Monday, 2016-06-13

*** markvoelker has quit IRC00:01
*** rcernin has quit IRC00:13
*** rk4n_ has quit IRC00:14
*** rk4n has joined #openstack-keystone00:15
*** rk4n has quit IRC00:19
*** chlong has joined #openstack-keystone00:36
*** roxanaghe has joined #openstack-keystone00:38
*** roxanaghe has quit IRC00:42
*** iurygregory has quit IRC00:56
*** david-lyle has quit IRC01:34
*** EinstCrazy has joined #openstack-keystone01:37
*** jefrite has quit IRC01:43
*** jefrite has joined #openstack-keystone01:50
*** markvoelker has joined #openstack-keystone01:58
*** EinstCrazy has quit IRC02:01
*** markvoelker has quit IRC02:02
*** EinstCrazy has joined #openstack-keystone02:04
*** spandhe has quit IRC02:07
*** roxanaghe has joined #openstack-keystone02:32
openstackgerritRyosuke Mizuno proposed openstack/keystone: Add validation rules for create token using a JSON schema
*** ayoung has quit IRC02:48
*** wanghua has joined #openstack-keystone02:51
*** roxanaghe has quit IRC02:58
*** roxanaghe has joined #openstack-keystone03:04
openstackgerritAndrew Liu proposed openstack/keystone: Added cache for mapping of user to uuid
openstackgerritAndrew Liu proposed openstack/keystone: Added cache for mapping of user to uuid
*** EinstCrazy has quit IRC03:36
*** EinstCrazy has joined #openstack-keystone03:37
*** EinstCrazy has quit IRC03:57
*** EinstCrazy has joined #openstack-keystone03:57
*** markvoelker has joined #openstack-keystone03:59
*** roxanaghe has quit IRC04:02
*** markvoelker has quit IRC04:03
*** roxanaghe has joined #openstack-keystone04:10
*** roxanaghe has quit IRC04:14
*** roxanaghe has joined #openstack-keystone04:23
*** roxanaghe has quit IRC04:23
*** links has joined #openstack-keystone04:26
*** TxGVNN has joined #openstack-keystone04:56
*** TxGVNN has quit IRC04:57
*** jaosorior has joined #openstack-keystone05:11
*** dave-mccowan has quit IRC05:27
*** markvoelker has joined #openstack-keystone05:59
*** chlong has quit IRC06:03
*** markvoelker has quit IRC06:04
*** rcernin has joined #openstack-keystone06:14
*** chlong has joined #openstack-keystone06:15
*** rcernin has quit IRC06:18
*** rcernin has joined #openstack-keystone06:19
*** spandhe has joined #openstack-keystone06:23
*** yolanda has joined #openstack-keystone06:24
*** EinstCrazy has quit IRC06:53
*** EinstCrazy has joined #openstack-keystone06:56
*** tesseract has joined #openstack-keystone07:00
*** agireud has quit IRC07:04
*** agireud has joined #openstack-keystone07:07
*** yolanda has quit IRC07:15
*** chlong has quit IRC07:15
*** spandhe has quit IRC07:17
*** yolanda has joined #openstack-keystone07:22
*** henrynash_ has joined #openstack-keystone07:29
*** ChanServ sets mode: +v henrynash_07:29
*** yolanda has quit IRC07:31
*** yolanda has joined #openstack-keystone07:32
*** jaosorior is now known as jaosorior_brb07:38
*** jamie_h has joined #openstack-keystone07:42
*** yolanda has quit IRC07:48
*** zzzeek has quit IRC08:00
*** permalac has joined #openstack-keystone08:00
*** markvoelker has joined #openstack-keystone08:00
*** zzzeek has joined #openstack-keystone08:00
*** markvoelker has quit IRC08:05
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add wrapper classes for return-request-id-to-caller
*** nisha_ has joined #openstack-keystone08:07
*** nisha__ has joined #openstack-keystone08:10
*** nisha_ has quit IRC08:10
*** yolanda has joined #openstack-keystone08:29
*** nisha__ has quit IRC08:29
*** nisha__ has joined #openstack-keystone08:32
*** nisha__ is now known as nisha_08:33
nisha_Hey all!08:33
*** jaosorior_brb has quit IRC08:39
*** jaosorior_brb has joined #openstack-keystone08:39
*** dmk0202 has joined #openstack-keystone08:44
*** jaosorior_brb is now known as jaosorior08:54
openstackgerritAndrew Liu proposed openstack/keystone: Added named argument for assertValidUserResponse
*** rk4n_ has joined #openstack-keystone08:55
openstackgerritAlfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token
openstackgerritAlfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token
*** henrynash_ has quit IRC09:17
*** mvk_ has quit IRC09:24
*** pcaruana has joined #openstack-keystone09:27
*** nisha_ has quit IRC09:46
*** nisha_ has joined #openstack-keystone09:46
*** mvk_ has joined #openstack-keystone09:51
danpawlikHello, I want to ask about keystonemiddleware and its configuration file. I want to add misssing parameters into keystone_authtoken section, but I don't know which parameters are deprecated which not. So if you have some time, pls check and comment me which are which not ;)10:14
patchbotdanpawlik: patch 328620 - puppet-keystone - Add misssing parameters to keystone_authtoken10:14
*** nisha_ has quit IRC10:29
*** nisha_ has joined #openstack-keystone10:30
*** nisha_ has quit IRC10:36
*** nisha_ has joined #openstack-keystone10:36
*** EinstCrazy has quit IRC10:49
*** TxGVNN has joined #openstack-keystone10:55
*** srushti has joined #openstack-keystone10:58
*** pnavarro has joined #openstack-keystone10:58
srushtisamueldmq: Hi11:01
srushtisamueldmq: Could you please have a look at patch and suggest your opinion.11:09
patchbotsrushti: patch 324320 - keystone - Return BadRequest for 4 byte unicode characters11:09
*** pnavarro has quit IRC11:11
*** TxGVNN1 has joined #openstack-keystone11:37
*** gordc has joined #openstack-keystone11:38
*** TxGVNN has quit IRC11:39
*** TxGVNN1 is now known as TxGVNN11:39
*** TxGVNN1 has joined #openstack-keystone11:44
*** TxGVNN has quit IRC11:45
*** TxGVNN1 is now known as TxGVNN11:45
*** fesp has joined #openstack-keystone11:52
*** dancn has joined #openstack-keystone11:58
*** TxGVNN has quit IRC12:00
*** raildo-afk is now known as raildo12:01
*** markvoelker has joined #openstack-keystone12:01
*** mvk_ has quit IRC12:03
*** markvoelker has quit IRC12:06
*** iurygregory has joined #openstack-keystone12:07
*** pauloewerton has joined #openstack-keystone12:07
*** fesp has quit IRC12:08
danpawlikHello, is somebody here, who can help me with keystonemiddleware?12:09
*** flaper87 has quit IRC12:09
*** flaper87 has joined #openstack-keystone12:15
*** flaper87 has quit IRC12:15
*** flaper87 has joined #openstack-keystone12:15
*** markvoelker has joined #openstack-keystone12:25
*** nisha__ has joined #openstack-keystone12:31
*** nisha_ has quit IRC12:34
EmilienMstevemar: hey, this week-end we found a new bug
