Wednesday, 2017-01-04

*** spzala has quit IRC00:02
*** spzala has joined #openstack-keystone00:02
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies
samueldmqstevemar ^ added the release note. it had a +2 from Jamie already00:18
*** phalmos has quit IRC00:19
*** ravelar has quit IRC00:22
*** agrebennikov has quit IRC00:22
*** jose-phillips has quit IRC00:25
*** jaugustine has quit IRC00:26
*** jaugustine has joined #openstack-keystone00:26
*** jaugustine has quit IRC00:30
*** nkinder has quit IRC00:38
*** guoshan has joined #openstack-keystone00:45
*** guoshan has quit IRC00:50
*** itisha has quit IRC00:52
*** hoangcx has joined #openstack-keystone00:53
*** ayoung has quit IRC00:53
*** adrian_otto has joined #openstack-keystone01:02
*** esp has quit IRC01:02
*** trananhkma has joined #openstack-keystone01:12
*** liujiong has joined #openstack-keystone01:19
openstackgerritMerged openstack/keystone: Remove CONF.domain_id_immutable
*** esp has joined #openstack-keystone01:27
*** guoshan has joined #openstack-keystone01:37
*** chris_hultin|AWA is now known as chris_hultin01:50
*** chris_hultin is now known as chris_hultin|AWA01:51
*** dave-mccowan has joined #openstack-keystone01:52
stevemarsamueldmq: ++01:53
*** esp has quit IRC01:57
*** browne has quit IRC02:01
*** dave-mcc_ has joined #openstack-keystone02:06
*** ianw is now known as ianw_pto02:07
*** dave-mccowan has quit IRC02:08
*** guoshan has quit IRC02:12
*** trananhkma has quit IRC02:12
*** dave-mcc_ has quit IRC02:33
*** dave-mccowan has joined #openstack-keystone02:39
*** trananhkma has joined #openstack-keystone02:54
*** dave-mccowan has quit IRC03:01
*** guoshan has joined #openstack-keystone03:16
*** nkinder has joined #openstack-keystone03:30
*** nklenke has quit IRC03:33
*** nkinder has quit IRC03:35
openstackgerritSteve Martinelli proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies
*** mvk has quit IRC03:38
stevemarbknudson: want me to update to include the v2 bits i mentioned?03:39
*** nklenke has joined #openstack-keystone03:48
*** jamielennox is now known as jamielennox|away03:51
*** links has joined #openstack-keystone03:56
*** jamielennox|away is now known as jamielennox03:59
*** guoshan has quit IRC04:02
*** spzala has quit IRC04:16
*** guoshan has joined #openstack-keystone04:38
*** nicolasbock has joined #openstack-keystone04:42
*** guoshan has quit IRC04:43
*** adriant has quit IRC04:48
openstackgerritSteve Martinelli proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies
*** udesale has joined #openstack-keystone05:42
*** mvk has joined #openstack-keystone05:50
*** mvk has quit IRC06:11
*** udesale has quit IRC06:18
*** udesale has joined #openstack-keystone06:20
*** guoshan has joined #openstack-keystone06:22
*** richm has quit IRC06:42
*** pcaruana has joined #openstack-keystone06:51
*** adrian_otto has quit IRC07:00
openstackgerritMerged openstack/keystoneauth: Prevent MemoryError when logging response bodies
*** rcernin has joined #openstack-keystone07:15
*** tesseract has joined #openstack-keystone07:18
*** stingaci has quit IRC07:18
openstackgerritShan Guo proposed openstack/keystone: [api] relationship links result in 404
*** liujiong has quit IRC08:28
*** liujiong has joined #openstack-keystone08:29
*** stingaci has joined #openstack-keystone08:50
*** stingaci has quit IRC08:56
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** asettle has joined #openstack-keystone09:33
*** tobberydberg has joined #openstack-keystone10:04
*** tobberydberg_ has joined #openstack-keystone10:10
*** tobberydberg has quit IRC10:12
*** tobberydberg_ is now known as tobberydberg10:12
*** guoshan has quit IRC10:13
*** mvk has joined #openstack-keystone10:19
*** liujiong has quit IRC10:30
*** hoangcx has quit IRC10:35
*** stingaci has joined #openstack-keystone10:52
*** tobberydberg has quit IRC10:53
*** udesale has quit IRC10:53
*** stingaci has quit IRC10:57
*** links has quit IRC10:57
*** jdennis1 has joined #openstack-keystone11:07
*** jdennis has quit IRC11:08
*** richm has joined #openstack-keystone11:13
*** ayoung has joined #openstack-keystone11:20
*** ChanServ sets mode: +v ayoung11:20
*** links has joined #openstack-keystone11:21
samueldmqmorning keystone11:46
*** jperry has joined #openstack-keystone11:57
*** catintheroof has joined #openstack-keystone12:14
stevemarmorning samueldmq o/12:24
samueldmqstevemar: o/12:24
*** openstackgerrit has quit IRC12:33
*** nishaYadav has joined #openstack-keystone12:39
*** nishaYadav has quit IRC12:40
*** jperry has quit IRC12:41
*** udesale has joined #openstack-keystone12:55
*** dave-mccowan has joined #openstack-keystone13:08
*** edmondsw has joined #openstack-keystone13:16
*** itisha has joined #openstack-keystone13:21
dimsstevemar : samueldmq : breton : WDYT?
