*** thorst has joined #openstack-keystone | 00:59 | |
*** ducttape_ has joined #openstack-keystone | 01:03 | |
*** thorst has quit IRC | 01:04 | |
*** ducttape_ has quit IRC | 01:07 | |
*** zhurong has joined #openstack-keystone | 01:20 | |
*** zhurong has quit IRC | 01:23 | |
*** liujiong has joined #openstack-keystone | 01:24 | |
*** markvoelker has joined #openstack-keystone | 01:29 | |
*** liujiong_lj has joined #openstack-keystone | 01:36 | |
*** liujiong has quit IRC | 01:37 | |
*** liujiong_lj is now known as liujiong | 01:39 | |
*** sbezverk has quit IRC | 01:42 | |
*** markvoelker has quit IRC | 02:03 | |
*** zhurong has joined #openstack-keystone | 02:31 | |
openstackgerrit | zhengliuyang proposed openstack/keystone master: Assert default project id is not domain https://review.openstack.org/484235 | 02:51 |
---|---|---|
*** markvoelker has joined #openstack-keystone | 03:00 | |
*** thorst has joined #openstack-keystone | 03:01 | |
*** dave-mccowan has quit IRC | 03:04 | |
*** thorst has quit IRC | 03:05 | |
*** markvoelker has quit IRC | 03:34 | |
*** links has joined #openstack-keystone | 03:44 | |
*** hoonetorg has quit IRC | 04:05 | |
*** markvoelker has joined #openstack-keystone | 04:30 | |
openstackgerrit | Merged openstack/keystonemiddleware master: Redundant adminURL in test_gives_v2_catalog https://review.openstack.org/479458 | 04:33 |
*** Dinesh_Bhor has joined #openstack-keystone | 04:46 | |
*** thorst has joined #openstack-keystone | 05:01 | |
*** ducttape_ has joined #openstack-keystone | 05:03 | |
*** zhurong has quit IRC | 05:04 | |
*** markvoelker has quit IRC | 05:04 | |
*** thorst has quit IRC | 05:06 | |
*** ducttape_ has quit IRC | 05:08 | |
openstackgerrit | zhengliuyang proposed openstack/keystone master: Assert default project id is not domain https://review.openstack.org/484235 | 05:19 |
*** nicolasbock has joined #openstack-keystone | 05:28 | |
*** zhurong has joined #openstack-keystone | 05:29 | |
*** sbezverk has joined #openstack-keystone | 05:34 | |
openstackgerrit | LiChunlin proposed openstack/keystone master: Add a hacking rule for string interpolation at logging https://review.openstack.org/484250 | 05:45 |
*** rcernin_ has joined #openstack-keystone | 06:00 | |
*** nicolasbock has quit IRC | 06:13 | |
openstackgerrit | Samriddhi proposed openstack/keystone master: Added index.rst in each sub-directory https://review.openstack.org/484157 | 06:14 |
*** nicolasbock has joined #openstack-keystone | 06:15 | |
openstackgerrit | Samriddhi proposed openstack/keystone master: Added new docs to admin section https://review.openstack.org/484165 | 06:19 |
*** edmondsw has joined #openstack-keystone | 06:39 | |
*** edmondsw has quit IRC | 06:43 | |
*** namnh has joined #openstack-keystone | 06:58 | |
openstackgerrit | Samriddhi proposed openstack/keystone master: Expanded the best practices subsection in devdocs https://review.openstack.org/476541 | 06:59 |
*** markvoelker has joined #openstack-keystone | 07:01 | |
*** thorst has joined #openstack-keystone | 07:02 | |
*** thorst has quit IRC | 07:07 | |
*** phalmos has quit IRC | 07:09 | |
*** toddnni has quit IRC | 07:18 | |
*** aojea has joined #openstack-keystone | 07:19 | |
*** toddnni has joined #openstack-keystone | 07:25 | |
*** tesseract has joined #openstack-keystone | 07:32 | |
*** markvoelker has quit IRC | 07:35 | |
*** aselius has quit IRC | 08:02 | |
*** ducttape_ has joined #openstack-keystone | 08:03 | |
*** ducttape_ has quit IRC | 08:08 | |
afazekas | andreaf, ping | 08:27 |
*** thorst has joined #openstack-keystone | 08:27 | |
*** markvoelker has joined #openstack-keystone | 08:31 | |
*** thorst has quit IRC | 08:32 | |
*** tesseract has quit IRC | 08:50 | |
*** tesseract has joined #openstack-keystone | 08:53 | |
*** daidv__ has joined #openstack-keystone | 09:00 | |
*** markvoelker has quit IRC | 09:05 | |
namnh | Hi everyone, I see the config file like nova.conf, neutron.conf. There is a option named "user_domain_name" in "keystone_authtoken" section. But I don't find the option declared anymore. Do you know what do the option purpose for? | 09:45 |
*** markvoelker has joined #openstack-keystone | 10:02 | |
breton | namnh: it sets user's domain name | 10:06 |
*** liujiong has quit IRC | 10:06 | |
namnh | breton: thanks for your reply. But I don't find the option that is declared anywhere. I am wondering how it is called? | 10:07 |
breton | namnh: service user's domain name | 10:07 |
breton | namnh: what do you understand by declared? | 10:08 |
*** jistr is now known as jistr|afk | 10:09 | |
breton | namnh: i guess it is described in keystoneauth package: https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/_plugins/identity/v3.py#L25 | 10:09 |
*** d0ugal has joined #openstack-keystone | 10:13 | |
andreaf | afazekas: pong | 10:15 |
*** edmondsw has joined #openstack-keystone | 10:15 | |
*** edmondsw has quit IRC | 10:19 | |
*** d0ugal has quit IRC | 10:19 | |
*** kiennt_ has joined #openstack-keystone | 10:26 | |
namnh | breton: great, you are right, one more thing, do you know how can I get value if the option. I tried "CONF.keystone_authtoken.user_domain_name" but it didn't work. | 10:26 |
*** thorst has joined #openstack-keystone | 10:28 | |
*** thorst has quit IRC | 10:32 | |
*** mvk has quit IRC | 10:33 | |
*** markvoelker has quit IRC | 10:35 | |
*** aloga has quit IRC | 10:36 | |
*** aloga has joined #openstack-keystone | 10:36 | |
*** kiennt_ has quit IRC | 10:37 | |
*** ganso has joined #openstack-keystone | 10:43 | |
*** ganso has left #openstack-keystone | 10:44 | |
*** namnh has quit IRC | 10:57 | |
*** raildo has joined #openstack-keystone | 10:58 | |
*** mvk has joined #openstack-keystone | 11:00 | |
*** thorst has joined #openstack-keystone | 11:08 | |
*** thorst has quit IRC | 11:09 | |
*** thorst has joined #openstack-keystone | 11:16 | |
afazekas | andreaf, https://review.openstack.org/#/c/479286/ | 11:18 |
afazekas | andreaf, The keystone behavior as it was discussed ages before http://lists.openstack.org/pipermail/openstack-dev/2014-July/039140.html is invalid , so we do not really need to maintain backward invalidity | 11:19 |
afazekas | andreaf, tempest testing that api call since https://review.openstack.org/#/c/462507/2 | 11:22 |