patchbotEmilienM: patch 328919 - keystonemiddleware - Fix circular import in auth_token12:36
openstackLaunchpad bug 1591913 in keystonemiddleware "circular import between opts and auth_token" [Undecided,In progress] - Assigned to Alfredo Moralejo (amoralej)12:36
EmilienMstevemar: it breaks sahara for example but also more12:36
*** nisha__ is now known as nisha_12:42
*** julim has joined #openstack-keystone12:42
*** yolanda has quit IRC12:49
*** mvk has joined #openstack-keystone12:49
*** EinstCrazy has joined #openstack-keystone12:51
*** yolanda has joined #openstack-keystone12:54
*** EinstCrazy has quit IRC12:55
*** chlong has joined #openstack-keystone12:58
*** dancn has quit IRC12:59
*** dancn has joined #openstack-keystone13:00
*** dave-mccowan has joined #openstack-keystone13:03
*** sheel has joined #openstack-keystone13:05
*** marekd has quit IRC13:05
*** ayoung has joined #openstack-keystone13:09
*** ChanServ sets mode: +v ayoung13:09
*** richm has joined #openstack-keystone13:11
lbragstadstevemar notmorgan no problem13:13
shewlessdstanek: that would be great (about the adfs server).13:14
lbragstadi hope to wrap it up a bit more13:14
*** edmondsw has joined #openstack-keystone13:15
dstaneksrushti: it looks like there is a lot of feedback there so i didn't take a look already13:17
*** lucas___ has joined #openstack-keystone13:17
*** shewless has quit IRC13:18
*** jdennis has quit IRC13:22
dstaneksrushti: reviewed13:24
*** nisha_ has quit IRC13:30
*** mvk has quit IRC13:32
raildojamielennox: ping, do you have any updates about this contact with TC about this: ?13:35
*** permalac has quit IRC13:37
*** shewless has joined #openstack-keystone13:43
*** rodrigods has quit IRC13:43
*** rodrigods has joined #openstack-keystone13:43
samueldmqEmilienM: hi, how may I reproduce that issue ?13:50
EmilienMsamueldmq: deploy latest keystonemiddleware & sahara13:50
samueldmqEmilienM: I have a fresh devstack running (I have ./unstack and ./stack); then I did the imports in a python interpreter and it worked13:51
jaosoriorEmilienM: Was that issue seen in CentOS?13:51
samueldmqEmilienM: so it can't be tested from a python interpreter ? (needs sahara?)13:51
EmilienMjaosorior: yes13:51
EmilienMjaosorior: using latest RDO trunk13:52
jaosoriorwe had a similar issue in Barbican, where we could only reproduce it in CentOS, yet Fedora didn't have that failure13:52
jaosoriorthat's most likely the reason why samueldmq couldn't reproduce it. I asume you're using Ubuntu or Fedora.13:52
*** amoralej has joined #openstack-keystone13:52
samueldmqjaosorior: you're right, I am using Ubuntu13:53
samueldmqjaosorior: why so ?13:53
jaosoriorsamueldmq: circular imports like those ones are not an issue in Ubuntu and Fedora. Seems to be an issue with the interpreter that's shipped in CentOS though13:54
*** pgbridge has joined #openstack-keystone13:54
*** links has quit IRC13:54
samueldmqjaosorior: that's interesting, looks like the interpreter that is broken13:55
jaosoriorsamueldmq: Wouldn't say broken. That is a legitimate error message13:55
samueldmqjaosorior: it's hard to find such errors because we don't have gate on centos (afaik), at least for keystonemiddleware :(13:55
samueldmqand such errors will always happen in real life13:56
*** mvk has joined #openstack-keystone13:56
samueldmqjaosorior: EmilienM: I am not saying hte bug isn't legitim, just thinking about some way we can avoid it happening again in the future13:57
jaosoriorsamueldmq: Only way I can think of is having a centos-based CI job13:57
*** tonytan4ever has joined #openstack-keystone13:57
samueldmqjaosorior: ++13:59
jaosoriorayoung: know anybody who could help with this? ^^13:59
samueldmqjaosorior: just to confirm, we (openstack) offilially support CentOS, right ?14:02
*** woodster_ has joined #openstack-keystone14:02
samueldmqwell, that's a dumb quesiton, we support python, systems running python should work :)14:02
jaosoriorsamueldmq: There are centos nodes provided by infra. So yeah14:03
samueldmqjaosorior: cool, thanks14:03
iurygregoryyou should try :D14:04
*** adrian_otto has joined #openstack-keystone14:05
*** r-daneel has joined #openstack-keystone14:05
samueldmqEmilienM: jaosorior: I've put 'High' importance on this bug, as it may cause real systems (running on master) to break14:05
EmilienMwell, it broke our CI :)14:05
jaosoriorEmilienM, samueldmq: Currently the proped patch is failing due to cinder needing that import that was moved. I'm tried submitting a patch to cinder so unblock this.14:06
amoraleji created a review to fix the circular import14:06
samueldmqEmilienM: ++14:07
samueldmqjaosorior: nice, is it only cinder breaking because of this ?14:07
amoralejthe problem jaosorior is that i think my patch affects other projects, so we should look for another approach which doesn't affects14:07
jaosorioramoralej: Yeah, needs the fix in cinder14:07
patchbotjaosorior: patch 328919 - keystonemiddleware - Fix circular import in auth_token14:07
jaosorioramoralej: I commented on your patch with the link to the patch I did for it14:08
jaosoriorsamueldmq: That's the only one I saw from the logs. Could be more O_o14:08
amoralejsamueldmq, i think it may affect others as ironic14:08
amoralejlet me check14:09
*** jdennis has joined #openstack-keystone14:10
samueldmqdstanek: hi14:16
samueldmqdstanek: it'd be nice to have your feedback in patch 32891914:16
patchbotsamueldmq: - keystonemiddleware - Fix circular import in auth_token14:16
samueldmqdstanek: whether putting the import inside __init__ is appropriate, or if there is a better workaround for that Python circular import issue14:16
dstaneksamueldmq: sure, i'll take a look in a second. working on a different review now.14:19
dstaneksamueldmq: without looking at the code i would say the it should be reorganized and lazy importing is a hack14:19
*** permalac has joined #openstack-keystone14:21
samueldmqdstanek: ++ I share your view too, maybe that should just be reorganized14:21
samueldmqif we get those imports to be reorganized, perhaps the fix won't even need patching on other projects14:22
