Tuesday, 2018-01-23

« Monday, 2018-01-22 Index Wednesday, 2018-01-24 »
*** r-daneel has quit IRC00:01
*** itlinux has quit IRC00:03
*** mancdaz has quit IRC00:12
*** robcresswell has quit IRC00:12
*** mancdaz has joined #openstack-keystone00:14
*** AlexeyAbashkin has joined #openstack-keystone00:16
*** AlexeyAbashkin has quit IRC00:21
*** prashkre_ has joined #openstack-keystone00:22
*** gongysh has joined #openstack-keystone00:35
*** dikonoor has quit IRC00:38
*** daidv has quit IRC00:39
*** daidv has joined #openstack-keystone00:39
*** blake has joined #openstack-keystone00:45
*** zhurong has joined #openstack-keystone00:48
*** deepak_ has quit IRC00:52
*** sambetts|afk has quit IRC00:54
*** sambetts_ has joined #openstack-keystone00:54
*** d0ugal has quit IRC00:55
*** lbragstad has quit IRC00:57
*** Dinesh_Bhor has joined #openstack-keystone00:58
*** Dinesh_Bhor has quit IRC00:59
*** d0ugal has joined #openstack-keystone00:59
*** deepak_ has joined #openstack-keystone01:03
*** zhurong has quit IRC01:13
*** prashkre_ has quit IRC01:20
*** gongysh has quit IRC01:21
*** Dinesh_Bhor has joined #openstack-keystone01:23
*** prashkre_ has joined #openstack-keystone01:26
openstackgerritMerged openstack/oslo.policy master: Render deprecated policy names when generating files  https://review.openstack.org/53268501:28
*** blake has quit IRC01:33
*** aselius has quit IRC01:35
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Remove foreign key for registered limit  https://review.openstack.org/53664401:59
*** efried_back_wed has quit IRC02:06
*** robcresswell has joined #openstack-keystone02:09
*** panbalag has joined #openstack-keystone02:13
*** lbragstad has joined #openstack-keystone02:14
*** ChanServ sets mode: +o lbragstad02:14
*** gongysh has joined #openstack-keystone02:15
*** prashkre_ has quit IRC02:19
*** efried_back_wed has joined #openstack-keystone02:19
*** harlowja has quit IRC02:27
*** annp has joined #openstack-keystone02:28
*** panbalag has left #openstack-keystone02:32
*** dikonoor has joined #openstack-keystone03:03
lbragstadwxy: you have another patch set for the FK removal bit for unified limits, right?03:07
wxylbragstad: yes. I'm debugging now. Will update it right now.03:08
lbragstadwxy: no worries - just checking :)03:08
*** panbalag has joined #openstack-keystone03:14
*** panbalag has left #openstack-keystone03:14
*** dave-mcc_ has quit IRC03:16
*** gongysh has quit IRC03:18
openstackgerritwangxiyuan proposed openstack/keystone master: Remove foreign key for registered limit  https://review.openstack.org/53664403:23
*** gongysh has joined #openstack-keystone03:24
openstackgerritwangxiyuan proposed openstack/keystone master: Remove foreign key for registered limit  https://review.openstack.org/53664403:25
*** annp has quit IRC03:29
*** daidv has quit IRC03:30
*** blake has joined #openstack-keystone03:41
*** daidv has joined #openstack-keystone03:44
*** annp has joined #openstack-keystone03:47
*** gongysh has quit IRC03:55
*** blake has quit IRC03:58
openstackgerritMerged openstack/keystone master: Move token_formatter to token  https://review.openstack.org/52753803:59
*** sapd_ has quit IRC04:02
*** sapd_ has joined #openstack-keystone04:02
*** links has joined #openstack-keystone04:02
*** links has quit IRC04:07
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add Response class to return request-id to caller  https://review.openstack.org/32991304:14
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3)  https://review.openstack.org/26745604:14
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800304:17
*** links has joined #openstack-keystone04:19
*** gongysh has joined #openstack-keystone04:24
*** annp has quit IRC04:28
*** daidv has quit IRC04:28
*** annp has joined #openstack-keystone04:28
*** daidv has joined #openstack-keystone04:28
*** david-lyle has quit IRC04:30
*** dklyle has joined #openstack-keystone04:31
*** blake has joined #openstack-keystone04:31
*** dikonoor has quit IRC04:33
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add release notes for return-request-id-to-caller  https://review.openstack.org/27664404:35
*** gongysh has quit IRC04:47
*** dikonoor has joined #openstack-keystone05:02
*** vish_18 has joined #openstack-keystone05:03
*** gmann has joined #openstack-keystone05:03
*** links has quit IRC05:06
vish_18lbragstad: Hello05:06