samueldmqdims: what does that buy us ?13:30
dimssamueldmq : all the keystone processes are running under python313:31
dimsso far we don't have a test where we use python3 to run stuff13:31
samueldmqdims: so why don't we just convert the other gate to use py3 ?13:32
samueldmqdims: your point is fair enough13:32
samueldmqdims: that's a possibility, I can leave a comment and see what others think too13:33
dimswant to do both in parallel (esp since this one switches off swift)13:33
samueldmqdims: nice, is this experiment going on in other projects too ? or just keystone to start ?13:33
*** lamt has joined #openstack-keystone13:34
dimsstarted with devstack (up/down test), now keystone is the next logical choice13:34
samueldmqdims: kk13:36
samueldmqdims: any reason you've picked that job specifically ?13:36
samueldmqdims: there is also gate-keystone-dsvm-functional-ubuntu-xenial13:36
stevemardims: do it please! :)13:36
samueldmqdims: v3 is default in devstack now,  I am not sure gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv keeps buying us anything13:36
dimssamueldmq : since v3 is default :)13:36
samueldmqdims: yes, that's what I mean13:37
samueldmqstevemar: would you be okay to remove gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv (given v3 is default now)13:37
dimssamueldmq : let me experiment a bit then we can figure out which ones we can turn off13:37
stevemardims: i'm interested to see if memcache and ldap actually work13:37
stevemarsamueldmq: replace it with v2?13:37
dimsstevemar : dunno if ldap kicks in on that one13:37
stevemardims: probably not13:37
stevemardims: but we'll add it eventually and we'll get it for free13:37
dimsfor now samueldmq, i just need a job to experiment :)13:38
dims++ stevemar13:38
samueldmqstevemar: no. we already have gate-keystone-dsvm-functional-ubuntu-xenial13:38
samueldmqstevemar: and gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv13:38
samueldmqbut as v3 is default, we can remove the latter13:38
stevemarsamueldmq: as long we don't lose anything, go ahead and remove it13:39
dimsi am bad at the project-config stuff, so this seemed the easiest for me to clone as well :)13:39
samueldmqdims: ++13:39
samueldmqstevemar: dims: let's get that in as it is. I can look at the other job later and remove it and update the new one as necessary13:39
samueldmqmakes sense ?13:39
dimsworks for me!13:40
*** nklenke has quit IRC13:41
*** jdennis1 has quit IRC13:41
*** jdennis has joined #openstack-keystone13:41
*** openstackgerrit has joined #openstack-keystone13:42
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: DO NOT MERGE: Testing new gate
samueldmqstevemar: dims: ^13:42
dimssamueldmq : unfortunately new jobs don't kick in that way :(13:42
dimsstevemar : need your ack on :)13:43
samueldmqdims: ah, so we need to get that in first. it has my +1 already anyways13:43
*** nklenke has joined #openstack-keystone13:46
rodrigodsstevemar, regarding, is there a way to skip a test in the controller layer if the backend is sqlalchemy?13:59
*** Nakato has quit IRC14:00
*** Nakato has joined #openstack-keystone14:00
rodrigodsstevemar, sqlite*14:04
stevemarrodrigods: hmm, the DB type probably isnt surfaced at that level14:07
stevemarrodrigods: i thought our tests run against mysql ?14:07
stevemaror did we not actually change that yet14:07
rodrigodsstevemar, we have jobs that run against sqlite and mysql14:07
rodrigodsthe mysql ones are the *-db14:07
rodrigodsstevemar, hmm which seems to be the case? heh14:09
rodrigodsthat's odd because we would need to install mysql for keystone development locally :P14:09
*** agrebennikov has joined #openstack-keystone14:10
stevemarrodrigods: i suppose you could check 'if == "..."' after mixing in the `from oslo_db.sqlalchemy import test_base`14:11
stevemar'test_base.DbTestCase' may set self.engine for you14:11
rodrigodsstevemar, hmm14:11
rodrigodsi was looking for that14:11