samueldmqjaosorior: amoralej ^14:22
amoraleji agree, we should avoid patching other projects if possible14:23
*** yolanda has quit IRC14:23, mind ellaborating on this reorganization thing?14:24
*** rk4n has joined #openstack-keystone14:27
*** rderose has joined #openstack-keystone14:27
*** yolanda has joined #openstack-keystone14:27
*** rderose has quit IRC14:28
samueldmqjaosorior: proposing a fix ?14:30
*** rk4n_ has quit IRC14:31
*** ebalduf_ has joined #openstack-keystone14:31
*** sigmavirus24_awa is now known as sigmavirus2414:32
*** nisha_ has joined #openstack-keystone14:35
rodrigodslbragstad, thanks for the review, replied at
patchbotrodrigods: patch 303502 - keystone - Add service providers integration tests14:36
*** rderose has joined #openstack-keystone14:36
lbragstadrodrigods sweet - I'll take another look14:37
*** nisha__ has joined #openstack-keystone14:37
ayoungjaosorior, fixing the break on Centos or getting Centos based CI up and running?14:37
jaosoriorayoung: CI14:38
openstackgerritKam Nasim proposed openstack/keystone: convert wsgi REST logs to DEBUG verbosity
ayoungjaosorior, notmorgan is you man on CI14:38
*** spandhe has joined #openstack-keystone14:38
*** EinstCrazy has joined #openstack-keystone14:39
*** nisha_ has quit IRC14:40
jaosoriorayoung: Thanks dude14:40
ayoungjaosorior, I think rodrigods is going to get involved in that, too.14:41
ayoungI thought Centos base CI should have been set up long since...frustrating14:42
rodrigodsayoung, jaosorior, absolutely - i can be the "please add this! please!"14:42
ayoungrodrigods, talk with notmorgan and you two can come up with the necessary steps.  I thought it was already run somewhere14:43
ayounglet see, that was a keystonemiddleware change that broke things on centos?14:43
amoralejjaosorior, rodrigods, about, and in order to fix circular, could all options registered in ?14:43
patchbotamoralej: patch 328919 - keystonemiddleware - Fix circular import in auth_token14:43
dstaneksamueldmq: reviewed :-)14:44
ayoungopts import _opts14:45
jaosorioramoralej: So do I drop my fix for cinder? I was already starting to import keystonemiddleware.opts14:46
patchbotjaosorior: patch 328995 - cinder - Import auth_uri from different module14:46
ayoung_opts imports _base14:46
ayoung__init__ imports _base14:47
ayoung_base iports nothing14:47
ayoungI don't see the cycle14:47
rodrigodsayoung, opts imports auth_token14:47
ayoungrodrigods, nope14:47
rodrigodswhich imports opts in __init__.py14:47
ayoungrom keystonemiddleware.auth_token import _auth14:48
ayoungfrom keystonemiddleware.auth_token import _base14:48
ayoungfrom keystonemiddleware.auth_token import _opts14:48
ayoungthat is what opts imports14:48
rodrigodsayoung, is the entry point14:48
rodrigodsdon't need to import directly14:48
rodrigodsonly in using the module, it is evaluated14:48
ayoungthat is evil14:48
ayoungso move all of the _opts etc out from that module if we want to import them directly14:49
*** ebalduf_ has quit IRC14:50
ayoungwhich is what _common should be, right?14:50
* ayoung checks the clock to see how long until the switch from coffee to scotch.14:50
rodrigodsis 10 AM already?14:50
dstaneki don't see why was split out anyway14:50
jaosoriorrodrigods: Funny how 10 AM is also my standard for that :P14:51
amoralejwhy don't let all opts registered in opts.py14:51
amoralejand opts not importing auth_token14:51
amoralejbut auth_token importing from, would that be ok?14:51
notmorganmore to the point... how did we land a circular import?14:51
ayoungjaosorior, you are in Finland.  I thought it was Schnapps Ohklok there14:52
dstanekamoralej: since all the things in that module are auth_token specific i don't see the point14:52
notmorganalso... absolutely no lazy imports14:52
rodrigodsnotmorgan, only breaks in centos interpreter14:52
jaosoriorayoung: How do you know I'm not drinking?14:52
dstaneknotmorgan: ++14:52
notmorganrodrigods: wtf?14:52
ayoungjaosorior, I justm meant Schnapps instead of Scotch14:52
ayoungI assumed you were drinking14:52
notmorganrodrigods: explain please14:52
notmorganbeause... wtf?!14:52
jaosoriorayoung: Nah, here we have
rodrigodsnotmorgan, it doesn't break in fedora or ubuntu, looks like a check tied to some version14:53
ayoungnotmorgan, should not be imported by auth_token, you are right...14:53
notmorganrodrigods: then i'm -2 on that change until i have a better understanding.14:53
patchbotayoung: patch 328919 - keystonemiddleware - Fix circular import in auth_token14:53
notmorganrodrigods: why is it failing on a specificl interpreter?14:53
*** timcline has joined #openstack-keystone14:53
jaosoriornotmorgan: We had the same issue in barbican14:53
rodrigodsnotmorgan, lacking info too, don't know even the centos version / interpreter14:53
jaosoriorit somehow worked in ubuntu and fedora14:54
jaosoriorbut not the cpython shipped by centos14:54
ayoungone function14:54
notmorganrodrigods, jaosorior: that is insanity.14:54
ayounglets move that function to _opts, have auth_token use that, and have link to the _opts one14:54
notmorganjaosorior: what version(s)? and what version of centos?14:54
jaosoriornotmorgan: I don't even know why you're shocked14:54
* notmorgan wants more details than "centos seems weird"14:55
amoraleji'm finding it with centos7, python-2.7.514:55
notmorganalso... is this impacted on the same version of rhel?14:55
notmorganrhel7 (i can check if needed)14:55
amoralejprobably, i've seen it in fedora23 also14:56
rodrigodsfedora ships 2.7.1114:56
*** kodoku has joined #openstack-keystone14:56
*** phalmos has joined #openstack-keystone14:56
rodrigodswe can try to reproduce in a venv to confirm it is tied to 2.7.514:56
kodokuHi, is it possible to list user of group with keystone v3 ?14:56
kodokuwith python client14:57
dstanekit break on ubuntu my just importing keystone middleware.opts14:57
ayoungrodrigods, check me on this14:57
*** permalac has quit IRC14:58
ayoungkeystonemiddleware.opts. list_auth_token_opts and keystonemiddleware.auth_token._opts do roughly the same thing14:58
ayoungthe first does14:58
ayoung return [(g, copy.deepcopy(o)) for g, o in auth_token_opts]14:58
