Thursday, 2017-10-05

« Wednesday, 2017-10-04 Index Friday, 2017-10-06 »
*** gyee has quit IRC00:04
*** oikiki has quit IRC00:53
*** aselius has quit IRC00:53
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000501:02
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013701:10
*** prashkre has joined #openstack-keystone01:17
*** erlon has quit IRC01:22
*** jhesketh has quit IRC01:51
*** jhesketh has joined #openstack-keystone01:51
*** dave-mcc_ has quit IRC01:57
*** rarora has quit IRC02:00
*** gagehugo has quit IRC02:01
*** tsufiev has quit IRC02:01
*** timothyb89 has quit IRC02:01
*** hoonetorg has quit IRC02:02
*** afazekas has quit IRC02:02
*** afazekas has joined #openstack-keystone02:02
*** timothyb89 has joined #openstack-keystone02:02
*** tsufiev has joined #openstack-keystone02:03
*** hoonetorg has joined #openstack-keystone02:04
*** gagehugo has joined #openstack-keystone02:04
*** rarora has joined #openstack-keystone02:15
*** oikiki has joined #openstack-keystone02:16
*** oikiki has quit IRC02:19
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000502:35
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013702:42
*** nicolasbock has quit IRC02:43
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013702:58
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000503:06
*** lbragstad has joined #openstack-keystone03:12
*** ChanServ sets mode: +o lbragstad03:12
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013703:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000503:27
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013703:34
*** markvoelker has quit IRC03:36
*** zzzeek has quit IRC03:46
*** links has joined #openstack-keystone03:48
*** lbragstad has quit IRC03:50
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000503:56
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013704:04
*** jdwidari has quit IRC04:11
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000504:12
*** jamielennox has quit IRC04:14
*** cburgess has quit IRC04:16
*** jamielennox has joined #openstack-keystone04:18
*** cburgess has joined #openstack-keystone04:19
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013704:20
*** prashkre has quit IRC04:26
*** oikiki has joined #openstack-keystone04:27
*** gyee has joined #openstack-keystone04:33
*** zzzeek has joined #openstack-keystone04:38
*** chlong_ has joined #openstack-keystone04:51
*** gyee has quit IRC05:05
*** oikiki has quit IRC05:05
*** prashkre has joined #openstack-keystone05:08
*** oikiki has joined #openstack-keystone05:08
*** oikiki has quit IRC05:21
*** oikiki has joined #openstack-keystone05:21
*** markvoelker has joined #openstack-keystone05:37
openstackgerritAdrian Turjak proposed openstack/keystone master: Make name fields a consistent size of 255  https://review.openstack.org/44094105:37
*** oikiki has quit IRC05:51
*** oikiki has joined #openstack-keystone05:58
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000506:04
*** markvoelker has quit IRC06:11
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013706:12
*** chlong_ has quit IRC06:13
*** rcernin has joined #openstack-keystone06:24
*** prashkre has quit IRC06:31
*** prashkre has joined #openstack-keystone06:34
*** spectr has quit IRC06:34
*** spectr has joined #openstack-keystone06:34
*** tesseract has joined #openstack-keystone07:07
*** markvoelker has joined #openstack-keystone07:08
*** pcaruana has joined #openstack-keystone07:08
*** cfriesen has quit IRC07:20
*** markvoelker has quit IRC07:42
*** daidv has joined #openstack-keystone07:48
*** prashkre_ has joined #openstack-keystone07:50
*** prashkre has quit IRC07:54
*** spectr has quit IRC08:09
*** spectr has joined #openstack-keystone08:09
*** spectr has quit IRC08:17
*** spectr has joined #openstack-keystone08:18
*** oikiki has quit IRC08:19
*** daidv has quit IRC08:29
*** daidv has joined #openstack-keystone08:30
*** markvoelker has joined #openstack-keystone08:38
*** oikiki has joined #openstack-keystone08:43
*** oikiki has quit IRC08:48
*** oikiki has joined #openstack-keystone08:55
*** namnh has joined #openstack-keystone09:04
*** oikiki has quit IRC09:06
*** markvoelker has quit IRC09:12
*** mvk has quit IRC09:28
*** iurygregory has quit IRC09:34
*** rob_d_ has joined #openstack-keystone09:34
*** rob_d_ has left #openstack-keystone09:44
*** mvk has joined #openstack-keystone09:47
*** prashkre_ has quit IRC10:00
*** prashkre_ has joined #openstack-keystone10:03
*** markvoelker has joined #openstack-keystone10:09
*** rob_d_ has joined #openstack-keystone10:23
*** magicboiz has quit IRC10:39
*** rob_d_ has quit IRC10:40
*** markvoelker has quit IRC10:42
*** rob_d_ has joined #openstack-keystone10:46
rob_d_mapping federated users into projects and groups reads like somebodys science project https://docs.openstack.org/keystone/latest/advanced-topics/federation/federated_identity.html#mapping-rules10:47