rodrigodsstevemar, it seems a bit hacky, though14:12
rodrigodsstevemar, are you ok with sending the API layer test in a follow up patch? so we can get feedback?14:12
stevemarrodrigods: yeah, maybe just check if the thing protocol was deleted, pass. otherwise ....14:12
rodrigodsstevemar, hmm right!14:13
rodrigodsthat should work14:13
rodrigodsin both sqlite and mysql14:13
stevemarrodrigods: haha, i wasn't done my sentence, but i think you figured something out14:13
stevemarso go forth14:13
*** jperry has joined #openstack-keystone14:16
*** nkinder has joined #openstack-keystone14:17
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
*** jperry has quit IRC14:28
openstackgerritRodrigo Duarte proposed openstack/keystone: Cascade delete federated_user fk
openstackgerritRodrigo Duarte proposed openstack/keystone: Minor improvement in test_user_id_persistence
*** udesale has quit IRC14:44
*** phalmos has joined #openstack-keystone14:48
*** phalmos_ has joined #openstack-keystone14:51
*** phalmos has quit IRC14:54
*** links has quit IRC14:59
*** udesale has joined #openstack-keystone15:00
*** masterjcool has quit IRC15:03
*** adrian_otto has joined #openstack-keystone15:06
*** zzzeek has quit IRC15:13
*** adrian_otto1 has joined #openstack-keystone15:14
*** zzzeek has joined #openstack-keystone15:14
*** edtubill has joined #openstack-keystone15:15
*** masterjcool has joined #openstack-keystone15:15
*** chris_hultin|AWA is now known as chris_hultin15:15
*** spzala has joined #openstack-keystone15:16
*** adrian_otto has quit IRC15:17
*** udesale has quit IRC15:25
*** chris_hultin is now known as chris_hultin|AWA15:25
*** udesale has joined #openstack-keystone15:25
*** frickler has quit IRC15:29
*** Guest66666 has quit IRC15:29
*** frickler has joined #openstack-keystone15:29
*** Guest66666 has joined #openstack-keystone15:29
*** udesale has quit IRC15:35
lbragstadjust reminder that we'll be having the policy meeting in #openstack-meeting-cp in 24 minutes15:37
*** jaugustine has joined #openstack-keystone15:45
*** asettle has quit IRC15:45
*** chris_hultin|AWA is now known as chris_hultin15:45
*** asettle has joined #openstack-keystone15:46
*** mvk has quit IRC15:48
*** adrian_otto has joined #openstack-keystone15:50
*** adrian_otto1 has quit IRC15:51
stevemarlbragstad: now in 6 minutes15:54
lbragstadstevemar yessir!15:56
*** sheel has quit IRC15:57
*** Marcellin__ has joined #openstack-keystone16:01
lbragstadping raildo, ktychkova, dolphm, dstanek, rderose, htruta, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan, ayoung, stevemar16:03
lbragstadpolicy meeting in #openstack-meeting-cp for those who want to attend16:03
*** ravelar has joined #openstack-keystone16:05
*** rcernin has quit IRC16:09
*** rarora has joined #openstack-keystone16:12
*** stingaci has joined #openstack-keystone16:19
*** jose-phillips has joined #openstack-keystone16:27
*** guoshan has joined #openstack-keystone16:27
*** guoshan has quit IRC16:32
*** haplo37_ has quit IRC16:42
openstackgerritGage Hugo proposed openstack/keystone: Remove unused exceptions from CADF notifications
*** edmondsw_ has joined #openstack-keystone16:45
*** edmondsw_ has quit IRC16:45
*** haplo37_ has joined #openstack-keystone16:45
ayounglbragstad, wasn't ken'ichi supposed to participate?17:01
lbragstadayoung i've pinged oomichi - but I haven't had a response yet17:01
ayounglbragstad, and he is the only person outside our little group that has provided feedback17:01
lbragstadand that's just part of cross project communication since so many of us on are different schedules17:01
lbragstadI've had some great conversations with cinder about policy so far17:02
lbragstadbut unfortunately the policy meeting is scheduled at the same time as their team meeting17:02
ayounglbragstad, the problem is that policy is the wrong term17:03
ayoungedmondsw, are you workimng on the 968696 fix for nova?17:04