openstackgerrit | Merged openstack/ldappool master: Turn on warning-is-error for sphinx build https://review.openstack.org/484146 | 11:27 |
*** hoonetorg has joined #openstack-keystone | 11:32 | |
*** markvoelker has joined #openstack-keystone | 11:32 | |
*** raildo has quit IRC | 11:56 | |
*** markvoelker has quit IRC | 11:56 | |
*** markvoelker has joined #openstack-keystone | 11:57 | |
*** aojea has quit IRC | 11:57 | |
openstackgerrit | Dmitri Plakhov proposed openstack/keystone master: Added filtering of empty extra properties https://review.openstack.org/484338 | 12:01 |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Fix masked variable name https://review.openstack.org/484340 | 12:06 |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Add support for service type aliases https://review.openstack.org/484341 | 12:06 |
*** jistr|afk is now known as jistr | 12:17 | |
*** raildo has joined #openstack-keystone | 12:18 | |
openstackgerrit | M V P Nitesh proposed openstack/keystone master: Can add description for role creation in OSC https://review.openstack.org/484348 | 12:22 |
*** ducttape_ has joined #openstack-keystone | 12:27 | |
*** edmondsw has joined #openstack-keystone | 12:34 | |
*** edmondsw has quit IRC | 12:34 | |
*** edmondsw has joined #openstack-keystone | 12:35 | |
*** ducttape_ has quit IRC | 12:42 | |
*** ducttape_ has joined #openstack-keystone | 12:43 | |
*** ducttape_ has quit IRC | 12:43 | |
openstackgerrit | Merged openstack/python-keystoneclient master: Update URLs in documents according to document migration https://review.openstack.org/483724 | 12:45 |
*** catintheroof has joined #openstack-keystone | 12:51 | |
*** aojea has joined #openstack-keystone | 12:52 | |
*** aojea has quit IRC | 12:56 | |
*** ayoung has joined #openstack-keystone | 13:03 | |
*** edmondsw_ has joined #openstack-keystone | 13:04 | |
*** edmondsw has quit IRC | 13:07 | |
*** aojea has joined #openstack-keystone | 13:19 | |
*** zhurong has quit IRC | 13:22 | |
*** aojea has quit IRC | 13:26 | |
*** lbragstad has quit IRC | 13:26 | |
*** superdan is now known as dansmith | 13:33 | |
*** markvoelker_ has joined #openstack-keystone | 13:33 | |
*** markvoelker has quit IRC | 13:33 | |
*** edmondsw has joined #openstack-keystone | 13:34 | |
*** edmondsw_ has quit IRC | 13:36 | |
*** links has quit IRC | 13:37 | |
*** markvoelker_ has quit IRC | 13:38 | |
*** markvoelker has joined #openstack-keystone | 13:39 | |
*** bknudson has joined #openstack-keystone | 13:41 | |
*** ducttape_ has joined #openstack-keystone | 13:45 | |
*** aojea has joined #openstack-keystone | 13:48 | |
*** ducttape_ has quit IRC | 13:50 | |
*** sbezverk has quit IRC | 13:51 | |
*** ducttape_ has joined #openstack-keystone | 13:51 | |
*** sbezverk has joined #openstack-keystone | 13:51 | |
cmurphy | bknudson: if you have time I wonder if you could weigh in on this backport https://review.openstack.org/#/c/483308/ ? it's related to a bug you originally reported | 13:56 |
*** lwanderley has joined #openstack-keystone | 13:59 | |
*** chlong has joined #openstack-keystone | 14:05 | |
*** lucasxu has joined #openstack-keystone | 14:06 | |
bknudson | I'm not seeing the change to actually fix the bug… | 14:06 |
bknudson | oh, that's here: https://review.openstack.org/#/c/217348/ | 14:07 |
bknudson | ok, so https://review.openstack.org/#/c/483308/ is a follow-on. | 14:09 |
*** chlong has quit IRC | 14:10 | |
bknudson | if you want to know if some behavior changed then try it out. Not worth trying to interpret the code. | 14:11 |
bknudson | and I don't have the time to try this out right now. I can add it to my list. | 14:12 |
hrybacki | anyone in here with some THT experience that can lend me an eye? | 14:18 |
*** lbragstad has joined #openstack-keystone | 14:29 | |
*** ChanServ sets mode: +o lbragstad | 14:29 | |
cmurphy | bknudson: was more looking for insight on the original intent than on actual behavior, but no worries, i'll dig some more | 14:32 |
openstackgerrit | Merged openstack/pycadf master: Update URL in docs as per the doc-migration spec https://review.openstack.org/483958 | 14:32 |
*** gyee has joined #openstack-keystone | 14:37 | |
*** aojea has quit IRC | 14:40 | |
gagehugo | o/ | 14:43 |
lbragstad | o/ | 14:43 |
*** aselius has joined #openstack-keystone | 14:47 | |
*** lwanderley has quit IRC | 14:48 | |
*** ayoung has quit IRC | 14:49 | |
edmondsw | lbragstad see the comments I just added in https://bugs.launchpad.net/keystone/+bug/1704205 and let me know what you think | 14:51 |
openstack | Launchpad bug 1704205 in OpenStack Identity (keystone) "GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error" [Undecided,New] | 14:51 |
knikolla | o/ | 14:59 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove duplicate configuration sections https://review.openstack.org/484167 | 15:00 |
*** lucasxu has quit IRC | 15:00 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove duplicate configuration sections https://review.openstack.org/484167 | 15:01 |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove duplicate configuration sections https://review.openstack.org/484167 | 15:05 |
lbragstad | cmurphy: rebased and resolved the merge conflicts there ^ | 15:06 |
*** gyee has quit IRC | 15:06 | |
andreaf | afazekas: I don't disagree that 204 is incorrect, but it's what keystone returns now - so changing might break someone, if it's not done in a "discoverable" way | 15:08 |
*** gyee has joined #openstack-keystone | 15:08 | |
*** otleimat has joined #openstack-keystone | 15:08 | |
*** lwanderley has joined #openstack-keystone | 15:16 | |
*** lwanderley has quit IRC | 15:17 | |
*** lucasxu has joined #openstack-keystone | 15:27 | |
*** aojea has joined #openstack-keystone | 15:31 | |
afazekas | andreaf, most user checks for 2** , I have doubts about is it really breaks someone in practice. Likely the users using the GET version and not really using it too frequently (however I do not have real statistics about this call) . | 15:34 |
andreaf | afazekas: yeah I agree that most people will check for 2** | 15:35 |
andreaf | afazekas: but we have no way of knowing | 15:35 |