*** links has joined #openstack-keystone05:08
*** harlowja has joined #openstack-keystone05:12
*** harlowja has quit IRC05:13
*** pcaruana has joined #openstack-keystone05:24
*** zhurong has joined #openstack-keystone05:29
*** pcaruana has quit IRC05:36
*** gongysh has joined #openstack-keystone05:40
*** prashkre has joined #openstack-keystone05:46
*** dikonoor has quit IRC05:46
openstackgerritlei zhang proposed openstack/keystone master: Remove the deprecated "giturl" option  https://review.openstack.org/53346605:51
*** prashkre_ has joined #openstack-keystone05:55
*** prashkre has quit IRC05:55
*** jaosorior has quit IRC05:57
*** jaosorior has joined #openstack-keystone05:57
*** dikonoor has joined #openstack-keystone05:58
*** Dinesh_Bhor has quit IRC06:06
*** Dinesh_Bhor has joined #openstack-keystone06:06
*** prashkre_ has quit IRC06:13
openstackgerritwangxiyuan proposed openstack/keystone master: Add api-ref for unified limits  https://review.openstack.org/53568806:20
*** blake has quit IRC06:42
openstackgerritwangxiyuan proposed openstack/keystone master: Remove foreign key for registered limit  https://review.openstack.org/53664406:47
*** itlinux has joined #openstack-keystone06:56
*** itlinux has quit IRC06:59
openstackgerritCHARLES WANG proposed openstack/keystone master: Delete users before deleting domains  https://review.openstack.org/50634007:03
openstackgerritCHARLES WANG proposed openstack/keystone master: Delete users before deleting domains  https://review.openstack.org/50634007:05
*** jrist has quit IRC07:15
*** itlinux has joined #openstack-keystone07:27
*** pcaruana has joined #openstack-keystone07:33
*** rha has quit IRC07:44
*** jrist has joined #openstack-keystone07:53
*** itlinux has quit IRC07:58
*** pcaruana has quit IRC07:58
*** rcernin has quit IRC08:00
*** AlexeyAbashkin has joined #openstack-keystone08:05
*** tesseract has joined #openstack-keystone08:09
*** pcaruana has joined #openstack-keystone08:13
openstackgerritGao Fei proposed openstack/keystone master: Replace Chinese punctuation with English punctuation  https://review.openstack.org/53670908:15
*** sapd_ has quit IRC08:16
*** sapd_ has joined #openstack-keystone08:16
*** abhishek has quit IRC08:27
*** sxc731 has joined #openstack-keystone08:35
*** daidv has quit IRC08:38
*** annp has quit IRC08:38
*** annp has joined #openstack-keystone08:38
*** daidv has joined #openstack-keystone08:38
*** itlinux has joined #openstack-keystone08:46
*** sxc731 has quit IRC08:47
*** abhi89 has joined #openstack-keystone08:47
openstackgerritColleen Murphy proposed openstack/python-keystoneclient master: Add CRUD support for application credentials  https://review.openstack.org/53496509:09
*** itlinux has quit IRC09:12
*** mvk has quit IRC09:26
*** dikonoo has joined #openstack-keystone09:31
*** tesseract-RH has joined #openstack-keystone09:33
*** tesseract-RH has quit IRC09:34
*** dikonoor has quit IRC09:34
*** tesseract-RH has joined #openstack-keystone09:35
*** tesseract has quit IRC09:37
*** Dinesh_Bhor has quit IRC09:48
*** Dinesh_Bhor has joined #openstack-keystone09:49
*** Dinesh_Bhor has quit IRC09:49
*** abhi89 has quit IRC09:54
*** jaosorior has quit IRC09:55
*** markvoelker has quit IRC09:59
*** mvk has joined #openstack-keystone09:59
*** zhurong has quit IRC10:11
*** itlinux has joined #openstack-keystone10:15
*** dikonoo has quit IRC10:26
*** zhurong has joined #openstack-keystone10:30
*** sambetts_ is now known as sambetts10:32
*** timothyb89 has quit IRC10:32
*** timothyb89 has joined #openstack-keystone10:33
*** itlinux has quit IRC10:47
*** itlinux has joined #openstack-keystone10:53
*** jaosorior has joined #openstack-keystone10:53
openstackgerritKairat Kushaev proposed openstack/keystoneauth master: replace lxml with defusedxml  https://review.openstack.org/53676110:55
*** mvk has quit IRC11:02
*** annp has quit IRC11:03
*** AlexeyAbashkin has quit IRC11:06
*** itlinux has quit IRC11:07
*** mvk has joined #openstack-keystone11:15
*** dikonoo has joined #openstack-keystone11:18
*** AlexeyAbashkin has joined #openstack-keystone11:23
*** gongysh has quit IRC11:36
*** itlinux has joined #openstack-keystone11:45
*** tesseract-RH has quit IRC11:52
*** mvenesio has joined #openstack-keystone11:54
*** markvoelker has joined #openstack-keystone12:00
*** raildo has joined #openstack-keystone12:04
*** zhurong has quit IRC12:05
*** nicolasbock has joined #openstack-keystone12:22
*** markvoelker has quit IRC12:33
*** tesseract-RH has joined #openstack-keystone12:47
openstackgerritColleen Murphy proposed openstack/keystone master: Add api-ref for application credentials  https://review.openstack.org/53374412:49