*** spectr has quit IRC10:54
*** nicolasbock has joined #openstack-keystone10:59
*** dave-mccowan has joined #openstack-keystone11:04
*** aloga has quit IRC11:04
*** aloga has joined #openstack-keystone11:04
*** nicolasbock has quit IRC11:05
*** nicolasbock has joined #openstack-keystone11:05
openstackgerritDavanum Srinivas (dims) proposed openstack/oslo.policy master: http/https check rules as stevedore extensions  https://review.openstack.org/50709811:16
*** jdwidari has joined #openstack-keystone11:19
*** nrado has joined #openstack-keystone11:37
*** dikonoor has joined #openstack-keystone11:39
*** markvoelker has joined #openstack-keystone11:39
*** jdwidari has quit IRC11:43
dikonoorHi I just installed Pike/devstack and see that keystone isn't accessible at 5000. When I tried last with Ocata, it was. I was trying to register openstack from manageiq and it asks for keystone port , which I gave as 5000 and it doesn't connect.11:45
cmurphydikonoor: in devstack it now listens on 80/443 at the /identity location11:49
dikonoorcmurphy: ah ok..so <ip> : 5000 no longer works..Thanks11:51
dikonoorand this is only from Pike, right?11:51
cmurphydikonoor: i think so11:52
dikonoorcmurphy: pok11:52
dikonoorok :)11:53
*** prashkre_ has quit IRC11:59
nradoHi there, perhaps someone can help me. I'm using OpenStack Ocata and want to configure keystone in that way that it pushes all notifications messages into multiple queues. The reason is that I want a dedicated queue for barbican keystone listener. I configured barbican to use the topic barbican_notifications and in keystone.conf I configured it in this way:12:02
nrado[oslo_messaging_notifications]12:02
nradotopics = notifications,barbican_notifications12:02
nradoIn Rabbitmq I can see now the new barbican_notifications.info queue and the listener consumer, but I don't get any messages there12:03
nradoDid I forget something?12:03
nradosome bindings perhaps? But how I can do this in OpenStack and not in RabbitMQ manually?12:06
*** namnh has quit IRC12:10
*** raildo has joined #openstack-keystone12:11
*** markvoelker has quit IRC12:12
*** edmondsw has joined #openstack-keystone12:13
*** edmondsw_ has joined #openstack-keystone12:16
*** edmondsw has quit IRC12:17
*** nrado1 has joined #openstack-keystone12:18
*** nrado has quit IRC12:21
*** jdwidari has joined #openstack-keystone12:22
*** edmondsw_ has quit IRC12:22
openstackgerritColleen Murphy proposed openstack/keystonemiddleware master: Rename auth_uri to www_authenticate_uri  https://review.openstack.org/50852212:23
*** markvoelker has joined #openstack-keystone12:28
*** edmondsw has joined #openstack-keystone12:29
*** edmondsw has quit IRC12:33
*** edmondsw has joined #openstack-keystone12:36
*** iurygregory has joined #openstack-keystone12:38
openstackgerritDavanum Srinivas (dims) proposed openstack/oslo.policy master: http/https check rules as stevedore extensions  https://review.openstack.org/50709812:40
*** links has quit IRC12:44
*** jdwidari is now known as plan90812:48
*** plan908 is now known as jdwidari12:49
*** catintheroof has joined #openstack-keystone12:50
*** catintheroof has quit IRC12:51
*** catintheroof has joined #openstack-keystone12:51
*** panbalag has joined #openstack-keystone12:55
*** magicboiz has joined #openstack-keystone12:57
*** magicboiz has quit IRC13:02
*** spectr has joined #openstack-keystone13:02
*** lbragstad has joined #openstack-keystone13:06
*** ChanServ sets mode: +o lbragstad13:06
*** magicboiz has joined #openstack-keystone13:09
*** magicboiz has quit IRC13:20
*** magicboiz has joined #openstack-keystone13:20
knikollao/13:23
*** prashkre_ has joined #openstack-keystone13:26
*** erlon has joined #openstack-keystone13:28
*** jaosorior has quit IRC13:35
lbragstado/13:40
*** spectr has quit IRC13:40
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000513:42
*** chlong_ has joined #openstack-keystone13:46
openstackgerritColleen Murphy proposed openstack/keystonemiddleware master: Rename auth_uri to www_authenticate_uri  https://review.openstack.org/50852213:48