lbragstaddolphm stevemar dstanek it sounded like the options we had for documenting this was 1.) cross project spec and 2.) a community goal17:04
edmondswayoung I haven't been able to get back to it yet17:04
lbragstadand 3.) i guess would be some sort of working group approach17:05
ayounglbragstad, get that fixed, foremost.  The rest is an afterthought17:06
ayoungamd the whole chain for keystone17:06
*** zhugaoxiao has quit IRC17:07
*** zhugaoxiao has joined #openstack-keystone17:07
ayounglbragstad, if you really want to fix policy, focus on that first17:07
*** jaugustine has quit IRC17:10
*** esp has joined #openstack-keystone17:13
*** nishaYadav has joined #openstack-keystone17:14
*** nishaYadav has quit IRC17:14
*** mvk has joined #openstack-keystone17:21
*** tesseract has quit IRC17:21
dimssamueldmq : stevemar : any takers for a py35 bug in keystone?
dimsquite easy one17:24
* dims rolls up my sleeve 17:28
*** nicolasbock has quit IRC17:34
*** chris_hultin is now known as chris_hultin|AWA17:36
mtreinishdims: heh, yeah bytes is only 5 characters :p17:36
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
dimsmtreinish : while i have you, this is expected right?
dimsmtreinish : given the problem in the keystone.txt above that is17:43
mtreinishdims: yeah, if keystone is returning 500 tempest should raise like that17:44
dimsthanks, just making sure17:44
stevemardims: oh hai17:50
stevemardims: lbragstad may be able to help on that one17:51
lbragstadstevemar did i break something?17:51
dimslbragstad : not at all, i just added a dsvm with py35 job for functional tests in keystone and saw an issue17:54
lbragstaddims aha - yep i see it now17:54
dimslbragstad :
lbragstadValueError: bytes is not a 16-char string17:54
dimstrying that17:54
dimslbragstad : possibly points to a gap in unit test under py3x?17:56
lbragstaddims yes - possibly17:56
*** asettle has quit IRC17:58
*** aleph1 is now known as agarner17:59
stevemarlbragstad: dims probably :)18:01
*** browne has joined #openstack-keystone18:06
*** chris_hultin|AWA is now known as chris_hultin18:11
openstackgerritSteve Martinelli proposed openstack/keystone: Remove unused exceptions from CADF notifications
stevemarrodrigods: ^18:11
*** jaugustine has joined #openstack-keystone18:12
*** jaugustine has quit IRC18:17
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
gagehugostevemar: thanks, I grabbed the wrong link18:27
stevemargagehugo: happens ^_^18:27
dimsstevemar : lbragstad : digging deeper, it does not seem like a conversion issue. so just going to print it now
*** jaugustine has joined #openstack-keystone18:29
*** adrian_otto has quit IRC18:33
*** spilla has joined #openstack-keystone18:38
*** spzala has quit IRC18:40
*** spzala has joined #openstack-keystone18:41
*** spzala has quit IRC18:44
*** spzala has joined #openstack-keystone18:44
*** jaugustine has quit IRC18:48
*** jaugustine has joined #openstack-keystone18:49
*** pcaruana has quit IRC18:52
*** jaugustine has quit IRC18:53
*** asettle has joined #openstack-keystone18:53
*** adrian_otto has joined #openstack-keystone18:55
dimslbragstad : stevemar : looks like we are trying to make a uuid out of b'default'18:55
dimslbragstad : stevemar :
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
ayoungdims, I think that should be defa417-8e85-4139-b75a-66e9577da9f119:00
*** spzala has quit IRC19:01
dimscould be a problem comparing strings and bytes ayoung (payload[2] == CONF.identity.default_domain_id), trying that first19:01
openstackgerritBrant Knudson proposed openstack/keystone: Correct timestamp format in token responses
raroraHi, we were looking into possibly adding bandit to the Cinder gate and were trying to ask around about how it has been for Keystone so far. Has anyone had issues with it and is there a list of commonly nosec'd items?19:03
openstackgerritBrant Knudson proposed openstack/keystone: Correct timestamp format in token responses
