Tuesday, 2016-04-12

morganbknudson: globa _TheWorst00:07
morganbknudson: _TheWorst = True00:07
*** fawadkhaliq has quit IRC00:07
*** fawadkhaliq has joined #openstack-keystone00:08
*** gyee has quit IRC00:20
*** pumarani__ has quit IRC00:25
*** fawadkhaliq has quit IRC00:28
*** fawadkhaliq has joined #openstack-keystone00:29
*** markvoelker has joined #openstack-keystone00:35
*** fawadkhaliq has quit IRC00:40
*** markvoelker has quit IRC00:41
*** stingaci has quit IRC00:46
*** richm has quit IRC01:00
*** sdake_ has joined #openstack-keystone01:02
*** sdake has quit IRC01:02
*** sdake_ is now known as sdake01:08
*** pushkaru has joined #openstack-keystone01:16
*** pushkaru has quit IRC01:22
*** phalmos has joined #openstack-keystone01:28
*** EinstCrazy has joined #openstack-keystone01:31
*** rderose has quit IRC01:37
*** phalmos has quit IRC01:39
openstackgerritLi Yingjun proposed openstack/keystone: Fix KeyError when rename to a name is already in use  https://review.openstack.org/30141801:43
*** woodster_ has quit IRC01:47
*** mylu has quit IRC01:47
*** mylu has joined #openstack-keystone01:49
ayoungmorgan, do we need to fix the microsecond time recording in Fernet tokens in order to get revoke events to work?01:50
morganUhm. Not sure01:51
morganWe should be killing microseconds anywhere though.01:51
lbragstadayoung last I talked to morgan about that - we were going to leave revocation events and fernet timestamps as it01:51
lbragstadand mock the clock01:51
morganAnd mock clock for tests.01:51
ayounglbragstad, so, even time.sleep(1) does not seem to be doing things right for the latest tests01:52
ayoungI am not certain it is the same issue01:52
lbragstadI abandon my patch to add subsecond precision to revocation events shortly after the midcycle01:52
morganWe want subsecond to go away01:52
morganNot add more n01:52
lbragstadayoung ahh - I thought dolphm and I had similar issues when we tried that01:52
ayoungso, we have a slew of tests where the wrong tokens are getting revoked for the one second after the delete event...I would not think that was the same thing01:53
ayoungIn most cases of the tests it is the admin token01:53
ayoungwe still have this morgan http://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/unit/test_v2.py#n123901:54
morganWe also have a number of tokens that used admin and non admin tokens for the same thing b01:54
morganI ran across the issue when trying to squash extensions.01:54
morganAnd had fixed a lot of it.01:54
ayoungso If I find throwing a sleep(1) in fixes the test, it is probably a case where the wrong token is used, or token for the wrong user?01:55
morganA sleep(1) fixing it is a mock the clock, if sleep doesn't fix it, it is the wrong token (likely shared admin/non admin token in the same test)01:56
morganJust a guess01:56
ayoungmorgan, see this one http://logs.openstack.org/93/278693/7/check/gate-keystone-python27-db/f793954/testr_results.html.gz01:58
ayoungmorgan, it does not always fail01:59
ayoungit has a sleep(1)01:59
ayoungand it is annoying me01:59
morganThat sounds like a timing issue then.01:59
morganVs wrong token.01:59
morganSo mocking the clock properly vs sleep will be more reliable.01:59
*** stingaci has joined #openstack-keystone02:02
ayoungmorgan, there are too many of them.  I tried mocking the clock, too. SOmething is wrong here.02:02
*** cburgess has quit IRC02:05
*** bapalm has quit IRC02:06
*** cburgess has joined #openstack-keystone02:07
*** zqfan has joined #openstack-keystone02:12
*** gerhardqux has quit IRC02:13
*** bapalm has joined #openstack-keystone02:13
*** gerhardqux has joined #openstack-keystone02:13
*** tristanC has quit IRC02:13
*** wanghua has joined #openstack-keystone02:13
*** tristanC has joined #openstack-keystone02:14
*** mylu has quit IRC02:18
*** mylu has joined #openstack-keystone02:33
*** markvoelker has joined #openstack-keystone02:37
*** markvoelker has quit IRC02:42
*** rk4n has joined #openstack-keystone02:46
*** lhcheng has quit IRC02:51
*** mylu has quit IRC03:02
*** mylu has joined #openstack-keystone03:02
openstackgerritayoung proposed openstack/keystone: Make fernet support trust auth against v2.0  https://review.openstack.org/27869303:03
jamielennoxsigh, 6 months between blog posts is too long, whole ruby versions EOLed under me03:04
*** sdake_ has joined #openstack-keystone03:12
*** mylu has quit IRC03:12
*** sdake has quit IRC03:15
*** sdake has joined #openstack-keystone03:18
*** mylu has joined #openstack-keystone03:19
*** links has joined #openstack-keystone03:20
*** lhcheng has joined #openstack-keystone03:20
*** ChanServ sets mode: +v lhcheng03:20
*** sdake_ has quit IRC03:20
*** lhcheng has quit IRC03:20
*** lhcheng has joined #openstack-keystone03:21
*** ChanServ sets mode: +v lhcheng03:21
*** akanksha_ has joined #openstack-keystone03:23
*** mylu has quit IRC03:29
prosunI wonder what does "openstack-attic" at the prefix of most project names in review.openstack.org mean?03:31
*** mylu has joined #openstack-keystone03:31
*** anush_ has joined #openstack-keystone03:35
prosunahhh... I see, attic means "a space or room just below the roof of a building". Yea, I found it !03:40
*** mylu has quit IRC03:48
*** mylu has joined #openstack-keystone03:49
*** jasonsb has joined #openstack-keystone03:52
stevemarprosun: attic: where you store stuff you don't want to ever see again :)04:01
prosunstevemar: gotcha.04:05
*** Nirupama has joined #openstack-keystone04:07
prosunI wonder why the API URL /v2.0/endpoints for creating endpoints is not listed in official Identity API v2.0 or its extensions  or Identity Admin API 2.0 ? See the comment https://bugs.launchpad.net/keystone/+bug/1557166/comments/5 for details04:11
openstackLaunchpad bug 1557166 in OpenStack Identity (keystone) "V2 Endpoint creation with missing region returns 500" [Undecided,New] - Assigned to Kanika Singh (kanikasingh-1490)04:11
*** sheel has joined #openstack-keystone04:12
*** roxanagh_ has joined #openstack-keystone04:31
*** markvoelker has joined #openstack-keystone04:38
*** mylu has quit IRC04:42
*** markvoelker has quit IRC04:42
*** lhcheng has quit IRC04:45
*** spandhe has joined #openstack-keystone04:49
*** EinstCrazy has quit IRC04:55
*** EinstCrazy has joined #openstack-keystone05:05
*** EinstCra_ has joined #openstack-keystone05:17
*** dave-mccowan has quit IRC05:19
*** EinstCrazy has quit IRC05:19
*** roxanagh_ has quit IRC05:20
*** rk4n has joined #openstack-keystone05:24
*** lupine has quit IRC05:33
*** lupine has joined #openstack-keystone05:35
*** markvoelker has joined #openstack-keystone05:38
openstackgerritColleen Murphy proposed openstack/keystonemiddleware: Only confirm token binding on one token  https://review.openstack.org/30440005:39
*** spandhe has quit IRC05:40
*** spandhe has joined #openstack-keystone05:42
*** markvoelker has quit IRC05:43
*** lhcheng has joined #openstack-keystone05:45
*** ChanServ sets mode: +v lhcheng05:45
*** dan_nguyen has quit IRC05:49
*** fawadkhaliq has joined #openstack-keystone05:49
*** rmizuno has joined #openstack-keystone05:58
*** rmizuno has quit IRC06:10
*** spandhe has quit IRC06:10
*** ksnihyr has joined #openstack-keystone06:12
*** c_soukup has joined #openstack-keystone06:16
*** akanksha_ has quit IRC06:17
*** csoukup has quit IRC06:19
*** stingaci has quit IRC06:24
*** tesseract has joined #openstack-keystone06:24
*** tesseract is now known as Guest1511506:24
*** fawadkhaliq has quit IRC06:26
*** mylu has joined #openstack-keystone06:27
*** fawadkhaliq has joined #openstack-keystone06:29
*** mylu has quit IRC06:32
*** henrynash has joined #openstack-keystone06:39
*** ChanServ sets mode: +v henrynash06:39
*** anush_ has quit IRC06:39
*** henrynash has quit IRC06:39
*** stingaci has joined #openstack-keystone06:54
*** stingaci has quit IRC06:59
*** jaosorior has joined #openstack-keystone07:19
*** sdake_ has joined #openstack-keystone07:24
*** sdake has quit IRC07:26
*** sdake has joined #openstack-keystone07:27
*** sdake_ has quit IRC07:30
*** markvoelker has joined #openstack-keystone07:39
*** jamielennox is now known as jamielennox|away07:42
*** rk4n has quit IRC07:43
*** markvoelker has quit IRC07:44
openstackgerritMerged openstack/keystonemiddleware: Create signing_dir upon first usage  https://review.openstack.org/30425507:46