openstackgerritColleen Murphy proposed openstack/keystone master: Enable application_credential auth by default  https://review.openstack.org/53546912:49
openstackgerritColleen Murphy proposed openstack/keystone master: Impose limits on application credentials  https://review.openstack.org/53654312:49
openstackgerritColleen Murphy proposed openstack/keystone master: Add a release note for application credentials  https://review.openstack.org/53549312:49
*** tesseract-RH has quit IRC12:54
*** tesseract has joined #openstack-keystone12:55
*** zhurong has joined #openstack-keystone12:57
*** zhurong has quit IRC13:14
*** dims has quit IRC13:22
*** alex_xu has quit IRC13:24
*** dims has joined #openstack-keystone13:25
*** alex_xu has joined #openstack-keystone13:27
*** markvoelker has joined #openstack-keystone13:31
lbragstadvish_18: o/13:37
evrardjpgood morning for those who see the sun rising now.13:38
lbragstadmorning!13:39
evrardjpI haven't forgotten the memcached issue. Just saying.13:40
evrardjp:D13:40
*** edmondsw has joined #openstack-keystone13:49
openstackgerritLance Bragstad proposed openstack/keystone master: Teach TokenFormatter how to handle system scope  https://review.openstack.org/52533013:50
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scope in the token provider API  https://review.openstack.org/52536013:50
openstackgerritLance Bragstad proposed openstack/keystone master: Introduce assertions for system-scoped token testing  https://review.openstack.org/52803713:50
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scoped tokens  https://review.openstack.org/52568713:50
openstackgerritLance Bragstad proposed openstack/keystone master: Add release note for system-scope  https://review.openstack.org/52803913:50
openstackgerritLance Bragstad proposed openstack/keystone master: Update documentation to reflect system-scope  https://review.openstack.org/53013313:50
openstackgerritLance Bragstad proposed openstack/keystone master: Grant admin a role on the system during bootstrap  https://review.openstack.org/53041013:50
openstackgerritLance Bragstad proposed openstack/keystone master: Implement GET /v3/auth/system  https://review.openstack.org/53049013:50
*** panbalag has joined #openstack-keystone13:52
*** panbalag has quit IRC13:56
*** markvoelker has quit IRC14:04
*** links has quit IRC14:05
*** dave-mccowan has joined #openstack-keystone14:10
evrardjplp is very slow today...14:11
*** dave-mcc_ has joined #openstack-keystone14:12
*** melwitt has quit IRC14:12
*** panbalag has joined #openstack-keystone14:14
*** melwitt has joined #openstack-keystone14:14
*** dave-mccowan has quit IRC14:15
lbragstadevrardjp: are you guys moving to storyboard?14:19
*** dklyle has quit IRC14:22
evrardjpI thought about it.14:23
evrardjpit changes our processes, and things like that. I don't have an incentive to do so for now, but that might change.14:23
evrardjpcmurphy: hello, you might want to have a look at this: https://bugs.launchpad.net/keystone/+bug/1744948 :)14:24
openstackLaunchpad bug 1744948 in OpenStack Identity (keystone) "allow_application_credential_creation contraint issue with suse + mariadb 10.2" [Undecided,New]14:24
cmurphyevrardjp: heh mchandras just told me14:25
evrardjpcmurphy: don't tell anyone sometimes we talk together!14:25
evrardjp:D14:25
cmurphywill look at it today14:25
evrardjpthanks.14:28
*** wxy| has joined #openstack-keystone14:28
wxy|lbragstad: cmurphy: if remove the dependence of FK patch. Some tests will fail. Such as https://review.openstack.org/#/c/524109/40/keystone/tests/unit/limit/test_backends.py@37114:29
wxy|it relays on FKs which is disabled by default in sqlite14:30
cmurphy:(14:30
wxy|maybe we can add skip decorator for these kind of tests at this moment?14:31
cmurphyi would be okay with that14:31
lbragstadcan we test that it doesn't fail with something other than SQLite?14:34
