Friday, 2016-01-22

« Thursday, 2016-01-21 Index Saturday, 2016-01-23 »
*** su_zhang_ has joined #openstack-keystone00:00
*** su_zhang has quit IRC00:00
*** spzala has quit IRC00:00
*** ducttape_ has quit IRC00:01
*** rbak_ has quit IRC00:01
*** ayoung has quit IRC00:10
*** markvoelker has quit IRC00:11
*** shaleh|away is now known as shaleh00:11
openstackgerritMerged openstack/keystone: Add asserts for service providers  https://review.openstack.org/26580900:11
openstackgerritMerged openstack/keystone: Fix docstring  https://review.openstack.org/26989900:12
*** darrenc_afk is now known as darrenc00:12
*** phalmos has quit IRC00:15
*** gildub has joined #openstack-keystone00:15
*** phalmos has joined #openstack-keystone00:16
*** phalmos has quit IRC00:16
*** markvoelker has joined #openstack-keystone00:18
*** jasonsb has joined #openstack-keystone00:25
openstackgerritLin Hua Cheng proposed openstack/keystone: Address comments from Implied Role manager patch  https://review.openstack.org/26999000:25
*** zqfan has joined #openstack-keystone00:26
*** gyee has quit IRC00:28
*** yarkot has joined #openstack-keystone00:29
*** gyee has joined #openstack-keystone00:30
*** ChanServ sets mode: +v gyee00:30
*** gildub has quit IRC00:32
*** tsymanczyk has quit IRC00:36
*** lhcheng_ has quit IRC00:36
*** gildub has joined #openstack-keystone00:37
*** shoutm_ has joined #openstack-keystone00:39
*** shoutm has quit IRC00:42
*** x58 has quit IRC00:50
*** x58 has joined #openstack-keystone01:00
openstackgerrithenry-nash proposed openstack/keystone: Remove duplicate LDAP test class  https://review.openstack.org/27110601:00
*** jidar has quit IRC01:00
*** jidar has joined #openstack-keystone01:04
*** doug-fish has quit IRC01:04
*** doug-fish has joined #openstack-keystone01:05
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947901:05
*** doug-fish has quit IRC01:06
*** doug-fish has joined #openstack-keystone01:06
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947901:06
*** markvoelker has quit IRC01:09
*** su_zhang_ has quit IRC01:09
*** davechen has joined #openstack-keystone01:09
*** su_zhang has joined #openstack-keystone01:14
*** spzala has joined #openstack-keystone01:16
*** yarkot_ has joined #openstack-keystone01:18
openstackgerrithenry-nash proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261401:18
openstackgerrithenry-nash proposed openstack/keystone: Add tests for role management with v3policy file  https://review.openstack.org/26184601:19
*** spzala has quit IRC01:21
*** spzala has joined #openstack-keystone01:25
*** davechen1 has joined #openstack-keystone01:28
*** _cjones_ has quit IRC01:29
*** spzala has quit IRC01:29
*** yarkot_ has quit IRC01:29
*** davechen has quit IRC01:30
*** dslev has joined #openstack-keystone01:30
*** dslev_ has joined #openstack-keystone01:32
openstackgerrithenry-nash proposed openstack/keystone: Add CRUD support for domain specific roles  https://review.openstack.org/26187001:33
openstackgerrithenry-nash proposed openstack/keystone: Modify rules in the v3 policy sample for domain specifc roles  https://review.openstack.org/26207801:34
*** dslev has quit IRC01:35
openstackgerrithenry-nash proposed openstack/keystone: Modify implied roles to honor domain specific roles  https://review.openstack.org/26306401:38
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354901:38
*** henrynash has joined #openstack-keystone01:39
*** ChanServ sets mode: +v henrynash01:39
*** ayoung has joined #openstack-keystone01:41
*** ChanServ sets mode: +v ayoung01:41
openstackgerritSteve Martinelli proposed openstack/keystone: Remove additional references to ldap role attribs  https://review.openstack.org/27055101:41
*** shoutm_ has quit IRC01:49
*** lhcheng has joined #openstack-keystone01:52
*** ChanServ sets mode: +v lhcheng01:52
stevemarnotmorgan: anything else we need to deprecate in keystone server?01:52
stevemarwe did v2 APIs, ldap write for identity, PKI, and memcache/memcache_pool for tokens01:53
stevemari think we're done...01:53
*** dslev_ has quit IRC01:55
*** shoutm has joined #openstack-keystone01:55
stevemarayoung: is revoke_by_expiration() pointless at this point?02:00
ayoungstevemar, I think so02:01
ayoungstevemar, refresh me:  is that userid and expiration?02:01
stevemarayoung: seems like it's only used if there is no audit_id in the token02:01
stevemarwhich never happens?02:01
ayoungthat was a cheap way to revoke by ID02:01
ayoungactually, I take that back02:01
ayoungthat might be a keeper02:01
ayoungit was a way to revoke all the tokens generated from a single token02:02
stevemarit has been deprecated since Juno with remove_in=002:02
ayoungwe force unscoped to scoped only02:02
ayoungstevemar, meh02:02
ayoungI think it broken Horizon02:02
*** spzala has joined #openstack-keystone02:02
ayoungif you revoked all the tokens with the same expiration, and horizon was using the unscoped to get the scoped02:03
ayoungwe decided it had to be "pointed downhill"02:03
notmorganstevemar: uhmm.02:03
notmorganDon't think we have more to deprecate02:03
notmorgan...02:03
stevemarayoung: i'll propose a patch, comment on there02:03
notmorganTokens should always have an audit I'd now02:03
*** browne has quit IRC02:04
*** dims__ has joined #openstack-keystone02:04
notmorganayoung: same reason revoke by audit chain id was an issue02:05
notmorganBroke horizon. :(02:05
*** dims_ has quit IRC02:06
*** spzala has quit IRC02:06
*** jaosorior has quit IRC02:12
*** su_zhang has quit IRC02:12
*** jaosorior has joined #openstack-keystone02:12
*** su_zhang has joined #openstack-keystone02:16
*** doug-fish has quit IRC02:20
*** doug-fish has joined #openstack-keystone02:21
*** doug-fish has quit IRC02:21
*** doug-fish has joined #openstack-keystone02:21
*** davechen1 has quit IRC02:23
*** su_zhang has quit IRC02:25
*** su_zhang has joined #openstack-keystone02:25
*** shoutm has quit IRC02:25
*** su_zhang has quit IRC02:26
*** shoutm has joined #openstack-keystone02:27
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow parameter expansion in endpoint_override  https://review.openstack.org/27112002:39
jamielennox^ is one of the prettiest patterns i've seen in python02:41
jamielennoxthe whole duck typing just works thing02:41
* lhcheng ear is itching.. wonder what broke in horizon02:41
*** spzala has joined #openstack-keystone02:42
ayounglhcheng, nothing, we broken and fixen long ago02:44
lhchengayoung: whew02:45
lhchengayoung: thanks for confirming02:45
lhchengayoung: adding IdP management panels to horizon in case your interested: https://review.openstack.org/#/c/244991/02:46
*** woodster_ has quit IRC02:46
lhchengstevemar: you done some rebasing on the new ui, what is the checkbox "Change parent revision" for?02:49
stevemarlhcheng: i think it attempts to rebase the dependent patch too02:49
*** doug-fish has quit IRC02:50
ayoungjamielennox, I'm still stiching the Implied Role review back together after you hacked it apart.  Thank You02:52
jamielennoxayoung: i was quite proud of that review - found lots of stuff ;)02:53
*** richm has quit IRC02:53
ayoungjamielennox, the code is much, much better due to that02:55
jamielennoxayoung: i've got my test script here somewhere if you want it02:55
ayoungjamielennox, nah...I want to be surprised!02:55
ayoungjamielennox, we need that as a functional test somehow.02:56
jamielennoxayoung: http://paste.openstack.org/show/484619/02:56
ayoungjamielennox, why the uuids?02:56
jamielennoxayoung: they're the role_ids keystone created02:57
ayoungjamielennox, so, for a functional test, we should do a roel create for each of those first?02:57
jamielennoxyou'd need to openstack role create role1 etc and insert actual id02:57
ayoungjamielennox, I'm thinking that functional tests need to be out of the Keystone tree, as they should pull in the client.  Should be a separate repo?02:58
ayoungtesting without client is just too much like our API tests already02:58
jamielennoxayoung: depends, when the right code is available in client they could be client functional tests02:59
ayoungjamielennox, I think if we had them out of tree, and the client code was used to call them, we would have functional tests already03:00
ayoungAs it is, we have the stub inplace and  have for 2 releases now03:00
jamielennoxayoung: maybe they should just go in tempest ?03:00
ayoungstevemar, I think I want to split functional tests out into their own repo and have them run from the clilent03:00
ayoungjamielennox, no03:00
ayoungwe should write and manage them03:01
ayoungjust like we were going to do inside hte Keystone repo03:01
ayoungmaybe use the tempest infrastructure, but they should be in a separate repo03:01
*** spzala has quit IRC03:04
jamielennoxnotmorgan: jenkins +1ed this: https://review.openstack.org/#/c/271051/2 :O03:04
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261403:04
*** spzala has joined #openstack-keystone03:04
jamielennoxthis is the same problem with the v3 only gate job though, it only runs against the basic devstack deploy03:05
jamielennoxhow do we get it into the other services03:05
jamielennoxayoung: ^ would also interest you03:05
ayoungjamielennox, maybe we need to change the basic devstack deploy?03:06
jamielennoxayoung: you'd never get past the stalemate03:06
jamielennoxthe base can't change until it doesn't break everyone's testing, no-one's testing is broken because it's not doing the right thing03:07
ayoungjamielennox, yeah.03:07
ayoungjamielennox, programming is like sex...03:08
jamielennoxit's always long enough between looking at project-config that i've completely forgotten how it works03:08
jamielennox(hopefully not like sex)03:08
*** spzala has quit IRC03:09
jamielennoxayoung: i changed it to default to Default domain so hopefully we can get a gate job running in services where it's not Default03:15
*** links has joined #openstack-keystone03:26
*** wasmum- has quit IRC03:33
*** lhcheng has quit IRC03:33
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204503:34
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204503:35
*** wasmum has joined #openstack-keystone03:36
*** links has quit IRC03:40
*** bill_az has quit IRC03:46
*** links has joined #openstack-keystone03:48
*** spandhe has quit IRC03:48
*** doug-fish has joined #openstack-keystone03:50
openstackgerritMerged openstack/keystone: Doc FIX  https://review.openstack.org/26725303:58
*** doug-fish has quit IRC04:00
*** shoutm_ has joined #openstack-keystone04:03
*** links has quit IRC04:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/26932104:04
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/26845304:04
*** shoutm has quit IRC04:05
*** dims__ has quit IRC04:08
*** vgridnev has joined #openstack-keystone04:08
ayounghenrynash, OK, I think I have circular dependencies licked.04:10
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow parameter expansion in endpoint_override  https://review.openstack.org/27112004:11