*** henrynash has joined #openstack-keystone07:46
*** ChanServ sets mode: +v henrynash07:46
*** jaosorior has quit IRC07:47
*** jaosorior has joined #openstack-keystone07:48
*** e0ne has joined #openstack-keystone07:49
*** daemontool_ has joined #openstack-keystone07:50
*** henrynash has quit IRC07:52
*** daemontool has quit IRC07:53
*** lhcheng has quit IRC07:55
*** stingaci has joined #openstack-keystone07:56
*** fawadkhaliq has quit IRC08:01
*** stingaci has quit IRC08:02
*** e0ne has quit IRC08:04
*** rk4n has joined #openstack-keystone08:17
*** rk4n has quit IRC08:17
*** rk4n has joined #openstack-keystone08:17
*** jistr has joined #openstack-keystone08:25
*** naresht has joined #openstack-keystone08:25
*** mylu has joined #openstack-keystone08:28
*** mylu has quit IRC08:32
*** e0ne has joined #openstack-keystone08:33
openstackgerritMerged openstack/keystone: Fixes bug where the updated federated display_name is not returned  https://review.openstack.org/30198708:35
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/30313108:37
openstackgerritMerged openstack/keystoneauth: Fix doc build if git is absent  https://review.openstack.org/30346608:38
*** agireud has quit IRC08:39
*** agireud has joined #openstack-keystone08:42
*** agireud has quit IRC08:44
andreykurilin__Can someone help me with keystoneclient?08:50
*** agireud has joined #openstack-keystone08:52
openstackgerritRyosuke Mizuno proposed openstack/keystone: Add keystone service ID to observer audit  https://review.openstack.org/30396308:58
*** dims has quit IRC09:04
*** dims has joined #openstack-keystone09:05
openstackgerritMerged openstack/keystone: Clean up test case for shadow users  https://review.openstack.org/30212309:10
openstackgerritMerged openstack/keystone: Simplify chained comparison  https://review.openstack.org/30227909:10
*** stingaci has joined #openstack-keystone09:14
openstackgerritMerged openstack/keystone: create a new `advanced topics` section in the docs  https://review.openstack.org/29222709:14
*** openstackgerrit has quit IRC09:17
*** openstackgerrit has joined #openstack-keystone09:17
*** stingaci has quit IRC09:18
*** gangadhar has joined #openstack-keystone09:19
*** c_soukup has quit IRC09:25
*** c_soukup has joined #openstack-keystone09:26
*** e0ne has quit IRC09:29
*** e0ne has joined #openstack-keystone09:31
*** markvoelker has joined #openstack-keystone09:40
*** markvoelker has quit IRC09:45
openstackgerritMorgan Fainberg proposed openstack/keystone: Set the values for the request_local_cache  https://review.openstack.org/30448609:49
morganDinaBelova: ^09:49
DinaBelovamorgan ack09:49
morganDinaBelova: my original test case was without memcache on09:49
morganDinaBelova: since the REGENERATE_NEEDED exception does an explicit set09:50
morganDinaBelova: it worked well. so basically we ended up skipping request_local when memcache hit unless an explicit set occured09:50
morganDinaBelova: inital tests on a VM, ~30-50 seconds reduction in test runtime with this fix09:50
morganDinaBelova: not tested with tempest yet09:50
DinaBelovamorgan thanks you sir for the update :)09:51
morganlooking at the other bug you filed.09:51
morganalso, proposing this fix as a backport to stab/mitaka09:51
openstackgerritKanika Singh proposed openstack/keystone: Add a condition for 'region' parameter  https://review.openstack.org/30448909:53
*** vnogin has joined #openstack-keystone09:54
*** vnogin has left #openstack-keystone09:54
*** openstackstatus has quit IRC09:57
*** openstack has joined #openstack-keystone09:58
*** openstackstatus has joined #openstack-keystone09:59
*** ChanServ sets mode: +v openstackstatus09:59
morganDinaBelova: https://bugs.launchpad.net/keystone/+bug/156741310:11
openstackLaunchpad bug 1567413 in OpenStack Identity (keystone) "Keystone fetches data from Memcache even if caching is explicitly turned off" [Undecided,New]10:11
*** sdake has quit IRC10:11
morganDinaBelova: did you run the test immediately following another testrun without clearing memcache?10:11
morganDinaBelova: and/or without resetting the values of the memcache server connections to empty or the dogpile backend to null again?10:12
morganDinaBelova: commented on the bug.10:12
*** jaosorior has quit IRC10:21
*** jaosorior has joined #openstack-keystone10:22
*** jed56 has quit IRC10:23
*** vnogin has joined #openstack-keystone10:32
DinaBelovaI did not clear the memcache, but I think in case of turned off caching it should not even try to fetch the data?10:39
*** EinstCra_ has quit IRC10:52
*** daemontool_ has quit IRC10:54
*** daemontool has joined #openstack-keystone10:54
*** dave-mccowan has joined #openstack-keystone11:01
*** adam_ has joined #openstack-keystone11:25
adam_Has anyone had any issues with keystone before where wsgi locks are stuck in deleted causing the disk to show as full? (/run/apache2/wsgi.23561.0.1.lock (deleted))11:26
*** e0ne has quit IRC11:30
adam_Here's the paste, disk is showing as full, keystone seem to have 206 apache2 wsgi locks stuck in 'deleted', stopping apache clears them, but they return under different pid's once it starts back up. http://paste.openstack.org/show/493761/11:37
*** doug-fish has joined #openstack-keystone11:39
*** markvoelker has joined #openstack-keystone11:41
*** markvoelker has quit IRC11:45
*** openstack has quit IRC12:04
*** openstack has joined #openstack-keystone12:05
*** markvoelker has joined #openstack-keystone12:12
*** tlbr has quit IRC12:14
*** gordc has joined #openstack-keystone12:15
*** tlbr has joined #openstack-keystone12:15
*** rodrigods has quit IRC12:24
*** rodrigods has joined #openstack-keystone12:24
*** jamielennox|away is now known as jamielennox12:26
*** c_soukup has quit IRC12:28
*** richm has joined #openstack-keystone12:34
*** e0ne has joined #openstack-keystone12:36
*** mhickey has joined #openstack-keystone12:37
*** tlbr has quit IRC12:43
*** tlbr has joined #openstack-keystone12:43
*** links has quit IRC12:52
*** tlbr has quit IRC12:54
*** gsilvis_ is now known as gsilvis12:59
*** ninag has joined #openstack-keystone13:02
openstackgerritayoung proposed openstack/keystone: Make fernet support trust auth against v2.0  https://review.openstack.org/27869313:03
dstanekadam_: you're thinking that Keystone/mod_wsgi is filling up your disk?13:04
*** pauloewerton has joined #openstack-keystone13:05
*** Nirupama has quit IRC13:07
*** tlbr has joined #openstack-keystone13:08
*** EinstCrazy has joined #openstack-keystone13:09
*** pushkaru has joined #openstack-keystone13:11
*** ayoung has quit IRC13:12
*** doug-fish has quit IRC13:19
adam_dstanek: I've moved on from wsgi as realized they're 0 length lock files anyway. Still can't find what's using 100% disk though sadly.13:20
*** EinstCrazy has quit IRC13:21
adam_dstanek: du -h max-depth=1 on the 100% disk only shows as 1.3G, not the 39G is says it's using13:21
dstanekadam_: you can always do a down and dirty 'du -sh /*' and start to narrow it down13:21
dstanekadam_: what does 'df -h' show?13:21
adam_'df -h' shows as 100%13:22
adam_I'll show you the paste of du -sh /* as that all looks fine too13:22
*** tlbr has quit IRC13:23
adam_dstanek: here you go, everything looks fine here; http://paste.openstack.org/show/493792/13:24
*** tlbr has joined #openstack-keystone13:24
dstanekadam_: what does your df -h look like?13:25
*** tellesnobrega is now known as tellesnobrega_af13:25
adam_dstanek: df -h output - http://paste.openstack.org/show/493794/13:26
*** doug-fish has joined #openstack-keystone13:27
*** rderose has joined #openstack-keystone13:27
dstanekadam_: i've not seen anything like that before. have you done the windows fix are rebooted?13:28
*** mylu has joined #openstack-keystone13:29
dstanekadam_: if you would have had mount points i would have told you to unmount and check again, but you don't13:30