cmurphyi'm not 100% sure but i think those backend tests only run on sqlite, it's only the upgrade tests that can run on mysql and pg14:36
*** mvk has quit IRC14:37
lbragstadi think you're right...14:37
wxy|yeah. It's hard coding to use sqlite AFAIK.14:37
lbragstadi've run them locally before14:37
openstackgerritwangxiyuan proposed openstack/keystone master: Remove foreign key for registered limit  https://review.openstack.org/53664414:39
*** wxy| has quit IRC14:41
*** markvoelker has joined #openstack-keystone14:41
lbragstadcmurphy: wxy it should be MySQLOpportunisticUpgradeTestCase14:48
lbragstadif i remember correctly14:48
*** dave-mcc_ has quit IRC14:55
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Add system role functionality  https://review.openstack.org/52441514:58
*** dave-mccowan has joined #openstack-keystone15:05
*** aselius has joined #openstack-keystone15:06
dstanekgood morning keystoners15:09
cmurphyhello dstanek15:12
lbragstaddstanek: o/15:13
lbragstadgood to see you around, sir!15:13
gagehugoo/15:14
*** itlinux has quit IRC15:19
*** dikonoo has quit IRC15:20
*** links has joined #openstack-keystone15:21
lbragstadinteresting read - http://lists.openstack.org/pipermail/openstack-dev/2018-January/126505.html15:22
lbragstadcmurphy: are we waiting on something else for https://review.openstack.org/#/c/524423/39 ?15:24
cmurphylbragstad: i want to fix https://bugs.launchpad.net/keystone/+bug/174494815:27
openstackLaunchpad bug 1744948 in OpenStack Identity (keystone) "allow_application_credential_creation contraint issue with suse + mariadb 10.2" [High,Confirmed] - Assigned to Colleen Murphy (krinkle)15:27
cmurphyhave a patch coming soon15:27
lbragstadoh!15:27
lbragstadgood call15:27
lbragstadthanks15:27
*** abhi89 has joined #openstack-keystone15:27
*** spilla has joined #openstack-keystone15:35
*** rmascena has joined #openstack-keystone15:38
*** raildo has quit IRC15:40
*** david-lyle has joined #openstack-keystone15:40
*** rmascena is now known as raildo15:41
openstackgerritColleen Murphy proposed openstack/keystone master: Fix column rename migration for mariadb 10.2  https://review.openstack.org/53686915:43
*** nicolasbock has quit IRC15:47
knikollao/15:53
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to role assignment policies  https://review.openstack.org/52616515:54
kmalloco/15:58
*** r-daneel has joined #openstack-keystone15:59
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to grant policies  https://review.openstack.org/52613016:03
lbragstadwe have a full house today16:03
lbragstadthis is awesome :)16:03
*** openstackgerrit has quit IRC16:03
dstaneklbragstad: :-)16:04
dstaneki want to take a look at that sqlite review today.... is that something critical to get in?16:04
lbragstaddstanek: we were trying to get that in before the unified limits feature16:05
dstaneki'll read through the reviews in a bit then and get it working... what's the tldr; on it? tests not passing?16:06
lbragstadthe tests pass, but we wanted to make sure we captured or resolved the context you had on it16:07
lbragstadand make sure we weren't overlooking something16:07
dstanekkk, i'll take a look this afternoon16:12
lbragstadthanks dstanek16:16
kmallocit's a wild dstanek16:18
lbragstadkmalloc: in case you haven't seen it yet - http://lists.openstack.org/pipermail/openstack-dev/2018-January/126425.html16:20
lbragstadmore specifically - https://goo.gl/NWdAH716:20
kmallocyeah i didn't see that16:21
kmalloc*shrug*16:21
kmallocthe -dev list has gotten so much traffic i can't even track it (has been like that for about a year)16:21
lbragstadyeah - no worries, the important bit is that we're tracking feature freeze patches in that board if you have anything to add or need reviews16:22
*** tesseract has quit IRC16:22
kmalloccan we not add system scope to ec2?16:22
kmallocstupid question16:22
kmallocbut i would much rather not increase the scope of ec2 creds if we don't need to16:22
lbragstadgood question16:23
lbragstadhttps://review.openstack.org/#/c/526191/4/keystone/common/policies/ec2_credential.py@2116:23
kmallocyeah16:23
kmalloci just wanted to ask you independant of a review16:23
lbragstadbecause the current check str is a ADMIN_OR_OWNER thing16:23
kmallocright, but we could just not support system16:23