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013713:50
*** spectr has joined #openstack-keystone13:57
*** cfriesen has joined #openstack-keystone13:58
*** spzala has joined #openstack-keystone14:02
*** zzzeek has quit IRC14:03
*** zzzeek has joined #openstack-keystone14:07
*** spectr has quit IRC14:07
*** spectr has joined #openstack-keystone14:08
*** jaosorior has joined #openstack-keystone14:10
openstackgerritMerged openstack/keystonemiddleware master: Correct docs usage of keystoneauth1 session  https://review.openstack.org/50319714:14
lbragstadknikolla: what does MOC use to store users?14:16
lbragstadmagicboiz: is setting up a new keystone deployment and has some requirements for two-factor/certificate authentication14:16
knikollalbragstad: right now plain ol' sql14:16
lbragstadkeystone might not fit both requirements, so wondering if there other suggestions to look into (LDAP/IDP related014:16
knikollahmm...14:17
lbragstadcc magicboiz ^14:17
lbragstadknikolla: you were saying something about keycloak at the conference?14:17
knikollalbragstad: yeah, i'll be working on deploying that in the coming month so people can use their university login14:18
knikollabut right now it's just sql14:18
knikollalbragstad: keystone support mfa and otp right?14:18
knikollawoulnd't that fit his use case?14:18
lbragstadknikolla: i should let magicboiz reiterate his usecase14:19
lbragstads/his/their/14:19
lbragstadknikolla: from what i can tell, there are two requirements14:20
lbragstad1.) internal users live in an AD deployment and need to be able to sign in using certificates14:20
lbragstad2.) external users must use TOTP14:20
lbragstador some form of two-factor authenticate14:21
lbragstadauthentication*14:21
knikollalbragstad: there are idps that support mfa with totp (at least keycloak). for certificates, i don't know, don't have much experience with them. but again, most idps should be able to pull users from AD.14:24
magicboizknikolla: thanks!!14:32
magicboizI'll check keycloak14:32
knikollamagicboiz: np. keystone should work with any saml/oidc idp so shop around for the features you need.14:33
magicboizRegarding X509 certs, well, we have our own Microsoft AD domain, we have a domain CA, which issues X509 to users. I have my X509 installed into my win laptop. The idea is to configure Horizon/Keystone to accept my x509 cert as a valid auth14:33
knikollaayoung: ^^14:34
knikolla(if around)14:34
*** prashkre_ has quit IRC14:39
*** prashkre_ has joined #openstack-keystone14:39
nrado1can someone tell why I don't see notfications from keystone (like project create and delete) in the notifications.info queue? Shouldn't they end in this queue?14:42
*** magicboiz has quit IRC14:43
*** magicboiz has joined #openstack-keystone14:44
*** jamesbenson has joined #openstack-keystone14:45
lbragstadnrado1: yeah - they should be it can depend on how you have keystone configured14:46
lbragstadthere is a section in keystone's configuration file dedicated to oslo.messaging options that handle those bits14:47
lbragstad(keystone reuses the oslo.messaging library to implement notifications)14:47
nrado1in keystone.conf I have just this setting for oslo:14:47
nrado1[oslo_messaging_notifications]14:47
nrado1topics = notifications,barbican_notifications14:47
nrado1no driver nor transport_url like in other services14:48
lbragstadyou probably need to configure the oslo_messaging section to use the right driver14:49
lbragstadhttps://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L170814:49
*** magicboiz has quit IRC14:49
lbragstadif you want notification delivered on a message bus, you'll have to configure the transport URL14:49
*** gyee has joined #openstack-keystone14:51
nrado1ok, got it14:51
nrado1thank you lbragstad14:51
*** smatzek has joined #openstack-keystone14:51
lbragstadnrado1: this might be helpful for you, too14:51
lbragstadhttps://docs.openstack.org/oslo.messaging/latest/admin/index.html14:51
lbragstadkeystone barely does anything with the actual configuration of the notification delivery system - keystone just expects it to be there when it should and passes it a payload14:52
lbragstadsince that was such a common patterns across several openstack projects, the notification functionality was abstracted away into it's own library14:52
*** magicboiz has joined #openstack-keystone14:55
nrado1ok, good to know14:56
nrado1thanks lbragstad14:56