*** chlong has joined #openstack-keystone | 15:36 | |
*** aojea has quit IRC | 15:36 | |
*** chlong has quit IRC | 15:38 | |
afazekas | andreaf, you are right about this, but IMHO more piratical and simpler simply just changing it to 200, I expect it will cause less headache in the long run than considering which version do we have ATM | 15:39 |
*** david-lyle has joined #openstack-keystone | 15:40 | |
lbragstad | keystone doesn't support microversions at the moment | 15:40 |
andreaf | yeah I agree it's more practical, but it breaks a principle, so if we are going to do it I want to make sure it's clear to everyone | 15:40 |
andreaf | is there a patch up on keystone side for this already? afazekas @lbragstad | 15:41 |
afazekas | It is clear to me, and as I said I consider the rfc stuff more important principal | 15:41 |
lbragstad | andreaf: for microversion support in keystone? | 15:42 |
andreaf | @lbragstad: heh no I meant to change the return code from 204 to 200 | 15:42 |
lbragstad | andreaf: oh - I'm not sure, I can check | 15:42 |
lbragstad | andreaf: parsing the bug report - I don't see a patch to keystone that changes that response | 15:44 |
andreaf | @lbragstad: no worries, I was just wandering about https://review.openstack.org/#/c/479286/ - afazekas before we do any change on Tempest side I would like to make sure the keystone project decided to change the response code | 15:45 |
*** chlong has joined #openstack-keystone | 15:45 | |
lbragstad | andreaf: ack - that makes sense | 15:45 |
andreaf | @lbragstad: plans to support microversions in keystone? | 15:45 |
lbragstad | andreaf: i don't expect keystone to attempt making that change until we have microversions | 15:45 |
lbragstad | andreaf: we've talked about it a couple times, specifically at the PTG in atlanta | 15:46 |
*** aloga_ has joined #openstack-keystone | 15:46 | |
lbragstad | andreaf: this was the recap we had on it during the PTG - https://etherpad.openstack.org/p/pike-ptg-keystone-ocata-carry-over | 15:46 |
afazekas | lbragstad, If keystone does not wants to change that code in this cycle, likely I need to make sure it has bad status code also on centos/rhel , otherwise it would fail the default tempest tests.. | 15:48 |
*** ducttape_ has quit IRC | 15:49 | |
afazekas | https://bugzilla.redhat.com/show_bug.cgi?id=1466799 | 15:49 |
openstack | bugzilla.redhat.com bug 1466799 in mod_wsgi "mod_wsgi forces HEAD to GET" [Unspecified,New] - Assigned to webstack-team | 15:50 |
lbragstad | afazekas: so if rhel/centos are using mod_wsgi 4.3.0 you don't have a problem, right? | 15:54 |
*** aloga_ has quit IRC | 15:54 | |
*** swain has joined #openstack-keystone | 15:55 | |
afazekas | lbragstad, It would pass the tempest test, but It would not be rfc friendly | 15:55 |
lbragstad | afazekas: right - but it would work until we get to a point where we can fix the actual response code | 15:56 |
*** aloga_ has joined #openstack-keystone | 15:56 | |
*** hoonetorg has quit IRC | 15:57 | |
lbragstad | morgan: ping | 16:01 |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Enable sphinx todo extension https://review.openstack.org/484411 | 16:04 |
*** lwanderley has joined #openstack-keystone | 16:08 | |
afazekas | lbragstad, changing package version this time is not so easy also shipping different versions with openstack is complicated. We served the `right` status code in prev year(s) , it is unpleasant we would need to make it non rfc friendly in-order to pass tempest. For RHEL users that mod_wsgi update would give a different status code than what they had before. Anyone who is dealing with multiple openstacks they would see both codes anyway, | 16:10 |
afazekas | until today we did not received any blame from any user because we have 200 . | 16:10 |
openstackgerrit | Gage Hugo proposed openstack/keystonemiddleware master: Enable sphinx todo extension https://review.openstack.org/484415 | 16:11 |
*** aloga_ has quit IRC | 16:15 | |
morgan | lbragstad: pong | 16:15 |
lbragstad | i just got done re-reading https://bugs.launchpad.net/keystone/+bug/1576765 after reviewing https://review.openstack.org/#/c/484338/1 | 16:16 |
openstack | Launchpad bug 1576765 in OpenStack Identity (keystone) "Potential DOS: Keystone Extra Fields" [Medium,Triaged] | 16:16 |
lbragstad | morgan: thoughts on filtering extras? | 16:16 |
morgan | lbragstad: sadly | 16:17 |
morgan | break in behavior | 16:17 |
morgan | can't accept it | 16:17 |
morgan | breaks contract | 16:17 |
lbragstad | ok - that's what i was thinking | 16:17 |
lbragstad | morgan: what if there was the ability to filter optionally? | 16:18 |
openstackgerrit | Gage Hugo proposed openstack/keystoneauth master: Enable sphinx todo extension https://review.openstack.org/484417 | 16:18 |
morgan | lbragstad: eh. i don't see a huge benefit to that | 16:19 |
morgan | the short answer is "please, please, please do not use extras" | 16:19 |
*** rcernin_ has quit IRC | 16:19 | |
morgan | extras are terrible. | 16:19 |
lbragstad | agreed | 16:19 |
morgan | and should die... but ca't | 16:19 |
morgan | can't* | 16:19 |
lbragstad | at least until we have microversions or v5 | 16:19 |
lbragstad | v4* | 16:19 |
morgan | yep | 16:21 |
morgan | i -2'd that patch btw | 16:21 |
morgan | and set the extras bug to "wont fix" | 16:21 |
lbragstad | morgan: setting to won't fix because the fix for it breaks API backwards compatibility? | 16:22 |
lbragstad | morgan: the specification you proposed only breaks backwards compatibility if the operator ops into it, right? | 16:23 |
*** prashkre has joined #openstack-keystone | 16:24 | |
*** aojea has joined #openstack-keystone | 16:26 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone master: Move performance documentation to admin-guide https://review.openstack.org/481383 | 16:27 |
*** aojea has quit IRC | 16:30 | |
*** ducttape_ has joined #openstack-keystone | 16:34 | |
*** knikolla has quit IRC | 16:40 | |
*** hoonetorg has joined #openstack-keystone | 16:41 | |
openstackgerrit | Merged openstack/keystone master: Update info about logging in admin guide https://review.openstack.org/478583 | 16:41 |
*** spotz has quit IRC | 16:42 | |
*** spotz has joined #openstack-keystone | 16:45 | |
*** aojea has joined #openstack-keystone | 16:45 | |
*** aojea has quit IRC | 16:49 | |
*** hoonetorg has quit IRC | 16:54 | |
openstackgerrit | Matthew Edmonds proposed openstack/keystone master: don't validate trust in policy https://review.openstack.org/482190 | 17:01 |
