Friday, 2017-12-29

« Thursday, 2017-12-28 Index Saturday, 2017-12-30 »
*** markvoelker has joined #openstack-keystone00:20
*** markvoelker has quit IRC00:24
*** itlinux has joined #openstack-keystone00:41
*** harlowja has joined #openstack-keystone00:54
*** edmondsw has joined #openstack-keystone01:20
*** markvoelker has joined #openstack-keystone01:21
*** AlexeyAbashkin has joined #openstack-keystone01:22
*** edmondsw has quit IRC01:25
*** markvoelker has quit IRC01:25
*** AlexeyAbashkin has quit IRC01:27
*** daidv-xmas has quit IRC01:27
*** daidv_ has joined #openstack-keystone01:27
*** daidv has joined #openstack-keystone01:27
openstackgerritMerged openstack/keystone master: Remove rolling_upgrade_password_hash_compat  https://review.openstack.org/52733701:43
*** zhurong has joined #openstack-keystone01:43
*** kmalloc has quit IRC01:53
*** kmalloc has joined #openstack-keystone01:53
*** betherly has quit IRC01:53
*** betherly has joined #openstack-keystone01:55
*** namnh has joined #openstack-keystone02:01
*** daidv_ has quit IRC02:03
openstackgerritwangxiyuan proposed openstack/keystone master: Fix list users by name  https://review.openstack.org/52991402:09
openstackgerritwangxiyuan proposed openstack/keystone master: Remove duplicated release note  https://review.openstack.org/52990002:11
lbragstadwxy: o/02:15
wxylbragstad: hi02:15
lbragstadwxy: how goes it?02:15
wxylbragstad: fine. New year will coming. We'll three-day holiday in China.02:16
lbragstadwxy: you'll be out early next week?02:17
wxyI'll back on Tuesday next week.02:18
lbragstadcool - same here02:18
lbragstadi'll get to the unified limit reviews again tomorrow or over the weekend02:18
wxylbragstad: That' cool. I just want to make the patches better today. Such as some points on "project_id", "region_id is None".02:20
lbragstadgood deal02:20
lbragstadthey are looking good02:20
lbragstadcertainly ready for more eyes02:20
*** markvoelker has joined #openstack-keystone02:21
openstackgerritwangxiyuan proposed openstack/keystone master: Fix list users by name  https://review.openstack.org/52991402:26
*** markvoelker has quit IRC02:26
*** harlowja has quit IRC02:41
lbragstadwxy: is there anything i can help without side of reviews?02:41
*** zhurong has quit IRC02:50
wxylbragstad: everything goes well now. :) Thanks for your help.02:52
lbragstadno problem!02:55
*** edmondsw has joined #openstack-keystone03:08
*** edmondsw has quit IRC03:13
*** harlowja has joined #openstack-keystone03:33
*** gagehugo has quit IRC03:52
*** gagehugo has joined #openstack-keystone03:53
*** kmalloc has quit IRC03:53
*** gagehugo has quit IRC04:08
*** markvoelker has joined #openstack-keystone04:23
*** harlowja has quit IRC04:24
*** markvoelker has quit IRC04:27
*** Suramya has joined #openstack-keystone04:40
*** AlexeyAbashkin has joined #openstack-keystone04:46
*** AlexeyAbashkin has quit IRC04:50
*** edmondsw has joined #openstack-keystone04:56
*** edmondsw has quit IRC05:01
*** itlinux has quit IRC05:15
*** zhurong has joined #openstack-keystone05:21
*** markvoelker has joined #openstack-keystone05:23
*** markvoelker has quit IRC05:28
openstackgerritSuramya proposed openstack/keystone master: Re-organize api-ref: v3 inherit.inc  https://review.openstack.org/52982305:32
*** BenderRodriguez has joined #openstack-keystone05:54
*** markvoelker has joined #openstack-keystone06:24
*** markvoelker has quit IRC06:29
*** edmondsw has joined #openstack-keystone06:44
*** edmondsw has quit IRC06:49
*** zhurong has quit IRC07:03
*** magicboiz has joined #openstack-keystone07:24
*** markvoelker has joined #openstack-keystone07:25
*** magicboiz has quit IRC07:29
*** markvoelker has quit IRC07:29
*** magicboiz has joined #openstack-keystone07:41
*** zhurong has joined #openstack-keystone08:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials db migration  https://review.openstack.org/52492708:17
*** AlexeyAbashkin has joined #openstack-keystone08:23
*** edmondsw has joined #openstack-keystone08:32
*** edmondsw has quit