*** daemontool_ has quit IRC04:12
*** daemontool_ has joined #openstack-keystone04:13
*** links has joined #openstack-keystone04:16
openstackgerritayoung proposed openstack/keystone: Check for circular references when expanding implied roles  https://review.openstack.org/27113404:16
*** shaleh has quit IRC04:18
*** daemontool_ has quit IRC04:18
openstackgerritSteve Martinelli proposed openstack/keystone: remove deprecated revoke_by_expiration function  https://review.openstack.org/27113504:20
*** agireud has quit IRC04:20
*** agireud has joined #openstack-keystone04:22
*** links has quit IRC04:27
*** links has joined #openstack-keystone04:28
*** wanghua has quit IRC04:44
openstackgerritSteve Martinelli proposed openstack/keystone: Removed deprecated revoke KVS backend  https://review.openstack.org/26777704:49
*** links has quit IRC04:50
*** browne has joined #openstack-keystone04:53
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947904:55
*** fawadkhaliq has joined #openstack-keystone04:56
*** links has joined #openstack-keystone04:57
*** spzala has joined #openstack-keystone05:05
*** lhcheng has joined #openstack-keystone05:07
*** ChanServ sets mode: +v lhcheng05:07
*** su_zhang has joined #openstack-keystone05:07
*** spzala has quit IRC05:10
stevemardstanek: ewww for the failing test cases here: https://review.openstack.org/#/c/267777/05:11
*** links has quit IRC05:13
*** links has joined #openstack-keystone05:21
*** vgridnev has quit IRC05:24
*** doug-fish has joined #openstack-keystone05:32
*** doug-fish has quit IRC05:32
*** links has quit IRC05:36
*** links has joined #openstack-keystone05:37
*** gildub has quit IRC05:43
*** markvoelker has joined #openstack-keystone05:44
*** shoutm has joined #openstack-keystone05:47
*** vgridnev has joined #openstack-keystone05:47
openstackgerritMerged openstack/keystone: Add checks for token data creep using jsonschema  https://review.openstack.org/25425805:49
*** shoutm_ has quit IRC05:49
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947905:53
*** vikram has joined #openstack-keystone05:56
*** links has quit IRC05:59
*** links has joined #openstack-keystone06:01
*** markvoelker_ has joined #openstack-keystone06:04
*** markvoelker has quit IRC06:07
*** links has quit IRC06:22
*** links has joined #openstack-keystone06:23
*** shoutm_ has joined #openstack-keystone06:32
*** _cjones_ has joined #openstack-keystone06:32
*** shoutm has quit IRC06:32
*** jaosorior has quit IRC06:32
*** jaosorior has joined #openstack-keystone06:33
*** vgridnev has quit IRC06:33
*** _cjones_ has quit IRC06:34
*** _cjones_ has joined #openstack-keystone06:35
*** shoutm_ has quit IRC06:40
*** Nirupama has joined #openstack-keystone06:45
*** shoutm has joined #openstack-keystone06:45
*** links has quit IRC06:46
*** links has joined #openstack-keystone06:50
*** vgridnev has joined #openstack-keystone06:54
*** su_zhang has quit IRC06:59
*** su_zhang has joined #openstack-keystone07:06
*** links has quit IRC07:09
*** links has joined #openstack-keystone07:09
vikramFacing some issues with latest devstack installtion07:12
*** pnavarro has joined #openstack-keystone07:12
vikramCan someone help ;)07:13
*** _cjones_ has quit IRC07:17
*** pnavarro has quit IRC07:18
*** _cjones_ has joined #openstack-keystone07:18
*** EinstCrazy has quit IRC07:21
bretonmorning keystone07:29
*** rcernin has joined #openstack-keystone07:31
*** links has quit IRC07:31
*** su_zhang has quit IRC07:33
*** belmoreira has joined #openstack-keystone07:34
*** oomichi has joined #openstack-keystone07:44
*** links has joined #openstack-keystone07:48
*** jed56 has joined #openstack-keystone07:48
*** links has quit IRC07:54
*** lhcheng has quit IRC07:55
*** shoutm has quit IRC08:03
*** shoutm has joined #openstack-keystone08:04
*** spzala has joined #openstack-keystone08:05
*** spzala has quit IRC08:09
*** boris-42 has quit IRC08:13
*** _cjones_ has quit IRC08:15
*** daemontool has joined #openstack-keystone08:18
*** vgridnev has quit IRC08:20
*** spandhe has joined #openstack-keystone08:22
*** shoutm_ has joined #openstack-keystone08:22
*** links has joined #openstack-keystone08:22
*** shoutm has quit IRC08:25
*** davechen has joined #openstack-keystone08:26
openstackgerrithenry-nash proposed openstack/keystone: Enhance manager list_role_assignments to support group listing  https://review.openstack.org/26565008:27
openstackgerrithenry-nash proposed openstack/keystone: Modify implied roles to honor domain specific roles  https://review.openstack.org/26306408:33
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354908:34
*** links has quit IRC08:35
*** shoutm_ has quit IRC08:36
*** henrynash has quit IRC08:37
*** markvoelker_ has quit IRC08:38
vikramcan someone help for " Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL."08:42
vikramgetting this error with devstack installation08:43
vikramcan someone help08:43
*** oomichi is now known as oomichi_away08:45
*** pnavarro has joined #openstack-keystone08:45
*** daemontool has quit IRC08:48
*** daemontool has joined #openstack-keystone08:48
*** oomichi_away has quit IRC08:49
*** spandhe has quit IRC08:52
*** fhubik has joined #openstack-keystone08:54
*** browne has quit IRC08:58
*** daemontool_ has joined #openstack-keystone09:03
*** daemontool has quit IRC09:06
*** jistr has joined #openstack-keystone09:15
bretonhttps://cloud.google.com/iam/ -- iam in google cloud09:16
*** mhickey has joined #openstack-keystone09:23
*** e0ne has joined #openstack-keystone09:24
*** vgridnev has joined #openstack-keystone09:25
*** e0ne has quit IRC09:27
*** tyagiprince has joined #openstack-keystone09:27
*** tyagiprince has quit IRC09:28
*** tyagiprince has joined #openstack-keystone09:28
*** boris-42 has joined #openstack-keystone09:33
*** markvoelker has joined #openstack-keystone09:34
*** markvoelker has quit IRC09:39
*** markvoelker has joined #openstack-keystone09:39
*** lhcheng has joined #openstack-keystone09:43
*** ChanServ sets mode: +v lhcheng09:43
*** markvoelker has quit IRC09:44
*** markvoelker has joined #openstack-keystone09:45
*** lhcheng has quit IRC09:48
*** markvoelker has quit IRC09:50
*** fhubik has quit IRC09:50
davechenvikram: try to remove the outdated yam file09:58
davechenvikram: i think you hit this bug -   https://bugs.launchpad.net/devstack/+bug/151535210:00
openstackLaunchpad bug 1515352 in devstack "Stacking fails on fedora 22 "Could not determine a suitable URL for the plugin"" [Undecided,Fix committed]10:00
vikramdavechen: thanks10:00
davechenremove this file ~/.config/openstack/clouds.yaml  should work for you10:00
tyagiprincedstanek: Yep reading documentations and code these days.. not able to picturize the servers and clients.. Who is doing what work etc..10:08
*** jaosorior has quit IRC10:14
*** jaosorior has joined #openstack-keystone10:15
*** aix has joined #openstack-keystone10:23
*** jasonsb has quit IRC10:26
*** bradjones_ has quit IRC10:28
*** bradjones_ has joined #openstack-keystone10:29
*** bradjones_ has quit IRC10:29
*** bradjones_ has joined #openstack-keystone10:29
*** genunix has joined #openstack-keystone10:32
genunixHello, I have a little question - is it possible to ensure some users are automatically assigned to newly created project with defined role? I was thinking about writing a paste middleware to do this but I am not sure how to inject code to be executed after tenant creation (and not before the app itself as in case of filters).10:34
*** markvoelker has joined #openstack-keystone10:35
notmorgangenunix: there currently isn't a way to do that. it's been talked about a bunch at the midcycles and summits10:35
notmorganthere is clearly a desire for that kind of functionality10:35
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204510:36
notmorgangenunix: we've long said that it might be best to have something listen to the rabbit bus for <create> events and then have an out-side service trigger and do the work of the auto provisioning10:37
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204510:37
notmorgangenunix: i don't know if a paste filter will really do what you want10:37
*** shoutm has joined #openstack-keystone10:37
*** markvoelker has quit IRC10:39
*** bradjones_ has quit IRC10:40
*** e0ne has joined #openstack-keystone10:40
openstackgerritMerged openstack/keystone: Fix typo abstact in comments  https://review.openstack.org/27055810:40
*** bradjones_ has joined #openstack-keystone10:41
*** bradjones_ has quit IRC10:41
*** bradjones_ has joined #openstack-keystone10:41
genunixnotmorgan: thank you for answer. So maybe only reasonable way is to create class that will inherit endpoint class and just override method for tenant creation?10:43
*** vgridnev has quit IRC10:44
*** bradjones_ has quit IRC10:45
*** vikram has left #openstack-keystone10:47
*** bradjones_ has joined #openstack-keystone10:47
*** bradjones_ has quit IRC10:47
*** bradjones_ has joined #openstack-keystone10:47
*** vgridnev has joined #openstack-keystone10:48
notmorgangenunix: or have an external service that listens for the tenant creation, and then does the work via the keystone apis when you get the event10:50
notmorgani don't recommend subclassing if you can work with the event listener10:50
*** dims has joined #openstack-keystone11:00
*** fhubik has joined #openstack-keystone11:01
openstackgerritGrzegorz Grasza (xek) proposed openstack/keystone: POC Online Schema Migration: Add BinaryHex field  https://review.openstack.org/26969311:09
openstackgerritGrzegorz Grasza (xek) proposed openstack/keystone: Unit test for checking cross-version migrations compatibility  https://review.openstack.org/24160311:09
openstackgerritGrzegorz Grasza (xek) proposed openstack/keystone: Online schema migration documentation  https://review.openstack.org/26525211:09
*** markvoelker has joined #openstack-keystone11:12
*** tyagiprince has quit IRC11:14
openstackgerritDave Chen proposed openstack/keystone: Relax the schema validation to accept empty request body  https://review.openstack.org/23744811:14
*** markvoelker has quit IRC11:18
*** fawadkhaliq has quit IRC11:22
*** fawadkhaliq has joined #openstack-keystone11:23
*** aix has quit IRC11:23
openstackgerritDave Chen proposed openstack/keystone: Relax the schema validation to accept empty request body  https://review.openstack.org/23744811:24
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204511:29
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204511:30
*** aix has joined #openstack-keystone11:37
*** fawadkhaliq has quit IRC11:41
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947911:41