openstackgerritBrant Knudson proposed openstack/keystone: Correct timestamp format in token responses
lbragstaddims weird - i thought we had a fix for that somewhere...19:09
lbragstaddims digging through the code quick19:10
openstackgerritgordon chung proposed openstack/pycadf: cleanup string
*** jaugustine has joined #openstack-keystone19:11
lbragstaddims these are the relevant bits on token creation -
lbragstadi swore there was a method in the token formatter that returned a tuple of (b_domain_id, True/False) depending on if the value was actually converted successfully or not19:14
dimslbragstad : i am trying to fix line 41219:15
dimsdomain_id seems to be b'default' and that's being compared to a string19:15
lbragstadit would return ('default', False) and ('\xff@>\x83\x9a\xf0E\xfb\x80\xbe\x99(\xe7\x8fN{', True)19:15
lbragstaddims and this is specific to py3 still?19:15
dimsgive me about 3-4 mins to confirm. watching zuul19:16
openstackgerritBrant Knudson proposed openstack/keystone: Correct invalid rst in api docs
lbragstaddims we could use this method -
*** jaugustine has quit IRC19:22
bretonBindings for OpenStack Identity v2.0 API for the Elixir language19:22
*** jaugustine has joined #openstack-keystone19:23
stevemarbreton: elixer eh19:24
dimslbragstad : looks like past the point where it failed last "if payload[2] == six.b(CONF.identity.default_domain_id):" seems to have worked19:27
*** jaugustine has quit IRC19:28
*** adrian_otto has quit IRC19:28
*** adrian_otto has joined #openstack-keystone19:29
lbragstaddims oh - so it's failing the comparison because CONF.identity.default_domain_id isn't actually bytes19:29
dimsah cool. now we have more things to fix :)
dimshmm, probably the same spot for most of the failures19:31
*** spzala has joined #openstack-keystone19:32
lbragstaddims yeah - they all looks the same with the exception of test_request_unscoped_token (which was a 409?) but that seems like a failure from a tainted test environment19:32
oomichilbragstad: sorry, I missed your ping19:35
*** spzala_ has joined #openstack-keystone19:35
oomichilbragstad: I did put my comment again on
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
*** sudorandom has quit IRC19:36
*** kevinbenton has quit IRC19:36
*** raginbajin has quit IRC19:36
*** woodburn has quit IRC19:36
*** lifeless has quit IRC19:36
*** slunkad has quit IRC19:36
*** cburgess has quit IRC19:36
*** rodrigods has quit IRC19:36
*** raj_singh has quit IRC19:36
*** d34dh0r53 has quit IRC19:36
*** yarkot has quit IRC19:36
*** eglute has quit IRC19:36
*** r1chardj0n3s_afk has quit IRC19:36
*** nonameentername has quit IRC19:36
lbragstadoomichi o/19:36
*** sudorandom has joined #openstack-keystone19:36
oomichimaybe it is not good to put comment on merged spec19:36
*** rodrigods has joined #openstack-keystone19:36
*** eglute has joined #openstack-keystone19:36
*** _nonameentername has joined #openstack-keystone19:36
*** woodburn has joined #openstack-keystone19:36
*** d34dh0r53 has joined #openstack-keystone19:36
*** spzala has quit IRC19:36
*** slunkad has joined #openstack-keystone19:36
*** cburgess has joined #openstack-keystone19:36
*** lifeless has joined #openstack-keystone19:36
lbragstadoomichi i've been looking to visit with someone from nova about the oslo.policy work19:36
lbragstadand just policy in general19:36
lbragstadoomichi would that be you :)19:36
*** kevinbenton has joined #openstack-keystone19:37
*** r1chardj0n3s has joined #openstack-keystone19:37
oomichilbragstad: haha, but that is not me, I will try to get specialist from nova side into the keystone-spec19:38
*** raginbajin has joined #openstack-keystone19:38
lbragstadoomichi cool - off the top of your head, do you know who that would be?19:38
oomichialex_xu: maybe is interesting for you :)19:38
oomichilbragstad: ^^^ is19:39
lbragstadoomichi nice! i'm going to try and sit down with johnthetubaguy tomorrow, too19:39