*** aojea has joined #openstack-keystone | 17:03 | |
*** hoonetorg has joined #openstack-keystone | 17:03 | |
*** chlong has quit IRC | 17:03 | |
morgan | lbragstad: breaks compat | 17:06 |
*** mvk has quit IRC | 17:06 | |
morgan | lbragstad: lets not have more "opt in" type options that changes API workings | 17:06 |
*** aojea has quit IRC | 17:07 | |
*** aojea has joined #openstack-keystone | 17:12 | |
*** aojea has quit IRC | 17:16 | |
*** lwanderley has quit IRC | 17:16 | |
*** harlowja has joined #openstack-keystone | 17:17 | |
*** chlong has joined #openstack-keystone | 17:19 | |
*** aojea has joined #openstack-keystone | 17:21 | |
*** aojea has quit IRC | 17:25 | |
*** ducttape_ has quit IRC | 17:28 | |
*** ducttape_ has joined #openstack-keystone | 17:28 | |
*** aojea has joined #openstack-keystone | 17:31 | |
*** hoonetorg has quit IRC | 17:34 | |
*** knikolla_ has joined #openstack-keystone | 17:34 | |
knikolla_ | bouncer down again :( | 17:34 |
*** aojea has quit IRC | 17:36 | |
*** mvk has joined #openstack-keystone | 17:37 | |
*** ducttape_ has quit IRC | 17:39 | |
*** swain is now known as zenyatta | 17:39 | |
*** aojea has joined #openstack-keystone | 17:40 | |
*** zenyatta is now known as swain | 17:42 | |
*** ducttape_ has joined #openstack-keystone | 17:44 | |
*** aojea has quit IRC | 17:45 | |
*** sjain has joined #openstack-keystone | 17:45 | |
*** aojea has joined #openstack-keystone | 17:50 | |
*** aojea has quit IRC | 17:51 | |
*** aojea has joined #openstack-keystone | 17:51 | |
openstackgerrit | Samriddhi proposed openstack/pycadf master: Switch from oslosphinx to openstackdocstheme https://review.openstack.org/483922 | 17:52 |
openstackgerrit | Samriddhi proposed openstack/pycadf master: Turn on warning-is-error for sphinx build https://review.openstack.org/483945 | 17:53 |
*** hoonetorg has joined #openstack-keystone | 17:54 | |
*** aojea has quit IRC | 17:56 | |
openstackgerrit | Samriddhi proposed openstack/pycadf master: Switch from oslosphinx to openstackdocstheme https://review.openstack.org/483922 | 17:58 |
*** hoonetorg has quit IRC | 17:59 | |
*** ducttape_ has quit IRC | 17:59 | |
*** tesseract has quit IRC | 18:01 | |
*** ducttape_ has joined #openstack-keystone | 18:04 | |
*** ducttap__ has joined #openstack-keystone | 18:06 | |
*** sjain has quit IRC | 18:06 | |
*** aojea has joined #openstack-keystone | 18:07 | |
*** sjain has joined #openstack-keystone | 18:08 | |
*** ducttape_ has quit IRC | 18:10 | |
*** aojea has quit IRC | 18:11 | |
*** aojea has joined #openstack-keystone | 18:16 | |
*** aojea has quit IRC | 18:21 | |
*** rcernin has joined #openstack-keystone | 18:26 | |
samueldmq | morgan: lbragstad: sjain and I need help understanding the "Relationship" URLs we have in our api docs | 18:26 |
samueldmq | :-) | 18:26 |
sjain | https://developer.openstack.org/api-ref/identity/v3/?expanded=password-authentication-with-unscoped-authorization-detail | 18:27 |
*** ducttap__ has quit IRC | 18:32 | |
*** ducttape_ has joined #openstack-keystone | 18:32 | |
*** aojea has joined #openstack-keystone | 18:35 | |
*** aojea has quit IRC | 18:37 | |
edmondsw | lbragstad replied to your concern in https://review.openstack.org/#/c/482190 | 18:46 |
lbragstad | edmondsw: cool - thanks! | 18:46 |
edmondsw | lbragstad short answer... there's no interoperability concern here | 18:46 |
openstackgerrit | Samriddhi proposed openstack/keystone master: Reorganised developer documentation https://review.openstack.org/476606 | 18:46 |
*** dpar has joined #openstack-keystone | 18:46 | |
edmondsw | if you still think otherwise, let's discuss | 18:46 |
lbragstad | edmondsw: this is moving a 403 -> 400 though | 18:47 |
lbragstad | oh - nevermind | 18:47 |
*** SamYaple has quit IRC | 18:47 | |
*** SamYaple has joined #openstack-keystone | 18:47 | |
edmondsw | you'r right... I think I said 401 -> 400, but yes, it's 403 -> 400... but it still has no interoperability impact | 18:47 |
lbragstad | edmondsw: can you walk me through that? | 18:48 |
edmondsw | clients already have to support both 403 and 400 | 18:48 |
edmondsw | so no client will be affected by this change | 18:48 |
lbragstad | edmondsw: is there documentation on that - so i can educate myself/ | 18:49 |
*** ducttape_ has quit IRC | 18:49 | |
lbragstad | i buy the fact clients should already support 400 and 403, but what about if a client issues a request to an Ocata installation and a Pike installation? | 18:50 |
edmondsw | lbragstad well there are the HTTP RFCs... | 18:50 |
edmondsw | lbragstad what about it? | 18:50 |
lbragstad | edmondsw: http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html describes interoperability across versions in a single deployment, but also interoperability across deployments and versions | 18:51 |
edmondsw | lbragstad yep, I'm familiar | 18:51 |
edmondsw | sat in those meetings at the PTG | 18:51 |
lbragstad | does that change break the second one? | 18:52 |
edmondsw | lbragstad some might tell you that it might, but no, it doesn't | 18:52 |
edmondsw | not IMHO anyway | 18:52 |
edmondsw | actually, this all may be moot... let me check something | 18:52 |
lbragstad | can you share your reasoning as to why you don't think it does? | 18:53 |
*** ducttape_ has joined #openstack-keystone | 18:56 | |
edmondsw | lbragstad https://github.com/openstack/keystone/blob/master/keystone/trust/controllers.py#L130-L132 | 18:56 |
edmondsw | the same check as before is still done... just in that code segment instead of in policy | 18:56 |
edmondsw | lbragstad I already shared the reasoning... that clients are already coded to support both 403 and 400, so it doesn't matter which you give... they will handle it | 18:57 |
edmondsw | lbragstad the only case where anyone would see a change in the response code is if there were 2 problems with the request... they didn't specify a trustor_user_id matching their own user_id (403) and they didn't make a valid request (400) | 18:59 |
edmondsw | lbragstad formerly, the 403 issue would have been noticed first and a 403 returned | 18:59 |
edmondsw | lbragstad now the 400 would be noticed first and 400 returned | 18:59 |