dstanekthe issue seems to be the order of imports14:58
ayoungthe second does14:58
ayoung return [(_base.AUTHTOKEN_GROUP, copy.deepcopy(auth_token_opts))]14:58
*** pgbridge has quit IRC14:59
dstanekif you import auth_token first the sub-packages are already loaded by the time the import of opts happens14:59
*** julim has quit IRC14:59
ayounggi g is _base.AUTHTOKEN_GROUP  then they do the same thing14:59
rodrigodsi get really confused by [()]14:59
dstanekif you import opts first it all breaks14:59
dstaneknotmorgan: ^14:59
ayoungauth_token_opts  is defined as15:00
ayoung  (_base.AUTHTOKEN_GROUP,15:00
ayoung     _opts._OPTS + _auth.OPTS + loading.get_auth_common_conf_options())15:00
ayoungfor the first one and is defined as15:00
notmorganso it's an order of imprt thing?15:00
ayoung auth_token_opts = (_OPTS + loading.get_auth_common_conf_options())15:00
amoralejif you import auth_token first, it's already imported when executin opts, that's why doesn't break15:00
ayoungfor the second one.15:00
notmorganjust move the opts to the main opt file(s).15:00
*** tonytan4ever has quit IRC15:00
*** julim has joined #openstack-keystone15:00
ayoungwhy should these two not be the same function, and, why should middleware need to use both versions?15:00
kodokujoin #openstack15:01
kodokuarf sorry15:01
notmorganmake sure it's highlighted that it is atm opts... also... unrelated... someone needs to make sure we are somehow testing for cases like this...15:01
ayoungaudit is the only place that calls the _opts version15:01
ayoungkeystonemiddleware/                                   _list_opts(),15:01
ayoungkeystonemiddleware/ _list_opts():15:01
notmorganmake audit not do that.15:02
ayoungcan we make a single function for both of these?15:02
*** lucas has joined #openstack-keystone15:02
ayoungand put it in _opts or _common/_opts or something15:02
samueldmqdstanek: thanks15:02
ayoungand have them both include the same thing in a sane way?15:02
ayoungwho wrote that...15:02
notmorganunles the config generator explicitly only wants the options from one/the other15:03
* notmorgan shrugs15:03
ayoung62093bfc (Zhi Yan Liu   2014-07-02 22:40:35 +0800 33) def list_auth_token_opts():15:03
ayoungf0965c95 (Jamie Lennox 2016-01-14 13:14:32 +1100 187) def list_opts():15:04
*** lucas___ has quit IRC15:04
dstaneknotmorgan: i think it may be time for someone to demonstrate an alternate approach to the request_id patch15:05
bknudsonthe only thing I care about for the request ID patch is that it be opt-in15:06
dstanekbknudson: yep15:06
bknudsonwhich is not hard to do15:06
dstaneki'd like to add to that that i'd like it to be opt into a real object for the data and not a hacked one15:06
notmorgandstanek: ++15:09
notmorgandstanek: please do!15:09
*** nisha__ is now known as nisha_15:11
*** david-lyle has joined #openstack-keystone15:12
*** permalac has joined #openstack-keystone15:13
*** pgbridge has joined #openstack-keystone15:16
dstanekthat's the plan, but someone shamed me on my review numbers so i'm workin on that now :-(15:17
samueldmqdstanek: were you able to identify what's causing the circular import ?15:18
kodokuAnyone can see my paste for ldap issue ?
samueldmqdstanek: I can't reproduce it, so I can't really debug it15:19
dstaneksamueldmq: yes, the modules import each other :-P15:22
*** edtubill has joined #openstack-keystone15:22
samueldmqdstanek: what modules ?15:23
dstaneksamueldmq: open a brand new interpreter and 'import keystonemiddleware.opts'15:23
dstaneksamueldmq: keystonemiddleware.opts and keystonemiddleware.auth_token15:23
samueldmqdstanek: that worked well for me on ubuntu15:23
samueldmqdstanek: on a vm with fresh devstack15:24
dstaneksamueldmq: really? it fails for me15:24
samueldmqdstanek: yes, wfm15:24
samueldmqdstanek: that's very odd, everything should be breaking15:25
dstanekif you import auth_token first it works15:25
samueldmqdstanek: ah you're correct about the imports, keystonemiddleware.opts imports some things from keystonemiddleware.auth_token, which causes the __init__ to be evaluated :)15:26
*** pushkaru has joined #openstack-keystone15:26
dstaneksamueldmq: exactly. and if you import auth_token first the right things exist in sys.modules to opts succeeds15:27
*** spandhe_ has joined #openstack-keystone15:27
*** spandhe has quit IRC15:28
*** spandhe_ is now known as spandhe15:28
*** danpawlik has quit IRC15:28
samueldmqdstanek: (it's working either way for me), I expect to have the current master of middleware (as I did unstck/stack)15:31
*** welldannit has quit IRC15:31
*** TxGVNN has joined #openstack-keystone15:32
dstaneksamueldmq: will in either case the code is broken and needs to be fixed and not hacked15:32
*** al_loew has joined #openstack-keystone15:33
*** tonytan4ever has joined #openstack-keystone15:34
samueldmqdstanek: ++15:35
samueldmqdstanek: do you have a suggesiton?15:35
*** agireud has quit IRC15:36
*** ddieterly has joined #openstack-keystone15:37
*** agireud has joined #openstack-keystone15:38
samueldmqdstanek: perhaps revert and look at a better way to do it before merging again ?15:39
samueldmqso we have more time to look at the best way to do it15:39
*** tesseract has quit IRC15:39
rodrigodssamueldmq, dstanek ^ reproduced by cloning keystonemiddleware master and 'pip install -e' it15:40
rodrigodson fedora15:40
amoralejsamueldmq, i was thinking in adding all options for auth_token in _opts, and from __init__ import _opts instead of opts15:41
rodrigodsdstanek, confirmed importing auth_token first works15:41
rodrigodsamoralej, think would be a good approach for now15:42
amoralejwhy there are some options on _auth instead of _opts ?15:42
notmorgandstanek: i didn't shame anyone in particular (but yay, if we get reviews out of it)15:44
*** lucas has quit IRC15:49
*** wasmum has quit IRC15:49
openstackgerritAlfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token
*** dmk0202 has quit IRC15:51
*** rderose has quit IRC15:58
*** rcernin has quit IRC15:59
openstackgerritAlfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token
*** pushkaru has quit IRC16:02
*** ayoung has quit IRC16:04
*** pushkaru has joined #openstack-keystone16:04
*** EinstCrazy has quit IRC16:04
samueldmqdstanek: I propose we create list_auth_token_opts() inside auth_token.__init__16:05
