01
gordc	dims: kk	22:01
ayoung	henrynash, so...we could say "if CONF.token.infer_roles: filter_role_id = role_id	22:03
henrynash	yep	22:03
*** spzala has joined #openstack-keystone		22:03
ayoung	which I think was why I left that variable in there...	22:03
ayoung	henrynash, actually, that is backwards	22:03
ayoung	sjhould be	22:03
*** roxanagh_ has quit IRC		22:03
ayoung	if not CONF.token.infer_roles: filter_role_id = role_id	22:04
henrynash	ayoung: that’s half of the test I had in before….but then guilded the lily by adding the check for prior roels IF implied roels was enabled	22:04
henrynash	ayoung: so yes, if we out the check you suggest back in, then that’s fine	22:04
ayoung	I was going under the premise that the code is more solid if we always follow the same logic	22:04
henrynash	ayoung: and I think there is some validity to that	22:04
ayoung	collect all and post-filter.	22:04
ayoung	henrynash, make the call. I am good either way. This is not irreversible if we change our mings	22:05
ayoung	minds	22:05
henrynash	ayoung: and I think filtering by role_id will be rare, so…yeah, let;s leve it to the end	22:05
ayoung	++	22:05
ayoung	so the comment should read	22:05
*** belmoreira has quit IRC		22:05
openstackgerrit	Tom Cocozzello proposed openstack/keystone: WIP List assignments with names https://review.openstack.org/249958	22:06
ayoung	if inferred role expansion is disabled then there won't be any additional roles added	22:06
ayoung	or something less awkward. Other than that, are you good with the patch henrynash ?	22:07
dims	gordc : can you please hop onto #openstack-stable?	22:07
henrynash	yep…and you’ll remove the list_prior roles from the manager and drivers	22:07
ayoung	yes	22:07
*** spzala has quit IRC		22:07
henrynash	++	22:07
ayoung	henrynash, in genernal do you think it i bettter to put checks inside the internal funcsiont and return early, or put them outside and only call if the condition is met	22:08
ayoung	I seem to be doing one of each in this patch	22:08
henrynash	yep, I’m good…I could argue that technically we should add a manager CRUD tests for the manager methods,	22:08
ayoung	_add_implied_roles does the logic to short circuit but	22:08
henrynash	we test create/list in the test helper	22:08
*** tsymanczyk has joined #openstack-keystone		22:08
henrynash	No, I think it cleaner the way you seaprate dthe filter form teh add	22:08
*** tsymanczyk is now known as Guest75242		22:09
*** RichardRaseley has quit IRC		22:09
ayoung	henrynash, should I put the check for implied roles in the calling function, too, then? Just to be consistnat?	22:09
henrynash	ayoung: not sure I ‘m exactly foillowing you...	22:10
ayoung	refs = self._add_implied_roles(refs) could be	22:10
stevemar	tjcocozz: hows that list w/ names going?	22:10
*** rcernin has quit IRC		22:10
ayoung	if CONF.token.infer_roles: refs = self._add_implied_roles(refs)	22:11
ayoung	meh..I'll leave it	22:11
*** roxanagh_ has joined #openstack-keystone		22:11
henrynash	ayoung: yeah, leave it as is	22:11
openstackgerrit	ayoung proposed openstack/keystone: Implied roles driver and manager https://review.openstack.org/264260	22:16
*** jsavak has quit IRC		22:18
henrynash	ayoung: a couple of nits and one method needs to be removedin the V9wrapper	22:20
henrynash	ayoung: see comments on patch	22:20
*** kbringard has quit IRC		22:20
ayoung	henrynash, will do,. thanks	22:20
*** daemontool has quit IRC		22:22
*** daemontool has joined #openstack-keystone		22:23
*** boris-42 has quit IRC		22:23
*** Guest75242 has quit IRC		22:26
*** KarthikB_ has quit IRC		22:27
*** gildub has quit IRC		22:30
htruta	henrynash, regarding the comment of the failure here https://review.openstack.org/#/c/210600/43/keystone/tests/unit/test_backend.py I've submitted a bug 1533778 to it	22:31
openstack	bug 1533778 in OpenStack Identity (keystone) "Resource legacy backend driver is using v9's cache" [Undecided,New] https://launchpad.net/bugs/1533778	22:31
*** tsymancz1k has joined #openstack-keystone		22:31
*** spzala has joined #openstack-keystone		22:35
*** spzala has quit IRC		22:35
*** spzala has joined #openstack-keystone		22:36
openstackgerrit	ayoung proposed openstack/keystone: Implied roles driver and manager https://review.openstack.org/264260	22:37
ayoung	henrynash, role_id is a required param, but I moved the comment and removed the local var	22:37
*** timcline has quit IRC		22:39
*** spzala has quit IRC		22:40
*** petertr7 is now known as petertr7_away		22:41
*** vivekd has quit IRC		22:46
henrynash	ayoung: yep looks fine…	22:48
htruta	henrynash, have you seen the bug I submitted? makes sense?	22:51