*** yarkot has joined #openstack-keystone19:39
oomichilbragstad: oh, cool. yeah johnthetubaguy also is good at that :)19:40
lbragstadoomichi awesome - it's good to know that I have the right names :)19:40
lbragstadbut - up to this points it's mostly been keystone folks driving it. it would be awesome for some nova representation since you folks have some relevant experience with the oslo.policy work19:42
*** raj_singh has joined #openstack-keystone19:44
openstackgerritayoung proposed openstack/keystone: Refactor Authorization:
*** jperry has joined #openstack-keystone19:46
openstackgerritayoung proposed openstack/keystone: Refactor is_admin
openstackgerritayoung proposed openstack/keystone: Add is_admin_project check to policy.json
ayoungoomichi, on the policy thing, I was well aware that Nova's API makes it impossible to enforce RBAC on each individual action.19:47
ayoungI would prefer Nova rewrite its APIs to something more RESTful and less of a RPC-over-JSON-HTTP but we could, in the future, add code that enforces policy based on the payload.  You can understand why I want to avoid that up front though, right?19:49
*** jaugustine has joined #openstack-keystone19:49
*** ayoung is now known as ayoung-afk19:52
oomichiayoung-afk: yeah, I can understand your saying. Maybe we will be able to make Nova API like that after super huge version number of Nova's microversions.19:54
*** adrian_otto has quit IRC19:56
oomichiayoung-afk: but there are so many users of existing Nova API, so I don't think it is easy to apply the keystone-spec way to Nova without considering current Nova's action APIs and microversions19:56
*** adrian_otto has joined #openstack-keystone19:57
lbragstadoomichi would that make using the http verb + url pattern a non-starter for nova in your opinion?20:00
oomichilbragstad: sorry I cannot get "non-starter" meaning20:02
lbragstadoomichi would the inability to distinguish operations using url patterns and http verb significantly hinder nova's ability to adopt this policy flow?20:03
*** spilla has quit IRC20:03
oomichilbragstad: ah, I got it now from google. yeah, the combination cannot cover Nova's one20:04
lbragstadoomichi but - if we left it to the existing operation names, that would work20:04
lbragstadie compute:migrate or compute:live_migrate, etc...20:04
oomichilbragstad: humm, how to see the operation name(compute:migrate) from the keystone middleware?20:07
oomichilbragstad: from request body?20:07
*** jessegler has joined #openstack-keystone20:09
oomichior you are saying to add "the existing operation name" to the URL of Nova API?20:09
*** asettle has quit IRC20:10
*** jperry has quit IRC20:10
*** nkinder has quit IRC20:11
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5
lbragstadwell - kinda of20:19
lbragstadoomichi keystonemiddleware would ask keystone for all the roles that can perform compute:migrate20:20
lbragstadoomichi which happens in one way or another today, doesn't it?20:21
lbragstadoomichi because the service has to know the some specific URL means compute:migrate in order to pass that as the target to oslo.policy.20:21
*** nkinder has joined #openstack-keystone20:37
*** d0ugal has quit IRC20:39
*** lamt has quit IRC20:39
*** spzala_ has quit IRC20:42
*** d0ugal has joined #openstack-keystone20:55
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: Fix issues with keystone-dsvm-py35-functional-v3-only on py35
dimslbragstad : stevemar : am making progress. down to 1-2 failures21:00
lbragstaddims checking out the latest revision21:01
*** jaugustine has quit IRC21:02
*** spzala has joined #openstack-keystone21:06
*** ayoung-afk is now known as ayoung21:12
*** asettle has joined #openstack-keystone21:14
openstackgerritMerged openstack/pycadf: cleanup string
*** spzala has quit IRC21:19
morganjamielennox: you here?21:21
*** jessegler has quit IRC21:29
dimslbragstad : ok, reached my limit here i think. 2 test failures left. looks like a foreign key deletion issue?
