Wednesday, 2017-01-04

*** spzala has quit IRC		00:02
*** spzala has joined #openstack-keystone		00:02
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies https://review.openstack.org/416249	00:17
samueldmq	stevemar ^ added the release note. it had a +2 from Jamie already	00:18
*** phalmos has quit IRC		00:19
*** ravelar has quit IRC		00:22
*** agrebennikov has quit IRC		00:22
*** jose-phillips has quit IRC		00:25
*** jaugustine has quit IRC		00:26
*** jaugustine has joined #openstack-keystone		00:26
*** jaugustine has quit IRC		00:30
*** nkinder has quit IRC		00:38
*** guoshan has joined #openstack-keystone		00:45
*** guoshan has quit IRC		00:50
*** itisha has quit IRC		00:52
*** hoangcx has joined #openstack-keystone		00:53
*** ayoung has quit IRC		00:53
*** adrian_otto has joined #openstack-keystone		01:02
*** esp has quit IRC		01:02
*** trananhkma has joined #openstack-keystone		01:12
*** liujiong has joined #openstack-keystone		01:19
openstackgerrit	Merged openstack/keystone: Remove CONF.domain_id_immutable https://review.openstack.org/416267	01:24
*** esp has joined #openstack-keystone		01:27
*** guoshan has joined #openstack-keystone		01:37
*** chris_hultin\|AWA is now known as chris_hultin		01:50
*** chris_hultin is now known as chris_hultin\|AWA		01:51
*** dave-mccowan has joined #openstack-keystone		01:52
stevemar	samueldmq: ++	01:53
*** esp has quit IRC		01:57
*** browne has quit IRC		02:01
*** dave-mcc_ has joined #openstack-keystone		02:06
*** ianw is now known as ianw_pto		02:07
*** dave-mccowan has quit IRC		02:08
*** guoshan has quit IRC		02:12
*** trananhkma has quit IRC		02:12
*** dave-mcc_ has quit IRC		02:33
*** dave-mccowan has joined #openstack-keystone		02:39
*** trananhkma has joined #openstack-keystone		02:54
*** dave-mccowan has quit IRC		03:01
*** guoshan has joined #openstack-keystone		03:16
*** nkinder has joined #openstack-keystone		03:30
*** nklenke has quit IRC		03:33
*** nkinder has quit IRC		03:35
openstackgerrit	Steve Martinelli proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies https://review.openstack.org/416249	03:38
*** mvk has quit IRC		03:38
stevemar	bknudson: want me to update https://review.openstack.org/#/c/416372/ to include the v2 bits i mentioned?	03:39
*** nklenke has joined #openstack-keystone		03:48
*** jamielennox is now known as jamielennox\|away		03:51
*** links has joined #openstack-keystone		03:56
*** jamielennox\|away is now known as jamielennox		03:59
*** guoshan has quit IRC		04:02
*** spzala has quit IRC		04:16
*** guoshan has joined #openstack-keystone		04:38
*** nicolasbock has joined #openstack-keystone		04:42
*** guoshan has quit IRC		04:43
*** adriant has quit IRC		04:48
openstackgerrit	Steve Martinelli proposed openstack/keystoneauth: Prevent MemoryError when logging response bodies https://review.openstack.org/416249	04:52
*** udesale has joined #openstack-keystone		05:42
*** mvk has joined #openstack-keystone		05:50
*** mvk has quit IRC		06:11
*** udesale has quit IRC		06:18
*** udesale has joined #openstack-keystone		06:20
*** guoshan has joined #openstack-keystone		06:22
*** richm has quit IRC		06:42
*** pcaruana has joined #openstack-keystone		06:51
*** adrian_otto has quit IRC		07:00
openstackgerrit	Merged openstack/keystoneauth: Prevent MemoryError when logging response bodies https://review.openstack.org/416249	07:08
*** rcernin has joined #openstack-keystone		07:15
*** tesseract has joined #openstack-keystone		07:18
*** stingaci has quit IRC		07:18
openstackgerrit	Shan Guo proposed openstack/keystone: [api] relationship links result in 404 https://review.openstack.org/416470	08:05
*** liujiong has quit IRC		08:28
*** liujiong has joined #openstack-keystone		08:29
*** stingaci has joined #openstack-keystone		08:50
*** stingaci has quit IRC		08:56
*** zzzeek has quit IRC		09:00
*** zzzeek has joined #openstack-keystone		09:00
*** asettle has joined #openstack-keystone		09:33
*** tobberydberg has joined #openstack-keystone		10:04
*** tobberydberg_ has joined #openstack-keystone		10:10
*** tobberydberg has quit IRC		10:12
*** tobberydberg_ is now known as tobberydberg		10:12
*** guoshan has quit IRC		10:13
*** mvk has joined #openstack-keystone		10:19
*** liujiong has quit IRC		10:30
*** hoangcx has quit IRC		10:35
*** stingaci has joined #openstack-keystone		10:52
*** tobberydberg has quit IRC		10:53
*** udesale has quit IRC		10:53
*** stingaci has quit IRC		10:57
*** links has quit IRC		10:57
*** jdennis1 has joined #openstack-keystone		11:07
*** jdennis has quit IRC		11:08
*** richm has joined #openstack-keystone		11:13
*** ayoung has joined #openstack-keystone		11:20
*** ChanServ sets mode: +v ayoung		11:20
*** links has joined #openstack-keystone		11:21
samueldmq	morning keystone	11:46