adam_dstanek: not yet, I don't have KVM/console to these servers until our canadian partner comes online so avoiding doing it at the mo, but guess it's worth a try13:31
dstaneka reboot would clear tmp files and stop any processes that are writing. although i can't imagine anything has written 38G to disk and not committed it to a file13:32
*** raildo is now known as raildo-afk13:32
*** jsavak has joined #openstack-keystone13:32
dstanekadam_: no root is a bummer :-(13:32
adam_dstanek: Oh, I have root, but if it didn't come online for what ever reason I wouldn't be able to do much with it13:33
adam_dstanek: I'll go for it though, not much else I can do at the moment with keystone unavaliable anyway13:34
*** edmondsw has joined #openstack-keystone13:34
samueldmqmorning keystoners13:36
*** links has joined #openstack-keystone13:36
Anticimexis there any way to retrieve a keystone token via Horizon?13:37
*** mylu has quit IRC13:37
Anticimexuse case: when using SAML2 federation and the IdP isn't compatible with ECP, users are prevented from authenticating from CLI13:37
*** mylu has joined #openstack-keystone13:38
*** knikolla has joined #openstack-keystone13:42
*** EinstCrazy has joined #openstack-keystone13:42
*** ametts has joined #openstack-keystone13:43
*** woodburn has joined #openstack-keystone13:48
adam_dstanek: Found the cause, it's an issue with the control instance, keystone runs as an lxc container on control1, and the disk is full on there, my mistake for not checking further down the chain13:54
dstanekadam_: ah, that explains why you couldn't see it13:55
*** timcline has joined #openstack-keystone13:58
*** spzala has joined #openstack-keystone14:01
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Add users functional tests  https://review.openstack.org/28930614:07
*** c_soukup has joined #openstack-keystone14:07
*** links has quit IRC14:08
*** woodster_ has joined #openstack-keystone14:10
*** timcline has quit IRC14:12
*** timcline has joined #openstack-keystone14:13
*** doug-fish has quit IRC14:16
*** sigmavirus24_awa is now known as sigmavirus2414:18
*** Bjoern_ has joined #openstack-keystone14:18
*** Bjoern_ is now known as BjoernT14:20
*** tellesnobrega_af is now known as tellesnobrega14:22
*** naresht has quit IRC14:23
*** timcline has quit IRC14:26
*** phalmos has joined #openstack-keystone14:29
*** sigmavirus24 is now known as sigmavirus24_awa14:29
*** vnogin has quit IRC14:30
*** sigmavirus24_awa is now known as sigmavirus2414:30
*** sdake has joined #openstack-keystone14:32
BjoernTQuick question, in regards to https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json. The admin_domain_id needs to be updated with the real domain ID chosen to be the admin, inside the cloud_admin rule, in particular around  domain_id:admin_domain_id rule ?14:33
dimsmorgan : we don't need any fixes in oslo.cache right? https://review.openstack.org/#/c/30448614:34
morganDinaBelova: unfortunately the turn "off" needs to be a bit more involved as evedenced by how dogpile works14:34
*** slberger has joined #openstack-keystone14:34
morgandims: we could use a fix for setting defaults14:35
*** spandhe has joined #openstack-keystone14:35
morgandims: but not for that to land14:35
morgandims: :)14:35
openstackgerritAlexander Makarov proposed openstack/keystone: Add set_config_defaults() call to tests  https://review.openstack.org/30467414:35
dimscool thanks morgan i was just catching up on DinaBelova 's bug reports. looks like you handled both :) https://bugs.launchpad.net/keystone/+bug/1567413 was the other one14:36
openstackLaunchpad bug 1567413 in OpenStack Identity (keystone) "Keystone fetches data from Memcache even if caching is explicitly turned off" [Medium,Triaged]14:36
morgandims: yep.14:36
dimsthanks morgan!14:36
openstackgerritAlexander Makarov proposed openstack/keystone: Add DB operations tracing  https://review.openstack.org/29453514:36
morgandims: https://review.openstack.org/#/c/277198/ would be the thing that needs the setdefaults function14:37
patchbotmorgan: patch 277198 - keystone - Default caching to on for request-local caching.14:37
*** spandhe has quit IRC14:37
morganbut that is a questionable patch to begin with14:37
dimsy looking14:38
amakarovmorgan, o/14:40
morganamakarov: hi14:40
adam_dstanek: all sorted now, thanks for stepping in to help though!14:40
amakarovlooks like we have wrong tests initialization :)14:40
morganamakarov: ?14:40
morganamakarov: need to be a bit more clear - i just woke up...14:41
openstackLaunchpad bug 1569389 in OpenStack Identity (keystone) "set_config_defaults() never called on testing" [Undecided,In progress] - Assigned to Alexander Makarov (amakarov)14:41
morganamakarov: ah in unit tests yeah.14:41
amakarovthis caused Dina's osprofiles patch chain to fail14:41
morganwell it is called... in some cases14:41
morganjust not in all14:41
morganwhere we standup a whole keystone, it is called14:42
morganthe restful patches14:42
morganwe need to call it (likely) in keystone.tests.unit.core14:43
*** mvk has quit IRC14:43
morganthough lets be fair, i am on the fence if unit tests need osprofiler14:43
morganif that makes sense.14:43
amakarovmorgan, one thing I'm worried about: is it legal to put this call right after config.configure in the wery root of keystone tests... But tests looks happy ))14:44
morganit should be fine to call it anypoint14:44
morganafter config.configure()14:44
morganbut like i said... do we *reall* want to run osprofiler in unit tests?14:44
morganwhat is the win?14:44
dimsmorgan : we usually have set_defaults() in other oslo libs, i think oslo.cache is more complicated setup/configure :) so we may need bknudson's help :)14:44
morgandims: right... or mine :P considering oslo.cache is almost 100% my code :P14:45
amakarovmorgan, hm, that is the question!14:45
morganamakarov: i'm thinking the answer is we don't profile unit tests14:45
DinaBelovaamakarov it's interesting14:45
DinaBelovawhen I added this locally14:45
DinaBelovait did not help14:45
morganamakarov: profiling unit tests seems weird.14:45
dimsmorgan : haha. i mean help to make it look like other oslo projects :)14:45
morgandims: dogpile needs some fixes too. which i've got on my personal backlog14:46
DinaBelovaamakarov - but probably I had poisoned virtualenv14:46
morganbut E_LOOKING_FOR_WORK14:46
dimsmorgan : cool14:46
morgansince most work is openstack i've been staying focused there.14:46
DinaBelovamorgan even if the setup will be processed, without needed wrappers tests won't be traced :)14:47
amakarovDinaBelova, well, the patch chain just passed unit tests on my brand new virtualenv14:47
DinaBelovaamakarov ack14:47
*** mylu has quit IRC14:47
morganDinaBelova: it also may just be fine as is14:47
morganas amakarov is showing14:47
DinaBelovamorgan indeed14:47
*** raildo-afk is now known as raildo14:48
morganDinaBelova: so the issue with cache off is we only test if we should store new values; if dogpile is connected to memcache it'll still do requests to it14:48
morganDinaBelova: the SHOULD_CACHE_FN is the magic.14:48
morganDinaBelova: not sure if we want to make [cache]\enabled=false force dogpile to disconnect from memcache as well14:49
morganwhich would be a fix to oslo.cache14:49
morgandims: ^ cc (since it might be oslo.cache related)14:50
DinaBelovamorgan oh... I did not realize this. Just when I set caching to disabled, I expected not to see these connections14:50
DinaBelovayes, let's ask dims14:50
morganDinaBelova: :) your bug indicated i didn't cover that case directly, documentation or otherwise.14:50
dimsDinaBelova : i'd definitely want to see a review filed in oslo.cache for debate. yes, i'd support it14:51
*** sdake_ has joined #openstack-keystone14:51
DinaBelovamorgan well, that's also a result, I'm happy I could help14:51
DinaBelovadims ack14:51
DinaBelovaI think I'll be able to do commit tomorrow14:51
dimsgood work DinaBelova !14:52
morgandims: there are two ways to fix it: 1 - reset the region to the default dogpile.null region14:52