*** fhubik is now known as fhubik_brb11:46
*** openstackgerrit has quit IRC11:47
*** openstackgerrit has joined #openstack-keystone11:47
*** fawadkhaliq has joined #openstack-keystone11:48
*** fhubik_brb is now known as fhubik11:48
*** fawadkhaliq has quit IRC11:49
*** fawadkhaliq has joined #openstack-keystone11:50
*** ajayaa has joined #openstack-keystone11:50
*** tyagiprince has joined #openstack-keystone11:51
*** bradjones_ has quit IRC11:52
*** boris-42 has quit IRC11:53
*** bradjones_ has joined #openstack-keystone11:53
*** bradjones_ has quit IRC11:53
*** bradjones_ has joined #openstack-keystone11:53
*** fawadkhaliq has quit IRC11:54
*** ajayaa has quit IRC11:59
*** ajayaa has joined #openstack-keystone12:00
*** bradjones has quit IRC12:01
*** bradjones_ is now known as bradjones12:01
*** jaosorior has quit IRC12:03
*** jaosorior has joined #openstack-keystone12:03
*** spzala has joined #openstack-keystone12:05
*** markvoelker has joined #openstack-keystone12:07
*** spzala has quit IRC12:09
*** markvoelker has quit IRC12:12
*** openstackgerrit has quit IRC12:33
*** openstackgerrit has joined #openstack-keystone12:33
*** gordc has joined #openstack-keystone12:34
*** markvoelker has joined #openstack-keystone12:42
dstanektyagiprince: focus on just one. for example, use the curl commands from the keystone docs against keystone to see what is happening12:44
dstanektyagiprince: that way the client isn't doing anything12:44
tyagiprincedstanek: Okay.. Thanks..12:45
dstanektyagiprince: and to answer you question from a few days ago....the different projects all have different ways they are architected.12:46
*** markvoelker has quit IRC12:54
*** pauloewerton has joined #openstack-keystone12:57
*** bill_az has joined #openstack-keystone12:59
ajayaadavechen, Can you please clarify your comment on https://review.openstack.org/#/c/270057/3?12:59
*** dims is now known as dimsum__13:00
*** vgridnev has quit IRC13:01
raildodstanek: ping, can you help me with this patch? https://review.openstack.org/#/c/134095/ we are getting a error on py34 http://logs.openstack.org/95/134095/15/check/gate-keystone-python34/b026c5a/console.html.gz13:02
raildodstanek: and I don't know how to fix it :(13:02
*** fhubik is now known as fhubik_brb13:04
*** daemontool_ has quit IRC13:04
ajayaalbragstad, What could be a good place to store the urn namespace in https://review.openstack.org/#/c/252182.13:08
ajayaaI though common/utils.py is a good place to store it and I am importing the same in tests.13:08
ajayaas/though/thought13:09
*** fhubik_brb is now known as fhubik13:11
*** vgridnev has joined #openstack-keystone13:16
*** e0ne has quit IRC13:16
*** e0ne has joined #openstack-keystone13:17
*** vgridnev has quit IRC13:19
*** edmondsw has joined #openstack-keystone13:20
*** fhubik is now known as fhubik_brb13:20
dstanekraildo: sure, i can take a look13:21
davechenajayaa: seem like i have not commented on that patch.13:22
davechenajayaa: you meant this one https://review.openstack.org/#/c/270057/ ?13:23
*** vgridnev has joined #openstack-keystone13:24
*** mattt has joined #openstack-keystone13:28
ajayaadavechen, sorry. wrong link. This one: https://review.openstack.org/#/c/252182/613:28
mattthi all, anyone familiar with https://review.openstack.org/#/c/215212/ ?13:29
davechenajayaa: pls check the source from uuid, it's 32 instead of 64.13:29
davechenajayaa: i have aleady pasted the code there.13:30
*** Nirupama has quit IRC13:31
davechenfrom the source i see that the lenght of the hex should be 32 or else it will raise ValueError.13:31
davechen/hex/hex string13:31
ajayaaThe length of hex should be more than 64 to raise a ValueError.13:33
ajayaadavachen ^^13:33
davechenajayaa: why?13:33
davechen            if len(hex) != 32:13:34
davechen                raise ValueError('badly formed hexadecimal UUID string')13:34
davechenmy source is outdated?13:34
ajayaaWhat do you mean by source?13:34
ajayaaPython source or patch source?13:35
davechenajayaa: if you pass the way the value in that way, i think it should strictly match with the 32 insead of no more that 64 or 3213:35
ajayaalen(uuid.uuid4().hex) gives 32.13:35
davechenajayaa: the code from uuid13:35
davechenajayaa: yep, so why you check the length with 64?13:36
davechenajayaa: pls dig into the code python27\lib\uuid.py13:36
ajayaaWhat we are trying to do there is, if the value is valid hex value then return it.13:36
ajayaaOtherwise we are creating new UUID using uuid.uuid5.13:36
ajayaaThat's all we are doing.13:37
davechenajayaa: so how do you catch the valueError? why it comes from?13:37
davechenajayaa: it's from uuid lib, right?13:38
ajayaaYes.13:38
*** markvoelker has joined #openstack-keystone13:38
davechenajayaa: so, the lib has tell you the length should be 32 size.13:38
ajayaaThe ValueError comes if the length is more than 32 or less than 32 and the value is not valid UUID hex value.13:38
ajayaadavechen, yes.13:39
ajayaaIf it's not then we will make sure we output a value which is 32 chracters in length and can be used in other places.13:40
ajayaa64 limit is there for the simple reason being we are only concerned with cases where value is a concatenation of two uuid hex values.13:40
ajayaadavechen, Do I make sense? :)13:41
davechenajayaa: i see.13:41
*** markvoelker has quit IRC13:43
ajayaaI need help with one thing. What do you think is a good place to put RESOURCE_ID_NAMESPACE present in utils.py file.13:43
ajayaadavechen ^^13:43
davechenajayaa: i think it's okay to put the constant there, thanks for the clarification!13:48
ajayaayou are welcome.13:50
*** tyagiprince has quit IRC13:53
dstanekmattt: what's up?13:55
*** fhubik_brb is now known as fhubik13:55
*** doug-fish has joined #openstack-keystone13:55
*** markvoelker has joined #openstack-keystone13:59
*** belmoreira has quit IRC14:00
*** markvoelker_ has joined #openstack-keystone14:01
matttdstanek: dolphm is fielding some questions for us in #openstack-ansible :)14:04
*** markvoelker has quit IRC14:04
*** tyagiprince has joined #openstack-keystone14:05
*** dslev_ has joined #openstack-keystone14:06
raildodstanek: thanks :)14:08
*** daemontool has joined #openstack-keystone14:08
openstackgerritDolph Mathews proposed openstack/keystone: Update mod_wsgi + cache config docs  https://review.openstack.org/27131114:10
*** daemontool_ has joined #openstack-keystone14:12
*** daemontool has quit IRC14:13
lbragstadbug day!14:16
lbragstaddstanek have you ever read http://rfc.zeromq.org/spec:22 ?14:18
*** richm has joined #openstack-keystone14:18
ajayaalbragstad, Hey! I want a little help with https://review.openstack.org/#/c/252182/14:21
lbragstadayoung sure, what's up?14:22
ajayaaWhat common file should I put RESOURCE_ID_NAMESPACE in?14:22
ajayaawrong autoocompletion I suppose*. :)14:23
lbragstadcould it be imported as a constant from keystone/common/utils.py ?14:23
*** Ephur has quit IRC14:23
ajayaaokay. Already did that. Will push it. Thanks.14:24
ajayaaOne more thing, when stevemar says test with non-ascii chracter what does he mean?14:24
ajayaaShall the input be somthing like 'ß' * 6514:25
lbragstadajayaa yes - I believe that is what he was referencing14:25
bknudsonlbragstad: is there an etherpad for bugday work?14:25
openstackgerritTom Cocozzello proposed openstack/keystone: Fix nits in include names patch  https://review.openstack.org/27088414:25
ajayaalbragstad, Okay. If I put 'ß' in Python file then I would have declare encoding on the top.14:26
ajayaaWould that be a problem?14:26
lbragstadajayaa cool14:26
lbragstadbknudson yep!14:26
lbragstadbknudson let me grab you the links14:26
ajayaaElse I can put '\xc3\x9f' in the Python file.14:27
ajayaaIf I take second route then I won't have to declare encoding on the top.14:27
ajayaaWhat do you suggest?14:27
lbragstadthese are the gerrit dashboard that dstanek and I have created - https://goo.gl/tvfU8y and https://bit.ly/keystone-bug-reviews14:27
bknudsonajayaa: there's encoding specified in some keystone files already. Use either method.14:27
lbragstadbknudson here is the etherpad - https://etherpad.openstack.org/p/keystone-office-hours14:28
bknudsonok... looks like I just go about my normal business then.14:28
lbragstadbknudson we were using that to track In Progress patches and bugs - but I think we can actually get most of that out of the dashboards14:29
ajayaabknudson, Thanks!14:29
bknudsonlbragstad: are people using the etherpad or are they using the dashboards?14:30
lbragstadbknudson I use both - but the dashboards typically stay more up-to-date because it's a better source of truth14:31
lbragstadbknudson I think the etherpad could be populated with bugs that you want to collaborate on14:31
*** fhubik is now known as fhubik_brb14:32
*** fhubik_brb is now known as fhubik14:32
lbragstadi.e. you've pushed several patch set on a particular bug fix and now you have to go do other things - so it gives me a place to look for bugs I can keep moving forward14:32
lbragstaddstanek and I were hoping that it would result in less stale bug fixes just sitting in gerrit14:32
bknudsonlbragstad: can you update the etherpad with that information?14:32
lbragstadbknudson yeah I can do that14:32
lbragstaddstanek are you ok with that?14:33
bknudsonI thought the point of office hours is that we're around to discuss reviews... not that we sit around doing reviews like we're always doing anyways.14:35
*** daemontool_ has quit IRC14:37
*** tyagiprince has quit IRC14:38
openstackgerritDave Chen proposed openstack/keystone: Relax the schema validation to accept empty request body  https://review.openstack.org/23744814:39
*** dslev_ has quit IRC14:39
lbragstadbknudson we can certainly discuss things - I'm open to that14:40
openstackgerritAjaya Agrawal proposed openstack/keystone: Ensure pycadf initiator IDs are UUID  https://review.openstack.org/25218214:42
*** spzala has joined #openstack-keystone14:42
ajayaalbragstad, A quick review on the above patch will be appreciated. :)14:43
davechendstanek, lbragstad, bknudson: i hope this get a little better - https://review.openstack.org/#/c/237448/.14:43
davechendstanek, lbragstad, bknudson: appreciate your review, leave your comments if there is anything I missed.14:45
davechenturn off my computer, and head off to bed, have a nice day, all!14:46
*** su_zhang has joined #openstack-keystone14:46
*** davechen has left #openstack-keystone14:46
*** pcaruana has joined #openstack-keystone14:46
*** pnavarro has quit IRC14:48
lbragstadajayaa reviewed - I think its getting there, just one comment left really14:49
*** dslev_ has joined #openstack-keystone14:52
*** jsavak has joined #openstack-keystone14:53
*** markvoelker has joined #openstack-keystone14:57
*** erhudy has joined #openstack-keystone14:57
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Revert "Disable memory caching of tokens"  https://review.openstack.org/27135215:00
*** rbak has joined #openstack-keystone15:00
*** markvoelker_ has quit IRC15:01
*** mhickey has quit IRC15:02
dolphmfor anyone doing multi node deployments of keystone, you should know how our cache invalidation *actually* behaves https://gist.github.com/dolph/04bd4984c7d1f34ef82115:02
*** jsavak has quit IRC15:03
*** jsavak has joined #openstack-keystone15:03
bknudsoncan you configure dogpile.cache to push invalidations to memcache?15:04
dolphmbknudson: i imagine you'd have to region.set(key, dogpile.cache.api.NoValue) or something15:11
openstackgerritMerged openstack/keystone-specs: Enable `id`, `enabled` filter for list IdP  https://review.openstack.org/26794915:12
lbragstaddolphm do we have to make any changes to keystone to account for that?15:12