*** jperry has joined #openstack-keystone		11:57
*** catintheroof has joined #openstack-keystone		12:14
stevemar	morning samueldmq o/	12:24
samueldmq	stevemar: o/	12:24
*** openstackgerrit has quit IRC		12:33
*** nishaYadav has joined #openstack-keystone		12:39
*** nishaYadav has quit IRC		12:40
*** jperry has quit IRC		12:41
*** udesale has joined #openstack-keystone		12:55
*** dave-mccowan has joined #openstack-keystone		13:08
*** edmondsw has joined #openstack-keystone		13:16
*** itisha has joined #openstack-keystone		13:21
dims	stevemar : samueldmq : breton : WDYT? https://review.openstack.org/#/c/416550/	13:28
samueldmq	dims: what does that buy us ?	13:30
dims	samueldmq : all the keystone processes are running under python3	13:31
dims	so far we don't have a test where we use python3 to run stuff	13:31
samueldmq	dims: so why don't we just convert the other gate to use py3 ?	13:32
samueldmq	dims: your point is fair enough	13:32
samueldmq	dims: that's a possibility, I can leave a comment and see what others think too	13:33
dims	want to do both in parallel (esp since this one switches off swift)	13:33
dims	thanks!	13:33
samueldmq	dims: nice, is this experiment going on in other projects too ? or just keystone to start ?	13:33
*** lamt has joined #openstack-keystone		13:34
dims	started with devstack (up/down test), now keystone is the next logical choice	13:34
dims	:)	13:34
samueldmq	dims: kk	13:36
samueldmq	dims: any reason you've picked that job specifically ?	13:36
samueldmq	dims: there is also gate-keystone-dsvm-functional-ubuntu-xenial	13:36
stevemar	dims: do it please! :)	13:36
samueldmq	dims: v3 is default in devstack now, I am not sure gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv keeps buying us anything	13:36
dims	samueldmq : since v3 is default :)	13:36
samueldmq	dims: yes, that's what I mean	13:37
samueldmq	stevemar: would you be okay to remove gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv (given v3 is default now)	13:37
dims	samueldmq : let me experiment a bit then we can figure out which ones we can turn off	13:37
stevemar	dims: i'm interested to see if memcache and ldap actually work	13:37
stevemar	samueldmq: replace it with v2?	13:37
dims	stevemar : dunno if ldap kicks in on that one	13:37
stevemar	dims: probably not	13:37
stevemar	dims: but we'll add it eventually and we'll get it for free	13:37
dims	for now samueldmq, i just need a job to experiment :)	13:38
dims	++ stevemar	13:38
samueldmq	stevemar: no. we already have gate-keystone-dsvm-functional-ubuntu-xenial	13:38
samueldmq	stevemar: and gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv	13:38
samueldmq	but as v3 is default, we can remove the latter	13:38
stevemar	samueldmq: as long we don't lose anything, go ahead and remove it	13:39
dims	i am bad at the project-config stuff, so this seemed the easiest for me to clone as well :)	13:39
samueldmq	dims: ++	13:39
dims	right	13:39
samueldmq	stevemar: dims: let's get that in as it is. I can look at the other job later and remove it and update the new one as necessary	13:39
samueldmq	makes sense ?	13:39
dims	works for me!	13:40
*** nklenke has quit IRC		13:41
*** jdennis1 has quit IRC		13:41
*** jdennis has joined #openstack-keystone		13:41
*** openstackgerrit has joined #openstack-keystone		13:42
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: DO NOT MERGE: Testing new gate https://review.openstack.org/416551	13:42
samueldmq	stevemar: dims: ^	13:42
samueldmq	:)	13:42
dims	samueldmq : unfortunately new jobs don't kick in that way :(	13:42
dims	stevemar : need your ack on https://review.openstack.org/#/c/416550/ :)	13:43
samueldmq	dims: ah, so we need to get that in first. it has my +1 already anyways	13:43
*** nklenke has joined #openstack-keystone		13:46
dims	thanks!	13:46
rodrigods	stevemar, regarding https://review.openstack.org/#/c/415906/, is there a way to skip a test in the controller layer if the backend is sqlalchemy?	13:59
*** Nakato has quit IRC		14:00
*** Nakato has joined #openstack-keystone		14:00
rodrigods	stevemar, sqlite*	14:04
stevemar	rodrigods: hmm, the DB type probably isnt surfaced at that level	14:07
stevemar	rodrigods: i thought our tests run against mysql ?	14:07
stevemar	or did we not actually change that yet	14:07
rodrigods	stevemar, we have jobs that run against sqlite and mysql	14:07
rodrigods	the mysql ones are the *-db	14:07
rodrigods	stevemar, hmm which seems to be the case? heh	14:09
rodrigods	that's odd because we would need to install mysql for keystone development locally :P	14:09