lbragstadso if we isolate it to 'system' we have the option to break users16:23
kmalloceven with admin/owner16:23
kmalloci'd isolate it to NOT system16:24
kmalloci want ec2 to go away... but thats my personal view.16:24
lbragstadbut would that mean any project admin has the ability to get secrets?16:24
kmallocso i'd rather treat it as legacy16:24
kmalloccrap. you're right16:24
kmallocnvm16:24
kmalloci hate our permission model16:24
lbragstaddamned if you do and damned if you don't :)16:25
lbragstadfor those tricky cases, cmurphy and i thought we could just comment it out with reasoning until we get a patch up to correct the permission model and enforcement16:25
kmallocyeah16:25
*** ksavich has joined #openstack-keystone16:26
lbragstadwhoa - we have a ksavich today, too!16:26
ksavichhaha16:27
ksavichwhatsup!16:27
kmallocwow16:27
kmallocit's all the fun people we've been missing16:27
ksavichhow's it going in here? Long time.16:28
* kmalloc is sitting in a meeting16:28
kmalloc=/16:28
kmallocsooooo16:28
kmalloccould be better :P16:28
kmallocotherwise not too bad16:28
ksavichyes, meetings - blech16:28
lbragstadit's going, dealing with the feature freeze crunch :)16:29
ksavichright on16:29
ksavichstaying warm I hope16:29
lbragstadyou know it16:31
lbragstadnice write up on the fernet stuff16:31
ksavichthanks16:31
ksavichwell, I nicked a good deal from you guys - so thanks16:32
lbragstad:)16:32
ksavichnow I have to change all of it with mistral workflows16:32
ksavichhaha16:32
*** openstackgerrit has joined #openstack-keystone16:37
openstackgerritLance Bragstad proposed openstack/keystone master: Add scope_types to trust policies  https://review.openstack.org/52617616:37
*** pcaruana has quit IRC16:41
*** wxy has quit IRC16:46
*** Suramya has joined #openstack-keystone16:52
*** Suramya_ has joined #openstack-keystone16:57
*** AlexeyAbashkin has quit IRC17:02
*** mvenesio has quit IRC17:06
*** mvenesio has joined #openstack-keystone17:07
openstackgerritLance Bragstad proposed openstack/keystone master: Document scope_types for project policies  https://review.openstack.org/52615917:11
*** mvenesio_ has joined #openstack-keystone17:14
*** mvenesio has quit IRC17:17
*** ksavich has quit IRC17:28
*** rderose has joined #openstack-keystone17:46
*** gyee has joined #openstack-keystone17:47
*** abhi89 has quit IRC17:52
*** abhi89 has joined #openstack-keystone17:52
*** david-lyle has quit IRC18:07
cmurphyoh hi samueldmq :) i want to talk about one of your old patches after the meeting18:10
samueldmqHey18:10
samueldmqSure! I am not really on the laptop but we can chat18:11
samueldmqAlways have time for good friends18:11
samueldmqBTW I was submitted to an appendectomy last week, still healing for the next few days18:12
samueldmq:(18:12
samueldmqOh crap, this is -keystone, sorry folks for spamming18:13
cmurphy:)18:13
gagehugoget better samueldmq!18:13
*** abhishek has joined #openstack-keystone18:14
*** abhi89 has quit IRC18:17
samueldmqgagehugo: thanks18:17
*** links has quit IRC18:26
*** AlexeyAbashkin has joined #openstack-keystone18:31
*** rmascena has joined #openstack-keystone18:31
*** dtruong has quit IRC18:34
*** panbalag has left #openstack-keystone18:34
*** raildo has quit IRC18:35
*** AlexeyAbashkin has quit IRC18:35
*** links has joined #openstack-keystone18:40
*** abhi89 has joined #openstack-keystone18:58
*** jessegler has joined #openstack-keystone18:59
gagehugogonna head home and I'll start reviewing18:59
cmurphysamueldmq: kmalloc one of my coworkers is taking on https://review.openstack.org/#/c/506340/ and i want to set him on the right track18:59
cmurphyi'm wondering why the notifications aren't working properly there?18:59
cmurphymakes me uneasy to be adding new foreign keys there even though i know that ship has sailed with the resource driver18:59
lbragstad#startmeeting keystone-office-hours19:00
openstackMeeting started Tue Jan 23 19:00:23 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.19:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:00
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"19:00
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"19:00
*** abhishek has quit IRC19:00
openstackThe meeting name has been set to 'keystone_office_hours'19:00
*** abhi89 has quit IRC19:00
knikollao/19:00
*** rderose has quit IRC19:02
hrybackilbragstad: bluejeans.com/u/hrybacki ?19:03