*** markvoelker has quit IRC15:12
*** sigmavirus24_awa is now known as sigmavirus2415:13
*** mhickey has joined #openstack-keystone15:14
dolphmyou know what? we're using invalidate() (which does not write to the shared cache) in some instances where we should be using delete() (which writes to the share cache, but you must know the key to delete)15:17
*** jistr has quit IRC15:18
*** jsavak has quit IRC15:22
*** tonytan4ever has joined #openstack-keystone15:22
*** jsavak has joined #openstack-keystone15:23
*** timcline has joined #openstack-keystone15:26
*** fhubik is now known as fhubik_brb15:26
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Revert "Disable memory caching of tokens"  https://review.openstack.org/27135215:35
openstackgerritAjaya Agrawal proposed openstack/keystone: Ensure pycadf initiator IDs are UUID  https://review.openstack.org/25218215:36
lbragstadstevemar notmorgan fyi - https://review.openstack.org/#/c/271352/215:38
lbragstadbknudson looks like ^ will improve the gate?15:39
bknudsonlbragstad: new releases of keystonemiddleware are going to be blacklisted due to the change that's proposed to be reverted.15:39
lbragstadbknudson gotcha15:40
bknudsonHere's the requirements change: https://review.openstack.org/#/c/270417/15:40
lbragstadbknudson the new releases of keystonemiddleware are going to be blacklisted until the proposed revert is merged?15:40
bknudson4.1.0 was blacklisted because of this change so if we release a 4.2.0 with this change it'll be blacklisted, too.15:41
bknudsonI expect it will also impact deployers.15:42
*** mhickey has quit IRC15:42
*** markvoelker has joined #openstack-keystone15:44
*** woodster_ has joined #openstack-keystone15:44
stevemarbknudson: we're gonna revert the change and make it go through deprecation15:45
stevemarbknudson: want to revert "don't cache signed tokens" too?15:45
bknudsonstevemar: I think it's correct to not cache signed tokens, isn't it? they're validated offline so what's the point?15:47
stevemarwild assumptions like that may cause 4.2.0 to be black listed too :O15:47
bknudsonit would make the revert of no-memory-cache easier to also revert "don't cache signed tokens"15:47
bknudsonand it can just be re-applied if we want it back.15:48
stevemarthat's what i was thinking15:48
bknudsonok, I'll propose both reverts.15:48
stevemarcool15:48
stevemarlets just revert everything from 4.1.0 -> 4.0.015:49
*** henrynash has joined #openstack-keystone15:49
*** ChanServ sets mode: +v henrynash15:49
*** fhubik_brb is now known as fhubik15:49
*** fhubik has quit IRC15:50
openstackgerritAjaya Agrawal proposed openstack/keystone: Ensure pycadf initiator IDs are UUID  https://review.openstack.org/25218215:52
*** e0ne has quit IRC15:52
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Revert "Disable memory caching of tokens"  https://review.openstack.org/27135215:52
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Revert "Don't cache signed tokens"  https://review.openstack.org/27140315:52
*** e0ne has joined #openstack-keystone15:53
stevemarbknudson: thanks15:53
bknudsonthere were a lot of changes from 4.0.0 to 4.1.015:53
stevemarbknudson: i was joking15:53
bknudsongot me!15:53
stevemari need a sarcasm emoji15:54
bknudsonI heard it's the upside-down smiley15:54
stevemarlbragstad: ^15:54
*** mhickey has joined #openstack-keystone15:54
raildostevemar: something like http://cdn1.theodysseyonline.com/files/2015/07/26/6357352043304163112016680847_854950bf0643fb4d7e482248ba3532a8d4cbe2bd2961d4d717f622274a51f309.jpg15:55
lbragstadlol15:55
*** fawadkhaliq has joined #openstack-keystone15:57
stevemarlooks like reno doesn't build for ksm: https://review.openstack.org/#/c/270974/15:57
stevemarexcellent15:57
*** dslev_ has quit IRC15:57
*** daemontool has joined #openstack-keystone15:58
samueldmqstevemar: looks to be an easy fix ? want me to do it ?15:59
bknudsonthat's where the release note went15:59
bknudsontox -e releasenotes on master works for me locally16:00
samueldmqbknudson: same here16:02
stevemarlbragstad: samueldmq: bknudson: let's also get a deprecation warning in about that, and i'll change notmorgan's reno patch to 'deprecated' instead of 'removed'16:03
stevemarthis way it's ready for a monday realease of 4.2.016:03
*** daemontool has quit IRC16:03
bknudsonI'll get to work on a deprecation patch16:03
*** patient-0-bl0gan is now known as blogan16:05
samueldmq++16:05
*** jsavak has quit IRC16:05
*** jsavak has joined #openstack-keystone16:06
*** vgridnev has quit IRC16:07
*** browne has joined #openstack-keystone16:07
*** mhickey has quit IRC16:11
*** zqfan has quit IRC16:11
*** tsymanczyk has joined #openstack-keystone16:11
*** timcline has quit IRC16:12
*** tsymanczyk is now known as Guest9143716:12
*** jsavak has quit IRC16:15
*** rcernin has quit IRC16:15
*** diazjf has joined #openstack-keystone16:15
*** jsavak has joined #openstack-keystone16:16
*** slberger has joined #openstack-keystone16:16
*** peter-hamilton has joined #openstack-keystone16:16
*** diazjf1 has joined #openstack-keystone16:17
*** diazjf has quit IRC16:20
*** diazjf has joined #openstack-keystone16:21
*** diazjf1 has quit IRC16:22
dstaneklbragstad: i've never seen that16:23
*** rderose has joined #openstack-keystone16:23
dstanekbknudson: lbragstad i have no issue with it being updated16:24
openstackgerritSteve Martinelli proposed openstack/keystonemiddleware: Add reno for caching change  https://review.openstack.org/27097416:25
stevemarbknudson: samueldmq lbragstad ^16:25
samueldmqstevemar: 6 means O right ?16:31
samueldmqstevemar: Ocata16:31
*** rderose has quit IRC16:33
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Deprecate in-process cache  https://review.openstack.org/27142116:33
bknudsonstevemar: what do you think about squashing the reno note with the deprecation?16:34
*** jaosorior has quit IRC16:35
*** roxanagh_ has joined #openstack-keystone16:35
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Deprecate in-process cache  https://review.openstack.org/27142116:37
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Deprecate in-process cache  https://review.openstack.org/27142116:38
*** spandhe has joined #openstack-keystone16:38
stevemarbknudson: totally fine with that16:38
bknudsonalright, I'll update the reno change.16:39
*** simondodsley has joined #openstack-keystone16:39
*** timcline has joined #openstack-keystone16:40
*** jistr has joined #openstack-keystone16:43
*** pnavarro has joined #openstack-keystone16:43
*** GB21 has joined #openstack-keystone16:44
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Deprecate in-process cache  https://review.openstack.org/27097416:46
stevemarbknudson: 6.0.0 makes sense?16:48
stevemari figured N is 5.0.0 and O is 6.0.0?16:49
bknudsonstevemar: no number makes sense since we don't know what release numbers are going to be.16:49
bknudsonI think we should just put 5.16:49
stevemaryeah?16:49
stevemarhmm16:49
bknudsonsince that's the next one... then maybe we have to update it later.16:49
bknudsonor maybe we could just say sometime in the O release?16:50
bknudsonsometime in the O development cycle16:51
stevemarbknudson: i was thinking O release, but ksm doesn't really follow that >.<16:51
stevemaryeah16:51
stevemari i thought we do major version bumps between dev cycles16:52
bknudsonO is going to be confusing because it looks like a 016:52
bknudsonwe should have skipped that letter16:52
stevemarhehe16:52
bknudsonwe do major version bumps when we remove function16:52
stevemari thought we do major version bumps because when we want to do a stable release, we will bump it to 4.Y.0 for M and 5.0.0 for N...16:54
stevemaranytime we have a library change we have to bump Y?16:54
bknudsonif a new feature is added you bump Y16:54
bknudsonaccording to semver16:54
*** rcernin has joined #openstack-keystone16:54
*** browne has quit IRC16:54
*** lhcheng has joined #openstack-keystone16:54
*** ChanServ sets mode: +v lhcheng16:54
bknudsonif the release only includes bug fixes and no new features then you bump the "fix"16:55
ayounghenrynash, can we treat https://review.openstack.org/#/c/271134/ as just a bug fix, and anything more as a separate change?16:55
*** e0ne has quit IRC16:55
stevemarwhat about a dependent library change?16:55
henrynashayoung: ok, I’m good with that….16:55
stevemarlike an oslo version changes16:56
bknudsonyou don't remove features in stable so you wouldn't bump the major version #.16:56
bknudsonand you don't add features in stable so you wouldn't bump the minor version #, so only fixes.16:56
ayounghenrynash, thanks.  Although I did not order the patch, I'd prefer to get this one in before the API change goes through, and you depend heavily on the API change16:56
stevemarbknudson: hmm, i could have sworn i read somewhere that library changes bump the minor version number16:56
henrynashayoung: +2’d16:56
ayounghenrynash, excellent.  samueldmq can you chime in on  https://review.openstack.org/#/c/271134/ as you found the original problem16:57
bknudsonstevemar: y, I think we want to do that. The reason you change the reqs is if you rely on new features in the library, and we shouldn't be doing that in stable.16:57
stevemarbknudson: "will be removed in keystonemiddleware 5.0.0 (or in the `O` development cycle)"  is fine with me16:57
bknudsonstevemar: I'll update the review.16:58
stevemarbknudson: cool16:58
ayounghenrynash, so API patch  https://review.openstack.org/#/c/242614/  was a bit of a rewrite.  jamielennox pushed me to get things correct by the API spec, and I think it is a lot tigheter, but still could use eyes.16:58
henrynashayoung: will look16:59
stevemarbknudson: why didn't you use the oslo.log version utils function (report deprecation function)16:59
stevemarerr.. deprecated*16:59
bknudsonstevemar: I copied how we did deprecations in other parts.16:59
ayoungI'd love it if that got in before the midcycle, and then the midcycle on can focus on DSR series exclusively16:59
stevemarfair enough16:59
stevemarayoung: that would be nice16:59
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Deprecate in-process cache  https://review.openstack.org/27097417:01
stevemarthanks bknudson17:02
samueldmqayoung: sure, looking now17:03
samueldmqstevemar: bknudson so we release a new major version of middleware each 2 scycles ?17:04
samueldmqcycles*17:04
stevemarlbragstad: dstanek if one of you could look at the chain here: https://review.openstack.org/#/c/270974/ and it's two dependent patches, that'll be awesomeo17:05
bknudsonsamueldmq: we can release new major version whenever we feel like it.17:05
lbragstadstevemar i'll review that next17:05
bknudsoncould be multiple times in a cycle or never.17:05
bknudsonsamueldmq: we follow semver -- http://semver.org/17:06
*** pnavarro has quit IRC17:06
*** jistr has quit IRC17:08
samueldmqbknudson: nice, looks similar to what nova does with microversions17:08
bknudsonsamueldmq: do they have major-minor-patch? I thought they just incremented a number17:08
