Thursday, 2018-01-04

« Wednesday, 2018-01-03 Index Friday, 2018-01-05 »
*** daidv has quit IRC00:24
*** awestin1 has joined #openstack-keystone00:35
*** threestrands has joined #openstack-keystone01:55
*** zhurong has joined #openstack-keystone02:14
openstackgerritwangxiyuan proposed openstack/keystone master: Add db operation for unified limit  https://review.openstack.org/52408202:33
openstackgerritwangxiyuan proposed openstack/keystone master: Add limit provider  https://review.openstack.org/52410902:33
openstackgerritwangxiyuan proposed openstack/keystone master: Implement policies for limits  https://review.openstack.org/53014302:33
openstackgerritwangxiyuan proposed openstack/keystone master: Expose unified limit APIs  https://review.openstack.org/52411002:33
*** namnh has joined #openstack-keystone02:47
*** lbragstad has quit IRC04:11
*** gyee has quit IRC04:29
*** nicolasbock has quit IRC04:53
*** zhurong has quit IRC06:47
*** zhurong has joined #openstack-keystone06:52
*** jaosorior has quit IRC07:01
*** jaosorior has joined #openstack-keystone07:11
openstackgerritThomas Bechtold proposed openstack/keystone-tempest-plugin master: Use openstackdocstheme for docs and release notes  https://review.openstack.org/53109707:13
*** jaosorior has quit IRC07:13
*** jaosorior has joined #openstack-keystone07:14
*** jaosorior has quit IRC07:14
*** jaosorior has joined #openstack-keystone07:14
*** sbezverk has quit IRC07:21
*** threestrands has quit IRC07:25
*** annp has joined #openstack-keystone07:27
*** jrist has quit IRC07:29
*** pcaruana has joined #openstack-keystone07:32
*** markvoelker has quit IRC07:55
*** rcernin has quit IRC08:04
*** jrist has joined #openstack-keystone09:13
*** markvoelker has joined #openstack-keystone09:56
*** annp has quit IRC10:12
*** bigjools has quit IRC10:17
*** namnh has quit IRC10:27
*** markvoelker has quit IRC10:30
*** nicolasbock has joined #openstack-keystone11:17
-openstackstatus- NOTICE: zuul seems to have gotten stuck and will probably need a restart, please be patient11:27
*** markvoelker has joined #openstack-keystone11:27
*** openstackstatus has quit IRC11:28
*** openstack has quit IRC11:28
*** openstack has joined #openstack-keystone13:07
*** ChanServ sets mode: +o openstack13:07
*** openstackstatus has joined #openstack-keystone13:09
*** ChanServ sets mode: +v openstackstatus13:09
thewanderer1thanks, that's all I need to authenticate my client I think13:38
openstackgerritwangqiang-bj proposed openstack/keystone master: add response example and 'extra' info of create user  https://review.openstack.org/53115613:53
*** McClymontS has joined #openstack-keystone13:57
*** dansmith has quit IRC14:25
*** McClymontS has quit IRC14:34
*** lbragstad has joined #openstack-keystone14:42
*** ChanServ sets mode: +o lbragstad14:42
*** Suramya has joined #openstack-keystone14:43
-openstackstatus- NOTICE: zuul has been restarted, all queues have been reset. please recheck your patches when appropriate14:47
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to token policies  https://review.openstack.org/52617415:54
lbragstadthis one is pretty easy to ensure we don't raise 500s if enforce_scope = True16:07
lbragstadhttps://review.openstack.org/#/c/530263/16:07
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to endpoint policies  https://review.openstack.org/52569516:08
cmurphyno unit test?16:09
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to region policies  https://review.openstack.org/52569816:12
lbragstadi'll add one quick16:12
*** edmondsw has joined #openstack-keystone16:14
*** nicolasbock has quit IRC16:24
*** nicolasbock has joined #openstack-keystone16:25
*** ChanServ sets mode: -r 16:48
*** thewanderer1 has quit IRC16:51
*** pcaruana has quit IRC16:52
*** sheel has joined #openstack-keystone16:57
kmalloczzzz.17:15
kmalloci am tired.17:15
kmalloclbragstad: +2 on almost all the provider_apis changes17:15
kmallocthe ones that didn't pass test i didn't +217:15
lbragstadsweet17:15