samueldmqdstanek: and 's list_auth_token_opts() would just repass the call to it16:06
samueldmqdstanek: so that auth_token.__init__ won't need to import opts at all, and the calculation of all options would live there :)16:07
*** rderose has joined #openstack-keystone16:07
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements
*** gyee has joined #openstack-keystone16:10
*** ChanServ sets mode: +v gyee16:10
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements
*** spandhe has quit IRC16:15
*** roxanaghe has joined #openstack-keystone16:16
*** timcline_ has joined #openstack-keystone16:18
*** ayoung has joined #openstack-keystone16:19
*** ChanServ sets mode: +v ayoung16:19
*** lamt has quit IRC16:21
dstaneksamueldmq: i suggested just putting the opts stuff into auth_token since that's really what it's for16:21
*** timcline has quit IRC16:22
*** rderose_ has joined #openstack-keystone16:25
samueldmqdstanek: I agree, but opts is a public symbol, so we need to maintain it for now ?16:25
*** rderose has quit IRC16:26
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token
*** ddieterly is now known as ddieterly[away]16:27
samueldmqdstanek: amoralej: ^ this is what I was proposing16:27
samueldmqamoralej: I haven't submitted in your patch because it seems like you're on it.. (I added you as co-author)16:28
samueldmqtake this as an alternative solution, and if it's not what we want, I will abandon it16:29
amoralejno prob samueldmq, but i have a doubt16:30
*** rcernin has joined #openstack-keystone16:31
samueldmqamoralej: sure16:31
dstanekamoralej: what is it?16:31
*** ddieterly[away] is now known as ddieterly16:32
amoraleji just sent a comment samueldmq16:33
*** nisha__ has joined #openstack-keystone16:34
samueldmqamoralej: you're correct!16:34
amoralejother than that, no problem from my side, if it passess ci, i can abandone mine16:34
*** rcernin has quit IRC16:35
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token
*** rcernin has joined #openstack-keystone16:36
samueldmqamoralej: nice, I want to see dstanek's view on it16:37
rodrigodssamueldmq, dstanek, amoralej worked here16:37
*** nisha_ has quit IRC16:37
rodrigodsthink it is good as it is, let's wait for the CI16:37
samueldmqrodrigods: which one? patch 32909116:38
patchbotsamueldmq: - keystonemiddleware - Move auth token opts calculation into auth_token16:38
rodrigodssamueldmq, patch 32891916:38
patchbotrodrigods: - keystonemiddleware - Fix circular import in auth_token16:38
samueldmqdstanek: I also left 2 comments in my own patch, would like to get your view on those specific points too :)16:38
*** pcaruana has quit IRC16:38
samueldmqrodrigods: CentOS ?16:38
rodrigodssamueldmq, fedora, was able to reproduce the error on it previously16:39
*** jaosorior has quit IRC16:39
*** jaosorior has joined #openstack-keystone16:39
samueldmqrodrigods: k, do you mind to test patch 329091 too ?16:40
patchbotsamueldmq: - keystonemiddleware - Move auth token opts calculation into auth_token16:40
dstanekamoralej: samueldmq: at this point i think either patch is fine16:40
rodrigodssamueldmq, just a sec16:40
openstackgerritAlfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token
samueldmqdstanek: cool, I'd like to keep the OPTS definition where they're right now16:41
samueldmqbecause maybe jamielennox has a reasoning for keeping them where they are16:41
amoraleji'm adding an improvement but anyway, we can use the one from samueldmq16:41
rodrigodssamueldmq, it works16:42
samueldmqdstanek: and I can't confirm if that's okay since jamielennox is not available :( so I'd rather be more conservative with moving the opts around16:42
samueldmqif that makes sense16:42
samueldmqrodrigods: perfect, thanks !16:42
dstaneksamueldmq: there's no benefit to the split that i can see16:43
*** al_loew has quit IRC16:43
samueldmqdstanek: we can still look at it in a followup (as it is a different issue), if you agree16:44
samueldmqamoralej: so, afaict ci is testing that against ubuntu nodes16:51
samueldmqamoralej: so testing against CentOS will require manual testing :(16:51
amoralejbut, if i understood it right, it failed in ubuntu also, right?16:51
samueldmqamoralej: I wasn't able to reproduce it in ubuntu, not sure what distro dstanek is using16:53
notmorgandstanek: splitting it is silly16:53
notmorganlets just fix this in a more sane model16:53
samueldmqamoralej: rodrigods is running fedora, it was failing and now it's passing, so we should be good16:54
samueldmqamoralej: he confirmed it worked for him16:54
amoraleji reproduced it in fedora also16:54
samueldmqcool, we should be good16:54
*** dobson has quit IRC16:56
*** jaosorior has quit IRC17:02
EmilienMsamueldmq: thanks for your really quick help17:03
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token
*** ayoung has quit IRC17:04
samueldmqdstanek: ^ changed list_auth_token_opts to list_opts17:04
samueldmqrodrigods: oh, just saw you had +2+A in the meantime, could you re-apply it ?17:05
openstackgerritguang-yee proposed openstack/keystoneauth: Support TOTP auth plugin
samueldmqEmilienM: yw, glad to be able to help17:06
rodrigodssamueldmq, just a renaming, think it is good to +A17:06
samueldmqrodrigods: ++17:07
dstaneknotmorgan: there is fear about many of these things being public attributes17:08
notmorgandstanek: ... why?17:11
notmorgandstanek: oh wait opts or the request thing?17:11
dstaneknotmorgan: opts17:16
*** ayoung has joined #openstack-keystone17:17
*** ChanServ sets mode: +v ayoung17:17
*** darosale has joined #openstack-keystone17:18
*** TxGVNN has quit IRC17:18
notmorgandstanek: so, the fear is just that people are consuming the property17:19
notmorganit *is* a public interface via the list method17:20
notmorganand has to be17:20
notmorganwe want to be able to move these things as needed for $reasons$17:20
*** ddieterly is now known as ddieterly[away]17:20
notmorganas long as the list method is publically available (entry point)17:20
dstaneknotmorgan: i think so. also samueldmq was worried that jamielennox separated the opts for some reason17:20
notmorganif they end up in the main list17:21