*** jistr has joined #openstack-keystone17:09
samueldmqbknudson: they don't have patch, only major-minor17:10
samueldmqbknudson: http://docs.openstack.org/developer/nova/api_microversions.html17:10
bknudson"It is vital that the two methods have the same name" -- weird.17:11
dstanekstevemar: shore17:12
samueldmqbknudson: the spec https://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/api-microversions.html#versioning17:12
dstaneklooks like ayoung beat me to it17:13
openstackgerritSteve Martinelli proposed openstack/keystone: Address comments from Implied Role manager patch  https://review.openstack.org/26999017:13
ayoung:)17:13
ayoungI'm omn a +2 Rampage17:13
*** _cjones_ has joined #openstack-keystone17:13
ayoungI was looking for the PKI fix in the middleware reviews and started doing reviews17:13
ayoungoccupational hazard17:13
*** jistr has quit IRC17:14
*** _cjones_ has quit IRC17:14
*** _cjones_ has joined #openstack-keystone17:14
*** tyagiprince has joined #openstack-keystone17:16
*** jistr has joined #openstack-keystone17:17
openstackgerritSteve Martinelli proposed openstack/keystone: Check for circular references when expanding implied roles  https://review.openstack.org/27113417:19
samueldmqayoung: henrynash: commented on https://review.openstack.org/#/c/27113417:24
*** Guest91437 has quit IRC17:24
henrynashsamueldmq: yep, a log would certainly be a good thing17:25
dstaneklbragstad: i'm going to update https://review.openstack.org/#/c/237448/9 so that we can close another bug.17:25
ayoungsamueldmq, stopping the creation is a bigger patch, and can happen, too17:25
ayoungthis is a "keep us moving ahead" approach and is intentionally as small as possible17:26
ayoungI'll add the logging17:26
dstanekraildo: areyou around?17:26
raildodstanek: yes17:26
samueldmqayoung: so could we do a related-bug ? and only close in the other patch for creation ?17:27
samueldmqayoung: I agree we should get this first to keep us moving17:27
dstanekraildo: that patch from this morning is strange - it seems like the index isn't being enforced in the same way - have you looked at it at all?17:27
henrynashstevemar, ayoung: first in a series of simplification patches for our ldap tests (this one saves a whole test run of IdenitityTests): https://review.openstack.org/#/c/271106/17:27
*** gyee_ has joined #openstack-keystone17:27
ayoungsamueldmq, can this one go in as is, or do you hold firm on the log message?17:28
samueldmqhenrynash: nice! I always had in mind that we needed to revisit our LDAP test scenarios17:29
ayounghenrynash, awesome sauce there17:29
samueldmqayoung: I think this is really important, as a way to let the deployer know and fix it17:29
ayoungsamueldmq, OK...fixing now17:29
samueldmqayoung: even more important if we don't stop at the creation later17:29
samueldmqayoung: I can do it if you want too17:29
openstackgerritSteve Martinelli proposed openstack/keystone: Update mod_wsgi + cache config docs  https://review.openstack.org/27131117:29
raildodstanek: I'm thinking it must have something wrong on the script, maybe we should log on the driver17:30
ayoungsamueldmq, yeah, please give a go at  "stop cycles  at creation"17:32
ayoungthat would be great17:32
*** jsavak has quit IRC17:35
*** jsavak has joined #openstack-keystone17:35
samueldmqayoung: nice, will do later, and that will be consistent with hierarchical projects (which we don't allow)17:36
*** browne has joined #openstack-keystone17:36
samueldmqayoung: and will make notmorgan happy about it17:36
ayounglbragstad, dstanek dolphm you guys just scoped:  bstein is awesome17:36
ayounghttp://finance.yahoo.com/news/rackspace-hires-brian-stein-vice-140000513.html17:37
ayoungNot surprised that Scott Crenshaw hired him...again.  They are both former RHers, and Stein was the guy that physically yanked me into OpenStack17:38
*** jasonsb has joined #openstack-keystone17:40
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453317:41
notmorganAllo17:42
*** tsymanczyk has joined #openstack-keystone17:43
*** tsymanczyk is now known as Guest4298417:43
dstanekayoung: nice17:45
ayoungdstanek, he's sharp.  I know he relocated his family to Portland for Puppet, so I don't know if he is going to move to the mothership17:46
dstanekraildo: figured it out17:46
raildodstanek: you have my curiosity now you have my attention17:48
*** su_zhang has quit IRC17:50
*** mdavidson has quit IRC17:50
-openstackstatus- NOTICE: Restarting zuul due to a memory leak17:50
dstanekraildo: the mock isn't working. i'm creating a new patch now17:50
dstanekopenstackstatus: Java ftw!17:51
stevemardstanek: hmm, i wonder if that is the queue or the web page17:53
notmorganstevemar: bknudson we should bound the revert out of the gate and forget the deprecation. Just leave the crappy in memory cache in.17:53
ayoungdstanek, does running pip against a venv cache a load of files in /tmp?17:56
ayoungI filled up /tmp running pep8, and had to delete a bunch of /tm,p/pip-* dirs17:56
*** jistr has quit IRC17:57
*** jsavak has quit IRC17:57
*** jsavak has joined #openstack-keystone17:58
*** Ephur has joined #openstack-keystone17:58
dstanekraildo: why are you checking for the log message anyway?17:59
*** fawadkhaliq has quit IRC17:59
*** fawadkhaliq has joined #openstack-keystone17:59
dstanekayoung: i've not had that problem, but i know others that have17:59
stevemardstanek: looks like the queue was reset :\18:00
ayoungstevemar, dstanek :  I want to propose that we split the functional tests out of the keystone repo and instead put them in their own repo.  The functional tests will be far more valudable if we treat them as testing things across our hole body of supported code.  Specifically, we should use the echo service that dolphm wrote, be able to test policy changes against it, and also make sure the keystone client works.18:00
ayoungvaludable:  my new world for today!18:01
dstanekayoung: i think that's a good conversation to have after we get some of them written18:01
ayoungdstanek, I think that this is why we don't have any written18:01
ayoungThere is a real reluctance to put anything but the most necessary changes into the keystone repo18:02
stevemarayoung: not when it comes to tests18:02
raildodstanek: htruta that have made this mock code, and he is not here today :( but I think that someone have asked us to log the error on de duplicateEntry case and he found this example to test it https://github.com/openstack/keystone/blob/da3cd2dc4deed0093662e5ce098d8c022f654bc2/keystone/tests/unit/backend/domain_config/core.py#L493-L49818:02
ayoungdstanek, I know you put a bunch of effort in to that.  It has bothered me that we have not built on it18:02
openstackgerritAjaya Agrawal proposed openstack/keystone: Change get_project permission  https://review.openstack.org/27005718:02
ayoungstevemar, a functional test that, say, set up the LDAP server or a different Database?18:02
ayoungstevemar, or that pulls in various versions of the client?18:03
notmorganDid Oslo cache for middleware.land somewhere?18:03
notmorganCause if it did we need to bounce that revert now18:03
notmorganAnd fix that first18:03
ayoungWe started off there, and backed off it.  Just...think on it.18:03
raildodstanek: the trick part is that this works on py27 and not on py34 =/18:03
notmorganWe cannot be on Oslo.cache and have the in-memory caching18:03
notmorganDefault18:03
notmorganIt will destroy production systems.18:04
notmorganAs in massive breakage. Run them out of ram18:04
ayoungnotmorgan, I just +2ed that18:04
dstanekraildo: sure log the error, but i'm not convinced that we need to test for that18:04
ayoungnotmorgan, course, I want to get rid of all caching of token validations, but that is me18:05
stevemarayoung: the ldap/database or other setup bits should either be devstack extensions like dstanek proposed, i think that's fine to keep in keystone for now18:05
ayoungstevemar, the real issue is a functional test across client and middleware and policy18:05
ayoungwe've needed that for a long time.  Why is this not a "duh, yup tyhat makes sense?"18:06
raildodstanek: that was I thought...18:06
dstanekraildo: it's not a 2.7 vs. 3.4. it's a test ordering issue18:06
ayoungwe should have done this when we realized th client tests don't belong in keystone prop-er18:06
ayoungnotmorgan, stevemar, lets just, for the sake of progress, assume we were going to create a keystone-tests repo.  What would be the process?18:07
stevemarayoung: i'm all for functional tests, just keep them in the same repo18:07
*** boris-42 has joined #openstack-keystone18:08
dstanekstevemar: maybe we can get some of those changes in then :-) i'll rebase and await the +2s!18:08
ayoungstevemar, a true functional test goes from CLI to Keystone to service through middleware and policy18:08
notmorganok let me check cause i might need to bounce that change18:08
dstanekayoung: exactly18:09
raildodstanek: so, do you think that I can just remove this log test?18:09
ayoungdstanek, do you remember when we had the client tests, all those different versions, inside the keystone code base and we removed them?18:10
ayoungWe really should have given them a place to land18:10
dstanekraildo: i'm trying to get something that'll work, but we could remove18:10
stevemarayoung: http://docs.openstack.org/infra/manual/creators.html ?18:10
notmorganbknudson, dstanek, stevemar: ok so i -2'd the move to oslo.cache for keystonemiddleware. we're blocked on that for 2 cycles now18:10
notmorganbknudson, dstanek, stevemar: I also severely disagree with mreidm's statement on the impact. it affected the gate in a very specific way due to the way the gate runs. we have had multiple complaints about in-consisted validation over the years due to undocumented badly implemented default caching in-process18:11
notmorganfrankly, i blame termie18:12
notmorgan:P18:12
stevemarnotmorgan: i'm not understanding why we can't bring in oslo.cache, and make that default, but i'm not as familiar as you are.18:12
notmorganstevemar: because... on every get oslo.cache does not removed expired items from the in-memory dict18:12
ayoungstevemar, thanks.  I'll write something up.18:12
notmorganif you default to in-memory cache, and i am sure people are in the wild18:12
stevemarnotmorgan: can't we modify oslo.cache?18:12
notmorganyou will add things to this in-memory dict and never remove them.18:12
notmorgani wouldn't want to duplicate memorycache18:12
notmorganit is a horrible design18:13
dimsum__notmorgan : stevemar : DictCacheBackend18:13
notmorgani've been trying to kill the "run through a dict on every get to remove items" because a) it's slow.18:13
stevemarnotmorgan: that seems like a bad design for oslo.cache, if nothing is ever removed18:13
notmorgandimsum__: we added it :(18:13
notmorgandimsum__: damn it i wish i had seen. i would have -218:13
notmorganthat design is the worst possible choice.18:13
notmorganstevemar: yes. DO NOT use the in-memory dict for short-term cache data.18:14
dimsum__notmorgan : that's a lift for nova18:14
*** timcline has quit IRC18:14
notmorgandimsum__: i would have still -2'd18:14