dimsstevemar : ^21:30
lbragstaddims that looks related to
lbragstadstevemar ^21:33
dimsah cool. let me throw a depends on and check21:34
dimsah the py27 run shows it too
dimsso looks like we have our very first dsvm functional test!21:35
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: Fix issues with keystone-dsvm-py35-functional-v3-only on py35
openstackgerritSteve Martinelli proposed openstack/keystone: Correct invalid rst in api docs
lbragstaddims sweet!21:39
lbragstadrodrigods ping21:39
*** adrian_otto1 has joined #openstack-keystone21:42
dims#success Keystone now has Devstack based functional test with everything running under python3.521:44
openstackstatusdims: Added success to Success page21:44
stevemardims just did our Pike goal for us21:44
dhellmanndims, you're a machine21:44
dimsstevemar : lol, that's just 30 tests :)21:44
* lbragstad hands dims a crisp high-five21:45
dimsdhellmann : thanks! :)21:45
*** adrian_otto has quit IRC21:45
dimsall the heavy lifting was already over by the time i showed up dhellmann :)21:45
dimsthanks lbragstad21:45
dimskudos to the keystone team!21:46
*** adrian_otto1 has quit IRC21:47
jamielennoxmorgan: yep21:50
*** lamt has joined #openstack-keystone21:50
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use
morganjamielennox: so question for you21:53
morganjamielennox: i'm trying to replace the auth plugin in an active session21:53
morganjamielennox: but it seems to not be working correctly. afaict i just need to do session.auth = new plugin then session.invalidate and session.get_token should then re-auth21:53
morganthis is for a test fixture.21:54
morganjamielennox: problem is i keep getting 401s on the last step21:54
jamielennoxmorgan: i mean you shouldn't even need the invalidate because the caching is done on the plugin21:54
jamielennoxmorgan: the better way to do this though is pass both to the client21:54
morganright. just to be sure i was doing invalidate21:54
morganthis is a test fixture in shade21:54
morganpassing this all to a client is a bad idea21:54
morganthe session may be used by multiple clients, i need to override the scope of the token21:55
jamielennoxclients should just wokr with the adapter, and the adapter lets you do Adapter(session=session, auth=auth) and it will use that auth instead21:55
morganso assume i have no control over the clients, just the test case21:55
jamielennoxthen i'm surprised replacing session.auth isn't sufficient, the only thing being cached on the session is version discovery21:55
morganand i know we share the test_case.operator_cloud._keystone_session21:55
jamielennoxunless something else is passing a different auth to a client higher up and your session.auth is being ignored21:56
morganthat is the traceback21:57
morganand i'm getting it in "override scope"21:57
morgani am wondering if some other thing is silently being ignored along the way21:57
lbragstadrodrigods isn't affecting things in master is it?22:00
jamielennoxis test_instance a mock of some sort?22:00
jamielennoxmorgan: i pulled that review and tox completed successfully22:02
morganit isn't run via tox22:02
morganit is run via functional22:02
morganagainst a devstack22:02
*** adrian_otto has joined #openstack-keystone22:03
morganinternally the data structures are fine afaict22:03
jamielennoxah, ok, it looked live i just thought you had a lot of mocking in there22:03
morganit would be easier if it wasn't functional22:03
jamielennoxi don't think i have a devstack atm22:03
morganbut i need an actual keystone response here, mocking isn't the best choice.22:03
jamielennoxso my next step would be to put a pdb of some sort in there and see which plugin object is receiving the get_token22:04
morgani might just toss in some hard exception handling22:04
morgani dont have a devstack that works with shade atm locally22:04