notmorganit doesn't matter17:21
*** timcline_ has quit IRC17:26
*** jamie_h has quit IRC17:27
*** timcline has joined #openstack-keystone17:27
*** julim has quit IRC17:28
*** clenimar has joined #openstack-keystone17:31
gyeenotmorgan, do you recall why we hardcoded InnoDB engine in our SQL scripts?17:32
gyeefor example,
dstanekgyee: probably because isam is crap17:33
gyeedstanek, yes, probably17:35
gyeedstanek, I was looking for an *official* version so I have it on record17:35
dstanekgyee: did you look back at the commit history?17:36
gyeeyeah looking ...17:36
openstackgerritColleen Murphy proposed openstack/keystone: Add 'links' to implied roles response
*** pcaruana has joined #openstack-keystone17:39
gyeedstanek, found it, it was done by bknudson as part of
openstackLaunchpad bug 1191110 in OpenStack Identity (keystone) "Migrations may create MyISAM tables" [High,Fix released] - Assigned to Brant Knudson (blk-u)17:41
dstanekgyee: yeah, just found cd8fa2b0e7ca002b7621fe0e35b921154946e12b17:42
*** henrynash_ has joined #openstack-keystone17:42
*** ChanServ sets mode: +v henrynash_17:42
dstanekgyee: so i was right. isam is crap17:42
gyeedstanek, you da man!17:42
*** rk4n has quit IRC17:45
dstanekgyee: you can quote me in your documenation :-)17:46
bknudsonpart of it is because some operating systems were still defaulting to isam17:48
*** clenimar has quit IRC17:49
bknudsonI'm not sure that the way we're doing this is right... maybe keystone-manage db_setup should check the db config and fail if it's incorrect17:50
bknudsonthat way we don't have to remember to put code in to handle it.17:50
gyeebknudson, looks like one of the tests pickup MyISAM somewhere from default17:51
gyeeI am trying to figure out where17:51
gyeebknudson, this one
bknudsonit's only mysql that has myisam17:52
bknudsonyou mean there's a test that checks that everything is innodb?17:53
gyeeI thought we have a global switch or something17:53
gyeeinstead of hardcoding it everywhere17:54
bknudsonNot sure if there's a way to do that... would be smarter.17:54
gyeeanyway, pdb time :-)17:54
bknudsongyee: what test is failing?17:55
gyeejust in our local env17:55
bknudsonall of them?17:56
*** raddaoui has joined #openstack-keystone17:56
gyeebknudson, all of them17:57
bknudsonI haven't seen that before... if it can't connect to the db it'll just skip the tests.17:57
*** dobson has joined #openstack-keystone17:58
gyeesorry I need to step out for an hour for a meeting, will let you know what I found later17:58
openstackgerritColleen Murphy proposed openstack/keystone: Add 'links' to implied roles response
*** pushkaru has quit IRC18:04
*** rk4n has joined #openstack-keystone18:04
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements
*** browne has joined #openstack-keystone18:12
*** clenimar has joined #openstack-keystone18:16
*** mwheckmann has joined #openstack-keystone18:18
*** ddieterly[away] has quit IRC18:20
*** sdake_ has joined #openstack-keystone18:23
*** timcline has quit IRC18:25
*** timcline has joined #openstack-keystone18:25
*** lucas___ has joined #openstack-keystone18:27
lbragstadrderose_ thanks for hammering through the PCI patches - you've been on top of respinning those...18:27
rderose_lbragstad: thanks man, appreciate that :)18:28
lbragstadrderose_ thank you18:28
stevemargyee: a few small comments here:
patchbotstevemar: patch 281086 - keystoneauth - Support TOTP auth plugin18:29
rderose_lbragstad: feels like the patches are getting more finalized (I hope) :)18:30
*** timcline has quit IRC18:30
lbragstadrderose_ i've been nit picking them like crazy - i think they are looking good18:30
rderose_lbragstad: cool18:30
stevemarrderose_: i have the fullest of intentions of looking at the PCI stuff soon!18:32
rderose_stevemar: appreciate that, it's good to have you back :)18:32
*** tqtran has joined #openstack-keystone18:35
dstanekrderose_: i dropped some concerns about the last_auth_at patch18:36
stevemarrderose_: i had planned on starting at 9am today, that didn't happen18:36
stevemari'll work late instead :)18:37
rderose_dstanek: yeah, looking at that now. your federation argument is compelling.18:37
*** nisha__ has quit IRC18:37
*** pushkaru has joined #openstack-keystone18:41
*** kodoku has quit IRC18:47
*** mvk has quit IRC18:51
gyeestevemar, thanks, will push another patch shortly, just got out of a meeting18:53
*** ddieterly has joined #openstack-keystone18:54
openstackgerritColleen Murphy proposed openstack/keystoneauth: Document named kerberos plugin
dstanekrderose_: i find myself compelling at times18:58
openstackgerritguang-yee proposed openstack/keystoneauth: Support TOTP auth plugin
rderose_dstanek: hahaha18:59
rderose_dstanek: yeah, stop being so dam compelling and give me some plus 2s18:59
rderose_dstanek: :)18:59
dstanekrderose_: +2s for everyone!19:00
rderose_dstanek: now you are talking :)19:00
dstaneki'd love to hear more thoughts on
*** amoralej is now known as amoralej|off19:01
EmilienMsamueldmq: the patch is failing CI
patchbotEmilienM: patch 329091 - keystonemiddleware - Move auth token opts calculation into auth_token19:04
EmilienMsamueldmq: doing recheck19:05
*** rk4n has quit IRC19:08
*** tqtran has quit IRC19:11
*** timcline has joined #openstack-keystone19:17
*** timcline has quit IRC19:17
*** timcline has joined #openstack-keystone19:17
*** mwheckmann has quit IRC19:26
*** sheel has quit IRC19:35
*** roxanaghe has quit IRC19:39
*** gagehugo has joined #openstack-keystone19:45
lbragstadstevemar how come the proposal bot is being removed?,unified19:54
patchbotlbragstad: patch 327418 - keystone - Use http_proxy_to_wsgi from oslo.middleware19:54
*** jefrite has quit IRC19:59
mfischliberty to mitaka upgrade has some issues wrt caching19:59
mfischits broken for 5 minutes until stuff expires19:59
mfischthis is my work around during the upgrade19:59
mfischwhile true; do echo 'flush_all' | nc $(facter -p cirrus_network_primary_ip) 11211; sleep 3; done19:59
mfischwhich is crappy19:59
mfischwill file a bug20:00
lbragstadmfisch sweet - thanks20:00
mfischI guess grenade doesnt test with cached tokens?20:00
lbragstadthat's a good question20:00