edmondsw | lbragstad but the 400 is actually a better response here, so you're actually helping clients, not harming them | 19:00 |
edmondsw | interop doesn't really come into this at all, since clients have to be coded to handle it already | 19:00 |
edmondsw | lbragstad or if you don't like that reasoning, here's another... clients aren't going to make a request that would see this change... their developers will code them to make valid requests | 19:03 |
*** nicolasbock has quit IRC | 19:03 | |
openstackgerrit | Samriddhi proposed openstack/keystone master: Added new subsections to developer docs https://review.openstack.org/476635 | 19:04 |
edmondsw | lbragstad what the interop guidelines were concerned about is changing what error code signifies a given problem. This isn't doing that. 403 is still used if trustor_user_id doesn't match context.user_id. | 19:05 |
lbragstad | edmondsw: but 403 was used if the trustor didn't exist, right | 19:05 |
lbragstad | ? | 19:05 |
*** nicolasbock has joined #openstack-keystone | 19:05 | |
edmondsw | lbragstad ^ that last may be the best reasoning | 19:06 |
lbragstad | s/didn't exist/wasn't in the request/ | 19:06 |
edmondsw | 403 was incorrectly used if trustor_user_id was not specified at all in the request. The client would not have been able to distinguish that from a real 403 case, so that's bad and sticking with it helps noone | 19:06 |
lbragstad | edmondsw: yeah - i'm not arguing that it is wrong | 19:07 |
edmondsw | right, we're talking about what is best for clients, specifically from an interop perspective... this change is better for clients is what I'm saying | 19:08 |
lbragstad | what i'm really trying to get to here is whether or not we need a microversion in order to do something like this, which is why i went to the guidelines | 19:08 |
edmondsw | no | 19:09 |
*** cmurphy has quit IRC | 19:09 | |
*** cmurphy has joined #openstack-keystone | 19:10 | |
*** ducttape_ has quit IRC | 19:10 | |
*** knikolla has joined #openstack-keystone | 19:14 | |
*** knikolla_ has quit IRC | 19:16 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456 | 19:20 |
*** ducttape_ has joined #openstack-keystone | 19:22 | |
openstackgerrit | Jaewoo Park proposed openstack/keystone master: WIP: Add project tags https://review.openstack.org/470317 | 19:27 |
*** ducttape_ has quit IRC | 19:28 | |
*** harlowja has quit IRC | 19:32 | |
*** ducttape_ has joined #openstack-keystone | 19:34 | |
*** sjain has quit IRC | 19:36 | |
*** dave-mccowan has joined #openstack-keystone | 19:44 | |
*** boris-42__ has joined #openstack-keystone | 19:48 | |
openstackgerrit | Nicolas Helgeson proposed openstack/keystone master: WIP: Add project tags https://review.openstack.org/470317 | 19:49 |
*** ducttape_ has quit IRC | 19:53 | |
*** swain has quit IRC | 19:55 | |
*** sjain has joined #openstack-keystone | 19:57 | |
*** nicolasbock has quit IRC | 19:58 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add exception for project tag not found https://review.openstack.org/484471 | 19:58 |
morgan | historically even without microversions | 19:59 |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add exception for project tag not found https://review.openstack.org/484471 | 19:59 |
morgan | changing the error code to a more correct one has been ok | 19:59 |
morgan | aka 400->403, 403->400 | 19:59 |
morgan | etc | 19:59 |
morgan | changing a success code is *not* ok | 19:59 |
morgan | this sounds like 400 is more correct | 20:00 |
morgan | so, shouldn't be an issue | 20:00 |
*** ducttape_ has joined #openstack-keystone | 20:02 | |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Add support for service type aliases https://review.openstack.org/484341 | 20:03 |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Fix masked variable name https://review.openstack.org/484340 | 20:03 |
*** jdennis has quit IRC | 20:06 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456 | 20:07 |
*** ducttape_ has quit IRC | 20:09 | |
*** jdennis has joined #openstack-keystone | 20:10 | |
*** dklyle has joined #openstack-keystone | 20:12 | |
*** david-lyle has quit IRC | 20:13 | |
*** ducttape_ has joined #openstack-keystone | 20:13 | |
*** dave-mccowan has quit IRC | 20:17 | |
openstackgerrit | Matthew Edmonds proposed openstack/keystone master: don't validate trust in policy https://review.openstack.org/482190 | 20:17 |
*** david-lyle has joined #openstack-keystone | 20:26 | |
*** dklyle has quit IRC | 20:27 | |
*** chlong has quit IRC | 20:27 | |
lbragstad | morgan: thanks for the confirmation | 20:29 |
lbragstad | morgan: when i was reading http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html I was referencing the following | 20:30 |
lbragstad | "Changing the response status code from one form of client error to another (e.g., 403 to 400) or one form of success to another (e.g., 201 to 204)." | 20:30 |
lbragstad | which is listed under | 20:30 |
lbragstad | "The following changes do require a version change:" | 20:30 |
*** prashkre has quit IRC | 20:30 | |
lbragstad | it'd be nice if more of those exception or examples were easier to find | 20:31 |
*** chlong has joined #openstack-keystone | 20:32 | |
*** sjain has quit IRC | 20:32 | |
*** raildo has quit IRC | 20:34 | |
morgan | it was originally was changing error codes ok | 20:36 |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Make the devstack plugin more configurable for federation https://review.openstack.org/484480 | 20:36 |
morgan | i guess now the answer is it is't ok | 20:36 |
morgan | for 400->other 400 | 20:36 |
morgan | so... we can't make that change edmondsw | 20:36 |
edmondsw | morgan I think this is all a misunderstanding / misinterpretation | 20:37 |
edmondsw | yes we can | 20:37 |
edmondsw | this will help clients, and has no impact on interop | 20:37 |
edmondsw | once you understand what "this" is | 20:38 |
openstackgerrit | Kristi Nikolla proposed openstack/keystone master: Make the devstack plugin more configurable for federation https://review.openstack.org/484480 | 20:38 |
edmondsw | morgan note: I did not change what error code is returned for a given problem... it as 403 before, it is 403 now | 20:38 |