morgandims: which would be done at configuration of the cache region opbject14:52
morgandims: or in each project we unset the memcache server bits [not in oslo.cache]14:52
* dims listening14:52
morgansince keystone is the only thing using oslo.cache...14:53
morganwell with @memoize14:53
dimslol, let's try #1 and #2 as fallback :)14:53
DinaBelovadims morgan - ack14:53
morganDinaBelova: happy to let you hack up the code for this or i can right now14:53
morganDinaBelova: your call :)14:54
DinaBelovamorgan I'll be able to jump to this tomorrow :) if you have time today - u'r welcome to do that yourself :)14:54
morgansure. should be really quick14:54
DinaBelovamorgan ack, thanks :)14:55
*** sdake has quit IRC14:55
dimsthanks morgan14:56
*** gangadhar has quit IRC14:56
*** ametts has quit IRC14:59
*** mylu has joined #openstack-keystone14:59
morgandims: almost done14:59
morganupdating tests and will propose.15:00
*** mvk has joined #openstack-keystone15:00
*** diazjf has joined #openstack-keystone15:04
dimsmorgan : awesome! thanks15:04
*** afazekas has quit IRC15:09
*** afazekas has joined #openstack-keystone15:09
*** phalmos has quit IRC15:09
*** sdake has joined #openstack-keystone15:12
morgandims:  https://review.openstack.org/30468815:14
morganDinaBelova: ^cc15:14
*** mylu has quit IRC15:16
*** sdake_ has quit IRC15:16
*** mylu has joined #openstack-keystone15:16
*** adam_ has quit IRC15:16
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Add users functional tests  https://review.openstack.org/28930615:17
*** openstackgerrit has quit IRC15:18
*** openstackgerrit has joined #openstack-keystone15:18
*** doug-fish has joined #openstack-keystone15:19
*** ayoung has joined #openstack-keystone15:20
*** ChanServ sets mode: +v ayoung15:20
*** doug-fish has quit IRC15:24
openstackgerritayoung proposed openstack/keystone: Make fernet support trust auth against v2.0  https://review.openstack.org/27869315:24
*** TxGVNN has joined #openstack-keystone15:24
*** jaosorior has quit IRC15:24
stevemarmorgan: thanks for all the reviews last night15:28
*** phalmos has joined #openstack-keystone15:28
morganstevemar: i didn't review anything last night >.>15:28
morganstevemar: insomniacmorgan did15:28
morgansadly fell asleep early and woek up at midnight. figured i might as well review things until i fell alseep15:29
morganstevemar: https://review.openstack.org/#/q/I4857cfe1e62d54c3c89a0206ffc895c4cf681ce5,n,z15:29
morganstraightforward fix, but good to land. will improve request local cache15:30
morganstevemar: and do we want to propose request local to stable/liberty? i know dolphm was interested in that15:30
dolphmmorgan: did you see the performance / caching conversation on the list?15:31
*** tellesnobrega is now known as tellesnobrega_af15:33
*** yarkot_ has joined #openstack-keystone15:38
*** phalmos has quit IRC15:39
*** sdake_ has joined #openstack-keystone15:41
*** doug-fish has joined #openstack-keystone15:42
*** sdake has quit IRC15:43
*** fesp has joined #openstack-keystone15:43
*** phalmos has joined #openstack-keystone15:43
*** anush_ has joined #openstack-keystone15:45
*** fesp has quit IRC15:45
morgandolphm: from DinaBelova ?15:46
morgandolphm: and mfisch ?15:46
*** doug-fish has quit IRC15:46
DinaBelovaheh, it looks like morgan knows all about this :)15:46
morgandolphm: proposed fixes for both bufs.15:47
*** doug-fish has joined #openstack-keystone15:52
*** EinstCrazy has quit IRC15:53
*** doug-fis_ has joined #openstack-keystone15:54
*** fawadkhaliq has joined #openstack-keystone15:55
*** sdake_ has quit IRC15:55
*** sdake has joined #openstack-keystone15:55
ayounglbragstad, so on https://review.openstack.org/#/c/278693/ I'm not 100% comfortable with it.  The 21 second delay was just a slip that I left in there, but there is something wrong with the revocation checking mechanism.  I don't like the way we have to play around with delays.  THere is something else more wrong here,  with the wrong tokens getting revoked and all that.  It might be, as morgan suggested, that it is due to bad tests, but that one15:57
ayoungshould not ever get a forbidden error, and that is how it was failing15:57
patchbotayoung: patch 278693 - keystone - Make fernet support trust auth against v2.015:57
*** doug-fish has quit IRC15:58
ayoungJust had a thought...with the mock we might be able to make it easier to reproduce...let me see.15:58
*** gyee has joined #openstack-keystone16:00
*** ChanServ sets mode: +v gyee16:00
*** timcline has joined #openstack-keystone16:00
BjoernTdolphm: Quick question, in regards to https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json. The admin_domain_id needs to be updated with the real domain ID chosen to be the admin, inside the cloud_admin rule, in particular around  domain_id:admin_domain_id rule ?16:01
*** jsavak has quit IRC16:02
*** doug-fish has joined #openstack-keystone16:02
*** jsavak has joined #openstack-keystone16:02
openstackgerritAlexander Makarov proposed openstack/keystone: Add DB operations tracing  https://review.openstack.org/29453516:03
*** doug-fish has quit IRC16:03
*** doug-fish has joined #openstack-keystone16:04
*** doug-fish has quit IRC16:04
*** doug-fish has joined #openstack-keystone16:05
*** doug-fis_ has quit IRC16:05
*** dan_nguyen has joined #openstack-keystone16:06
*** doug-fish has quit IRC16:09
*** fawadkhaliq has quit IRC16:09
anteayastevemar: so keystone mid-cycle plans?16:12
anteayastevemar: thought about toronto at all?16:12
anteayait is beautiful in the summer16:12
* anteaya pictures just finding a parking spot as opposed to having to fly16:13
morgananteaya, stevemar: I vote brazil and we visit samueldmq :P16:13
*** fawadkhaliq has joined #openstack-keystone16:13
* morgan cant actually do that trip yet16:13
anteayamorgan: oh yes, brazil would be great too16:13
anteayabrazil as a first choice, toronto as a back up?16:14
bknudsondon't need to worry about summer/winter in brazil16:15
bknudsonI'd prefer to go to brazil in the winter16:15
anteayagood point16:15
anteayahow long are brazil visas good for?16:16
anteayaaustralian visas are good for a year16:16
htrutawow! midcycle brazil ++16:16
raildoanteaya: http://brazil.travisa.com/16:17
raildoanteaya: there is a couple of tips on this link16:17
anteayaraildo: thanks16:17
*** jasonsb has quit IRC16:18
bknudsonlooks like visa is waived due to olympics16:18
bknudsonI'd still get a visa just in case.16:19
raildo"However, in light of the Rio 2016 Olympics, American, Australian, Canadian and Japanese nationals going to Brazil exclusively for tourism activities, entering Brazil between June 1st and September 18th, 2016, will be eligible for a 90 day, non-extendable, unilateral visa waiver counted from the first entry within that period. "16:19
bknudsonbrazil might not even have a govt anymore.16:20
dstanekmy travel options to Brazil were not great the last time i looked16:20
*** lhcheng has joined #openstack-keystone16:20
*** ChanServ sets mode: +v lhcheng16:20
stevemarbknudson: only for tourism16:20
*** lhcheng has quit IRC16:20
stevemarbknudson: if we go with toronto, then we can have a group jays game outing :P16:20
*** lhcheng has joined #openstack-keystone16:21
*** ChanServ sets mode: +v lhcheng16:21
bknudsonstevemar: do you still say you're coming to the us on "business"?16:21
stevemarbknudson: "business" is OK16:21
stevemarbknudson: "work" is OH GOD WHAT HAVE I DONE!16:21
anteayabusiness only16:22
anteayanever ever work16:22
*** ksnihyr has quit IRC16:22
dstanekwhen i went to CA, I just let them know I was only there to party16:22
bknudsonis this when you were 18?16:23
anteayadstanek: california?16:24
*** alex_xu_ has quit IRC16:24
dstanekanteaya: Canada16:24
dstanekbknudson: no, pycon!16:24
dstanekit was not a lie. there is no business or learning at pycon16:25
*** BigWillie has joined #openstack-keystone16:25
bknudsonpy is short for partay16:25
anteayadstanek: was nice to have you last time16:25
dstanekanteaya: you Canadians are nice :-)16:26