*** browne has quit IRC		22:54
*** sigmavirus24 is now known as sigmavirus24_awa		22:55
*** jasonsb has quit IRC		22:57
*** aginwala has quit IRC		22:58
roxanagh_	stevemar: problems with https://bugs.launchpad.net/python-keystoneclient/+bug/1457702 ?	23:02
openstack	Launchpad bug 1457702 in python-keystoneclient "The default endpoint interface type for Keystone v3 should be 'public'" [Low,Confirmed] - Assigned to Boris Bobrov (bbobrov)	23:02
henrynash	htruta: so I’m a bit confused	23:02
henrynash	htruta: are you saying the manager tests are passing on a V8 driver because V9 answers are being cached?	23:03
*** tsymancz1k has quit IRC		23:04
*** spzala has joined #openstack-keystone		23:04
*** aginwala has joined #openstack-keystone		23:06
*** aginwala has quit IRC		23:07
*** aginwala has joined #openstack-keystone		23:07
*** jbell8 has joined #openstack-keystone		23:09
*** spzala has quit IRC		23:09
henrynash	htruta: ah, got it….the create_project call sets up the the cache….and so get_project_by_name finds it!!	23:10
jamielennox	stevemar, bknudson_: crisis fixed?	23:11
henrynash	htruta: see my suggestion on teh fix	23:12
*** rderose has quit IRC		23:17
*** rderose has joined #openstack-keystone		23:18
*** jbell8 has quit IRC		23:19
htruta	henrynash, just saw it... so you suggest removing the "is_domain" from cache?	23:21
henrynash	htruta: no, just only set it on project create/update IF is_domain==false	23:22
henrynash	htruta: setting it when you actually call get_project_by_name(0 is fine, since the V8 driver will rasie an error if is_domain==True	23:22
henrynash	htruta: i.e. when running with a V8 driver, we’ll never have a project with is_domain=True in teh cache for get_project_by_na,e	23:23
htruta	henrynash, yes, got it. So, not a bug, right?	23:23
*** tsymanczyk has joined #openstack-keystone		23:24
*** tsymanczyk is now known as Guest67265		23:24
henrynash	htruta: is an unfortuante side effect of caching and old signature support. I\m not sure how we would fix it otherwise AND still stick with the mantra that we only have one manager version	23:24
*** rderose has quit IRC		23:25
henrynash	htruta: so no, I don’t think it should be a big	23:25
henrynash	bug	23:25
*** spzala has joined #openstack-keystone		23:25
henrynash	htruta: this is way the orginal tests were NOT failing with teh V8 driver I assume?	23:26
henrynash	(this was why)	23:26
htruta	henrynash, yes, they were not failing that specific point, because the get_project_by_name was cached... but now my overwritten test is failing	23:26
htruta	as it is cached too	23:27
henrynash	htruta: damned if you do, damned if you don’t!	23:27
henrynash	htruta: but teh fix I am suggesting will, I think get round both issues	23:27
*** slberger has left #openstack-keystone		23:28
htruta	henrynash, hehe... not actually... I've overwritten because it really was the right thing to do, a different behavior	23:28
htruta	but yes, your suggestion seems to solve it all	23:28
henrynash	htruta: cool	23:28
henrynash	htruta: separaet subject…and our favorite….projects acting as domains....	23:29
*** gordc has quit IRC		23:29
*** spzala has quit IRC		23:29
henrynash	htruta: so I’m still concerned how we are doing this (e.g. the tests etc.)….would you mind if I had a bash at restructuring the two patches….if it turns out to be rubbish, we can ditch my attempt	23:30
henrynash	htruta:….however, if it works, they’ll be the most co-authored patches in history!	23:30
htruta	henrynash, I was thinking on how to make the approach you use to do	23:30
htruta	but couldn't find an easy way to separate driver and manager in more than one patch without break things up	23:31
henrynash	htruta: I still think we’ve got a number of things a bit muddled up////	23:31
htruta	henrynash, haha. feel free to hack on it	23:31
henrynash	hrtuta: i’ll have a go…I’ll soon find out if my ideas don;t work out!	23:31
htruta	henrynash, we do have a few things that can be split, but they don't seem to reduce the size of it as I wanted	23:32
*** phalmos has quit IRC		23:33
htruta	didn't like the new gerrit red bar :(	23:33
*** henrynash has quit IRC		23:33
*** topol has quit IRC		23:34
*** gildub has joined #openstack-keystone		23:34
*** topol_ has joined #openstack-keystone		23:37
*** topol_ is now known as Guest57135		23:37
*** chlong-afk has quit IRC		23:40
*** henrynash has joined #openstack-keystone		23:53
*** ChanServ sets mode: +v henrynash		23:53
*** shoutm has joined #openstack-keystone		23:55
*** aginwala has quit IRC		23:56
*** browne has joined #openstack-keystone		23:59
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!