edmondsw | all that changed was the order that error conditions are checked... we'll now detect an error that causes us to return 400 before we detect an error that causes us to return 403 in this case | 20:39 |
*** ppiela_ is now known as ppiela | 20:39 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for projec tags https://review.openstack.org/484483 | 20:40 |
edmondsw | not specifying trustor in a request is rightly a 400. Specifying an invalid trustor is a 403 | 20:40 |
morgan | edmondsw: we cannot change the error code for a given action unless we make a new version, just like we cannot change success codes | 20:40 |
lbragstad | gagehugo: thanks for breaking that up | 20:40 |
edmondsw | morgan but we aren't | 20:40 |
morgan | if it previously would be a 403 | 20:40 |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags https://review.openstack.org/484483 | 20:40 |
morgan | is the behavior changing at all | 20:40 |
morgan | for a given request | 20:40 |
gagehugo | lbragstad np, we're gonna attempt a sprint this week to get that all done btw | 20:41 |
morgan | that is the question i am asking. if the exact same request would be a 403 instead of a 400 now (or vice-versa) for whatever reason, we can't accept the change | 20:41 |
lbragstad | if a trustor isn't included in the request to create a trust a 400 will be returned | 20:41 |
morgan | instead of a 403? | 20:41 |
gagehugo | lbragstad thanks for the quick feedback! | 20:41 |
edmondsw | morgan there is one case (which no client would ever do) wherein you don't specify a trustor_user_id in the request that you would now get a 400 instead of a 403. And that's a good thing, with no harm to interop | 20:41 |
lbragstad | gagehugo: no problem - let me know how the sprint goes or where you need focused reviews | 20:42 |
gagehugo | will do! | 20:42 |
edmondsw | clients have to already support both 400 and 403... nobody will be affected | 20:42 |
edmondsw | logically, they can't be | 20:42 |
morgan | edmondsw: it isn't the clients, it is people using the rest api that are affected | 20:42 |
morgan | aka, shade (long term), etc | 20:42 |
edmondsw | morgan them either | 20:42 |
morgan | we can't change this per the standard | 20:42 |
edmondsw | especially them | 20:42 |
edmondsw | they can't possibly be affected | 20:42 |
morgan | if we now return a 400 instead of a 403 for a request, unfortunately, we are wrong | 20:43 |
edmondsw | I understand what the reasoning is here, protecting shade, etc... this does that | 20:43 |
edmondsw | shade/etc. are not impacted by this change | 20:43 |
morgan | this is where microversions or major api versions are needed | 20:43 |
edmondsw | no, it's not | 20:43 |
morgan | how does this not violate the standard by the working group? | 20:44 |
edmondsw | tell me how this change affects shade? | 20:44 |
edmondsw | or anything else, hypothetically | 20:44 |
morgan | it doesn't today, shade uses the client lib | 20:44 |
morgan | if shade was using the REST api (it is moving towards this), and it sends a request w/o a trustor in it, it is coded for a 403, now it gets a 400 | 20:44 |
morgan | it is broken | 20:44 |
edmondsw | it would never do that | 20:44 |
edmondsw | right? | 20:44 |
morgan | it doesn't matter if it ever would or not | 20:45 |
morgan | it is the behavior of the API, which is a contract. | 20:45 |
edmondsw | because you don't write something (shade, or anything else) that makes an API request which will never work | 20:45 |
morgan | look, i'm not happy about this, ok. i'm just enforcing the rules. | 20:45 |
edmondsw | the API contract isn't changing here | 20:45 |
morgan | have lbragstad ok the patch (+2) as is, and i will not argue, he's the one the tc/api-wg will badger | 20:45 |
morgan | and end users. | 20:46 |
edmondsw | I helped make these rules... this isn't what they were talking about | 20:46 |
morgan | the contract is implicitly the behavior currently happening | 20:46 |
morgan | then go clarify the rules. | 20:46 |
lbragstad | yeah - i looked at the rules and that's what i came up with | 20:46 |
morgan | or get lbragstad / api folks to +1/+2 this | 20:46 |
morgan | and if this is not what you want the API interop rules to be, we need to fix them | 20:47 |
lbragstad | i agree that this is wrong and that it should be a 400, i understand that bit | 20:47 |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags https://review.openstack.org/484483 | 20:47 |
lbragstad | but when i pulled up the guidelines, it seems pretty clear that we're breaking them unless there is a version change of some kind (e.g. microversions) | 20:47 |
morgan | i refuse to play moving goal posts here. the way i see it is: 1) We agree to the rules and we follow them, 2) we agree to the rules and fix them when they are wrong (this case?), 3) we disregard the rules. | 20:48 |
morgan | the rules as they stand look to say this code is a violation of them | 20:48 |
morgan | i just don't see how we are supposed to divine the "well they don't apply here" from the verbiage currently used. | 20:48 |
lbragstad | if there are exceptions to the rule that I'm not understanding (which is totally a possibility), we should work to clarify the documentation | 20:49 |
edmondsw | I always thought keystone just disregarded the api rules :) | 20:49 |
morgan | edmondsw: clearly =/ | 20:49 |
edmondsw | edmondsw that's nothing to do with this change, though... I assert this change is in compliance with the rules | 20:49 |
morgan | ftr, i didn't agree to nor think we should restrict correction of error/status code within the same class. | 20:49 |
morgan | but the api standards for openstack says we do. | 20:50 |
* mordred waves to edmondsw and morgan | 20:50 | |
edmondsw | we could work to clarify the docs until we're blue in the face... those discussions are so much fun, and slow is an understatement | 20:50 |
lbragstad | edmondsw: the rules state we need a new version if we move within the 400-499 class | 20:50 |
lbragstad | all i'm doing is reading the docs | 20:51 |
edmondsw | mordred, I think you'd agree this change doesn't affect interop at all... https://review.openstack.org/#/c/482190/ | 20:51 |
lbragstad | http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes | 20:51 |
* morgan put a -1 on the code. | 20:51 | |
lbragstad | mordred: o/ | 20:51 |