anteayaawe thank you16:26
stevemarlooks like the midcycle should happen either R14, R13, R12: http://releases.openstack.org/newton/schedule.html16:26
stevemarR12 is N2 milestone16:26
*** ebalduf_ has joined #openstack-keystone16:26
stevemarR13 is july 4th holiday16:26
bknudsonall the midcycles are going to be at the same time16:27
anteayagreat, neither nova nor cinder wants those weeks16:27
stevemaranteaya: when are they doing theirs?16:27
anteayabknudson: no, have you read the nova and cinder threads on the mailing list?16:27
anteayanova wants R-15 or R-1116:27
mordredbrazil is awesome. getting the visa for us folks is pretty easy - just use travisa16:27
bknudsonI think I'd have to go to chicago to get a visa.16:28
mordredI recommend going ahead and getting the 5-year multiple-entry16:28
*** TxGVNN has quit IRC16:28
mordredbknudson: you can send your passport to the visa processing people16:28
mordredand they will handle the consulate interactions16:28
*** stingaci has joined #openstack-keystone16:29
anteayacinder want r-17, 14, 11, 10 or 916:29
*** alex_xu has joined #openstack-keystone16:30
anteayaif keystone likes 14, 13, or 12 then the only potential conflict is with cinder for 1416:30
bknudson"It is extremely important that the business letter includes the statement that "no technical work or assistance" will be provided during stay in Brazil."16:31
anteayadon't flip a switch16:32
dstanekbknudson: that's neat. i have a legal excuse to why i can't work!16:32
anteayaor tell anyone which switch to flip16:32
anteayadstanek: you can type, just don't talk about it16:32
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users  https://review.openstack.org/28494316:32
dstanekanteaya: what if my home network goes down and my wife needs help? can i provide assistance?16:33
*** lupine has quit IRC16:33
*** lupine has joined #openstack-keystone16:33
*** mylu has quit IRC16:34
anteayaonly via typing or texing16:35
anteayaor emailing16:35
anteayaif on the phone you have to be alone in a closed room16:35
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users  https://review.openstack.org/28494316:38
morgandstanek: ugh i dislike os x more and more16:39
dstanekmorgan: yup16:39
morganmordred: i think i'm going to do the brazil visa soon for $reasons$16:39
mordredvisiting samueldmq is a good reason16:40
morganmordred: agreeed16:40
morganalso because brazil16:40
raildoas I said, on the release S, we should make the summit in Brazil and will be called "OpenStack Samba" :P16:41
dstanekmorgan: why are you still using it?16:42
morgandstanek: waiting for my new x1c to arrive16:43
morgandstanek: needed a laptop *that day*, and had a ton of apple credit16:43
morgana macbook retina was like $200 out of pocket16:43
anteayaraildo: a summit in Brazil would be great16:44
morgan(the core-m thing) since they had a deal going on.16:44
dstanekmorgan: wow really? i'd buy that just to put linux on it. why so cheap?16:44
raildoanteaya: ++16:44
morgandstanek: i had $1200 credit. core M is pretty anemic16:44
bretonTickets from Moscow to Rio and back cost 1k USD :(16:44
morgandstanek: also i like the idea of a netbook that weighs less than 2lbs :P16:44
gyee++ for midcycle in brazil!16:44
morganbreton: PDX -> Rio isn't exactly *cheap* either16:45
morganbreton: ;)16:45
morgandstanek: i've been trying to install linux on it, but it's not gone well (yet)16:45
morganusing it w/ VMs is impossible though16:45
*** doug-fish has joined #openstack-keystone16:46
bretonmorgan: and ~1d of travel too16:48
morganbreton: yup. but #worthit if the midcycle is in brazil ;)16:48
dstanekbreton: some of my options were 30-40 hrs. travel time :-(16:48
morgandstanek: ouch16:49
*** mhickey has quit IRC16:49
dstanekthat's like to Paris and back and the to Paris again :-)16:49
*** fawadkhaliq has quit IRC16:50
gyeedstanek, 30-40 hours?16:53
*** fawadkhaliq has joined #openstack-keystone16:53
bretonin fact, we should have had midcycle in Brazil in mitaka, because the carnival was February 5 - February 10.16:53
lbragstaddolphm mfisch meeting?16:54
morganlbragstad: meeeeeetings16:55
morganlbragstad: mmeeeeeeeeeeeeeeetings16:55
*** Guest15115 has quit IRC16:55
lbragstadjust doing the dreadful16:55
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient: Support flag `truncated` returned by identity service  https://review.openstack.org/29304816:55
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users  https://review.openstack.org/28494316:56
*** spandhe has joined #openstack-keystone16:57
*** trown is now known as trown|lunch16:57
*** chrisshattuck has joined #openstack-keystone16:59
*** ksnihyr has joined #openstack-keystone17:04
*** diazjf has quit IRC17:07
*** raildo is now known as raildo-afk17:08
*** browne has joined #openstack-keystone17:08
*** diazjf has joined #openstack-keystone17:09
*** doug-fish has quit IRC17:10
*** doug-fish has joined #openstack-keystone17:11
*** zqfan has quit IRC17:12
*** doug-fish has quit IRC17:13
morganhey gyee17:13
morganyou're online!17:13
*** jistr has quit IRC17:15
*** diazjf1 has joined #openstack-keystone17:15
*** slberger1 has joined #openstack-keystone17:18
lbragstaddolphm mfisch https://review.openstack.org/#/c/241389/17:18
patchbotlbragstad: patch 241389 - keystone - Deprecate the pki and pkiz token providers. (MERGED)17:18
*** slberger has quit IRC17:18
*** diazjf has quit IRC17:19
morganlbragstad: ?17:20
lbragstadmorgan meetings ;)17:20
morganlbragstad: yah17:21
morganlbragstad: i realized after.17:21
*** doug-fish has joined #openstack-keystone17:22
*** pnavarro has joined #openstack-keystone17:27
*** doug-fish has quit IRC17:27
*** raildo-afk is now known as raildo17:29
openstackgerritayoung proposed openstack/keystone: [WIP]Make fernet default token provider  https://review.openstack.org/25865017:32
*** aimeeU has joined #openstack-keystone17:34
*** shaleh has joined #openstack-keystone17:35
*** tellesnobrega_af is now known as tellesnobrega17:37
*** doug-fish has joined #openstack-keystone17:39
*** sdake_ has joined #openstack-keystone17:40
*** stingaci has quit IRC17:41
*** sdake has quit IRC17:43
morganayoung: getting close!17:43
*** pnavarro has quit IRC17:44
*** ametts has joined #openstack-keystone17:45
*** jaosorior has joined #openstack-keystone17:45
morgandims: oh i just saw i have core on oslo.cache :P17:51
stevemarmorgan: you've had it for a while17:52
morgani know17:52
dimsmorgan :)17:52
* morgan needs to recruit more cache-saavy folks17:52
dims++ morgan !17:53
shalehmorgan: point the rest of us at good resources :-) I am happy to become cache savvy17:53
*** sdake has joined #openstack-keystone17:54
morganshaleh: hehe. we might need to chat (are you at the summit?) over a beer... or whiskey17:54
gyeeshaleh knows his whiskey17:54
*** jsavak has quit IRC17:55
gyeethe man take his alcohol seriously17:55
*** sigmavirus24 is now known as sigmavirus24_awa17:55
stevemargyee: he sounds like you! o_O17:56
gyeewe on the same team17:56
*** BigWillie has quit IRC17:56
*** sdake_ has quit IRC17:57
*** BigWillie has joined #openstack-keystone17:57
*** trown|lunch is now known as trown17:57
*** yarkot_ has quit IRC17:57
samueldmqalmost that time!17:58
*** jaosorior has quit IRC17:59
*** diazjf1 has quit IRC17:59
*** stingaci has joined #openstack-keystone18:06
*** jsavak has joined #openstack-keystone18:07
*** rk4n has quit IRC18:09
*** pnavarro has joined #openstack-keystone18:11
*** sigmavirus24_awa is now known as sigmavirus2418:12
*** pushkaru has quit IRC18:13
ayoungshaleh, https://review.openstack.org/#/c/290253/  care to approve or comment on the changes I made18:24
patchbotayoung: patch 290253 - python-openstackclient - Implied Roles18:24
shalehayoung: I noticed but have not had a chance18:25
shalehayoung: I will do so today. Thanks for circling back around to this.18:26