notmorgandimsum__: it is horrible.18:14
notmorganit is the reason i wanted memorycache oslo-incubator thing to go away18:14
* notmorgan sighs.18:14
*** timcline has joined #openstack-keystone18:14
dimsum__no point in fixing what you feel is broken?18:14
*** shoutm has quit IRC18:15
notmorganyou can't fix the broken-ness18:15
notmorganin that design18:15
dimsum__so we need a new backend with an alternative design?18:15
notmorganbasically you shouldn't expect items to fall out of the dict. either clean it yourself or use a real cache backend.18:16
notmorganit's really expensive to walk a dict full the stuff and expire things.18:16
notmorgani've looked into many alternatives and they all come down to the same thing... if you walk a dict that is full every single get18:16
notmorganyou end up with kindof a bunch of ick18:17
dstaneknotmorgan: a dict is the wrong data structure.18:17
notmorganalso.. you are caching per-process/worker and it really causes inconsistent things with the way we use eventlet18:17
notmorganthe offload in a real environment isn't very beneficial18:17
dimsum__dstanek : what's a better data structure?18:17
dstanekdimsum__: i have used a dict of dict to implement a similar concept18:18
notmorgandstanek: i've done the implementation. it doesn't help really18:18
dstanekthe outer dict was keyed by the minute of the hour '00' and the inner dict was the cache18:18
*** tyagiprince1 has joined #openstack-keystone18:18
notmorgandstanek: and/or you memory bloat massively because python doesn't really LRU things out18:19
dstaneknotmorgan: if gives you an O(1) flush18:19
*** timcline has quit IRC18:19
stevemarbunch of keystone changes are gonna land soon :O18:19
notmorgandstanek: but we have issues where we cram too much in. we really need the scrub on every get18:19
*** tyagiprince has quit IRC18:19
*** tyagiprince1 is now known as tyagiprince18:19
notmorgandstanek: or we have a serious impact to memory use. it's a bad situation created by a bad cache implementation that we've just carried forever18:20
dstaneknotmorgan: i'm not saying that it would work perfectly; just that a flat dict is definitely not correct18:20
notmorgandstanek: i am going to argue that making an in-memory LRU cache is a bad idea in python18:20
dstaneki'm very happy saying not to have in memory caches because ultimately it doesn't scale18:20
notmorgandstanek: just a fundamentally bad choice unless you are making an app to compete with memcache18:21
notmorganwhich case, there are a lot of other design considerations you can add that i doubt we'll have people happy about in our code18:21
notmorganlike handoff of slabs, scrubbers that can free things as extra workers, etc18:21
notmorganbut... lets use C/C++ and/or the things that do this well18:22
dstaneknotmorgan: let's face it. as evident by the existence of a memcache token backend, we don't understand slabs :-)18:22
notmorganin openstack we don't18:22
notmorganin openstack we don't understand "caching"18:23
notmorganwe do a very bad job of it in general18:23
*** su_zhang has joined #openstack-keystone18:24
notmorgandimsum__: anyway..18:27
notmorgandimsum__: at least we didn't land things in ksm.18:27
*** rderose has joined #openstack-keystone18:27
notmorgandimsum__: that would force me to bounce the revert out for now.18:27
dimsum__notmorgan : ok i understand the issues now18:28
notmorgandimsum__: yeah sorry, it just feels like when we have things people consider emergencies we do MASSIVE wide-sweeping changes fast18:28
notmorganbut the slower march towards better is ignored18:28
notmorganand can't even get review time18:28
notmorganbecause everyone is focused on features18:29
notmorganso i am kindof really grumpy about this whole situation18:29
notmorganmaking targeted fixes and addressing things vs OMG REVERT OMG OMG OMG IT IS BROKEND OMG18:29
notmorganwe already blacklisted the broken ksm18:29
notmorganthis could have been a bit more measured.18:30
* notmorgan wont bounce the revert out of the gate, but this is getting old.18:30
*** rderose has quit IRC18:33
*** timcline has joined #openstack-keystone18:34
*** GB21 has quit IRC18:36
*** jsavak has quit IRC18:37
*** jsavak has joined #openstack-keystone18:37
dimsum__notmorgan : am usually on the side of the one yelled at :)18:39
notmorgandimsum__: well i'm not yelling at you this time :)18:40
dimsum__notmorgan : didn't say you were, just commiserating :)18:40
notmorgandimsum__: yar18:40
*** jbell8 has joined #openstack-keystone18:43
*** harlowja has quit IRC18:46
*** harlowja has joined #openstack-keystone18:46
dstanekraildo: ok, i give up. i dug into the magic in sql alchemy and i don't think it's worth checking the log message18:47
raildodstanek: don't give up :P18:48
raildodstanek: I'll send another patch, thanks for dig into it :)18:49
dstanekraildo: np18:50
*** tyagiprince1 has joined #openstack-keystone18:50
dstanekthird core for https://review.openstack.org/#/c/215715/ ?18:51
*** tyagiprince has quit IRC18:52
*** tyagiprince1 is now known as tyagiprince18:52
*** e0ne has joined #openstack-keystone18:52
notmorgandstanek: let me review that18:55
notmorganlooking at it now18:55
openstackgerritMerged openstack/keystone: Remove more ldap project references  https://review.openstack.org/27053018:56
openstackgerritBrant Knudson proposed openstack/keystone: keystonemiddleware is not a requirement  https://review.openstack.org/27148018:58
ayoungdimsum__, casual nick Friday?18:58
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947918:59
*** PsionTheory has joined #openstack-keystone19:01
openstackgerritMerged openstack/keystone: Remove additional references to ldap role attribs  https://review.openstack.org/27055119:03
dimsum__ayoung : y :)19:03
notmorganlbragstad: ping19:03
notmorganlbragstad: cache things have questions19:03
dolphmnotmorgan: go go cache19:04
notmorgandolphm: it's hard, so few people in openstack get caching. i feel lucky most of the keystoners get it.19:04
dolphmnotmorgan: i put this demo together this morning - you should be familiar with the surprise already :) https://gist.github.com/dolph/04bd4984c7d1f34ef82119:05
notmorgandolphm: yeah the region invalidate?19:06
dolphmnotmorgan: also, we use invalidate() wrongly in a few places19:06
dolphmnotmorgan: yes19:06
notmorganyeah19:06
notmorganthe non-region complete invalidate does a delete19:06
notmorganbut that is since you're acting on a known key19:06
tyagiprinceWhere can I find the code for creating a network and subnet?19:06
notmorganthe design from a standpoing that you don't know all the keys, the invalidate() a tthe region level is a cool dodge to just set an override timestamp19:07
notmorgandolphm: also remember @memoize works different that region.get19:07
dolphmtyagiprince: looking for #openstack-neutron?19:07
tyagiprincesorry19:07
notmorgandolphm: memoization has a lot of extra logic around cache times.19:07
dolphmnotmorgan: oh? i'll have to look into that next19:08
notmorgandolphm: yeah @memoize has all sorts of logic for check if the key is there, and ability to do async runners19:08
notmorganand also ignore invalide caches while your async runner updates19:08
notmorganso you only have 1 updater happening at a time19:09
notmorganit also has configurable levels of fudge-factor "this is expired because i said it is, but memecache says it isn't yet" type stuff19:09
dolphmnotmorgan: using get_or_update() or whatever in dogpile?19:09
notmorganthe memoization stuff is much much much more complex than the .get/set19:09
openstackgerritMerged openstack/keystone: List assignments with names  https://review.openstack.org/24995819:10
notmorgandolphm: yeah it's something regenerate, and it raises up an exception if regeneration is needed19:10
openstackgerritMerged openstack/keystone: Mark memcache and memcache_pool token deprecated  https://review.openstack.org/26922919:10
notmorganit's pretty cool to dig into19:10
openstackgerritMerged openstack/keystone: Deprecate `hash_algorithm` config option  https://review.openstack.org/25626019:10
notmorgandolphm: how much performance gain are we seeing with the computed_assignments stuff?19:10
notmorgandolphm: i'm curious how impactfl the whole region .invalidate is19:11
dolphmnotmorgan: 10% ish on validate19:11
notmorgannice19:11
openstackgerritRaildo Mascena proposed openstack/keystone: Constraint to prevent duplicate endpoints  https://review.openstack.org/13409519:11
*** rcernin has quit IRC19:12
notmorgandolphm: so we could *probably* dodge the need to invalidate the whole region with a minor tweak to the cache_key generator. but not worth holding up the change on that19:13
notmorgandolphm: but it'll require extra logic to calculate what the impact is on update.19:13
notmorgandolphm: the alternative is to calculate the impacted projects for a user/domain and invalidate just that user's info rather than the whole region's19:14
notmorgandolphm: also... i need to check something on the region wide invalidate... this may not work right19:14
notmorganyep19:15
notmorganregion wide invalidate is in-memory19:15
notmorganmeaning other workers wont see the invalidate19:15
openstackgerritBrant Knudson proposed openstack/keystone: Remove keystone/common/cache/_memcache_pool.py  https://review.openstack.org/27148519:15
notmorgandolphm: ^ cc, this wont work across mod_wsgi/uwsgi workers19:15
notmorganlbragstad: ^19:16
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:16
stevemarnotmorgan: i think we need a caching discussion at the midcycle :)19:17
notmorganstevemar: we do19:17
notmorgandolphm: https://bitbucket.org/zzzeek/dogpile.cache/src/c6913eb143b24b4a886124ff0da5c935ea34e3ac/dogpile/cache/region.py?at=master&fileviewer=file-view-default#region.py-304:34719:17
notmorgandolphm: it's an instance thing on region, not something the backend is aware of. that is something we should consider pushing a fix for up to dogpile itself.19:17
notmorgandolphm: but that caching patch is a no-go19:17
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:17
notmorgansorry19:18
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:19
stevemarbknudson: no breakfast tacos at embassy :(19:19
bknudsonhuevos rancheros?19:20
stevemarbknudson: they have a lovely omelette bar19:20
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947919:20
stevemarbknudson: you could get them to make your eggs a la rancheros19:20
notmorgandolphm, stevemar, lbragstad: I -1/-workflowed the patch19:20
notmorgandolphm, stevemar, lbragstad: i can roll up a fix that will address the issue pretty quickly19:21
bknudsonEi a la rancheros19:21
bknudsonjust to get another language in there19:21
notmorgandolphm, stevemar, lbragstad: but we can't merge that patch. sorry =/19:21
stevemarnotmorgan: the middleware one, the one that is gating?19:23
dolphmnotmorgan: bknudson: was there no way to use that memcache_pool?19:23
notmorganstevemar: no the role_assignment onme19:23
notmorganstevemar: i wish i could say that about the middleware one [the revert i assume you're talking about]19:23