mordred | WELL - I agree with the sentiment that it doesn't - but in practice we have never published guidance that people should not be super-strict with things like 400 vs. 403 | 20:51 |
morgan | i'll circle back up when either we have a change to the guidelines (a pending review with some +1/+2 and a "we are accepting this change"), or when we don't change the status code... OR when lbragstad is comfortable with the change. | 20:52 |
mordred | so in the absence of having said that, we're in a position where we have to assume pople have coded to the specifics of the existing defacto api | 20:52 |
morgan | mordred: and the API-WG guidelines explicitly say a new version is needed for changing within a class of status codes | 20:53 |
mordred | yup | 20:53 |
morgan | so, since we are following those, we would need a new version here. | 20:53 |
morgan | *or* clarification on those guidelines | 20:53 |
mordred | morgan: that's why I agree with you - even though I think we COULD have decided on a more liberal policy many years ago that would have allowed such a thing wihtout a bump | 20:53 |
lbragstad | =/ | 20:53 |
morgan | *or* an agreement that keystone doesn't care about the guidelines, whichc ase i wont bother looking at them for reviews. | 20:54 |
mordred | but we didn't - so changing it now would be moving the goal posts on someone we don't know with code we haven't seen | 20:54 |
morgan | (i don't think that last one is a good plan) | 20:54 |
lbragstad | this is like the third discussion we've had about return codes for various APIs within a week | 20:54 |
morgan | mordred: ftr, i don't like this guideline. | 20:54 |
morgan | mordred: but, happy to enforce it as long as needed. | 20:55 |
morgan | edmondsw: ^ | 20:55 |
lbragstad | yeah - i don't see much wiggle room in enforcing it | 20:55 |
lbragstad | we either do or we don't and what happens if we don't | 20:56 |
*** harlowja has joined #openstack-keystone | 20:56 | |
mordred | morgan: yah. same here. I also disagree with it - but they are the way we've decided to behave and I'd rather we all decide to change than have some projects behave differently | 20:57 |
lbragstad | i'd agree with that | 20:57 |
mordred | I mean- it might be time to make the argument that we need to document a return-code contract of a different strictness and figure out how to get to that point | 20:58 |
lbragstad | even thought i don't necessarily agree with keystone's behavior in this case and i think it should be fixed | 20:58 |
morgan | now, if the guideline is changed or clarified in a way that makes this kind of change compatible, i'm 100% behind this change and fixing the behavior | 20:58 |
lbragstad | morgan: ++ | 20:58 |
lbragstad | me too - i completely agree | 20:58 |
lbragstad | if we have the flexibility to fix it without a version - that's great | 20:58 |
morgan | but... for now we can't change it based upon our interpretation (and confirmation of our interpretation by mordred) of the guidelines...which we agree to follow | 20:59 |
lbragstad | otherwise we need to look at version in order to do this | 20:59 |
morgan | lbragstad: i think we should make keystone v4 | 20:59 |
morgan | ftr | 20:59 |
lbragstad | i do too | 20:59 |
morgan | (and no, i'm not joking) | 20:59 |
lbragstad | me either | 20:59 |
morgan | but auth cannot/should not be changed with it. | 20:59 |
morgan | that was the painful part of v2->v3 | 20:59 |
lbragstad | yeah | 20:59 |
mordred | I agree with that- especially once we get the version discovery out to everyone so that people are consuming the things that are there | 21:00 |
mordred | because if auth didn't change, actually consuming a new api version is not hard when discovery works | 21:00 |
morgan | mordred: i still wnat to move auth to /auth | 21:01 |
*** lucasxu has quit IRC | 21:01 | |
morgan | (keep it where it is for v2/v3 but make /auth the *correct* way to auth w/ keystones going forward) | 21:01 |
morgan | then we could do v4 easily. | 21:01 |
morgan | *shrug* | 21:01 |
lbragstad | morgan: didn't you want to make it so you could specify the version or interpretation of auth in the request? | 21:02 |
mordred | morgan: I fully support that as long as we have a mechanism to discover a cloud supports the new good thing - and will happily help validate that whatever mechanism that is will not make people ragey | 21:02 |
mordred | morgan: ++ | 21:02 |
morgan | mordred: i'd just do that on the discovery doc. | 21:02 |
morgan | <<auth>> | 21:02 |
mordred | ++ | 21:02 |
morgan | where if that exists it is explicitly the auth endpoint | 21:02 |
* morgan needs to finish the new yaml catalog | 21:02 | |
morgan | it's mostly done | 21:02 |
bknudson | auth to keystone? Isn't that what facebook is for? | 21:03 |
morgan | just need a couple methods and it's working | 21:03 |
morgan | bknudson: dns dude. all 100% dns | 21:03 |
morgan | bknudson: it's the MX record i want to use btw | 21:03 |
morgan | so you get priority on auth endpoints | 21:03 |
*** prometheanfire has joined #openstack-keystone | 21:03 | |
morgan | :P | 21:03 |
prometheanfire | I can't find anything so don't know if it's in dev or not, but is U2F a thing that's being worked on or done (or not)? | 21:04 |
* prometheanfire waves at lbragstad | 21:04 | |
lbragstad | prometheanfire: o/ | 21:04 |
morgan | prometheanfire: not cuirrently being worked on | 21:04 |
morgan | it'd be something nice to have. | 21:05 |
morgan | if we can figure out how to do it sanely | 21:05 |
morgan | with a rest API U2F would be very hard to do sanely | 21:05 |
lbragstad | prometheanfire: we have a TOTP implementation for two-factor, but that's it | 21:05 |
prometheanfire | k, thanks | 21:05 |
morgan | TOTP works | 21:05 |
prometheanfire | totp is a nice step | 21:05 |
prometheanfire | I'll be sure to mention it | 21:05 |
* prometheanfire needs to read up on the u2f spec | 21:06 | |
prometheanfire | it requires signing things right? | 21:06 |
bknudson | need u2f in curl | 21:06 |
prometheanfire | heh | 21:08 |
lbragstad | prometheanfire: yeah - it does | 21:09 |
openstackgerrit | Kelly Hall proposed openstack/keystone master: WIP: Add project tags https://review.openstack.org/470317 | 21:09 |
lbragstad | https://developers.yubico.com/U2F/Protocol_details/Overview.html | 21:09 |