kmalloclbragstad: i almost single approved them, but since some weren't passing, i held off17:15
kmallocthis is an easy change that is low impact17:16
lbragstadright17:16
*** gyee has joined #openstack-keystone17:17
*** spzala has joined #openstack-keystone17:18
*** spzala has quit IRC17:18
kmalloclbragstad: actually, if we don't have anything else in flight...17:20
kmalloclet me push these through17:20
kmalloclbragstad: it'll mean we have ~3 cleanups.17:20
kmallocto land before the end.17:20
lbragstadok17:21
openstackgerritMorgan Fainberg proposed openstack/keystone master: Use keystone.common.provider_api directly in assignment  https://review.openstack.org/52988617:21
kmalloclbragstad: ok all except mine (i rebased it to kick it out of queue) and the merge conflicted one + the failing ones are approved.17:22
kmalloclbragstad: i'll let you +A ^ that rebase if you want to land it now.17:22
lbragstaddone17:26
openstackgerritLance Bragstad proposed openstack/keystone master: Handle InvalidScope exception from oslo.policy  https://review.openstack.org/53026317:30
lbragstadcmurphy: finally got a couple test cases up ^17:30
lbragstadFYI - the system scope stuff is passing because we have an oslo.policy 1.33 now17:31
lbragstadso the rest of that chain should start passing zuul starting at https://review.openstack.org/#/c/515215/17:31
lbragstadi'll be working on cleaning up the add_scope_types patches, too17:32
lbragstadwhich i expect to generate a bunch of discussion17:32
* lbragstad takes lunch to go shovel the driveway17:35
*** raildo has joined #openstack-keystone17:42
kmalloclbragstad: did you raise the minimum in g-r?17:49
kmallocbecause without that we can't land systemscope stuff.17:49
kmallocbut otherwise nice.17:49
kmallochave fun shovelling17:49
*** aojea has joined #openstack-keystone17:49
*** aojea has quit IRC17:52
*** aojea has joined #openstack-keystone17:52
*** aojea has quit IRC17:54
*** aojea has joined #openstack-keystone17:55
*** david-lyle has quit IRC18:00
*** david-lyle has joined #openstack-keystone18:01
*** aojea has quit IRC18:05
*** jdennis has joined #openstack-keystone18:05
jlvillalSo our unit tests in Ironic started breaking this morning: http://logs.openstack.org/67/531167/1/check/openstack-tox-py27/77ed86c/job-output.txt.gz#_2018-01-04_15_13_00_32721218:05
jlvillalSuspect it is the new keystone-middleware requirement change.18:06
jlvillalJust checking if there is a, "Oh when you update you need to do X"18:06
lbragstadjlvillal: do you have a trace from ksm?18:07
lbragstadwe did just release 4.2018:07
jlvillallbragstad: http://logs.openstack.org/67/531167/1/check/openstack-tox-py27/77ed86c/job-output.txt.gz#_2018-01-04_15_13_00_32721218:08
jlvillallbragstad: All the logs are there.18:08
lbragstadyeah - those are unit test logs, i'll dig for ksm logs18:09
jlvillallbragstad: Where would I look on my local system?18:09
jlvillallbragstad: When I do a unit test run.18:10
jlvillalI can reproduce it locally18:10
lbragstadif you have a service running with keystonemiddleware in the pipeline, you should see the logs from ksm in the service logs18:10
jlvillallbragstad: I'm only running unit tests...18:11
*** aojea has joined #openstack-keystone18:12
* lbragstad goes to grab a copy of ironic source18:14
lbragstadjlvillal:  you can reproduce this on master?18:14
openstackgerritColleen Murphy proposed openstack/keystone master: Add expired_at_int column to trusts  https://review.openstack.org/53055018:14
jlvillallbragstad: Yes. I did: $ tox -vvv -e py27 -r18:14
*** aojea has quit IRC18:14
lbragstadawesome - let me give that a shot18:14
jlvillallbragstad: On openstack/ironic master18:14
jlvillallbragstad: I do see this: http://logs.openstack.org/67/531167/1/check/openstack-tox-py27/77ed86c/job-output.txt.gz#_2018-01-04_15_12_39_90702318:15
lbragstadinteresting18:17
lbragstadi am suspicious of something...18:18
jlvillallbragstad: Hopefully not Ironic ;)18:19
lbragstadi ended up with the same tests failing but with a different error http://paste.openstack.org/show/638219/18:19