IRC08:37
*** gagehugo has joined #openstack-keystone08:59
*** zhurong has quit IRC09:14
*** markvoelker has joined #openstack-keystone09:26
*** markvoelker has quit IRC09:31
*** daidv has quit IRC10:09
*** namnh has quit IRC10:14
*** edmondsw has joined #openstack-keystone10:20
*** edmondsw has quit IRC10:25
*** aojea has joined #openstack-keystone10:30
*** aojea has quit IRC11:10
*** markvoelker has joined #openstack-keystone11:27
*** AlexeyAbashkin has quit IRC11:28
*** AlexeyAbashkin has joined #openstack-keystone11:29
*** markvoelker has quit IRC11:32
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3 os-pki  https://review.openstack.org/53045911:44
*** aojea has joined #openstack-keystone11:49
*** annp has quit IRC12:03
*** edmondsw has joined #openstack-keystone12:08
*** edmondsw has quit IRC12:13
*** raildo has joined #openstack-keystone12:31
*** aojea has quit IRC12:39
*** nicolasbock has joined #openstack-keystone13:02
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3 policies  https://review.openstack.org/53046613:06
*** jistr has quit IRC13:14
*** jistr has joined #openstack-keystone13:16
*** magicboiz has quit IRC13:25
*** markvoelker has joined #openstack-keystone13:28
*** markvoelker has quit IRC13:32
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3 regions-v3  https://review.openstack.org/53046913:55
*** edmondsw has joined #openstack-keystone13:57
*** edmondsw has quit IRC14:01
lbragstadSuramya: o/14:35
lbragstadSuramya: thanks for the patches on the api-ref14:36
Suramyalbragstad o/ working on more :D14:37
Suramyalbragstad: but why is the build for api-ref failing for many in zuul ?14:40
lbragstadSuramya: there was something wrong with the job14:48
lbragstadinfra merged a patch yesterday that fixed it14:48
lbragstadhttps://review.openstack.org/#/c/530087/14:49
lbragstadsince that patch merged, you shouldn't be seeing the api ref job failing as much14:50
lbragstadcmurphy: i was tinkering around with system-scope and horizon last night14:52
lbragstadcmurphy: what are your opinions on having a GET /v3/auth/projects API for system scope?14:52
Suramyalbragstad: yes,thats great.14:55
lbragstadSuramya: i think two patches are failing because we're changing the section header, but not updating index.rst15:00
lbragstadi left a comment here https://review.openstack.org/#/c/530459/1/api-ref/source/v3/os-pki.inc trying to show what i mean15:00
Suramyalbragstad: oh yes I get it. Sending the patches for it soon.15:01
lbragstadotherwise i think those patches look great15:02
cmurphylbragstad: what would that look like?15:03
cmurphylike GET /v3/auth/system -> true/false maybe?15:03
lbragstadcmurphy: yeah - maybe similar to how we relaying system scope in authentication responses?15:04
lbragstad{"system": {"all": true}}15:04
lbragstadso that we can build it out later if needed15:04
lbragstadbut i hit an issue yesterday working with horizon15:04
cmurphyi think having that makes sense15:05
lbragstadwhich uses the GET /auth/projects and GET /auth/domains APIs heavily15:05
cmurphyyeah it does15:05
lbragstadbut GET /v3/role_assignments requires elevated privileges15:05
lbragstadi should be able to wip that up today15:09
cmurphycool15:10
openstackgerritLance Bragstad proposed openstack/keystone master: Reorganize api-ref: v3-ext federation projects-domains  https://review.openstack.org/50700815:15
*** markvoelker has joined #openstack-keystone15:29
*** markvoelker has quit IRC15:33
*** edmondsw has joined #openstack-keystone15:45
*** edmondsw has quit IRC15:49
*** AlexeyAbashkin has quit IRC15:58
*** aojea has joined #openstack-keystone16:18
*** aojea_ has joined #openstack-keystone16:23
*** aojea has quit IRC16:26
*** aojea has joined #openstack-keystone16:28
*** aojea_ has quit IRC16:31
*** aojea_ has joined #openstack-keystone16:33
*** aojea_ has quit IRC16:35
*** aojea has quit IRC16:36
*** itlinux_ has joined #openstack-keystone16:42
*** jmlowe has quit IRC16:50
*** kmalloc has joined #openstack-keystone16:50
*** AlexeyAbashkin has joined #openstack-keystone17:27
*** markvoelker has joined #openstack-keystone17:30
*** AlexeyAbashkin has quit IRC17:31
*** edmondsw has joined #openstack-keystone17:33
*** markvoelker has quit IRC17:34
*** edmondsw has quit IRC17:38
openstackgerritLance Bragstad proposed openstack/keystone master: Implement GET /v3/auth/system  https://review.openstack.org/53049017:38