*** agrebennikov has joined #openstack-keystone		14:10
stevemar	rodrigods: i suppose you could check 'if self.engine.name == "..."' after mixing in the `from oslo_db.sqlalchemy import test_base`	14:11
stevemar	'test_base.DbTestCase' may set self.engine for you	14:11
rodrigods	stevemar, hmm	14:11
rodrigods	i was looking for that	14:11
rodrigods	stevemar, it seems a bit hacky, though	14:12
rodrigods	stevemar, are you ok with sending the API layer test in a follow up patch? so we can get feedback?	14:12
stevemar	rodrigods: yeah, maybe just check if the thing protocol was deleted, pass. otherwise ....	14:12
rodrigods	stevemar, hmm right!	14:13
rodrigods	that should work	14:13
rodrigods	in both sqlite and mysql	14:13
stevemar	rodrigods: haha, i wasn't done my sentence, but i think you figured something out	14:13
stevemar	so go forth	14:13
*** jperry has joined #openstack-keystone		14:16
*** nkinder has joined #openstack-keystone		14:17
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	14:19
*** jperry has quit IRC		14:28
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Cascade delete federated_user fk https://review.openstack.org/415906	14:32
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Minor improvement in test_user_id_persistence https://review.openstack.org/416568	14:32
*** udesale has quit IRC		14:44
*** phalmos has joined #openstack-keystone		14:48
*** phalmos_ has joined #openstack-keystone		14:51
*** phalmos has quit IRC		14:54
*** links has quit IRC		14:59
*** udesale has joined #openstack-keystone		15:00
*** masterjcool has quit IRC		15:03
*** adrian_otto has joined #openstack-keystone		15:06
*** zzzeek has quit IRC		15:13
*** adrian_otto1 has joined #openstack-keystone		15:14
*** zzzeek has joined #openstack-keystone		15:14
*** edtubill has joined #openstack-keystone		15:15
*** masterjcool has joined #openstack-keystone		15:15
*** chris_hultin\|AWA is now known as chris_hultin		15:15
*** spzala has joined #openstack-keystone		15:16
*** adrian_otto has quit IRC		15:17
*** udesale has quit IRC		15:25
*** chris_hultin is now known as chris_hultin\|AWA		15:25
*** udesale has joined #openstack-keystone		15:25
*** frickler has quit IRC		15:29
*** Guest66666 has quit IRC		15:29
*** frickler has joined #openstack-keystone		15:29
*** Guest66666 has joined #openstack-keystone		15:29
*** udesale has quit IRC		15:35
lbragstad	just reminder that we'll be having the policy meeting in #openstack-meeting-cp in 24 minutes	15:37
*** jaugustine has joined #openstack-keystone		15:45
*** asettle has quit IRC		15:45
*** chris_hultin\|AWA is now known as chris_hultin		15:45
*** asettle has joined #openstack-keystone		15:46
*** mvk has quit IRC		15:48
*** adrian_otto has joined #openstack-keystone		15:50
*** adrian_otto1 has quit IRC		15:51
stevemar	lbragstad: now in 6 minutes	15:54
lbragstad	stevemar yessir!	15:56
*** sheel has quit IRC		15:57
*** Marcellin__ has joined #openstack-keystone		16:01
lbragstad	ping raildo, ktychkova, dolphm, dstanek, rderose, htruta, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan, ayoung, stevemar	16:03
lbragstad	policy meeting in #openstack-meeting-cp for those who want to attend	16:03
*** ravelar has joined #openstack-keystone		16:05
*** rcernin has quit IRC		16:09
*** rarora has joined #openstack-keystone		16:12
*** stingaci has joined #openstack-keystone		16:19
*** jose-phillips has joined #openstack-keystone		16:27
*** guoshan has joined #openstack-keystone		16:27
*** guoshan has quit IRC		16:32
*** haplo37_ has quit IRC		16:42
openstackgerrit	Gage Hugo proposed openstack/keystone: Remove unused exceptions from CADF notifications https://review.openstack.org/413822	16:43
*** edmondsw_ has joined #openstack-keystone		16:45
*** edmondsw_ has quit IRC		16:45
*** haplo37_ has joined #openstack-keystone		16:45
ayoung	lbragstad, wasn't ken'ichi supposed to participate?	17:01
lbragstad	ayoung i've pinged oomichi - but I haven't had a response yet	17:01
ayoung	lbragstad, and he is the only person outside our little group that has provided feedback	17:01
lbragstad	and that's just part of cross project communication since so many of us on are different schedules	17:01
lbragstad	I've had some great conversations with cinder about policy so far	17:02
lbragstad	but unfortunately the policy meeting is scheduled at the same time as their team meeting	17:02
ayoung	lbragstad, the problem is that policy is the wrong term	17:03
ayoung	edmondsw, are you workimng on the 968696 fix for nova?	17:04
lbragstad	dolphm stevemar dstanek it sounded like the options we had for documenting this was 1.) cross project spec and 2.) a community goal	17:04