*** slberger1 has quit IRC18:31
*** jsavak has quit IRC18:31
*** jsavak has joined #openstack-keystone18:32
*** pushkaru has joined #openstack-keystone18:34
*** sigmavirus24 is now known as sigmavirus24_awa18:35
*** sigmavirus24_awa is now known as sigmavirus2418:35
*** mvk has quit IRC18:37
*** fawadkhaliq has quit IRC18:38
*** fawadkhaliq has joined #openstack-keystone18:38
*** raildo is now known as raildo-afk18:41
*** fawadkhaliq has quit IRC18:43
*** fawadkhaliq has joined #openstack-keystone18:43
*** daemontool has quit IRC18:45
*** yarkot_ has joined #openstack-keystone18:46
*** fawadkhaliq has quit IRC18:52
*** fawadkhaliq has joined #openstack-keystone18:54
*** raildo-afk is now known as raildo18:56
*** fawadkhaliq has quit IRC18:58
*** ametts has quit IRC18:58
*** fawadkhaliq has joined #openstack-keystone18:59
*** fawadkhaliq has quit IRC19:00
ayoungRH Openstack effort started with annual team meetings in Dublin Ireland.  Marc McC and Eoghan were very close to home.19:00
*** fawadkhaliq has joined #openstack-keystone19:01
morganireland is awesome19:01
morganso awesome19:01
morgani want to go back :)19:01
ayoungraildo, http://logs.openstack.org/50/258650/35/check/gate-keystone-python34-db/299cc3c/testr_results.html.gz   Fernet Passed 2.7 failed on 3.419:02
morganstevemar: next week shoud be 100% design summit planning19:02
morganmeeting wise19:02
morganas a thought19:02
ayoungmorgan, agreed19:02
ayoungmorgan, do you think Keystone should have its own mailing list?  I'd like to drop 90% of what is on the openstack-dev list, and maybe we should start a trend.19:03
*** diazjf has joined #openstack-keystone19:03
morganayoung: filters19:03
ayoungand then when something goes on dev, it is really a cross project thing19:03
shalehayoung: your update to the review looks good. Just needs a doc update now as per Lin's comment.19:03
ayoungmorgan, filters won't do it19:03
morganno keystone should not have a dedicated ML19:03
ayoungshaleh, ah. can you take that?19:03
morganayoung: i think you can subscribe to tags only19:03
morganin the interface19:03
shalehayoung: yeah, I think so.19:03
stevemarayoung: use tags19:04
* morgan has actual filters based on subject too19:04
shalehthe OS mailing list is sooo damn painful in outlook19:04
stevemarmorgan: i will have a rough design schedule done by EOD i think, i'll send it to you for review19:04
morgansounds good19:04
morgani have *another* meeting now on tuesdays :P19:04
morganso end of day is solid19:05
*** shaleh is now known as shaleh|away19:07
*** rk4n has joined #openstack-keystone19:09
dstanekshaleh|away: everything in painful in outlook19:12
morgansolution: don't use outlook19:13
*** raildo is now known as raildo-afk19:14
ayoungmorgan, can you look at the failure on Fernet?  I did something to the cache layer, http://logs.openstack.org/50/258650/35/check/gate-keystone-python34-db/299cc3c/testr_results.html.gz   Fernet Passed 2.7 failed on 3.419:14
morganayoung: sure. was lurking in -infra meeting19:14
*** rk4n has quit IRC19:15
morganayoung: which fail specifically?19:15
ayoungmorgan, the one I was looking at was the Catalog one.  Failed in the SQL read19:16
*** mylu has joined #openstack-keystone19:16
morganayoung: keystone.tests.unit.test_catalog.V2CatalogTestCase >?19:16
morganhuh and also only failing in py3?19:17
gyeedtroyer, so we no longer have rejoin-stack.sh, are we expected to reinstall devstack everytime now?19:17
dimsstevemar : shade is very resistant to injecting keystoneclient from git :(19:17
morgandims: technology wise or... people wise19:18
morgancause people wise, i understand the sentiment19:18
dimsmorgan : won't go there right now :)19:18
dimsmorgan : still looking at options :)19:18
morganwhy does it need to be sourced from git?19:18
morganayoung: uhm how did you end up with a bad PK param set?19:19
dimswell. somehow test without making a python-keystoneclient release19:19
morgandims: oooh19:19
ayoungmorgan, because some people don't understand why we have package management systems19:19
ayoungmorgan, I suspect it was removing the caches19:19
*** fawadkhaliq has quit IRC19:20
ayoungbut those are the token caches, and this is project.  It is strange19:20
morgan File "/home/jenkins/workspace/gate-keystone-python34-db/keystone/token/providers/common.py", line 245, in _get_filtered_project19:20
*** fawadkhaliq has joined #openstack-keystone19:20
morganit's in project things19:20
ayoungmorgan, right, but I don't touch anything near that in the patch19:21
morgani am kindof baffled how you got this to fail in opy3 and not py219:21
ayounghttps://review.openstack.org/#/c/258650/35/keystone/token/provider.py  is the closest, and I thin k the coe that calls it is from there19:21
patchbotayoung: patch 258650 - keystone - [WIP]Make fernet default token provider19:21
*** vgridnev has joined #openstack-keystone19:21
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users  https://review.openstack.org/28494319:22
ayoungmorgan, this effort has exposed a few surprises.  Fernet was not quite baked yet, I think19:22
bknudsoneverybody is using fernet in production already19:23
ayoungbknudson, I didn't say they weren't.  I said it wasn't fully baked yet, and I stand behind that19:23
ayoungthere are things that were not complete.19:23
ayoungWe didn't discover until setting the default to be Fernet19:23
dimsbreton : still around? was the shade problem when it was running its functional tests19:24
*** mylu has quit IRC19:24
*** gyee has quit IRC19:24
*** mylu has joined #openstack-keystone19:26
*** gyee has joined #openstack-keystone19:26
*** ChanServ sets mode: +v gyee19:26
*** ninag has quit IRC19:26
*** mylu has quit IRC19:26
*** ninag has joined #openstack-keystone19:27
morganayoung: i'm guessing somehow a dict is being passed as project_id to ._get_filtered_project19:28
morganayoung: which gives you too many elements to make the PK of project.id19:29
morgantrying to find it19:29
*** ninag_ has joined #openstack-keystone19:30
*** gyee has quit IRC19:31
*** ninag has quit IRC19:31
morganayoung:  ok so i think the only way to track this is to see what those arguments are going to need to do a little debugging, will be post next meeting19:33
*** doug-fish has quit IRC19:33
*** mylu has joined #openstack-keystone19:33
*** doug-fis_ has joined #openstack-keystone19:35
*** doug-fis_ has quit IRC19:36
*** mylu has quit IRC19:36
*** mvk has joined #openstack-keystone19:36
*** doug-fis_ has joined #openstack-keystone19:36
*** doug-fis_ has quit IRC19:36
*** mylu has joined #openstack-keystone19:36
*** doug-fis_ has joined #openstack-keystone19:36
ayoungmorgan, let me see if I can reproduce19:38
*** doug-fish has joined #openstack-keystone19:38
morganayoung: sounds good. fwiw it looks like you're just getting the wrong values for the project_id19:39
*** ninag_ has quit IRC19:40
*** doug-fis_ has quit IRC19:41
*** ninag has joined #openstack-keystone19:41
ayoungdstanek, running just one unit test in py34 does not work the same as py27?19:41
ayoung tox -e py34 -- keystone.tests.unit.test_auth.AuthCatalog.test_validate_catalog_disabled_endpoint19:41
*** spzala has quit IRC19:42
*** doug-fish has quit IRC19:42
*** spzala has joined #openstack-keystone19:43
*** spzala has quit IRC19:43
bretondims: it was shade, yes. We haven't figured out what's the problem they had.19:44
*** ninag has quit IRC19:45
ayoungmorgan, OK, I can reproduce.  Had to activate the py34 venv in .tox and then ran19:45
ayoungpython setup.py testr --testr-args="keystone.tests.unit.test_auth.AuthCatalog.test_validate_catalog_disabled_endpoint"19:45
ayoung  File "/opt/stack/keystone/keystone/token/providers/common.py", line 516, in get_token_data   looks like it was near where I was messing with things19:46
morganayoung: yeah19:47
ayoungmorgan, OK,  I bet I called that function wrong19:47
ayoung  File "/opt/stack/keystone/keystone/token/providers/common.py", line 775, in validate_non_persistent_token19:47
bknudsonhttps://review.openstack.org/#/c/304837/ in openstack/requirements should fix keystone's requirements update troubles.19:48
patchbotbknudson: patch 304837 - requirements - Fix update to support extras19:48
ayoung (user_id, methods, audit_ids, domain_id, project_id, trust_id,19:48