morganbeen leaning on the gate22:04
jamielennoxbut unless something in shade/occ is keeping another reference to the auth plugin somewhere replacing session.auth should be fine22:04
morganmaybe shade is passing auth= directly... seems odd though22:05
jamielennoxi have in the past figured out how to have devstack install a shade, but it was a while ago22:05
* morgan goes to look deeper22:05
jamielennoxmorgan: seems unlikely, it looks like it's relying on OCC to produce that22:05
morganwhich should be fine then22:05
morganif OCC is doing something weird though...22:06
morganjamielennox: thanks. you've confirmed I'm not crazy22:06
*** edtubill has quit IRC22:06
morganjamielennox: i was worried i was missing something obvious22:06
jamielennoxmorgan: that would be too easy22:07
morgani'm passing tenant_id and it's expecting project_id?22:07
morganbut in that case, it should offer an unscoped token, no?22:07
*** ravelar has quit IRC22:07
jamielennoxwhat s the plugin type?22:09
jamielennoxthat hsould be fine then22:09
*** ravelar has joined #openstack-keystone22:11
*** guoshan has joined #openstack-keystone22:14
openstackgerritGage Hugo proposed openstack/keystone: Allow user to change own expired password
*** asettle has quit IRC22:15
tonybCan someone take a quick look at and point me in the right direction of things to check that might cause that failure?22:18
tonybit isn't a keystone problem but I just don't know what to look for in the job config/ setup that might cause that22:18
*** guoshan has quit IRC22:19
rodrigodslbragstad, only affects the functional tests22:23
rodrigodsthe portion that runs against the v3-only job22:23
lbragstadrodrigods interesting - it looks like that is the issue dims hit in the py3 stuff22:24
dimslbragstad : rodrigods : "Job complete, result: SUCCESS"
lbragstaddims aha - so the patch rodrigods has up addresses those last couple failures!22:25
rodrigodslet me fix rderose comments22:25
rodrigodsshould be sending a patchset in a few minutes22:25
lbragstadrodrigods i have a bunch of comments coming too22:26
rodrigodslbragstad, hmm ok22:26
rodrigodsso i'll wait for them22:26
* lbragstad hurries 22:26
* rodrigods goes to have dinner22:26
openstackgerritGage Hugo proposed openstack/keystone: Allow user to change own expired password
rodrigodslbragstad, don't rush, will fix it later tonight22:26
lbragstadrodrigods perfect - enjoy supper22:27
*** dave-mccowan has quit IRC22:28
openstackgerritMerged openstack/keystone: Remove unused exceptions from CADF notifications
*** ravelar has quit IRC22:39
*** dave-mccowan has joined #openstack-keystone22:40
*** edmondsw has quit IRC22:41
*** edmondsw has joined #openstack-keystone22:42
*** edmondsw has quit IRC22:47
*** edmondsw has joined #openstack-keystone22:48
openstackgerritMerged openstack/keystone: Minor improvement in test_user_id_persistence
*** openstack has joined #openstack-keystone22:53
openstackgerritGage Hugo proposed openstack/keystone: Fixed 7 tests running twice in v3 identity
*** dave-mccowan has quit IRC23:00
*** jaugustine has joined #openstack-keystone23:04
*** agrebennikov has quit IRC23:08
*** jaugustine has quit IRC23:10
*** jamielennox is now known as jamielennox|away23:11
*** jamielennox|away is now known as jamielennox23:14
*** spzala has joined #openstack-keystone23:17
*** chris_hultin is now known as chris_hultin|AWA23:19
*** edmondsw has joined #openstack-keystone23:32
*** bandrus has quit IRC23:34
*** bandrus has joined #openstack-keystone23:35
*** bandrus has left #openstack-keystone23:37
*** edmondsw has quit IRC23:37
*** spzala has quit IRC23:42
*** spzala has joined #openstack-keystone23:45
*** lamt has quit IRC23:48
*** bandrus has joined #openstack-keystone23:52

Generated by 2.14.0 by Marius Gedminas - find it at!