lbragstadkmalloc: https://review.openstack.org/#/c/530811/18:20
jlvillallbragstad: Verified that it is keystonemiddleware 4.20.0. As running with 4.18.0 it works18:20
kmalloclbragstad: nice.18:20
kmallochm.18:20
*** jroll has joined #openstack-keystone18:20
lbragstadjlvillal: that was bumped this morning https://review.openstack.org/#/c/530380/18:21
kmallocweird on the failure for ksm.18:21
lbragstadi'm wondering what would be causing that18:21
kmallocv2.0 tokens18:21
lbragstadwe didn't change a whole lot between 4.18 and 4.2018:21
kmallocif keystone doesn't have v2.0 enabled....18:21
jlvillallbragstad: jroll had some thoughts. I'll paste some links he shared18:21
kmallocthat will fail18:21
jlvillalhttps://github.com/openstack/ironic/blob/5603a215b726ca465eed2867d830821bb24b1a72/ironic/tests/unit/api/test_acl.py#L51-L5218:21
jroll^^18:21
jlvillalhttps://github.com/openstack/keystonemiddleware/compare/4.18.0...4.20.018:22
jlvillalspecifically https://github.com/openstack/keystonemiddleware/commit/9d8e2836fe7fca186e0380d8a532540ff5cc521518:22
jlvillal"suspect these are related, but unsure"18:22
kmallocoh you're overriding the cache18:22
lbragstadoh - yeah...18:23
kmallocdidn't we nuke the old cache passthrough18:23
lbragstadwe decided to not roll our own cache and use oslo.cache instead18:23
kmallocyeah that'll do it18:23
jrollyep, that was my assumption18:23
jrolllooking for the new config now18:23
lbragstadnice18:23
kmallocwell, we don't support passthrough cache now, right?18:23
kmallocyou'd need to implement a fake-cache backend for dogpile.cache18:23
*** aojea has joined #openstack-keystone18:24
jrollthe dictionary backend might be fine18:24
kmallocdogpile/oslo.cache and pass that in instead of env override.18:24
lbragstadhttps://github.com/openstack/oslo.cache/blob/master/oslo_cache/_opts.py'18:24
kmalloci recommend don't implement anything that leans on private lookup of the dogpile backend(s)18:24
* jroll sees 'dogpile.cache.null'18:25
kmallocdogpile.cache.null does nothing18:25
kmallocso no cache.18:25
jrollexactly18:25
kmallocif that is what you want, use it.18:25
lbragstadthat's essentially your fake.cache18:25
jrollright, sounds equivalent18:25
jrollthanks :)18:25
* jroll spins a patch18:25
lbragstadi did notice something with oslo.policy18:26
lbragstadand ironic18:26
*** aojea has quit IRC18:26
kmallocwait, is fakememcache do nothing with cache or load known data ?18:26
kmallocnull isn't the same as your fake memcache at all18:26
lbragstadwe just made a couple of change to oslo.cache that will allow operators to opt into different enforcement18:26
lbragstadand there is a new attribute of Rule objects called scope_types18:27
kmallocjroll: ^ you're going to need to subclass null and/or dict one and instantiate the values you want if i'm looking at your fakecache correctly18:27
jrollkmalloc: idk what fake.cache did/does, but basically we don't want any cache AIUI18:29
jrollthis is just some unit testing18:29
kmallocjroll: it sets some magic values for lookup18:29
kmallochttps://github.com/openstack/ironic/blob/5603a215b726ca465eed2867d830821bb24b1a72/ironic/tests/unit/api/utils.py#L58-L8218:29
jrollI also don't have my full attention on this at the moment, sorry18:29
jrolloh jeez18:30
kmallocyeah. this is icky, sorry :(18:30
jrollit's okay, you're not in the git blame on this code :P18:30
kmallocyeah, but i was a big pusher for eliminating our terrible custom cache18:30
jrollsounds like a good thing :)18:31
kmallocit is.18:31
kmallocanyway, the quick(est) solution, is roll an oslo.cache backend (simple subclass of the dogpile backends), and set the cache up just like you would in the fake one (the dogpile backend implements get/set/delete/etc from memcache lib) and then load that instead of the null or other ones18:32
kmallocit should mostly be make that fakememcache a dogpile backend (change parent class), and tell KSM to use it as the oslo.cahce backend18:33
jrollyeah, that makes sense18:33
jrollstill the same config option to set there?18:33