stevemarnotmorgan: what role assignment one? i was away for about an hour for lunch so i'm kinda behind19:23
dolphmbecause we still have keystone.common.cache.backends.memcache_pool19:23
notmorganstevemar: https://review.openstack.org/#/c/215715/1719:24
dolphmstevemar: i didn't know there was a way to avoid notmorgan's issue ^19:25
*** chmouel_ is now known as chmouel19:25
dolphmand we run into it elsewhere already, like the catalog backend19:25
stevemaroh jeez19:25
dolphmdistributed services, yo19:26
bknudsonwe should go back to 1 big computer19:27
dolphmi'm curious as to how a proxy (proxybackend?) could provide a solution!19:27
*** jasonsb has quit IRC19:27
dolphmand i know where we can buy big computer from!19:27
bknudsonhe he19:27
*** markvoelker has quit IRC19:27
*** rderose has joined #openstack-keystone19:30
notmorgandolphm: i am working on spinning up a fix now.19:31
notmorgandolphm: i think you'll like it. just need to figure out one detail, but it should be pretty straight forward.19:32
*** su_zhang has quit IRC19:32
notmorgandolphm: so what happens is i will create an explicit invalidate key on the backend19:32
notmorgandolphm: and the proxy, which sits in the middle of <region> [proxy] <backend> <storage>19:33
notmorgandolphm: will look up that key and handle the invalidation/setting of the expired time on the tuple itself.19:33
notmorgandolphm: the difference is instead of calling <region>.invalidate you'll call <region>.set(<invalidate key, now)19:34
notmorgandolphm: so we create a helper function to set that value. the proxy will muck with the expires time on the stuff from the backend only in certain specific scenarios, the same way the .hard_invalidate stuff works19:35
*** fawadkhaliq has quit IRC19:35
lbragstadnotmorgan just catching up now19:36
notmorganso to the region the returned (<expires>, <VALUE>) will suddenly be (<expires>[modified to be expired], VALUE) which will then just work19:36
notmorganas expected.19:36
lbragstadnotmorgan are you spinning a fix to make https://review.openstack.org/#/c/215715/ work?19:36
notmorganlbragstad: yes. working on building the proxy now19:37
lbragstadnotmorgan ah - sweet19:37
lbragstadnotmorgan thanks!19:37
notmorganlbragstad: unless you want to. i mean.. i am happy to let you do it if you want to take a crack at it, but i already know how to fix it (if you read up)19:37
lbragstadnotmorgan go for it - i'm curious to review it19:37
notmorganlbragstad: i don't want to take all the glory (READ: be the only person who knows this stuff:P)19:37
*** lhcheng has quit IRC19:37
lbragstadnotmorgan i want to see how you fix it - because you understand it better than i do19:37
notmorganlbragstad: sounds good. give me a short bit. i need to context switch to dogpile-isms19:38
notmorganand need to figure out "this one weird trick" i mean...19:38
lbragstadnotmorgan and... it's bug friday and we need to close bugs!19:38
*** tyagiprince has quit IRC19:38
notmorganlbragstad: eh, i'm chasing things down for some folks wrong in the gate that might result in more bugs  =/19:38
lbragstad\o/19:39
dstanekdogpile seems to make things so much more complicated19:40
stevemardstanek: lbragstad if you're looking for bug take downs, each of these have patches: https://bugs.launchpad.net/keystone/+bug/1526462 https://bugs.launchpad.net/keystone/+bug/1500631 https://bugs.launchpad.net/horizon/+bug/101760619:43
openstackLaunchpad bug 1526462 in OpenStack Identity (keystone) "Need support for OpenDirectory in LDAP driver" [Medium,In progress] - Assigned to Alexander Makarov (amakarov)19:43
openstackLaunchpad bug 1500631 in OpenStack Identity (keystone) "support multiple LDAP URIs" [Medium,In progress] - Assigned to Eric Brown (ericwb)19:43
stevemarand all targeting mitaka-3 :O19:43
openstackLaunchpad bug 1017606 in OpenStack Identity (keystone) "Mixing references to 'Tenants' and 'Projects' is confusing" [Medium,In progress] - Assigned to Henrique Truta (henriquetruta)19:43
notmorgandstanek: it does in some ways19:44
dstanekstevemar: cool, i can take a look in a minute. doing a quick test refactor that i want to get opinions on :-)19:44
notmorgandstanek: but the reality is we can also propose nice changes to it. zzzeek is super awesome at accepting fixes/cleanups19:44
notmorganand dogpile is still very rough around the edges19:45
notmorganheck i owe zzzeek a bunch of code still :(19:45
zzzeekDstanek: yeah, but testtools and pbr are just problem free :)19:47
lbragstadstevemar reviewed - thanks!19:47
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/26845319:48
lbragstadstevemar https://review.openstack.org/#/c/253671/ and https://review.openstack.org/#/c/253670/ close a bug and don't have negative feedback so far19:48
*** gordc has quit IRC19:48
*** rderose has quit IRC19:50
notmorganzzzeek: hehe19:51
notmorganzzzeek: but to be fair... dogpile works pretty darn well. we can improve the developer experience with it and add some general cleanup...19:52
notmorganzzzeek: but it still works pretty darn well19:52
* notmorgan wishes it was easier to handle kwargs in cache-key building [i might actually have a thought on that for at least oslo.cache]19:53
notmorganzzzeek: what if we did an inspect.get_argspec (cached), alphabetize the argnames and compare the positional/passed data down with argspec and then populate defaults that aren't passed in? [sorry if that is a bad description]19:54
notmorganzzzeek: i think it would mean the key generator would need to optionally be passed an argspec?19:55
zzzeekNotmorgan: I never really work on dogpile so it could use other co-maintainers19:55
notmorganzzzeek: let me try and get my headspace clear and i'll be happy to volunteer to hel19:55
notmorganp19:55
notmorganzzzeek: but to be fair... it really does mostly *just work*19:55
zzzeekDogpile I could almost see being a stack forge project19:56
notmorganzzzeek: i was going to recommend pulling it into gerrity/CI here actually19:56
notmorganzzzeek: (stackforge is gone, but it wont be an "openstack official project")19:56
notmorganzzzeek: if we want to grab a few more maintainers19:57
*** dims has joined #openstack-keystone19:57
notmorganzzzeek: but i can work with bitbucket too if you'd rather keep it there.19:57
*** dimsum__ has quit IRC19:57
zzzeekStack forge is gone, where did pecan and sqlalchemy-migrate go?19:57
notmorganzzzeek: everything is in the openstack namespace now19:58
dhellmannzzzeek : openstack/sqlalchemey-migrate and back to github for pecan: https://github.com/pecan19:58
zzzeekI don't like bitbucket either but alternatives for issue tracking aren't great19:58
anteayalbragstad: is madorn a keystone contributor?19:59
notmorganjust if it isn't in the governance .yaml it isn't an official project19:59
anteayalbragstad: he dropped me a pm and isn't replying19:59
notmorgananteaya: who is madorn?19:59
notmorganname doesn't look familiar to me20:00
anteayanotmorgan: the person who alerted infra to a sandbox permission issue the other day20:00
notmorganoh20:00
anteayaand lbragstad joined in the conversation20:00
anteayayeah he isn't in channel, so trying to understand the connection20:00
notmorganzzzeek: agreed. the issue trackers out there kindof suck20:00
anteayahe asked something of me and disappeared now I am trying to confirm20:00
dstanekanteaya: he's racker that does training (i think)20:00
lbragstadanteaya madorn is an openstack/keystone constributor at rackspace20:01
lbragstadcontributor*20:01
notmorganzzzeek: i have a couple things on github... and i loathe PRs but the issue tracker is integrated so it's nicer than <point at thing over there and hope someone looks>20:01
anteayadstanek: can you ask him to reply to my response to his pm to me?20:01
anteayalbragstad: ^^20:01
dstaneklbragstad: is he a contributor?20:01
zzzeekDhellmann notmorgan what are the options for outside projects to be ok for openstack devs to get company credit ?  Don't need to host anywhere special anymore ?20:01
lbragstaddstanek I think he does contributions through training other openstack contributors20:01
notmorganzzzeek: not sure what you're asking20:02
anteayacan you ask him to answer my question?20:02
dstaneklbragstad: yes, i can see that. i thought you meant code20:02
dstanekanteaya: sure20:02
anteayaI'm trying to help him but I would like him to confirm20:02
zzzeekEg can I add sqlalchemy to a list somewhere and people can finally get paid to submit patches by their employers20:02
anteayadstanek: thanks20:02
*** raildo is now known as raildo-afk20:02
openstackgerritBrant Knudson proposed openstack/python-keystoneclient: Get revocation list with only audit ids  https://review.openstack.org/26019620:02
notmorganzzzeek: ah, afaik it needs to be hosted in our gerrit/ci for openstack stuff. and for things like openstack ATC credit it would need to be an official openstack project (petition to the TC)20:03
notmorganzzzeek: but just hosting it in openstack gerrit/ci means it is a bit easier for openstack devs to contribute.. it might be a bit harder for non-openstack folks to.20:04
ryanpetrellozzzeek yep, I moved pecan back to GH and Travis-CI awhile ago20:04
notmorganzzzeek: CLA is not required for non-openstack projects iirc and the gate jobs can be isolated to their own queue so they don't get wedged when things backup due to dsvm things20:05
notmorganzzzeek: but travis and GH is also pretty darn good [been using it for my small library]20:05
notmorgani just loathe pull requests compared to gerrit if the team is more than ~4-5 people20:05
bknudsonhttp://gerrithub.io/20:06
*** roxanagh_ has quit IRC20:06
bknudsonhttps://reviewable.io/20:07
notmorganbknudson: yeah20:07
*** e0ne has quit IRC20:08
notmorgannot sure i like gerrithub... but that's something aside20:08
* notmorgan goes back to cache code.20:09
*** su_zhang has joined #openstack-keystone20:14
*** pcaruana has quit IRC20:14
*** tonytan4ever has quit IRC20:17
zzzeeknotmorgan: i dig gerrit just not launchpad20:18
*** su_zhang has quit IRC20:19
notmorganzzzeek: yeah. for dogpile it might be "ok"-ish. but SQL-A has enough traffic it would be painful to move20:19
notmorganzzzeek: like i said, happy to volunteer to help maintain dogpile either moving it or keeping it in bitbucket20:20
zzzeeknotmorgan: i remain curiosu about phabricator20:20
notmorganzzzeek: it should be a thing i hear20:22
notmorgansooooonish20:22
*** e0ne has joined #openstack-keystone20:24
*** timcline has quit IRC20:25
openstackgerritDavid Stanek proposed openstack/keystone: Refactors validation tests to better see the cases  https://review.openstack.org/27151520:27
*** jasonsb has joined #openstack-keystone20:27
dstaneklbragstad: you around?20:27
*** timcline has joined #openstack-keystone20:28
*** pnavarro has joined #openstack-keystone20:32
*** lhcheng_ has joined #openstack-keystone20:37
openstackgerritayoung proposed openstack/keystone: Check for circular references when expanding implied roles  https://review.openstack.org/27113420:44