itlinux_hello all .. I am getting this error any tips on how to fix it .."There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. fill_context /usr/lib/python2.7/site-packages/keystone/middleware/auth.py:203"17:54
itlinux_thanks17:54
openstackgerritLance Bragstad proposed openstack/keystone master: Implement GET /v3/auth/system  https://review.openstack.org/53049017:55
lbragstaditlinux_: i don't think that it an error - it's just a strangely worded log message17:55
itlinux_ok thanks17:55
lbragstaditlinux_: https://review.openstack.org/#/c/514810/17:56
lbragstadwe've removedit17:56
itlinux_ok..17:56
itlinux_super..17:57
lbragstadso - you shouldn't be seeing that anymore once you start working with queens17:57
lbragstad(it caused more confusion than clarity)17:57
itlinux_ok.. thanks much appreciated..17:57
lbragstadanytime17:57
itlinux_one more question since you are so nice and I wish you the best New Year.. btw..17:58
itlinux_adding a new domain..17:59
itlinux_openstack domain create domain.com17:59
itlinux_I have the file already in teh /etc/keystone/domains17:59
itlinux_this is a second domain the first worsk..17:59
itlinux_works17:59
itlinux_so I copy and changed the info to point to the new one but when I do openstack user list --domain domain.com i do not see any resuts..18:00
itlinux_ok I got it working ciao18:05
lbragstadsorry - just saw this, what was the problem?18:20
*** itlinux_ has quit IRC18:36
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials db migration  https://review.openstack.org/52492718:58
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials driver  https://review.openstack.org/52492818:58
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474718:58
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/52442318:58
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credential auth plugin  https://review.openstack.org/52534618:58
openstackgerritColleen Murphy proposed openstack/keystone master: Deprecate [trust]/enabled option  https://review.openstack.org/53050118:58
kmalloccmurphy: re "get_role_by_name", suggest always returning a list instead of 200/3xx19:09
kmalloccmurphy: +1 for it as is, will upgrade to +2 if lbragstad says he really wants this version.19:10
*** edmondsw has joined #openstack-keystone19:21
*** edmondsw has quit IRC19:25
cmurphykmalloc: why a list?19:26
kmalloccmurphy: because roles are non-unique by name19:26
kmallocso, for consistency, i would always return a list of matching roles19:27
cmurphykmalloc: well then i would have to change the name to get_roles_19:27
kmallocfair enough19:28
cmurphyif a list is wanted then list_roles should be used19:28
kmalloci don't see this as valuable as implemented19:28
kmallocwhen you get a 3xx in many cases suported by the APIs and design19:28
kmallocthis feels like a case where you're mostly expecting a list_roles?name=XXXX19:29
kmallocsimply because the 3xx case is likely very common19:29
kmallocagian, i +1'd and will upgrade to +2 with not-too-much-convincing19:29
cmurphykmalloc: it's not raising 3xx it's raising 4xx ?19:29
kmallocambiguous is 3xx, no?19:30
cmurphyit's bad request19:30
kmalloc.AmbiguityError is 400?19:30
*** markvoelker has joined #openstack-keystone19:31
kmallocah it's validation19:31
kmallocthen i am more strongly -1 on this19:31
kmallocvs +1.19:31
kmallocthe request shouldn't be bad because the store has multiple matches19:31
kmallocthere is nothing the user can do to correct the request to a 200 in that case19:32
kmallocthat feels like the wrong reason for a 400 error.19:33