*** david-lyle has joined #openstack-keystone19:04
kmalloclbragstad: not sure why it's doing that19:15
kmallocthe notifications not working that is19:15
cmurphymaybe samueldmq remembers19:17
*** links has quit IRC19:19
lbragstadhrybacki: https://github.com/openstack/keystone/blob/master/keystone/common/sql/contract_repo/versions/036_contract_rename_application_credential_restriction_column.py#L30-L3219:25
cmurphyso https://review.openstack.org/#/c/536869/ passes in the gate but i'd like to double-check with hwoarang and evrardjp in the europe morning that it solves the issue they were seeing19:25
cmurphyoh nm hwoarang +1'd it19:27
lbragstadcmurphy: you recreated this using mariadb 10.219:28
cmurphylbragstad: yes19:28
lbragstadcool19:29
lbragstadso your fix is designed to work from a top down run and isolating that migration specifically19:29
lbragstad(e.g. as operator should get the fix if they run keystone-manage db_sync or if they target migration 036 again)19:30
lbragstads/as/an/19:30
cmurphyyes if an operator ran into this they would have expand and migrate on version 36 and contract stuck on 3519:31
cmurphyso this would get them unstuck from that state19:32
lbragstadgot it19:32
*** harlowja has joined #openstack-keystone19:34
*** phalmos has joined #openstack-keystone19:35
*** aojea has joined #openstack-keystone19:45
*** phalmos_ has joined #openstack-keystone19:50
ayounglbragstad, cmurphy I was in another meeting during the Keystone one...is there anything I can help move along?19:51
*** phalmos has quit IRC19:51
knikollalbragstad: besides a few minor questions on https://review.openstack.org/#/c/525687/ i kicked through the other ones for keystone server.19:52
ayoungfor example: https://review.openstack.org/#/c/536869/19:52
cmurphyayoung: yes please review that one, makes me nervous since i introduced the bug in the first place19:53
ayoungcmurphy, you have not really arrived until you've generated a CVE19:53
cmurphy:)19:54
ayoungcmurphy, walk me through it, please19:55
ayoungwhat is 'restricted'?19:55
cmurphyayoung: unrestricted is the new name for the application credential property that was called allow_application_credential_creation in http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/application-credentials.html#limitations-imposed19:56
ayounger./..unrestricted.  I see it is a column that got dropeed from the table19:57
cmurphythe reason for renaming it is in the commit message here https://review.openstack.org/#/c/536347/19:58
*** aojea has quit IRC19:58
ayoungcmurphy, this is bringing up memories of unified delegation19:59
ayoung"can be used to delete other application credentials and whether it can create and delete trusts"19:59
cmurphyit is hacky20:00
ayoungcmurphy, so this is why I wanted us to reuse the user/trust mechanism for application credentials.  You are going to become an expert on a new auth mechanism, and only you are really going to grok in fully20:01
ayoungThere are lots of gotcha's like this...20:01
ayoungbut the change you made seems ok.  For the positive thread, this will be a non issue20:01
ayoungwe see that in check20:01
cmurphyayoung: the majority of my earlier patchsets had this entirely built on trusts, but there were issues with reusing them20:01
ayoungcmurphy, no silver bullet...I'm aware20:02
ayoungthis seems ok20:02
*** aojea has joined #openstack-keystone20:02
*** aojea has quit IRC20:02
ayoungcmurphy, is this column a key or something?20:02
*** aojea has joined #openstack-keystone20:02
ayoungits not, right?20:02
cmurphyayoung: no it's not20:02
ayoungwe should stop supporting sqlite20:03
ayoungthere was a move to run mysql with a ramdisk data store at one point...would deal with the speed issues20:04
cmurphysqlite has been making me very sad the last few days :(20:04
ayoungcmurphy, +2 from me.  I think this patch is OK.  As you say, there is no data yet20:04
cmurphythanks ayoung20:05
cmurphyayoung: lbragstad made a dashboard for other priority reviews https://goo.gl/NWdAH720:05
ayoungdstanek, !20:06
*** sambetts is now known as sambetts|afk20:06
ayoungHe has not really been working on that one, tho, has he20:06
cmurphyhe showed up today and said he'd take a look20:06