edmondsw	ayoung I haven't been able to get back to it yet	17:04
lbragstad	and 3.) i guess would be some sort of working group approach	17:05
ayoung	lbragstad, get that fixed, foremost. The rest is an afterthought	17:06
ayoung	https://review.openstack.org/#/c/384148/	17:06
ayoung	https://review.openstack.org/#/c/384655/	17:06
ayoung	amd the whole chain for keystone	17:06
*** zhugaoxiao has quit IRC		17:07
ayoung	https://review.openstack.org/#/c/257636/9	17:07
*** zhugaoxiao has joined #openstack-keystone		17:07
ayoung	lbragstad, if you really want to fix policy, focus on that first	17:07
ayoung	https://review.openstack.org/#/c/387161/7	17:07
*** jaugustine has quit IRC		17:10
*** esp has joined #openstack-keystone		17:13
*** nishaYadav has joined #openstack-keystone		17:14
*** nishaYadav has quit IRC		17:14
*** mvk has joined #openstack-keystone		17:21
*** tesseract has quit IRC		17:21
dims	samueldmq : stevemar : any takers for a py35 bug in keystone? http://logs.openstack.org/00/412500/10/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/44dab9c/logs/apache/keystone.txt.gz#_2017-01-04_17_18_56_713	17:24
dims	:)	17:24
dims	quite easy one	17:24
* dims rolls up my sleeve		17:28
*** nicolasbock has quit IRC		17:34
*** chris_hultin is now known as chris_hultin\|AWA		17:36
mtreinish	dims: heh, yeah bytes is only 5 characters :p	17:36
dims	LOL	17:37
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	17:38
dims	mtreinish : while i have you, this is expected right? http://logs.openstack.org/00/412500/10/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/44dab9c/logs/tempest.txt.gz#_2017-01-04_17_18_56_718	17:43
dims	mtreinish : given the problem in the keystone.txt above that is	17:43
mtreinish	dims: yeah, if keystone is returning 500 tempest should raise like that	17:44
dims	thanks, just making sure	17:44
stevemar	dims: oh hai	17:50
stevemar	dims: lbragstad may be able to help on that one	17:51
lbragstad	stevemar did i break something?	17:51
dims	lbragstad : not at all, i just added a dsvm with py35 job for functional tests in keystone and saw an issue	17:54
lbragstad	dims aha - yep i see it now	17:54
dims	lbragstad : https://review.openstack.org/#/c/412500/11/keystone/token/providers/fernet/token_formatters.py	17:54
lbragstad	ValueError: bytes is not a 16-char string	17:54
dims	trying that	17:54
dims	lbragstad : possibly points to a gap in unit test under py3x?	17:56
lbragstad	dims yes - possibly	17:56
*** asettle has quit IRC		17:58
*** aleph1 is now known as agarner		17:59
stevemar	lbragstad: dims probably :)	18:01
*** browne has joined #openstack-keystone		18:06
*** chris_hultin\|AWA is now known as chris_hultin		18:11
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove unused exceptions from CADF notifications https://review.openstack.org/413822	18:11
stevemar	rodrigods: ^	18:11
*** jaugustine has joined #openstack-keystone		18:12
*** jaugustine has quit IRC		18:17
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	18:24
gagehugo	stevemar: thanks, I grabbed the wrong link	18:27
stevemar	gagehugo: happens ^_^	18:27
dims	stevemar : lbragstad : digging deeper, it does not seem like a conversion issue. so just going to print it now https://review.openstack.org/#/c/412500/12/keystone/token/providers/fernet/token_formatters.py	18:27
*** jaugustine has joined #openstack-keystone		18:29
*** adrian_otto has quit IRC		18:33
*** spilla has joined #openstack-keystone		18:38
*** spzala has quit IRC		18:40
*** spzala has joined #openstack-keystone		18:41
*** spzala has quit IRC		18:44
*** spzala has joined #openstack-keystone		18:44
*** jaugustine has quit IRC		18:48
*** jaugustine has joined #openstack-keystone		18:49
*** pcaruana has quit IRC		18:52
*** jaugustine has quit IRC		18:53
*** asettle has joined #openstack-keystone		18:53
*** adrian_otto has joined #openstack-keystone		18:55
dims	lbragstad : stevemar : looks like we are trying to make a uuid out of b'default'	18:55
dims	lbragstad : stevemar : http://logs.openstack.org/00/412500/12/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/83df900/logs/apache/keystone.txt.gz#_2017-01-04_18_46_13_195	18:55
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	18:59
ayoung	dims, I think that should be defa417-8e85-4139-b75a-66e9577da9f1	19:00
ayoung	:)	19:00
*** spzala has quit IRC		19:01
dims	could be a problem comparing strings and bytes ayoung (payload[2] == CONF.identity.default_domain_id), trying that first	19:01
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct timestamp format in token responses https://review.openstack.org/416372	19:03