cmurphyokay, well the background is i wanted to copy and paste this chunk from the trust controller https://review.openstack.org/#/c/530267/5/keystone/trust/controllers.py into the application credential controller and i wanted to avoid repeating myself19:33
cmurphyso maybe there's a better way to do that? put it in a utils module?19:33
kmallocah.19:33
kmallochm.19:33
kmallocwait, this isn't going to be a public API?19:34
* kmalloc might be mis-reading this.19:34
kmalloci was thinking about this from a REST fronting it as well19:34
cmurphyit's not its own roles api but it would be sort of a sub-function of the app cred api19:34
kmalloci would rename the function to "get_unique_role_by_name"19:34
cmurphysince you specify roles in your create request19:34
*** Suramya has quit IRC19:34
cmurphyokay19:34
kmallocand i think it solves my concern19:35
cmurphyyay19:35
cmurphythat's easy19:35
kmallocit clearly shows by name that it's not meant to handle the multiple-matching-roles case19:35
*** markvoelker has quit IRC19:35
kmallocand then +2 from me :) easy.19:35
kmallocit could also be a private function if it is only ever called by _normalize.19:36
openstackgerritColleen Murphy proposed openstack/keystone master: Implement get_role_by_name  https://review.openstack.org/53026719:37
cmurphyi could make it private19:38
*** raildo has quit IRC19:38
*** itlinux has joined #openstack-keystone19:38
kmallocwouldn't change my score. was just a side thought19:38
kmalloccmurphy: +2, and will +A as soon as zuul checks in19:39
cmurphyi don't really feel like it's a private thing, it's being called by other modules in keystone using the provider_api thing19:39
kmallocsince the change is not material (code/functionality) from when lbragstad +2'd19:39
openstackgerritColleen Murphy proposed openstack/keystone master: Implement get_unique_role_by_name  https://review.openstack.org/53026719:39
cmurphyfixed the commit msg ^19:39
kmallocre-+2'd19:40
kmalloc;)19:40
cmurphyty19:40
kmallocfeel free to self +A if I am not around (I'll comment on the patch to this effect as well).19:40
*** jmlowe has joined #openstack-keystone19:45
*** jmlowe has quit IRC19:49
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Add system role functionality  https://review.openstack.org/52441519:59
*** markvoelker has joined #openstack-keystone20:31
*** markvoelker has quit IRC20:36
cmurphykmalloc: lbragstad is DateTimeInt the way forward for all our datetime columns now? should the trust table be using it?20:53
lbragstadprobably - i think the last time we talked about it DateTImeInt was the best we could do to avoid the timestamp issues with mysql20:54
lbragstadafaict we were going to gradually move the rest of the datetime instances we use in keystone to it20:54
cmurphyokay i guess i need to do that for trusts first so i can use it in app creds20:56
lbragstaddoes anyone else ever get to the point where their brain starts falling out of their ears when hacking on a devstack?21:07
*** edmondsw has joined #openstack-keystone21:09
*** jmlowe has joined #openstack-keystone21:11
lbragstadi think i've finally got a devstack environment installed locally with all the necessary bits to demo system scope21:11
cmurphy\o/21:12
lbragstadi have about 40 patches installed locally, it's a total franken-stack21:13
cmurphyha21:13
*** edmondsw has quit IRC21:13
lbragstadlol just a mess21:13
*** jmlowe has quit IRC21:16
*** jmlowe has joined #openstack-keystone21:37
*** AlexeyAbashkin has joined #openstack-keystone22:21
*** AlexeyAbashkin has quit IRC22:25
*** nicolasbock has quit IRC22:26
openstackgerritColleen Murphy proposed openstack/keystone master: Implement get_unique_role_by_name  https://review.openstack.org/53026722:31
*** jose-phillips has quit IRC22:34
*** nicolasbock has joined #openstack-keystone22:39
*** edmondsw has joined #openstack-keystone22:57
*** edmondsw has quit IRC23:02
*** markvoelker has joined #openstack-keystone23:34
*** markvoelker has quit IRC23:39
*** Faster-Fanboi has joined #openstack-keystone23:58
« Thursday, 2017-12-28 Index Saturday, 2017-12-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!