kmalloci think that option changed, let me check18:33
lbragstadi think it is this one https://github.com/openstack/oslo.cache/blob/master/oslo_cache/_opts.py#L3618:34
lbragstadsince ksm should expose an option for memcache backends anymore18:34
kmalloclbragstad: ++18:34
lbragstadwe should be just using whatever oslo.cache uses for the backend18:34
kmallocjroll: what lbragstad said.18:34
lbragstadconfiguration option18:34
jrollok cool, thanks18:34
kmallocyou might need to implement stub defs for "delete, set_multi, get_multi, and delete_multi"18:35
kmallocbut that is super straightforward18:35
lbragstadkmalloc: another relatively easy patch https://review.openstack.org/#/c/530263/218:36
jrollkmalloc: yep, seeing that now. thanks18:36
kmalloclbragstad: done.18:37
lbragstadkmalloc: thanks18:38
*** sheel has quit IRC19:06
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to service policies  https://review.openstack.org/52569619:48
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to identity provider policies  https://review.openstack.org/52614519:57
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to identity provider policies  https://review.openstack.org/52614519:57
*** Suramya has quit IRC20:02
*** spzala has joined #openstack-keystone20:04
*** nicolasbock has quit IRC20:13
*** raildo has quit IRC20:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to service provider policies  https://review.openstack.org/52617320:16
*** dave-mccowan has joined #openstack-keystone20:18
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to mapping policies  https://review.openstack.org/52570120:24
*** raildo has joined #openstack-keystone20:26
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to token policies  https://review.openstack.org/52617420:34
*** gagehugo has quit IRC20:39
*** edmondsw has quit IRC20:54
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to policy association policies  https://review.openstack.org/52619520:54
*** raildo has quit IRC20:56
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to role policies  https://review.openstack.org/52570321:00
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to project endpoint policies  https://review.openstack.org/52616021:04
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to protocol policies  https://review.openstack.org/52616121:11
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types for revoke event policies  https://review.openstack.org/52619821:16
*** McClymontS has joined #openstack-keystone21:18
*** McClymontS has quit IRC21:19
*** edmondsw has joined #openstack-keystone21:19
openstackgerritColleen Murphy proposed openstack/keystone master: Add expired_at_int column to trusts  https://review.openstack.org/53055021:28
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to implied role policies  https://review.openstack.org/52619321:33
*** threestrands has joined #openstack-keystone21:35
*** threestrands has quit IRC21:35
*** threestrands has joined #openstack-keystone21:35
*** panbalag has joined #openstack-keystone21:42
*** sbezverk has joined #openstack-keystone21:43
*** panbalag has left #openstack-keystone21:47
cmurphyhow to i register a callback for a role assignment removal? http://paste.openstack.org/show/638427/ does not work21:49
lbragstadcmurphy: you have that in the application credential manager somewhere?21:53
cmurphylbragstad: yeah let me just push what i have21:54
lbragstadcool - i'll take a look21:54
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials db migration  https://review.openstack.org/52492721:56
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credentials driver  https://review.openstack.org/52492821:56
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474721:56
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/52442321:56
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credential auth plugin  https://review.openstack.org/52534621:56
cmurphylbragstad: https://review.openstack.org/#/c/524747/13/keystone/application_credential/core.py21:56