rarora	Hi, we were looking into possibly adding bandit to the Cinder gate and were trying to ask around about how it has been for Keystone so far. Has anyone had issues with it and is there a list of commonly nosec'd items?	19:03
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct timestamp format in token responses https://review.openstack.org/416372	19:04
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct timestamp format in token responses https://review.openstack.org/416372	19:05
lbragstad	dims weird - i thought we had a fix for that somewhere...	19:09
lbragstad	dims digging through the code quick	19:10
openstackgerrit	gordon chung proposed openstack/pycadf: cleanup string https://review.openstack.org/416710	19:10
*** jaugustine has joined #openstack-keystone		19:11
lbragstad	dims these are the relevant bits on token creation - https://github.com/openstack/keystone/blob/663865dfecb483f0ef6aa48749c0712779033dd7/keystone/token/providers/fernet/token_formatters.py#L408-L415	19:13
lbragstad	i swore there was a method in the token formatter that returned a tuple of (b_domain_id, True/False) depending on if the value was actually converted successfully or not	19:14
dims	lbragstad : i am trying to fix line 412	19:15
dims	domain_id seems to be b'default' and that's being compared to a string	19:15
lbragstad	it would return ('default', False) and ('\xff@>\x83\x9a\xf0E\xfb\x80\xbe\x99(\xe7\x8fN{', True)	19:15
lbragstad	dims and this is specific to py3 still?	19:15
dims	give me about 3-4 mins to confirm. watching zuul	19:16
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct invalid rst in api docs https://review.openstack.org/416711	19:17
lbragstad	dims we could use this method - https://github.com/openstack/keystone/blob/master/keystone/token/providers/fernet/token_formatters.py#L320	19:21
breton	https://hex.pm/packages/openstax_keystone	19:22
*** jaugustine has quit IRC		19:22
breton	Bindings for OpenStack Identity v2.0 API for the Elixir language	19:22
*** jaugustine has joined #openstack-keystone		19:23
stevemar	breton: elixer eh	19:24
dims	lbragstad : looks like past the point where it failed last "if payload[2] == six.b(CONF.identity.default_domain_id):" seems to have worked	19:27
*** jaugustine has quit IRC		19:28
*** adrian_otto has quit IRC		19:28
*** adrian_otto has joined #openstack-keystone		19:29
lbragstad	dims oh - so it's failing the comparison because CONF.identity.default_domain_id isn't actually bytes	19:29
dims	ah cool. now we have more things to fix :) http://logs.openstack.org/00/412500/13/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/e406282/logs/testr_results.html.gz	19:30
dims	hmm, probably the same spot for most of the failures	19:31
*** spzala has joined #openstack-keystone		19:32
lbragstad	dims yeah - they all looks the same with the exception of test_request_unscoped_token (which was a 409?) but that seems like a failure from a tainted test environment	19:32
oomichi	lbragstad: sorry, I missed your ping	19:35
*** spzala_ has joined #openstack-keystone		19:35
oomichi	lbragstad: I did put my comment again on https://review.openstack.org/#/c/391624	19:35
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	19:35
*** sudorandom has quit IRC		19:36
*** kevinbenton has quit IRC		19:36
*** raginbajin has quit IRC		19:36
*** woodburn has quit IRC		19:36
*** lifeless has quit IRC		19:36
*** slunkad has quit IRC		19:36
*** cburgess has quit IRC		19:36
*** rodrigods has quit IRC		19:36
*** raj_singh has quit IRC		19:36
*** d34dh0r53 has quit IRC		19:36
*** yarkot has quit IRC		19:36
*** eglute has quit IRC		19:36
*** r1chardj0n3s_afk has quit IRC		19:36
*** nonameentername has quit IRC		19:36
lbragstad	oomichi o/	19:36
*** sudorandom has joined #openstack-keystone		19:36
oomichi	maybe it is not good to put comment on merged spec	19:36
*** rodrigods has joined #openstack-keystone		19:36
*** eglute has joined #openstack-keystone		19:36
*** _nonameentername has joined #openstack-keystone		19:36
*** woodburn has joined #openstack-keystone		19:36
*** d34dh0r53 has joined #openstack-keystone		19:36
*** spzala has quit IRC		19:36
*** slunkad has joined #openstack-keystone		19:36
*** cburgess has joined #openstack-keystone		19:36
*** lifeless has joined #openstack-keystone		19:36
lbragstad	oomichi i've been looking to visit with someone from nova about the oslo.policy work	19:36
lbragstad	and just policy in general	19:36
lbragstad	oomichi would that be you :)	19:36
*** kevinbenton has joined #openstack-keystone		19:37
*** r1chardj0n3s has joined #openstack-keystone		19:37
oomichi	lbragstad: haha, but that is not me, I will try to get specialist from nova side into the keystone-spec	19:38