nrado1but lbragstad, it's not 100% clear for me. where does the message at the end land? When I create a project the payload is just generated, but not forwarded in any of these queues?15:00
nrado1I mean a client is doing a request sends a message to the queue, the broker or router sends it from the queue to the server15:02
*** jaosorior has quit IRC15:07
lbragstadnrado1: it depends on how you configure oslo.messaging15:13
lbragstadyou can tell oslo.messaging to deliver messages on a message bus, to a log file, or noop the delivery all together15:14
lbragstadwhere the message ends up depends on how you configure things15:15
lbragstadnrado1: i think that's where https://docs.openstack.org/oslo.messaging/latest/admin/AMQP1.0.html comes in useful because it attempts to explain how those things work15:17
nrado1thx, I will read through it. Definitely need some rabbitmq basics ;)15:23
*** McClymontS_ has joined #openstack-keystone15:30
smatzekfwiw, the removal of the Keystone V2 APIs has broken the Trove gates.  Apparently the dsvm/scenario tests of Trove are using >3 year old 'compat' path in the Trove pythonclient that only has support for V2.15:38
*** pcaruana has quit IRC15:39
smatzekthe "new" client in trove's pythonclient that has Session /v3 support is not a direct drop in, so that is being worked now.15:41
*** jmlowe_ has joined #openstack-keystone15:41
*** jmlowe has quit IRC15:43
*** nrado1 has quit IRC15:44
lbragstadsmatzek: cool - let us know if you need any reviews15:50
*** spectr has quit IRC15:51
*** nicolasbock_ has joined #openstack-keystone15:56
openstackgerritLance Bragstad proposed openstack/keystone master: Remove the v2_deprecated decorator  https://review.openstack.org/49978516:13
*** rcernin has quit IRC16:13
*** rcernin has joined #openstack-keystone16:13
*** rcernin has quit IRC16:14
openstackgerritLance Bragstad proposed openstack/keystone master: Remove v2.0 identity API documentation  https://review.openstack.org/50951016:18
*** tesseract has quit IRC16:29
*** mvk has quit IRC16:33
*** jessegler has joined #openstack-keystone16:39
*** nrado has joined #openstack-keystone16:43
*** spzala has quit IRC16:44
*** prashkre_ has quit IRC16:45
*** tesseract has joined #openstack-keystone16:50
lbragstadFYI - opinion here would be good https://review.openstack.org/#/c/509835/16:51
lbragstad^ that is a patch for the same schedule deadlines we followed for the pike release - so if anyone wants to see something different, now would be a good time to discuss those changes17:02
* lbragstad runs to grab lunch quick17:03
gagehugolbragstad feature proposal on xmas week?17:07
gagehugofreeze*17:07
*** aselius has joined #openstack-keystone17:22
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000517:22
*** tesseract has quit IRC17:22
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013717:30
openstackgerritMerged openstack/keystone master: Remove the v3 to v2 resource test case  https://review.openstack.org/50951917:31
*** raildo has quit IRC17:31
*** mvk has joined #openstack-keystone17:32
*** oikiki has joined #openstack-keystone17:34
*** prashkre_ has joined #openstack-keystone17:36
*** lbragstad has quit IRC17:37
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000517:38
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013717:46
*** raildo has joined #openstack-keystone17:47
*** jessegler has quit IRC17:49
*** panbalag has quit IRC17:49
*** dikonoor has quit IRC18:05
*** lbragstad has joined #openstack-keystone18:10
*** ChanServ sets mode: +o lbragstad18:10
lbragstadgagehugo: yeah - that's probably not the best timing18:10
*** oikiki has quit IRC18:16
*** oikiki has joined #openstack-keystone18:17
*** oikiki has quit IRC18:18
*** oikiki has joined #openstack-keystone18:22
ayoungknikolla, did you rub my lamp?18:36
ayoungmagicboiz, use mod_ssl with client cert authentication as a Federated protocol and you should be able to do what you want18:36
knikollaayoung: genies exist!18:37
ayounghttps://www.youtube.com/watch?v=Ww6EvNDPfwE18:38
*** prashkre_ has quit IRC18:40
knikollahaha!18:40
*** chlong_ has quit IRC18:44
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/50000518:51
dims@lbragstad : should this curl command return catalog or not? https://docs.openstack.org/keystone/latest/api_curl_examples.html#tokens18:55
dims@lbragstad : latest devstack - does not seem to be - http://paste.openstack.org/show/622786/18:56
lbragstaddims: it depends18:56
dimson?18:57