ayoung                federated_info, access_token_id, created_at, expires_at) = (19:48
ayoung                    self.token_formatter.validate_token(token_id))19:48
*** e0ne has quit IRC19:48
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663919:49
*** shaleh|away is now known as shaleh19:49
bknudsonoh, jamielennox has a fix already19:49
shalehayoung: have a moment for a side convo regarding the OSC changes?19:50
*** daemontool has joined #openstack-keystone19:50
*** sigmavirus24 is now known as sigmavirus24_awa19:50
ayoungshaleh, sure, but I'm pretty easy there.  If you have a change to make, I'm probably down with ti.19:50
ayoungWhat's up19:50
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663919:51
ayoungshaleh, Keystone love noise.19:52
ayoungHave the convo here19:52
shalehfair enough19:52
shalehayoung: the patch is missing the most important part -- what the command line itself is called19:53
*** raildo-afk is now known as raildo19:53
shalehayoung: I am thinking "osc role implied add/delete19:53
ayoungshaleh, I thought it did that already19:53
ayoungwhat does the test show?19:53
shalehayoung: heh. If you do not add it to setup.cfg it does not exist.19:53
shalehayoung: no entry point no way in19:54
ayoungshaleh, entrypoint?19:54
shalehthe class names are irrelevant19:54
ayoungI thought it was on the role entrypoint19:54
ayoungmake it happen!19:54
*** mylu has quit IRC19:54
shalehayoung: I was giving you a chance to bikeshed19:54
ayoungshaleh, Bikes stay in the Garage19:54
shalehayoung: I prefer add/delete for the CLI over "create" since the roles exist we are just adding them together19:55
*** diazjf has quit IRC19:55
*** yarkot_ has quit IRC19:55
ayoungshaleh, I'm really not picky on that.  I can get behind add/delete19:55
*** mylu has joined #openstack-keystone19:55
shalehayoung: k19:55
*** doug-fish has joined #openstack-keystone19:56
roxanaghehey morgan19:57
*** rk4n has joined #openstack-keystone19:57
roxanaghemorgan, you mind giving me some feedback on some initial implementation of ldap3 mock19:57
roxanaghemorgan, I want to make sure I'm on the right track19:58
*** diazjf has joined #openstack-keystone19:58
ayoungroxanaghe, if the tests still run, and we can remove python-ldap, you are on the right track19:58
roxanaghemorgan, https://github.com/roxanagherle/ldap3/blob/master/ldap3/strategy/mockSync.py this is what I have so far and it works for the read-only operations that we support19:59
roxanagheayoung, hehe yeah that's the plan19:59
ayoungroxanaghe, looking20:00
morganroxanaghe: sure when i'm done with my next meeting20:00
*** tqtran has joined #openstack-keystone20:00
ayoungroxanaghe, FreeIPA is leaving its stamp on ldap3 I see...20:00
morganroxanaghe: also yay! :)20:00
*** mylu has quit IRC20:01
*** jsavak has quit IRC20:01
*** mylu has joined #openstack-keystone20:02
ayoungroxanaghe, so  probably should check to see if they do any mocking likethis already, and if they do, mathc what they use for the DN...probably Example.com.  I'd refacto to have the common strings like that definied once at the top of the file and easy to swap20:03
*** diazjf has quit IRC20:03
ayoungbut the idea is cool;  have a standard, read only dataset available from the mock side of the library.  I could see that being a big success20:03
*** jsavak has joined #openstack-keystone20:04
*** sigmavirus24_awa is now known as sigmavirus2420:05
roxanagheayoung, yes, I was using that FreeIpa demo server for testing, so I got those answers as my mock dataset20:07
*** mylu has quit IRC20:07
roxanagheayoung, you mean if ldap3 is doing any mocking of this sort?20:07
*** slberger has joined #openstack-keystone20:08
roxanagheayoung, oh I misunderstood, you referring to the mock DN20:09
*** mylu has joined #openstack-keystone20:09
shalehayoung: I was just telling her that if the MockSync took the dataset as input it would be even better. It could fall back to the default dataset if one is not provided.20:09
*** jsavak has quit IRC20:11
*** fawadkhaliq has quit IRC20:11
*** fawadkhaliq has joined #openstack-keystone20:12
*** mylu has quit IRC20:12
*** jsavak has joined #openstack-keystone20:12
*** mylu has joined #openstack-keystone20:14
*** anush_ has quit IRC20:17
*** anush_ has joined #openstack-keystone20:18
openstackgerritNavid Pustchi proposed openstack/keystoneauth: Removing tox ignore D401 and make it compliant  https://review.openstack.org/30484320:19
shalehayoung: is there no way in the keystoneclient to call GET /roles/{prior_role_id}/implies??20:20
*** mylu has quit IRC20:21
openstackgerritNavid Pustchi proposed openstack/keystoneauth: Removing tox ignore D401 and make it compliant  https://review.openstack.org/30484320:24
*** tellesnobrega is now known as tellesnobrega_af20:28
*** anush_ has quit IRC20:29
*** aimeeU has quit IRC20:31
*** mylu has joined #openstack-keystone20:31
*** mylu has quit IRC20:33
*** yarkot_ has joined #openstack-keystone20:35
*** mylu has joined #openstack-keystone20:36
*** mylu has quit IRC20:40
*** spzala has joined #openstack-keystone20:46
*** mylu has joined #openstack-keystone20:47
*** gyee has joined #openstack-keystone20:47
*** ChanServ sets mode: +v gyee20:47
*** BigWillie has quit IRC20:48
*** mvk_ has joined #openstack-keystone20:49
*** spzala has quit IRC20:50
*** mylu has quit IRC20:51
*** e0ne has joined #openstack-keystone20:52
*** mvk has quit IRC20:53
*** doug-fish has quit IRC20:58
*** diazjf has joined #openstack-keystone20:58
*** doug-fish has joined #openstack-keystone20:59
*** diazjf has quit IRC20:59
*** pauloewerton has quit IRC21:01
*** doug-fis_ has joined #openstack-keystone21:01
*** phalmos has quit IRC21:02
*** mylu has joined #openstack-keystone21:02
*** fawadkhaliq has quit IRC21:03
*** doug-fish has quit IRC21:03
*** mylu has quit IRC21:03
*** fawadkhaliq has joined #openstack-keystone21:03
*** jsavak has quit IRC21:05
*** mylu has joined #openstack-keystone21:05
*** sdake has quit IRC21:05
*** jsavak has joined #openstack-keystone21:05
*** ametts has joined #openstack-keystone21:06
*** raildo is now known as raildo-afk21:06
dimsmordred : stevemar : morgan : managed to run shade with python-keystone from git i think (http://logs.openstack.org/33/304833/2/check/gate-shade-dsvm-functional-keystone2/623a103/console.html#_2016-04-12_20_25_57_427)21:06
mordreddims: woot!21:06
stevemardims: what magic?21:06
morganblack magic21:07
morganvoodoo magic?21:07
dimshack tox.ini https://review.openstack.org/#/c/304833/21:07
patchbotdims: patch 304833 - openstack-infra/shade - [WIP] Test with a python-keystoneclient change fro...21:07
morgandims: oh my21:07
dimsi have to check if the https://review.openstack.org/#/c/293048 actually got applied properly21:08
*** spzala has joined #openstack-keystone21:08
morganroxanaghe: here now looking at your code stuff21:08
morganroxanaghe: :)21:08
*** sdake has joined #openstack-keystone21:08
bretondims: it would be more interesting to run this with https://review.openstack.org/#/c/280162/21:09
patchbotbreton: patch 280162 - python-keystoneclient - Support `truncated` flag returned by identity service (MERGED)21:09
*** mylu has quit IRC21:09
bretondims: (it was reverted because it broke shade)21:09
*** mylu has joined #openstack-keystone21:09
morganalso nice on the standard mock dataset21:10
dimsbreton : ack21:10
dimsbreton : let me try that21:10
bretonin fact, i was almost sure that https://review.openstack.org/#/c/293048 won't break anything because it adds new methods and doesn't change existing21:10
*** jsavak has quit IRC21:11
dimsbreton: you are tight21:11
dimsright :)21:11
*** mylu has quit IRC21:11
*** trown is now known as trown|outtypewww21:11
morgandolphm: do you have phone # things for geekdom sf? i have tried to use their form and it errors.21:12
bknudsonwe had the security meetup at geekdom sf and it worked pretty well.21:14
*** ninag has joined #openstack-keystone21:16
bknudsonlots of hipsters around there, though, so watch out.21:16
*** fawadkhaliq has quit IRC21:18
*** fawadkhaliq has joined #openstack-keystone21:18
ayoungshaleh, did I miss that?  I might have.21:18