cmurphythe logs say it's registered - Callback: `keystone.application_credential.core.Manager._delete_app_creds_on_assignment_removal` subscribed to event `identity.role_assignment.deleted`21:57
cmurphyand the docs make me think identity.role_assignment.deleted is the right thing21:57
cmurphybut it doesn't do anything21:57
lbragstadhmm21:58
lbragstadmaybe you need @notifications.listener wrapping the Manager21:59
lbragstadlike we do with the assignment manager21:59
cmurphyoh okay21:59
lbragstadlooks like we use that for identity and assignment managers22:00
lbragstadthe docs strings for the listener make it seem required22:01
cmurphyit works fine for the user deleted notification though22:02
cmurphyit wants an events_callback attribute AttributeError: 'ApplicationCredential' object has no attribute 'event_callbacks'22:02
cmurphythe self.event_callbacks in the assignment manager doesn't seem totally related22:02
lbragstadprobably like this? https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L25622:03
lbragstadchecking the assignment manager22:04
*** jose-phillips has quit IRC22:05
cmurphyoh i might get it22:05
lbragstadthe event_callbacks bit looks ok to me in the assignment manager22:05
lbragstaddoes something seem off there?22:06
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474722:09
cmurphythis is what i tried ^ but no difference22:09
lbragstadcmurphy: is this failing a test?22:09
*** jose-phillips has joined #openstack-keystone22:10
cmurphylbragstad: it's not invoking the callback function when i remove a role assignment22:10
*** rcernin has joined #openstack-keystone22:12
lbragstadchecking it out locally quick22:13
lbragstadcmurphy: hmm22:15
lbragstadbah22:15
* lbragstad pulls https://review.openstack.org/#/c/530550/22:15
*** jose-phillips has quit IRC22:22
*** jistr has quit IRC22:29
*** jose-phillips has joined #openstack-keystone22:30
cmurphylbragstad: ah i figured it out, the role assignment notifier only does audit notifications, it doesn't do http://git.openstack.org/cgit/openstack/keystone/tree/keystone/notifications.py#n40522:31
lbragstadbah.. it has to be cadf22:31
lbragstadright?22:31
lbragstadhttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/notifications.py#n75422:32
lbragstadi just saw ^22:32
lbragstadwhich looks like is responsible for notification.role_assignment things22:32
lbragstadnotifications.role_assignment*22:33
cmurphyyeah, it's different from the regular ones22:33
lbragstadhmm22:35
lbragstadwe default to cadf though?22:35
cmurphyit's still cadf it's just normal notifications do http://git.openstack.org/cgit/openstack/keystone/tree/keystone/notifications.py#n383 but role assignments do http://git.openstack.org/cgit/openstack/keystone/tree/keystone/notifications.py#n66222:42
cmurphyi think i understand enough to work it out now22:42
*** nicolasbock has joined #openstack-keystone22:44
*** jose-phillips has quit IRC22:51
*** jose-phillips has joined #openstack-keystone22:54
*** edmondsw has quit IRC22:56
*** edmondsw has joined #openstack-keystone22:57
*** edmondsw has quit IRC23:01
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials manager  https://review.openstack.org/52474723:04
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/52442323:04
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Add application credential auth plugin  https://review.openstack.org/52534623:04
*** mvk has joined #openstack-keystone23:05
*** dave-mccowan has quit IRC23:05
*** gutter has joined #openstack-keystone23:06
*** dave-mccowan has joined #openstack-keystone23:06
*** gutter has quit IRC23:14
*** jistr has joined #openstack-keystone23:19
*** dave-mccowan has quit IRC23:31
*** mtreinish has quit IRC23:39
*** mtreinish has joined #openstack-keystone23:42
*** jistr has quit IRC23:54
*** jistr has joined #openstack-keystone23:55
*** nicolasbock has quit IRC23:58
« Wednesday, 2018-01-03 Index Friday, 2018-01-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!