*** roxanaghe has joined #openstack-keystone20:02
*** mvk has joined #openstack-keystone20:03
mfischI will try to repro again to get a clean bug too20:03
*** sdake_ is now known as sdake20:06
*** lucas___ has quit IRC20:07
*** lucas___ has joined #openstack-keystone20:07
*** lucas___ has quit IRC20:08
*** tonytan4ever has quit IRC20:12
*** chlong has quit IRC20:12
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users
samueldmqEmilienM: yeah, failure seems to be unrelated: Unable to complete operation for network c8896a77-d53b-4ec3-a75f-e67b5d56d702. The IP address is in use.20:15
samueldmqEmilienM: thanks for leaving a recheck20:15
EmilienMI need it :)20:15
*** tqtran has joined #openstack-keystone20:34
*** mwheckmann has joined #openstack-keystone20:37
samueldmqdstanek: hi20:38
samueldmqdstanek: about patch 328383; in your original patch 307878 , bknudson suggested to set a minversion in tox.ini20:39
patchbotsamueldmq: - keystone - Add missing testresources build-requirement20:39
patchbotsamueldmq: - keystone - Explicitly require testresources for tests (ABANDONED)20:39
samueldmqdstanek: doesn't that solve the issue ?20:39
ayounggyee, did you ever write a certmonger helper for Anchor?20:39
*** tonytan4ever has joined #openstack-keystone20:42
*** aratus has joined #openstack-keystone20:42
*** timcline_ has joined #openstack-keystone20:44
openstackgerritRon De Rose proposed openstack/keystone: Concrete role assignments for federated users
dstaneksamueldmq: yes it solved it for me20:47
dstaneksamueldmq: the problem is that older distros may not be able to have the latest and greatest python packaging utilities20:48
*** timcline has quit IRC20:48
*** edtubill has quit IRC20:48
*** vgridnev has joined #openstack-keystone20:48
samueldmqdstanek: yes, while I understand your comment in that patch, I wonder if we should start adding requirements to solve what looks to be packaging issues :(20:48
lbragstadrderose_ was there a fix that went in that got working with Horizon?20:49
patchbotlbragstad: patch 284943 - keystone - Concrete role assignments for federated users20:49
lbragstador was there a patch that made the OS-FEDERATION/projects API the same as /auth/projects ?20:49
dstaneksamueldmq: sure, we could. the question is whether or not we want to carry that baggage. i have to imagine that a good number of the other openstack projects would have the same issue20:50
gyeeayoung, in my test env, yes, it works20:50
*** julim has joined #openstack-keystone20:50
gyeeayoung, haven't had a chance to submit a devstack patch yet20:50
*** ddieterly is now known as ddieterly[away]20:50
rderose_lbragstad: yeah, boris found that websso didn't work because it was using /OS-FEDERATION/projects api instead of auth/projects api20:53
rderose_lbragstad: the latest patch fixes /OS-FEDERATION api, so that it matches /auth api20:55
lbragstadrderose_ Horizon didn't work because python-keystoneclient was using the deprecated API right? But someone mentioned fixing the deprecated API to make it so that it behaves the same as the auth/projects/ API, do we know if that happened het20:55
lbragstadoh - sweet20:55
*** clenimar has quit IRC20:55
*** vgridnev has quit IRC20:55
openstackgerritColleen Murphy proposed openstack/keystone: Add 'links' to implied roles response
rderose_lbragstad: yeah, I think this fix will fix API and client20:56
*** pauloewerton has quit IRC20:57
lbragstadrderose_ awesome20:57
ayounggyee, can you post the helper code as a standalone repo, or share it somehow?20:59
*** ericksonsantos has quit IRC20:59
gyeeayoung, let me mail it to you, its pretty simple20:59
ayounggyee, thanks21:00
*** raildo is now known as raildo-afk21:02
*** rderose has joined #openstack-keystone21:02
*** rderose_ has quit IRC21:04
*** rderose_ has joined #openstack-keystone21:05
*** adrian_otto has quit IRC21:07
*** rderose has quit IRC21:08
stevemarlbragstad: turns out no one liked it, too much churn and we already post a new version after every patch here:
*** edtubill has joined #openstack-keystone21:11
dstaneksamueldmq: i'm on the fence with that debug log patch21:12
dstaneki see the arguments to keep it as week as the information is already logged by the webserver21:13
dstanekmaybe a better solution would be taking some of the exsting info messages and make them warning so that it's easier to turn off wsgi logging21:13
openstackgerritColleen Murphy proposed openstack/keystone: Add 'links' to implied roles response
dstanekalso i have no skin in this game. it just seems dumb to log the same thing in multple places21:14
*** ddieterly[away] is now known as ddieterly21:18
*** gagehugo has quit IRC21:22
samueldmqdstanek: yeah I agree. that is a big change in logs, I don't feel confident on saying it's better or worst21:26
samueldmqdstanek: would like ot hear from others with operators xp. as you said, I'm on the fence too :)21:27
*** vgridnev has joined #openstack-keystone21:28
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Add 'links' to implied roles response
samueldmqcrinkle: ^21:28
crinklesamueldmq: ah you beat me21:29
samueldmqcrinkle: sorry, I couldn't resist, the change was too simple :-)21:30
openstackgerritLance Bragstad proposed openstack/python-keystoneclient: Use /v3/auth/projects and /v3/auth/domains
*** edtubill has quit IRC21:33
*** julim has quit IRC21:33
mfischlbragstad: confirmed:
openstackLaunchpad bug 1592169 in OpenStack Identity (keystone) "liberty to mitaka upgrade (stable) has broken caching" [Undecided,New]21:40
*** edtubill has joined #openstack-keystone21:40
mfisch"cached tokens break liberty to Mitaka upgrade Edit"21:40
dstanekcrinkle: samueldmq: did that link get fixed?21:42
lbragstadmfisch i take it this is only applicable to fernet tokens?21:42
mfischlet me note that21:42
*** adrian_otto has joined #openstack-keystone21:42
lbragstadmfisch but you did only recreate this with fernet token yeah?21:42
mfischIt takes me about 1 hour to setup21:42
mfischnoted in bug21:42
mfischbut I think a cached L token can't be read by M code21:43
mfischI think thats the bug21:43
dstaneklbragstad: mfisch: caching often messed up upgrades. you're caching an older version of the data21:43
mfischM code is like "I dont understand this format"21:43