prometheanfire | guess that's why it's in gpg tokens | 21:10 |
*** thorst has quit IRC | 21:10 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags https://review.openstack.org/484483 | 21:23 |
*** chlong has quit IRC | 21:26 | |
*** prometheanfire has left #openstack-keystone | 21:31 | |
openstackgerrit | Merged openstack/keystone master: Added new docs to admin section https://review.openstack.org/484165 | 21:33 |
*** rcernin has quit IRC | 21:33 | |
*** dave-mccowan has joined #openstack-keystone | 21:34 | |
openstackgerrit | Merged openstack/pycadf master: Switch from oslosphinx to openstackdocstheme https://review.openstack.org/483922 | 21:36 |
openstackgerrit | Merged openstack/pycadf master: Turn on warning-is-error for sphinx build https://review.openstack.org/483945 | 21:36 |
*** ducttape_ has quit IRC | 21:43 | |
*** ducttape_ has joined #openstack-keystone | 21:45 | |
*** ducttape_ has quit IRC | 21:46 | |
*** ducttape_ has joined #openstack-keystone | 21:48 | |
*** clarkb has joined #openstack-keystone | 21:54 | |
clarkb | hello keystoners, ran across http://logs.openstack.org/27/481227/3/gate/gate-tempest-dsvm-neutron-full-ubuntu-xenial/7343f1b/logs/screen-g-api.txt.gz?level=WARNING#_Jul_14_06_17_19_629740 while digging into the uncategorized list from elastic-recheck. Looks like keystone returned a 500 error to glance which eventually bubbled up to a nova error in tempest | 21:55 |
clarkb | I'm not finding much more info other than apache returns a 500 from keystone to glance then a 503 from glance to nova as expected | 21:55 |
clarkb | any chance someone can look into that and find a root cause that maybe we can track with e-r? | 21:55 |
clarkb | lbragstad: ^ | 21:55 |
lbragstad | clarkb: interesting - i can try to dig into it | 21:57 |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags https://review.openstack.org/484483 | 22:03 |
*** edmondsw has quit IRC | 22:10 | |
*** thorst has joined #openstack-keystone | 22:10 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements https://review.openstack.org/470137 | 22:10 |
*** ducttap__ has joined #openstack-keystone | 22:10 | |
*** ducttape_ has quit IRC | 22:14 | |
*** thorst has quit IRC | 22:15 | |
*** bknudson has quit IRC | 22:18 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456 | 22:20 |
*** bknudson has joined #openstack-keystone | 22:23 | |
*** bknudson has quit IRC | 22:23 | |
*** edmondsw has joined #openstack-keystone | 22:26 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456 | 22:28 |
*** edmondsw has quit IRC | 22:31 | |
openstackgerrit | Kelly Hall proposed openstack/keystone master: WIP: Add project tags https://review.openstack.org/470317 | 22:33 |
*** thorst has joined #openstack-keystone | 22:41 | |
gagehugo | lbragstad should we add a reno for the db migrations? | 22:42 |
lbragstad | gagehugo: for project tags? | 22:42 |
gagehugo | yeah | 22:42 |
lbragstad | gagehugo: i'd probably just add a single release note once everything is implemented | 22:42 |
lbragstad | Something short and sweet that just says "Hey, we support project tags now, find the api docs here' | 22:43 |
*** thorst has quit IRC | 22:43 | |
lbragstad | especially since the addition of a project-tags table isn't something that should affect operators | 22:43 |
lbragstad | (e.g. it doesn't use triggers or anything weird like that) | 22:43 |
gagehugo | lbragstad I wasn't sure if we were supposed to include anything about updating the DB specifically in it | 22:44 |
gagehugo | https://review.openstack.org/#/c/472396/ | 22:44 |
lbragstad | https://review.openstack.org/#/c/472396/13/releasenotes/notes/project-tags-1e72a6779d9d02c5.yaml looks good | 22:46 |
gagehugo | ok | 22:47 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Add yaml-loaded filesystem catalog backend https://review.openstack.org/483514 | 22:52 |
morgan | lbragstad: ^ needs testing | 22:53 |
*** edmondsw has joined #openstack-keystone | 22:57 | |
morgan | mordred: ^ fixing the templated catalog | 22:58 |
morgan | eandersson: ^ cc | 22:58 |
mordred | morgan: woot | 22:58 |
morgan | it needs tests but *should* work | 22:58 |
morgan | it natively renders a v3 catalog from the raw data instead of trying to convert | 22:58 |
eandersson | looks good - will see if I can test it out soonTM | 22:58 |
morgan | and ... actually is a bit more comprehensive in how it builds a consistent catalog than the sql one | 22:59 |
* morgan would not be opposed to recommending the yaml one be the default choice | 22:59 | |
morgan | once it is verified working | 22:59 |
*** edmondsw has quit IRC | 23:02 | |
*** catintheroof has quit IRC | 23:07 | |
openstackgerrit | Gage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags https://review.openstack.org/484483 | 23:09 |
*** dpar has quit IRC | 23:12 | |
*** chlong has joined #openstack-keystone | 23:24 | |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Remove deprecated_since parameter for interface https://review.openstack.org/484528 | 23:24 |
openstackgerrit | Gage Hugo proposed openstack/keystone-specs master: Update project-tags spec https://review.openstack.org/484529 | 23:25 |
mordred | morgan, cmurphy, lbragstad: https://review.openstack.org/484528 removes that deprecated_since param that gave cmurphy pause | 23:25 |
mordred | did it as a followup since the other patch is at the bottom of a stack | 23:26 |
mordred | oh - she had a nit on a help string too | 23:27 |
openstackgerrit | Monty Taylor proposed openstack/keystoneauth master: Remove deprecated_since for interface and fix text https://review.openstack.org/484528 | 23:28 |
mordred | k. fixed that oo | 23:28 |
cmurphy | mordred: while you're fixing things i think lbragstad had an issue with https://review.openstack.org/#/c/482744 | 23:33 |
mordred | cmurphy: ++ thanks- forgot that one | 23:35 |
openstackgerrit | Nicolas Helgeson proposed openstack/keystone master: WIP: Add project tags https://review.openstack.org/470317 | 23:48 |
mordred | cmurphy, lbragstad: I'll clean that up as part of one more followup I wanna get done tomorrow | 23:48 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Add yaml-loaded filesystem catalog backend https://review.openstack.org/483514 | 23:58 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!