lbragstaddims: if that user doesn't have a default project or a role on a default project (per the default_project_id in the user reference) then it will be an unscoped token18:57
lbragstadunscoped tokens do not have service catalogs18:57
lbragstadproject scoped tokens do have service catalogs18:57
lbragstadi'd double check the assignments that user has18:57
lbragstadthe authenticate request you're making doesn't specify a scope18:58
lbragstadin which case keystone will check if that user has a default_project_id in the user reference18:58
dimsi tried both the admin and demo accounts set up by devstack18:59
lbragstadif it does, keystone will check to make sure that user actually has a role assignment on it, if that is true - then you'll get a project scoped token to the default_project in your user reference even though you didn't explicitly specify that scope18:59
*** chlong_ has joined #openstack-keystone19:00
lbragstaddims: https://docs.openstack.org/keystone/latest/admin/identity-tokens.html#authorization-scopes19:03
*** MasterOfBugs has joined #openstack-keystone19:11
dimsy got it. @lbragstad, fyi, trying v3 keystone API from gophercloud via the kubernetes cloud provider tests19:13
*** markvoelker_ has joined #openstack-keystone19:15
*** markvoelker has quit IRC19:15
lbragstaddims: nice19:23
lbragstadyeah - try passing scope explicitly19:23
*** chlong_ has quit IRC19:44
*** panbalag has joined #openstack-keystone19:54
*** panbalag has left #openstack-keystone19:55
*** smatzek has quit IRC19:59
adrianthello! Anyone able to help me figure out why this is failing: https://review.openstack.org/#/c/440941 ?20:00
*** ianw|pto is now known as ianw20:00
adriantThe failure makes no sense since the migrations in those folders don't do anything...20:01
* adriant is very confused20:01
adriantdo I have to have "contact" in the file name of the migration?20:03
adriantcontract*20:04
*** edmondsw has quit IRC20:07
*** edmondsw has joined #openstack-keystone20:08
openstackgerritAdrian Turjak proposed openstack/keystone master: Make name fields a consistent size of 255  https://review.openstack.org/44094120:09
*** edmondsw_ has joined #openstack-keystone20:09
*** edmondsw has quit IRC20:12
*** edmondsw_ has quit IRC20:14
*** bigjools has quit IRC20:27
*** bigjools has joined #openstack-keystone20:29
samueldmqadriant: perhaps we only allow additive migrations, so you wouldn't be able to do a column alter20:29
adriantsamueldmq: but there are alters in the contract migration folder :(20:29
samueldmqmaybe you'd need to create a second column and migrate the data to it, so we guarantee the rolling upgrade stuff20:29
samueldmqin the contract phase is allowed maybe20:30
*** lbragstad has quit IRC20:30
samueldmqcheck the rules for that, that's breaking one of those20:30
samueldmqthat's why it's failing20:30
adriantsamueldmq: but the alter is in the migration phase :/ isn't it? the failure message mentions expand which I have a blank migration for20:31
adriantI mean, in the contract phase20:31
adriantsamueldmq: https://review.openstack.org/#/c/440941/5/keystone/common/sql/contract_repo/versions/030_contract_consistent_name_fields.py20:32
adriantthe default tox tests pass locally20:32
samueldmqHMM20:33
samueldmqthe msg says b'keystone.tests.unit.test_sql_banned_operations.DBOperationNotAllowed: Operation Column.alter() is not allowed in data_migration_repo database migrations'20:33
adriantbut the zuul/jenkins error says that alters aren't allowed in the expand phase, but my code simply does not do anything20:33
adriantbut that migration just does "pass"20:33
adriant:(20:33
samueldmqinteresting20:33
adriantyeah20:33
adriantI don't get it20:33
adriantsamueldmq: just 'pass' https://review.openstack.org/#/c/440941/5/keystone/common/sql/data_migration_repo/versions/030_migrate_consistent_name_fields.py20:36
adriant:P20:36
* adriant is questioning his sanity a bit20:36
samueldmqyeah, maybe it is not allowed and the error message is not accurate20:37
samueldmqbut you said it works locally20:37
adriantis zuul running the tests actually against mysql? or sqlite? could be the failure only occurs when run with a real db20:38
adriantI assume my local tests by default are using sqlite20:38
*** edmondsw has joined #openstack-keystone20:40
*** lbragstad has joined #openstack-keystone20:40
*** ChanServ sets mode: +o lbragstad20:40
lbragstadadriant: that is failing because you're doing operatings in places where we've blacklisted specific types of schema changes20:42