*** raginbajin has joined #openstack-keystone		19:38
lbragstad	oomichi cool - off the top of your head, do you know who that would be?	19:38
oomichi	alex_xu: maybe https://review.openstack.org/#/c/391624 is interesting for you :)	19:38
oomichi	lbragstad: ^^^ is	19:39
lbragstad	oomichi nice! i'm going to try and sit down with johnthetubaguy tomorrow, too	19:39
*** yarkot has joined #openstack-keystone		19:39
oomichi	lbragstad: oh, cool. yeah johnthetubaguy also is good at that :)	19:40
lbragstad	oomichi awesome - it's good to know that I have the right names :)	19:40
lbragstad	but - up to this points it's mostly been keystone folks driving it. it would be awesome for some nova representation since you folks have some relevant experience with the oslo.policy work	19:42
*** raj_singh has joined #openstack-keystone		19:44
openstackgerrit	ayoung proposed openstack/keystone: Refactor Authorization: https://review.openstack.org/387161	19:46
*** jperry has joined #openstack-keystone		19:46
openstackgerrit	ayoung proposed openstack/keystone: Refactor is_admin https://review.openstack.org/387710	19:46
openstackgerrit	ayoung proposed openstack/keystone: Add is_admin_project check to policy.json https://review.openstack.org/257636	19:46
ayoung	oomichi, on the policy thing, I was well aware that Nova's API makes it impossible to enforce RBAC on each individual action.	19:47
ayoung	I would prefer Nova rewrite its APIs to something more RESTful and less of a RPC-over-JSON-HTTP but we could, in the future, add code that enforces policy based on the payload. You can understand why I want to avoid that up front though, right?	19:49
*** jaugustine has joined #openstack-keystone		19:49
*** ayoung is now known as ayoung-afk		19:52
oomichi	ayoung-afk: yeah, I can understand your saying. Maybe we will be able to make Nova API like that after super huge version number of Nova's microversions.	19:54
*** adrian_otto has quit IRC		19:56
oomichi	ayoung-afk: but there are so many users of existing Nova API, so I don't think it is easy to apply the keystone-spec way to Nova without considering current Nova's action APIs and microversions	19:56
*** adrian_otto has joined #openstack-keystone		19:57
lbragstad	oomichi would that make using the http verb + url pattern a non-starter for nova in your opinion?	20:00
oomichi	lbragstad: sorry I cannot get "non-starter" meaning	20:02
lbragstad	oomichi would the inability to distinguish operations using url patterns and http verb significantly hinder nova's ability to adopt this policy flow?	20:03
*** spilla has quit IRC		20:03
oomichi	lbragstad: ah, I got it now from google. yeah, the combination cannot cover Nova's one	20:04
lbragstad	oomichi but - if we left it to the existing operation names, that would work	20:04
lbragstad	ie compute:migrate or compute:live_migrate, etc...	20:04
oomichi	lbragstad: humm, how to see the operation name(compute:migrate) from the keystone middleware?	20:07
oomichi	lbragstad: from request body?	20:07
*** jessegler has joined #openstack-keystone		20:09
oomichi	or you are saying to add "the existing operation name" to the URL of Nova API?	20:09
*** asettle has quit IRC		20:10
*** jperry has quit IRC		20:10
*** nkinder has quit IRC		20:11
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5 https://review.openstack.org/412500	20:15
lbragstad	well - kinda of	20:19
lbragstad	oomichi keystonemiddleware would ask keystone for all the roles that can perform compute:migrate	20:20
lbragstad	oomichi which happens in one way or another today, doesn't it?	20:21
lbragstad	oomichi because the service has to know the some specific URL means compute:migrate in order to pass that as the target to oslo.policy.	20:21
*** nkinder has joined #openstack-keystone		20:37
*** d0ugal has quit IRC		20:39
*** lamt has quit IRC		20:39
*** spzala_ has quit IRC		20:42
*** d0ugal has joined #openstack-keystone		20:55
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: Fix issues with keystone-dsvm-py35-functional-v3-only on py35 https://review.openstack.org/412500	20:59
dims	lbragstad : stevemar : am making progress. down to 1-2 failures	21:00
lbragstad	dims checking out the latest revision	21:01
*** jaugustine has quit IRC		21:02
*** spzala has joined #openstack-keystone		21:06
*** ayoung-afk is now known as ayoung		21:12
*** asettle has joined #openstack-keystone		21:14
openstackgerrit	Merged openstack/pycadf: cleanup string https://review.openstack.org/416710	21:15
*** spzala has quit IRC		21:19
morgan	jamielennox: you here?	21:21