*** itlinux has joined #openstack-keystone20:07
*** edmondsw has quit IRC20:08
*** edmondsw has joined #openstack-keystone20:09
*** Suramya_ has quit IRC20:12
*** Suramya has quit IRC20:12
*** edmondsw has quit IRC20:13
*** edmondsw has joined #openstack-keystone20:15
*** chason has quit IRC20:16
*** edmondsw has quit IRC20:19
lbragstadcmurphy: i'm having a hell of a time getting mariadb 10.2. setup20:24
lbragstadapparently upgrading from mysql to maria is problematic20:24
cmurphylbragstad: heh20:24
cmurphylbragstad: so what i did was created an opensuse tumbleweed vm20:25
cmurphywhich has mariadb 10.220:25
lbragstadthat's easy20:25
ayoungcmurphy, why workflow -1 on https://review.openstack.org/#/c/524423/3920:25
*** aojea has quit IRC20:26
cmurphyayoung: i wanted the db bugfix to make it in first20:26
*** edmondsw has joined #openstack-keystone20:26
ayoungk20:26
ayounggagehugo, Care to pull the trigger on that?20:26
ayounghttps://review.openstack.org/#/c/536869/120:26
cmurphyi think lbragstad is doing his best to manually verify that one20:27
gagehugoayoung looking20:27
*** chason has joined #openstack-keystone20:28
*** mvenesio_ has quit IRC20:32
*** panbalag has joined #openstack-keystone20:35
*** panbalag has left #openstack-keystone20:39
*** mvenesio has joined #openstack-keystone20:39
ayoungcmurphy, we're eon the sql change.  why not drop the workflow - on https://review.openstack.org/#/c/524423/3920:41
*** mvenesio has quit IRC20:43
ayoungI think we can push through app creds relatively quickly now.20:45
*** rmascena has quit IRC20:47
cmurphyayoung: i'm just worried if it lands in the wrong order then we can't claim with certainty that someone doesn't have data in that table20:58
ayoungcmurphy, can't have data without the API, right?20:58
ayoungWe would not support a sql load for data20:58
*** itlinux has quit IRC20:59
cmurphyayoung: right, but when https://review.openstack.org/#/c/524423/39 lands then we have an API20:59
*** nicolasbock has joined #openstack-keystone20:59
ayoungcmurphy, make that review depend on the SQL change then21:00
cmurphyi can do that, i just didn't want to respin the whole stack21:00
cmurphybut that's not a problem for me21:00
openstackgerritColleen Murphy proposed openstack/keystone master: Add Application Credentials controller  https://review.openstack.org/52442321:03
openstackgerritColleen Murphy proposed openstack/keystone master: Add application credential auth plugin  https://review.openstack.org/52534621:03
openstackgerritColleen Murphy proposed openstack/keystone master: Add api-ref for application credentials  https://review.openstack.org/53374421:03
openstackgerritColleen Murphy proposed openstack/keystone master: Enable application_credential auth by default  https://review.openstack.org/53546921:03
openstackgerritColleen Murphy proposed openstack/keystone master: Impose limits on application credentials  https://review.openstack.org/53654321:03
openstackgerritColleen Murphy proposed openstack/keystone master: Add a release note for application credentials  https://review.openstack.org/53549321:03
*** pramodrj07 has joined #openstack-keystone21:03
*** mvk has joined #openstack-keystone21:04
lbragstadomg - database upgrade problems are the bane of my existence...21:07
* lbragstad just finished scrubbing all remnants of mysql-server and mariadb from his system21:08
cmurphycomputers are the worst21:08
lbragstadthat was super weird...21:09
lbragstadi got hung up in some weird state between upgrading from mysql 5.7 to maria 10.0.33 to maria 10.221:09
lbragstadi could remove packages21:09
gagehugoew21:10
lbragstadi couldn't* remove packages21:10
lbragstador finish a clean install21:10
* gagehugo just followed cmurphy's advice and used a tumbleweed vm21:10
lbragstadbut the database service (not sure which version was running) just kept asking for passwords21:10
lbragstadthen things wouldn't start21:10
lbragstadi guess the answer is to process the dependency tree and force purge packages21:11
lbragstadand then manually remove configuration directories21:11
lbragstad(because apparently purge doesn't do that either)21:11
openstackgerritColleen Murphy proposed openstack/keystone master: Add Application Credentials controller  https://review.openstack.org/52442321:12
openstackgerritColleen Murphy proposed openstack/keystone master: Add application credential auth plugin  https://review.openstack.org/52534621:12