*** mylu has joined #openstack-keystone21:18
ayoungI thought I covered all the use cases.  I'd have to look, though.21:19
*** e0ne has quit IRC21:20
*** ninag has quit IRC21:20
ayounglbragstad, so, the dissassemble and assemble methods on the token_formatters should not work in tuples.  The list is too long, and too accident prone.  It should be using the token model objects.21:20
ayoungI'm not sure if that is the python3 problem, but I would not be surprised.21:21
lbragstadayoung I think the reason why we did that is because the payload types were all accepting different arguments depending on which payload was assembling the token21:22
lbragstadayoung then bknudson refactored it so that they all take the same arguments21:22
bknudsonlbragstad: ayoung: it would be great if they worked with token model objects.21:23
ayounglbragstad, lbragstad the degree to which this code base is allergic to basic OO techniques has always astounded me21:23
lbragstadayoung bknudson so - how would we go about that change21:23
bknudsonit used to be they all took different arguments and there was a switch.21:23
ayoungbknudson, it might happen in Newton.21:23
lbragstadif, elif, elif, elif, elif.... else....21:24
lbragstadit was a huge case statement21:24
ayoungIts ok, we have the model now.  I could rework it, but I want to potentially backport the fernet fixes21:24
ayoungso a refactoring like that might be too much to do up front.21:24
bknudsonfix the bugs first21:25
lbragstadayoung do you just want to pass the token model to the assemble method?21:25
*** e0ne has joined #openstack-keystone21:25
ayounglbragstad, yeah,that is how It will look post refactor21:25
lbragstada token model object*21:25
ayounglbragstad, same thing with the revocation code21:25
ayoungthere was a reason I was proposing a builder pattern for this.  Lots of things need to construct the auth data21:26
ayoungbut jamielennox and I had differernt views.  His was optimized for reading the token verified data out of JSON for the client use case.  I would have just marshalled right to Python.21:26
ayounghowever, oslo context happended first.21:27
ayoungthing is, this code passes in python 27, it is just 34 that is wonky.  time to debug21:27
openstackgerritNavid Pustchi proposed openstack/keystoneauth: Removing tox ignore D401 and make it compliant  https://review.openstack.org/30484321:27
*** ninag has joined #openstack-keystone21:27
*** e0ne has quit IRC21:27
lbragstadayoung what's the issue with it in py34?21:28
ayounglbragstad, I'll link...21:28
*** c_soukup has quit IRC21:28
*** ninag has quit IRC21:28
ayoung  File "/opt/stack/keystone/keystone/token/providers/common.py", line 775, in validate_non_persistent_token21:28
*** ninag has joined #openstack-keystone21:28
ayounglbragstad, some of the tests are failing.  I traced it to here21:28
ayoungthe failing tests are21:29
ayounglook for keystone.tests.unit.test_auth.AuthCatalog21:29
ayoungif you look at the stack trace, the final error indicates it got passed a back project.id21:30
ayoungI think that the code here is improprely marshalling21:30
*** lhcheng has quit IRC21:37
*** sheel has quit IRC21:37
*** ninag has quit IRC21:37
ayounglbragstad, it might be that it was code never tested before. The project.id value is b'bar' so I would think that sqlalchemy should accept it21:38
*** ninag has joined #openstack-keystone21:38
*** ninag has quit IRC21:38
*** ninag has joined #openstack-keystone21:39
ayoungbut python3 should not be voting yet, should it?  Or do we just comment out the ldap code for python3?21:39
*** ksnihyr has quit IRC21:41
lbragstadthis - sqlalchemy.exc.InvalidRequestError: Incorrect number of values in identifier to formulate primary key for query.get(); primary key columns are 'project.id'21:46
lbragstadhow would that fail for py34 but not for py27?21:46
lbragstadI feel like it should marshall the same regardless21:46
*** ayoung has quit IRC21:46
*** lhcheng has joined #openstack-keystone21:46
*** ChanServ sets mode: +v lhcheng21:46
*** lhcheng_ has joined #openstack-keystone21:47
*** lhcheng has quit IRC21:47
*** eandersson_ has quit IRC21:47
*** vgridnev has quit IRC21:47
*** knikolla has quit IRC21:50
*** sdake_ has joined #openstack-keystone21:53
*** mylu has quit IRC21:53
*** pushkaru has quit IRC21:54
*** sdake has quit IRC21:54
*** browne has quit IRC22:03
*** mylu has joined #openstack-keystone22:04
*** sdake has joined #openstack-keystone22:04
*** sdake_ has quit IRC22:06
*** gordc has quit IRC22:07
*** knikolla has joined #openstack-keystone22:11
*** mylu has quit IRC22:12
*** mylu has joined #openstack-keystone22:13
*** ninag has quit IRC22:13
*** ninag has joined #openstack-keystone22:14
*** ninag has quit IRC22:14
*** doug-fis_ has quit IRC22:14
*** ninag has joined #openstack-keystone22:14
*** fawadkhaliq has quit IRC22:16
*** fawadkhaliq has joined #openstack-keystone22:16
*** ninag has quit IRC22:19
*** slberger has left #openstack-keystone22:20
*** anush_ has joined #openstack-keystone22:21
*** pnavarro has quit IRC22:22
*** sigmavirus24 is now known as sigmavirus24_awa22:23
*** sigmavirus24_awa is now known as sigmavirus2422:24
*** sdake has quit IRC22:25
*** rk4n has quit IRC22:29
*** chrisshattuck has quit IRC22:30
*** chrisshattuck has joined #openstack-keystone22:31
*** ayoung has joined #openstack-keystone22:31
*** ChanServ sets mode: +v ayoung22:31
*** gordc has joined #openstack-keystone22:32
*** stingaci has quit IRC22:32
*** sigmavirus24 is now known as sigmavirus24_awa22:34
*** ninag has joined #openstack-keystone22:37
*** lhcheng_ has quit IRC22:37
*** ametts has quit IRC22:37
bretondims: nope, something is wrong with https://review.openstack.org/#/c/304833/3. It should fail!22:38
patchbotbreton: patch 304833 - openstack-infra/shade - [WIP] Test with a python-keystoneclient change fro...22:38
*** chrisshattuck has quit IRC22:39
*** chrisshattuck has joined #openstack-keystone22:40
*** ninag has quit IRC22:41
*** gordc has quit IRC22:44
*** ebalduf_ has quit IRC22:47
*** stingaci has joined #openstack-keystone22:48
*** lhcheng has joined #openstack-keystone22:48
*** ChanServ sets mode: +v lhcheng22:48
*** mylu has quit IRC22:50
*** mylu has joined #openstack-keystone22:52
*** anush_ has quit IRC22:53
*** mylu has quit IRC23:01
*** browne has joined #openstack-keystone23:01
*** mylu has joined #openstack-keystone23:01
*** edmondsw has quit IRC23:01
*** bknudson has left #openstack-keystone23:02
*** BjoernT has quit IRC23:03
roxanaghemorgan, I'm back too23:03
roxanaghemorgan, what did you think?23:03
*** spzala has quit IRC23:08
*** spzala has joined #openstack-keystone23:08
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/30062623:09
*** jamielennox is now known as jamielennox|away23:09
*** spzala has quit IRC23:13
*** bknudson has joined #openstack-keystone23:13
*** ChanServ sets mode: +v bknudson23:13
*** jamielennox|away is now known as jamielennox23:13
*** fawadkhaliq has quit IRC23:13
*** fawadkhaliq has joined #openstack-keystone23:14
morganroxanaghe: got distracted with late lunch.23:18
*** sdake has joined #openstack-keystone23:18
roxanaghemorgan, no worries - whenever you have time23:19
*** chrisshattuck has quit IRC23:22
*** stingaci has quit IRC23:24
*** timcline has quit IRC23:26
dimsbreton : the patch did not get applied.23:29
morganmfisch: dunno if you're around.. but........... wanted to talk caching23:45
*** stingaci has joined #openstack-keystone23:45
morgangyee: pssst press "go" on this https://review.openstack.org/#/c/303688/1/doc/source/auth-totp.rst23:45
patchbotmorgan: patch 303688 - keystone - fix typo23:45
*** anush_ has joined #openstack-keystone23:50
*** sdake has quit IRC23:50
*** dan_nguyen has quit IRC23:52
*** tqtran has quit IRC23:53
*** Raildo has joined #openstack-keystone23:54
*** yarkot_ has quit IRC23:55
*** Raildo_ has joined #openstack-keystone23:55
*** browne has quit IRC23:58
*** Raildo has quit IRC23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!