*** edtubill has quit IRC21:43
mfischdstanek: so invalidate, don't fail to issue tokens21:43
mfischno tokens issue until all the cache is invalidated21:43
mfischI dont expect the caching to work over the upgrade, but I expect it to deal with old data in there21:43
dstanekmfisch: in an app i used to work on our deployment process should turn off caching during the upgrade21:44
mfischwell let me be clear that this is new21:44
mfischnew for M anyway21:44
dstanekat AGI I think we were just pretty good about making sure the data was backward and forward compatible21:44
mfischI'm going to just flush the cache every 3 seconds while the deploy21:44
dstanekmfisch: just turn off memcached during the deploy21:45
mfischmaybe the cache needs to include a keystone version21:45
crinkledstanek: yes i fixed it21:46
claytonwell, or keystone could just embed a data version in the key, and bump the version when the cache schema changes21:47
*** dmk0202 has joined #openstack-keystone21:47
mfischwhile true; flush ftw21:48
*** rcernin has quit IRC21:48
claytonthat seems easier than complicating the upgrade for every operator that ever upgrades.21:48
dstanekclayton: mfisch: not that easy. you'll have potentially 2 different versions running simultaneously. so changes may not seem to take effect between requests.21:50
claytonyou can't really have two versions running at the same time due to db schema changes.21:50
dstanekclayton: you can. and that's the goal full live upgrades21:51
claytonnot there yet.21:51
claytonwhereas we do have memcache problems today21:51
dstanekclayton: but a bandaid that won't work isn't a good solution21:51
*** edtubill has joined #openstack-keystone21:51
claytonneither is turning off memcached or flushing it constantly during the upgrade21:52
mfischI wonder if the control node memcache will also need to be flushed out21:52
claytonif you want to put versioned objects into memcached, I suppose that's fine, but it seems like a lot of work in the short term21:52
dstaneki don't think a version really helps you here21:53
mfischI need to commute but will catch up tonight21:54
dstanekimagine a user that hits the old version of keystone an updates a project name. then they see the project in horizon when horizon hits a new instance. they will be left to wonder why their change didn't take21:55
dstanekor the token cache21:55
*** rderose_ has quit IRC21:59
*** edtubill has quit IRC22:00
openstackgerritMerged openstack/keystonemiddleware: Move auth token opts calculation into auth_token
*** henrynash_ has quit IRC22:02
*** hoonetorg has quit IRC22:05
*** edmondsw has quit IRC22:07
*** hoonetorg has joined #openstack-keystone22:08
*** ddieterly has quit IRC22:10
*** aratus1 has joined #openstack-keystone22:10
*** henrynash_ has joined #openstack-keystone22:11
*** ChanServ sets mode: +v henrynash_22:11
*** aratus has quit IRC22:11
*** edtubill has joined #openstack-keystone22:14
rodrigodslbragstad, ping... re: service providers cache22:15
lbragstadrodrigods o/22:15
rodrigodslbragstad, something is wrong22:15
lbragstaddid it break something?22:16
rodrigodslbragstad, check the test:
patchbotrodrigods: patch 303502 - keystone - Add service providers integration tests22:16
rodrigodsline 18522:16
rodrigodsthe service providers are not being returned to the token22:17
lbragstadrodrigods wouldn't have anything to do with it would it?22:17
patchbotlbragstad: patch 325417 - keystone - Add cache invalidation for service providers22:17
rodrigodslbragstad, hmm let me try the tests with that patch22:17
rodrigodslbragstad, same error =(22:19
*** edtubill has quit IRC22:20
lbragstadso the service providers that are added aren't being returned in the token response?22:20
*** edtubill has joined #openstack-keystone22:20
rodrigodslbragstad, yeah22:20
*** chlong has joined #openstack-keystone22:21
*** darosale has quit IRC22:22
*** tonytan4ever has quit IRC22:23
*** edtubill has quit IRC22:23
*** edtubill has joined #openstack-keystone22:24
*** gordc has quit IRC22:24
lbragstadrodrigods hmm - let me see if i can poke at it a bit22:25
lbragstadtechnically that cache should be getting invalidated22:25
rodrigodslbragstad, ooops, my bad22:25
rodrigodsdidn't reinstall keystone after download the patch22:25
*** edtubill has quit IRC22:25
rodrigodsit works actually22:25
rodrigodsso we just need to fix the tests22:25
rodrigodsas per samueldmq comments22:25
rodrigodsand the service providers tests can land after that22:26
lbragstadrodrigods yep - i can work on respinning that patch22:26
rodrigodsthanks lbragstad22:26
lbragstadrodrigods no problem - thanks for adding the functional tests22:26
rodrigodsnp, ping me once you have a new patchset there :)22:27
*** ayoung has quit IRC22:27
lbragstadrodrigods will do22:27
*** edtubill has joined #openstack-keystone22:30
openstackgerritMerged openstack/keystoneauth: Support TOTP auth plugin
*** edtubill has quit IRC22:41
*** rk4n has joined #openstack-keystone22:42
*** pushkaru has quit IRC22:42
*** dave-mccowan has quit IRC22:47
*** timcline_ has quit IRC22:49
*** timcline has joined #openstack-keystone22:50
*** dmk0202 has quit IRC22:52
*** dave-mccowan has joined #openstack-keystone22:52
*** timcline has quit IRC22:55
*** adrian_otto has quit IRC22:59
*** adrian_otto has joined #openstack-keystone22:59
*** edtubill has joined #openstack-keystone23:04
*** henrynash_ has quit IRC23:07
*** edtubill has quit IRC23:09
*** edtubill has joined #openstack-keystone23:10
*** mwheckmann has quit IRC23:18
*** pushkaru has joined #openstack-keystone23:23
*** iurygregory_ has joined #openstack-keystone23:25
*** phalmos has quit IRC23:27
*** edtubill has quit IRC23:32
*** r-daneel has quit IRC23:33
*** ayoung has joined #openstack-keystone23:33
*** ChanServ sets mode: +v ayoung23:33
*** aratus1 has quit IRC23:46
*** rk4n has quit IRC23:46
samueldmqdstanek: sorry I was afk, yes the link got fixed; now it matches the API spec with GET /roles/{prior_role_id}/implies23:47
samueldmqdstanek: for listing the implied roles of a given role23:47
samueldmqEmilienM: it got merged :)23:50
*** aratus has joined #openstack-keystone23:55

Generated by 2.14.0 by Marius Gedminas - find it at!