*** jessegler has quit IRC		21:29
dims	lbragstad : ok, reached my limit here i think. 2 test failures left. looks like a foreign key deletion issue? http://logs.openstack.org/00/412500/16/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/a82a9e3/logs/apache/keystone.txt.gz	21:30
dims	stevemar : ^	21:30
lbragstad	dims that looks related to https://review.openstack.org/#/c/415906/	21:33
lbragstad	stevemar ^	21:33
dims	ah cool. let me throw a depends on and check	21:34
dims	ah the py27 run shows it too http://logs.openstack.org/00/412500/16/check/gate-keystone-dsvm-functional-v3-only-ubuntu-xenial-nv/5a2674f/logs/testr_results.html.gz	21:35
dims	so looks like we have our very first dsvm functional test!	21:35
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: Fix issues with keystone-dsvm-py35-functional-v3-only on py35 https://review.openstack.org/412500	21:36
openstackgerrit	Steve Martinelli proposed openstack/keystone: Correct invalid rst in api docs https://review.openstack.org/416711	21:39
lbragstad	dims sweet!	21:39
lbragstad	rodrigods ping	21:39
*** adrian_otto1 has joined #openstack-keystone		21:42
dims	#success Keystone now has Devstack based functional test with everything running under python3.5	21:44
openstackstatus	dims: Added success to Success page	21:44
stevemar	\o/	21:44
stevemar	dims just did our Pike goal for us	21:44
dhellmann	dims, you're a machine	21:44
dims	stevemar : lol, that's just 30 tests :)	21:44
* lbragstad hands dims a crisp high-five		21:45
dims	dhellmann : thanks! :)	21:45
*** adrian_otto has quit IRC		21:45
dims	all the heavy lifting was already over by the time i showed up dhellmann :)	21:45
dims	thanks lbragstad	21:45
dims	kudos to the keystone team!	21:46
*** adrian_otto1 has quit IRC		21:47
jamielennox	morgan: yep	21:50
*** lamt has joined #openstack-keystone		21:50
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Force users to immediately change their password upon first use https://review.openstack.org/403916	21:51
morgan	jamielennox: so question for you	21:53
morgan	jamielennox: i'm trying to replace the auth plugin in an active session	21:53
morgan	jamielennox: but it seems to not be working correctly. afaict i just need to do session.auth = new plugin then session.invalidate and session.get_token should then re-auth	21:53
morgan	this is for a test fixture.	21:54
morgan	jamielennox: problem is i keep getting 401s on the last step	21:54
jamielennox	morgan: i mean you shouldn't even need the invalidate because the caching is done on the plugin	21:54
jamielennox	morgan: the better way to do this though is pass both to the client	21:54
morgan	right. just to be sure i was doing invalidate	21:54
morgan	this is a test fixture in shade	21:54
morgan	passing this all to a client is a bad idea	21:54
morgan	the session may be used by multiple clients, i need to override the scope of the token	21:55
jamielennox	clients should just wokr with the adapter, and the adapter lets you do Adapter(session=session, auth=auth) and it will use that auth instead	21:55
morgan	so assume i have no control over the clients, just the test case	21:55
jamielennox	then i'm surprised replacing session.auth isn't sufficient, the only thing being cached on the session is version discovery	21:55
morgan	and i know we share the test_case.operator_cloud._keystone_session	21:55
jamielennox	unless something else is passing a different auth to a client higher up and your session.auth is being ignored	21:56
morgan	maybe?	21:56
morgan	here: https://review.openstack.org/#/c/410453/21	21:56
morgan	https://www.irccloud.com/pastebin/be1waUr4/	21:56
morgan	that is the traceback	21:57
morgan	and i'm getting it in "override scope"	21:57
morgan	i am wondering if some other thing is silently being ignored along the way	21:57
lbragstad	rodrigods https://review.openstack.org/#/c/415906/ isn't affecting things in master is it?	22:00
jamielennox	is test_instance a mock of some sort?	22:00
jamielennox	morgan: i pulled that review and tox completed successfully	22:02
morgan	it isn't run via tox	22:02
morgan	it is run via functional	22:02
morgan	against a devstack	22:02
*** adrian_otto has joined #openstack-keystone		22:03
morgan	internally the data structures are fine afaict	22:03
jamielennox	ah, ok, it looked live i just thought you had a lot of mocking in there	22:03
morgan	yeah.	22:03
morgan	it would be easier if it wasn't functional	22:03
jamielennox	i don't think i have a devstack atm	22:03
morgan	but i need an actual keystone response here, mocking isn't the best choice.	22:03
jamielennox	so my next step would be to put a pdb of some sort in there and see which plugin object is receiving the get_token	22:04
morgan	i might just toss in some hard exception handling	22:04