*** rdo has quit IRC20:44
*** Guest42984 has quit IRC20:45
*** rdo has joined #openstack-keystone20:46
ayounghenrynash, if you +2 https://review.openstack.org/#/c/271134/  and stevemar can affirm his with the logging change, we're a go to work on API on top of this20:46
henrynashayoung: looking at it right now20:47
lhcheng_ayoung: added one minor comment, up to you if want to fix it.20:48
ayoungyes it can20:49
henrynashayoung: gerrit seems a lot less reliable now….seems to be unavailable at the drop of a hat20:50
openstackgerritayoung proposed openstack/keystone: Check for circular references when expanding implied roles  https://review.openstack.org/27113420:50
ayounglhcheng_, I fixed that right in the browser...lets see if it works20:50
lhcheng_ayoung: it works! thanks20:51
lbragstaddstanek yep20:52
lbragstaddstanek what's up?20:52
henrynashayoung: can’t seem to get to gerrit right now…it looked good from what I say, only nit I was going to add was on you log message you refeence next_ref[], whereas it’s technical cleaner if you refernce next_role_id (in case we every change the algorithm of where the next role id came from)…..but I’d _+2 it even with that20:54
ayounghenrynash, nah, it has to be the ref,  it is more than just the role id20:54
ayoungwe want to get two different entries if the same role has two different priors20:54
ayoungoh...on the log message...yeah, but if that changes...meh20:55
ayounghenrynash, so I can treat it as a +2 from you if gerrit ever comes back?20:55
henrynashayoung: i know, super nit…already +2’d it20:55
ayoungah./..there is it20:56
*** tonytan4ever has joined #openstack-keystone20:56
ayoungwe holding off on workflow for any reason?20:56
*** tsymanczyk has joined #openstack-keystone20:57
henrynashayoung: no…only that you said Steve was gonna do it…oh, isse Lin had alrady added +2….fine for +A20:57
ayoungw00t20:57
*** tsymanczyk is now known as Guest7001520:57
lhcheng_ship it20:57
*** pauloewerton has quit IRC20:58
*** e0ne has quit IRC20:58
lbragstadajayaa around?21:01
openstackgerritLance Bragstad proposed openstack/keystone: Ensure pycadf initiator IDs are UUID  https://review.openstack.org/25218221:03
ayounghenrynash, I'm working out the merge conflict for API changes.21:03
ayoungmy goal here is to do full press on API until it gets in, then play reviewer for the DSR changes21:04
henrynashayoung: ok, I’’ll rebase once you’re done with that21:04
*** jsavak has quit IRC21:04
openstackgerritayoung proposed openstack/keystone: Implied Roles API  https://review.openstack.org/24261421:05
stevemarlbragstad: probably not around, whats up?21:05
lbragstadajayaa I apologize for miss-spelling stevemar in the comment - i pushed a new fix21:05
stevemarlbragstad: :)21:05
ayounghenrynash, and that is rebased on the cycle change, so we should have one straight branch for all these21:05
lbragstadstevemar totally agree on the hacking checks21:05
stevemardstanek: https://review.openstack.org/#/c/252182/ should be ready to go if you want to squash another bug :)21:06
openstackgerritDavid Stanek proposed openstack/keystone: Refactors validation tests to better see the cases  https://review.openstack.org/27151521:07
*** jsavak has joined #openstack-keystone21:07
dstaneklbragstad: ^ i did that so i could test dchen's patch21:07
dstanekstevemar: so question about that.21:09
openstackgerrithenry-nash proposed openstack/keystone: Change project unique constraint  https://review.openstack.org/15837221:09
dstanekdoes that make is hard to correlate IDs from the audit system back to things in keystone?21:09
stevemardstanek: whaddup21:09
stevemarpotentially, yes but the audit should still have a "user_id" field21:10
stevemarthe "initiator" object will have a "user_id" field21:10
stevemarin the case where user_id is not a uuid21:10
stevemarthe spec for cadf says any ID fields must be UUID, so we can't go against the spec :(21:11
dstaneki'm just wondering if it cases a problem because not there isn't a way to lookup what a resource actually is21:11
stevemardstanek: we could add user_domain_id and user_name21:14
notmorganstevemar, lbragstad, dolphm, dstanek: almost done. pushing the change up now and will then work on some tests.21:15
*** jasonsb has quit IRC21:15
stevemardstanek: the way the multi-domain IDs work now, they are essentially useless anyway, sadly21:15
stevemarif i have an ldap configured backend, my userid is pretty much a garbage value21:16
stevemarit is the initial user_id, then hashed, so looking it up is equally hard21:16
dstanekstevemar: made a comment about i18n the error string. do we need to do that?21:17
*** pnavarro has quit IRC21:18
openstackgerritMerged openstack/keystone: deprecate write support for identity LDAP  https://review.openstack.org/25625721:18
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/26947921:21
*** rderose has joined #openstack-keystone21:22
*** su_zhang has joined #openstack-keystone21:24
*** su_zhang has quit IRC21:26
*** su_zhang has joined #openstack-keystone21:26
*** tsymancz1k has joined #openstack-keystone21:27
*** rderose has quit IRC21:29
*** Guest70015 has quit IRC21:30
*** tsymancz1k has quit IRC21:32
dolphm\o/ pci compliance, yay \o/21:33
*** pnavarro has joined #openstack-keystone21:37
*** markvoelker has joined #openstack-keystone21:40
*** markvoelker has quit IRC21:40
*** markvoelker has joined #openstack-keystone21:41
stevemarlooks like most of the bits i wanted in for mitaka-2 have merged21:44
stevemaryay21:44
*** pcaruana has joined #openstack-keystone21:48
lbragstadanyone want to review a fix for trusts?! https://review.openstack.org/#/c/269824/21:49
*** doug-fish has quit IRC21:49
openstackgerritMorgan Fainberg proposed openstack/keystone: Add caching to role assignments  https://review.openstack.org/21571521:52
openstackgerritMorgan Fainberg proposed openstack/keystone: Apply invalidation proxy to the catalog cache region  https://review.openstack.org/27153621:52
notmorganlbragstad: ^21:52
notmorganneeds some unit tests21:52
notmorganbut that *should* solve the issue of "distributed things"21:52
*** chris_19 has joined #openstack-keystone21:52
*** rcernin has joined #openstack-keystone21:53
notmorgandolphm: ^ cc, stevemar ^21:53
openstackgerritMorgan Fainberg proposed openstack/keystone: Add caching to role assignments  https://review.openstack.org/21571521:55
openstackgerritMorgan Fainberg proposed openstack/keystone: Apply invalidation proxy to the catalog cache region  https://review.openstack.org/27153621:55
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453321:55
notmorganwhoopse, missed something21:55
notmorganneeded an @property in there21:55
*** timcline has quit IRC21:58
*** tsymanczyk has joined #openstack-keystone22:01
*** gordc has joined #openstack-keystone22:01
*** tsymanczyk is now known as Guest7909522:01
*** peter-hamilton has quit IRC22:02
*** jsavak has quit IRC22:04
*** pnavarro has quit IRC22:04
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204522:09
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity - Separate user identities  https://review.openstack.org/26204522:09
*** ninag has quit IRC22:14
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453322:19
openstackgerrithenry-nash proposed openstack/keystone: Add tests for role management with v3policy file  https://review.openstack.org/26184622:21
openstackgerrithenry-nash proposed openstack/keystone: Add CRUD support for domain specific roles  https://review.openstack.org/26187022:22
*** RichardRaseley has joined #openstack-keystone22:22
openstackgerrithenry-nash proposed openstack/keystone: Modify rules in the v3 policy sample for domain specifc roles  https://review.openstack.org/26207822:22
openstackgerrithenry-nash proposed openstack/keystone: Modify implied roles to honor domain specific roles  https://review.openstack.org/26306422:25
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354922:25
*** chris_19 has left #openstack-keystone22:28
stevemarhaneef_: rebase-a-mania22:28
stevemarhenrynash, not haneef_ :(22:29
henrynashstevemar: ’tis me….and ’tis true!22:29
stevemarhenrynash: which hotel you at next week?22:29
henrynashstevemar: I think I might be in the Marriot….but no matter, will still join you guys for breakfast!22:30
*** markvoelker has quit IRC22:32
stevemarhenrynash: we get free breaky!22:34
notmorganstevemar: which hotel are you at?22:34
henrynashsteevmar: I think I do too….since I’m now “life time gold” for marriot…this sounded good until I realized that you only get that if you have staryed 2 years of your life in Marriotts……..22:35
stevemarlol22:36
stevemarthe downside of gold eh22:36
*** gordc has quit IRC22:37
stevemargonna go for a run, gotta keep my new years reso ongoing :]22:37
*** PsionTheory has quit IRC22:38
*** jbell8 has quit IRC22:52
*** rcernin has quit IRC22:53
*** dims_ has joined #openstack-keystone22:56
*** dims has quit IRC22:58
*** diazjf has quit IRC22:58
*** sigmavirus24 is now known as sigmavirus24_awa23:00
*** sdake has joined #openstack-keystone23:00
*** sdake has quit IRC23:01
edmondswhenrynash, what does "dsr" stand for?23:03
henrynashedmondsw: domain specific roles23:03
edmondswgotcha, tx23:04
edmondswwhy would we want to let a project admin see domain roles?23:05
edmondswhenrynash ^23:05
henrynashhold on...23:06
henrynashbrb23:06
edmondswsure23:06
henrynashedmondsw: so domain admin roles are created bya domain admin for use by them and project admins wiithi their domain (only)23:11
henrynashedmondsw: since project admins can read global roles, it seems right that they should be able to read domain roles for their own domain23:12
edmondswwhy should they be able to read global roles either?23:12
henrynashedmondsw: how would they know which roles they could assign to their projects?23:13
*** dims_ has quit IRC23:13
edmondswoh, I'm an idiot... I was thinking of role *assignments* not roles...23:14
edmondswtoo late on a Friday (especially for you)23:15
*** jamielennox is now known as jamielennox|away23:15
openstackgerrithenry-nash proposed openstack/keystone: Allow project domain_id to be nullable at the manager level  https://review.openstack.org/26453323:16
henrynashedmondsw: no worries!23:16
openstackgerrithenry-nash proposed openstack/keystone: Change project unique constraint  https://review.openstack.org/15837223:17
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128923:18
*** rbak has quit IRC23:26
*** roxanagh_ has joined #openstack-keystone23:30
openstackgerritMorgan Fainberg proposed openstack/keystone: Add caching to role assignments  https://review.openstack.org/21571523:32
openstackgerritMorgan Fainberg proposed openstack/keystone: Apply invalidation proxy to the catalog cache region  https://review.openstack.org/27153623:32
*** bill_az has quit IRC23:34
*** tonytan4ever has quit IRC23:35
*** slberger has left #openstack-keystone23:39
*** edmondsw has quit IRC23:41
*** simondodsley has quit IRC23:48
*** Ephur has quit IRC23:54
*** edmondsw has joined #openstack-keystone23:54
*** dims has joined #openstack-keystone23:56
« Thursday, 2016-01-21 Index Saturday, 2016-01-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!