adriantlbragstad: so where do alters happen?20:42
adriantwhen I originally wrote this I did read through the migration rules you had, I thought alters occurred in the contract stage20:43
lbragstadi think alters can happen in expand20:44
lbragstadwhere additive changes happen during the expand phase20:44
adriantoh?20:44
lbragstadand migration happens during the migrate phase20:44
lbragstadand removals happen during the contract20:44
adriantkk, will shift the code and update the patch20:44
lbragstadadriant: this might help you20:45
lbragstadhttps://docs.openstack.org/keystone/latest/contributor/database-migrations.html20:45
adriant"Contract phase:20:46
adriantOnly contractive schema changes are allowed, such as dropping or altering columns, tables, indices, and triggers."20:46
adriant^ that's what confused me i think20:46
adriantExpand: "Data insertion, modification, and removal is not allowed."  < which I would assume includes alter20:47
lbragstadhuh - we apparently have a contradicting unit test somewhere20:51
adriantthat's what I think may be happening :(20:51
adrianti have weird luck with finding broken unit tests20:52
*** catintheroof has quit IRC20:56
*** nrado has quit IRC21:05
*** gagehugo has quit IRC21:14
*** gagehugo has joined #openstack-keystone21:15
*** rybridges has joined #openstack-keystone21:17
rybridgesHello. I have a quick question about the python-keystoneclient. I am trying to add a user to a role under a project. I am wondering how I can do this in python. Previously on a really old version of the keystone client, I could do: client.tenants.add_user(tenant_name, user_name, role_name)21:19
rybridgesObivously this API does not exist in the newer versions though21:19
rybridgesHow can I do this with the latest keystone clietn21:19
rybridgesclient?21:19
adriantv3 client   client.roles.add21:20
adriantsec, lemme link you21:20
adriantgrant! not add21:21
adriantthat's right21:21
adrianthttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/roles.py#L21121:21
adriantrybridges: ^ that's what you're after21:21
*** rcernin has joined #openstack-keystone21:22
*** raildo has quit IRC21:22
*** edmondsw has quit IRC21:41
*** edmondsw has joined #openstack-keystone21:41
*** edmondsw has quit IRC21:46
*** MasterOfBugs has quit IRC21:46
*** MasterOfBugs has joined #openstack-keystone21:46
lbragstaddims: still around?21:47
openstackgerritLance Bragstad proposed openstack/oslo.policy master: WIP: Add functionality to deprecate policies  https://review.openstack.org/50990921:49
lbragstaddims: ^ that's *super* rough, but i'd like to get some early feedback and see if i'm even headed in the right direction21:50
*** jamesbenson has quit IRC21:51
lbragstadcc hrybacki ^22:00
*** pramodrj07 has joined #openstack-keystone22:04
*** rcernin has quit IRC22:06
*** MasterOfBugs has quit IRC22:07
dims@lbragstad : looking22:11
dims@lbragstad : warnings.warn may be a better way than a LOG.warning. looks good otherwise!22:17
openstackgerritGage Hugo proposed openstack/keystone master: Add database migration for project tags  https://review.openstack.org/48445622:24
openstackgerritGage Hugo proposed openstack/keystone master: Implement backend logic for project tags  https://review.openstack.org/49972622:24
openstackgerritGage Hugo proposed openstack/keystone master: Implement project tags logic into manager  https://review.openstack.org/49972722:24
openstackgerritGage Hugo proposed openstack/keystone master: Implement project tags API controller and router  https://review.openstack.org/49972822:24
*** nkinder has quit IRC22:31
adriantlbragstad, samueldmq: zuul appears to now be passing after I renamed the migration files to include "contract" and such in the file names....22:31
adriantalter is still exactly where it was before22:32
adriantit appears the file naming is important to the tests, and now at least they are consistent with the other migration file names22:32
*** lbragstad has quit IRC22:38
*** jdwidari has quit IRC22:44
*** erlon has quit IRC23:01
*** panbalag has joined #openstack-keystone23:06
adriantsamueldmq: passed now: https://review.openstack.org/#/c/44094123:08
*** panbalag has left #openstack-keystone23:12
*** edmondsw has joined #openstack-keystone23:28
*** edmondsw has quit IRC23:32
*** markvoelker_ has quit IRC23:51
*** pramodrj07 has quit IRC23:56
« Wednesday, 2017-10-04 Index Friday, 2017-10-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!