morgan	i dont have a devstack that works with shade atm locally	22:04
morgan	been leaning on the gate	22:04
jamielennox	but unless something in shade/occ is keeping another reference to the auth plugin somewhere replacing session.auth should be fine	22:04
morgan	maybe shade is passing auth= directly... seems odd though	22:05
jamielennox	i have in the past figured out how to have devstack install a shade, but it was a while ago	22:05
* morgan goes to look deeper		22:05
jamielennox	morgan: seems unlikely, it looks like it's relying on OCC to produce that	22:05
morgan	right	22:05
morgan	which should be fine then	22:05
morgan	if OCC is doing something weird though...	22:06
morgan	jamielennox: thanks. you've confirmed I'm not crazy	22:06
*** edtubill has quit IRC		22:06
morgan	jamielennox: i was worried i was missing something obvious	22:06
jamielennox	morgan: that would be too easy	22:07
morgan	unless...	22:07
morgan	i'm passing tenant_id and it's expecting project_id?	22:07
morgan	but in that case, it should offer an unscoped token, no?	22:07
*** ravelar has quit IRC		22:07
jamielennox	what s the plugin type?	22:09
morgan	generic.Password	22:09
jamielennox	that hsould be fine then	22:09
*** ravelar has joined #openstack-keystone		22:11
*** guoshan has joined #openstack-keystone		22:14
openstackgerrit	Gage Hugo proposed openstack/keystone: Allow user to change own expired password https://review.openstack.org/404022	22:15
*** asettle has quit IRC		22:15
tonyb	Can someone take a quick look at http://logs.openstack.org/94/409294/18/check/gate-oslo.messaging-dsvm-functional-py27-pika-ubuntu-xenial/866cd9d/logs/devstacklog.txt.gz#_2017-01-04_19_45_48_091 and point me in the right direction of things to check that might cause that failure?	22:18
tonyb	it isn't a keystone problem but I just don't know what to look for in the job config/ setup that might cause that	22:18
*** guoshan has quit IRC		22:19
rodrigods	lbragstad, only affects the functional tests	22:23
rodrigods	the portion that runs against the v3-only job	22:23
lbragstad	rodrigods interesting - it looks like that is the issue dims hit in the py3 stuff	22:24
dims	lbragstad : rodrigods : "Job complete, result: SUCCESS" http://logs.openstack.org/00/412500/17/check/gate-keystone-dsvm-py35-functional-v3-only-ubuntu-xenial-nv/2c62d4a/console.html	22:25
dims	yay	22:25
lbragstad	dims aha - so the patch rodrigods has up addresses those last couple failures!	22:25
rodrigods	hmm	22:25
dims	right	22:25
rodrigods	\o/	22:25
rodrigods	let me fix rderose comments	22:25
rodrigods	should be sending a patchset in a few minutes	22:25
lbragstad	rodrigods i have a bunch of comments coming too	22:26
rodrigods	lbragstad, hmm ok	22:26
rodrigods	so i'll wait for them	22:26
* lbragstad hurries		22:26
* rodrigods goes to have dinner		22:26
openstackgerrit	Gage Hugo proposed openstack/keystone: Allow user to change own expired password https://review.openstack.org/404022	22:26
rodrigods	lbragstad, don't rush, will fix it later tonight	22:26
lbragstad	rodrigods perfect - enjoy supper	22:27
*** dave-mccowan has quit IRC		22:28
openstackgerrit	Merged openstack/keystone: Remove unused exceptions from CADF notifications https://review.openstack.org/413822	22:33
*** ravelar has quit IRC		22:39
*** dave-mccowan has joined #openstack-keystone		22:40
*** edmondsw has quit IRC		22:41
*** edmondsw has joined #openstack-keystone		22:42
*** edmondsw has quit IRC		22:47
*** edmondsw has joined #openstack-keystone		22:48
openstackgerrit	Merged openstack/keystone: Minor improvement in test_user_id_persistence https://review.openstack.org/416568	22:48
*** openstack has joined #openstack-keystone		22:53
openstackgerrit	Gage Hugo proposed openstack/keystone: Fixed 7 tests running twice in v3 identity https://review.openstack.org/416765	22:58
*** dave-mccowan has quit IRC		23:00
*** jaugustine has joined #openstack-keystone		23:04
*** agrebennikov has quit IRC		23:08
*** jaugustine has quit IRC		23:10
*** jamielennox is now known as jamielennox\|away		23:11
*** jamielennox\|away is now known as jamielennox		23:14
*** spzala has joined #openstack-keystone		23:17
*** chris_hultin is now known as chris_hultin\|AWA		23:19
*** edmondsw has joined #openstack-keystone		23:32
*** bandrus has quit IRC		23:34
*** bandrus has joined #openstack-keystone		23:35
*** bandrus has left #openstack-keystone		23:37
*** edmondsw has quit IRC		23:37
*** spzala has quit IRC		23:42
*** spzala has joined #openstack-keystone		23:45
*** lamt has quit IRC		23:48
*** bandrus has joined #openstack-keystone		23:52

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!