openstackgerritColleen Murphy proposed openstack/keystone master: Add api-ref for application credentials  https://review.openstack.org/53374421:12
openstackgerritColleen Murphy proposed openstack/keystone master: Enable application_credential auth by default  https://review.openstack.org/53546921:12
openstackgerritColleen Murphy proposed openstack/keystone master: Impose limits on application credentials  https://review.openstack.org/53654321:12
openstackgerritColleen Murphy proposed openstack/keystone master: Add a release note for application credentials  https://review.openstack.org/53549321:12
gagehugolbragstad did you get it working?21:14
lbragstadnope..21:15
lbragstad\o/21:15
lbragstadbut... what I *do* have is a development box without a database21:15
lbragstadnow that i don't have any configuration for a database, i might try installing it again21:16
*** edmondsw has quit IRC21:33
*** edmondsw has joined #openstack-keystone21:33
*** edmondsw has quit IRC21:38
*** dave-mccowan has quit IRC21:43
lbragstadalright - i'm going to respin the system-scope patches and worry about mariadb 10.2 later21:55
cmurphylol22:01
*** dave-mccowan has joined #openstack-keystone22:02
lbragstad#endmeeting22:05
*** openstack changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"22:05
openstackMeeting ended Tue Jan 23 22:05:21 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:05
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-23-19.00.html22:05
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-23-19.00.txt22:05
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-23-19.00.log.html22:05
*** rcernin has joined #openstack-keystone22:15
lbragstadok - i have a database back..22:23
lbragstadhttps://codefiddle.wordpress.com/2015/12/14/recover-mysql-remove-error/22:23
lbragstad^ that's what i hit...22:23
*** jessegler has quit IRC22:24
cmurphyfun22:25
lbragstadyeah - super weird because it bricks you from upgrading, but you can uninstall either..22:26
lbragstadso reverting back to 5.7 isn't really an option22:26
lbragstadunless you rescrub everything22:27
*** dave-mccowan has quit IRC22:37
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scoped tokens  https://review.openstack.org/52568722:39
openstackgerritLance Bragstad proposed openstack/keystone master: Add release note for system-scope  https://review.openstack.org/52803922:41
openstackgerritLance Bragstad proposed openstack/keystone master: Update documentation to reflect system-scope  https://review.openstack.org/53013322:41
openstackgerritLance Bragstad proposed openstack/keystone master: Grant admin a role on the system during bootstrap  https://review.openstack.org/53041022:41
openstackgerritLance Bragstad proposed openstack/keystone master: Implement GET /v3/auth/system  https://review.openstack.org/53049022:41
lbragstadcmurphy: do you mind if i move https://review.openstack.org/#/c/536869/1 through since it was verified on OSA?22:44
lbragstadand we can sync up with evrardjp in the morning?22:45
cmurphylbragstad: yes that's fine, i'm happy hwoarang verified it22:46
lbragstadok - cool22:46
*** cburgess has quit IRC23:00
*** cburgess has joined #openstack-keystone23:01
*** mvk has quit IRC23:02
*** masber has quit IRC23:14
*** mvk has joined #openstack-keystone23:17
*** spilla has quit IRC23:24
lbragstadgagehugo: cmurphy thanks for reviewing the unified limit stuff23:30
cmurphyno problem23:31
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system-scoped tokens  https://review.openstack.org/52568723:34
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Add system role functionality  https://review.openstack.org/52441523:38
lbragstaddstanek: any luck with https://review.openstack.org/#/c/126030/25 ?23:43
gagehugo:)23:43
cmurphyi think i've reviewed everything i can for now, will check for updates in the morning23:44
lbragstadthanks cmurphy23:50
*** dave-mccowan has joined #openstack-keystone23:51
lbragstadwe might be able to start queuing up the scope types changes since the unified limit stuff needs a respin, system scope stuff is gating, and so is application credential stuff23:52
*** ayoung has left #openstack-keystone23:59
*** ayoung has quit IRC23:59
« Monday, 2018-01-22 Index Wednesday, 2018-01-24 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!