Thursday, 2018-05-10

*** gyee has quit IRC		00:08
*** dklyle has joined #openstack-keystone		00:12
*** edmondsw has joined #openstack-keystone		00:13
*** dklyle has quit IRC		00:14
*** dklyle has joined #openstack-keystone		00:14
*** edmondsw has quit IRC		00:18
*** Dinesh_Bhor has joined #openstack-keystone		00:36
*** devx has quit IRC		00:37
*** Dinesh_Bhor has quit IRC		00:45
*** Dinesh_Bhor has joined #openstack-keystone		01:00
*** jmlowe has joined #openstack-keystone		01:01
*** liuzz has joined #openstack-keystone		01:05
liuzz	Morning!!	01:10
*** sapd has joined #openstack-keystone		01:24
openstackgerrit	Merged openstack/keystone master: The migration script to add description for limit https://review.openstack.org/553131	01:28
*** pcichy has quit IRC		01:41
*** pcichy has joined #openstack-keystone		01:42
*** edmondsw has joined #openstack-keystone		02:01
*** nicolasbock has quit IRC		02:01
*** edmondsw has quit IRC		02:06
ayoung	liuzz, not here its not	02:08
*** links has joined #openstack-keystone		02:28
*** oikiki has joined #openstack-keystone		02:29
openstackgerrit	wangxiyuan proposed openstack/oslo.limit master: Init repo https://review.openstack.org/556744	02:49
*** dave-mccowan has quit IRC		03:27
openstackgerrit	wangxiyuan proposed openstack/keystone master: Remove token driver configuration https://review.openstack.org/567110	03:28
*** links has quit IRC		03:43
*** edmondsw has joined #openstack-keystone		03:50
openstackgerrit	Merged openstack/keystone master: Fix 500 error when deleting domain https://review.openstack.org/558489	03:51
*** adriant has quit IRC		03:53
*** adriant has joined #openstack-keystone		03:53
*** edmondsw has quit IRC		03:54
*** gyankum has joined #openstack-keystone		03:56
*** gyan_ has joined #openstack-keystone		03:56
*** zeus has quit IRC		04:18
*** zeus has joined #openstack-keystone		04:22
*** zeus is now known as Guest6945		04:23
*** oikiki has quit IRC		04:39
*** oikiki has joined #openstack-keystone		04:46
*** links has joined #openstack-keystone		04:49
*** abhi89 has joined #openstack-keystone		04:55
*** abhi89 has quit IRC		04:59
*** abhi89 has joined #openstack-keystone		05:00
*** Dinesh_Bhor has quit IRC		05:00
*** adriant has quit IRC		05:01
*** adriant has joined #openstack-keystone		05:02
*** rcernin has joined #openstack-keystone		05:05
*** bigjools has quit IRC		05:12
*** bigjools has joined #openstack-keystone		05:13
*** bigjools has quit IRC		05:13
*** bigjools has joined #openstack-keystone		05:13
*** bigjools has left #openstack-keystone		05:19
*** oikiki has quit IRC		05:25
*** jmccrory has quit IRC		05:28
*** jmccrory has joined #openstack-keystone		05:28
*** rm_work has quit IRC		05:37
*** rm_work has joined #openstack-keystone		05:37
*** edmondsw has joined #openstack-keystone		05:38
*** adriant has quit IRC		05:41
*** adriant has joined #openstack-keystone		05:41
*** edmondsw has quit IRC		05:42
*** Dinesh_Bhor has joined #openstack-keystone		05:48
*** jhesketh has quit IRC		05:58
*** blake has joined #openstack-keystone		06:40
*** blake has quit IRC		06:45
*** pcaruana has joined #openstack-keystone		06:51
*** Dinesh_Bhor has quit IRC		06:58
*** threestrands_ has quit IRC		06:58
*** Dinesh_Bhor has joined #openstack-keystone		07:04
*** bswrchrd has quit IRC		07:11
*** bswrchrd has joined #openstack-keystone		07:11
openstackgerrit	wangxiyuan proposed openstack/keystone master: Unified limit update APIs Refactor https://review.openstack.org/559552	07:11
*** aloga has joined #openstack-keystone		07:21
*** tesseract has joined #openstack-keystone		07:24
*** edmondsw has joined #openstack-keystone		07:26
*** edmondsw has quit IRC		07:30
*** annp has joined #openstack-keystone		07:48
*** annp has quit IRC		07:57
*** annp has joined #openstack-keystone		08:06
*** jhesketh has joined #openstack-keystone		08:29
*** lbragstad[m] has quit IRC		08:36
*** jhesketh has quit IRC		08:47
*** jhesketh has joined #openstack-keystone		09:06
*** johnthetubaguy has quit IRC		09:09
*** johnthetubaguy has joined #openstack-keystone		09:10
*** edmondsw has joined #openstack-keystone		09:14
*** edmondsw has quit IRC		09:19
*** lbragstad[m] has joined #openstack-keystone		09:34
*** d0ugal_ has quit IRC		09:45
*** d0ugal has joined #openstack-keystone		09:45
*** d0ugal has quit IRC		09:45
*** d0ugal has joined #openstack-keystone		09:45
*** Dinesh_Bhor has quit IRC		10:33
*** mvenesio has joined #openstack-keystone		10:50
*** jmlowe has quit IRC		10:57
*** abhi89 has quit IRC		10:58
*** edmondsw has joined #openstack-keystone		11:02
*** edmondsw has quit IRC		11:07
*** nicolasbock has joined #openstack-keystone		11:12
*** rcernin has quit IRC		11:31
*** mvenesio has quit IRC		11:41
*** mvenesio has joined #openstack-keystone		11:42
*** raildo has joined #openstack-keystone		12:04
*** mvk has quit IRC		12:14
*** mvenesio has quit IRC		12:23
*** felipemonteiro has joined #openstack-keystone		12:23
*** mvenesio has joined #openstack-keystone		12:24
*** felipemonteiro_ has joined #openstack-keystone		12:27
*** AlexeyAbashkin has joined #openstack-keystone		12:28
*** felipemonteiro has quit IRC		12:29
*** AlexeyAbashkin has quit IRC		12:37
*** AlexeyAbashkin has joined #openstack-keystone		12:47
*** AlexeyAbashkin has quit IRC		12:48
*** edmondsw_ has joined #openstack-keystone		12:51
*** bswrchrd has quit IRC		12:55
*** pcaruana\|afk\| has joined #openstack-keystone		13:03
*** NotPcaruana has joined #openstack-keystone		13:04
*** gyankum has quit IRC		13:05
*** gyan_ has quit IRC		13:05
*** jistr is now known as jistr\|mtg		13:32
*** NotPcaruana has quit IRC		13:34
*** pcaruana\|afk\| has quit IRC		13:34
*** dklyle has quit IRC		13:40
*** links has quit IRC		13:46
*** dmellado has joined #openstack-keystone		13:47
*** mvk has joined #openstack-keystone		13:52
gagehugo	o/	14:05
*** r-daneel has joined #openstack-keystone		14:08
*** pcichy has quit IRC		14:11
*** jistr\|mtg is now known as jistr		14:17
hrybacki	o/	14:24
lbragstad	o/	14:27
lbragstad	zzzeek: kmalloc this might be relevant to what we talked about on Tuesday http://lists.openstack.org/pipermail/openstack-operators/2018-May/015246.html	14:27
*** edmondsw_ is now known as edmondsw		14:28
kmalloc	Yeah relevant. I do see value in a utility to allow new clouds to join a cluster though of keystone db, where the operator wants a singular keystone over the regions	14:29
kmalloc	The projects, domains, etc should also be replicated.	14:29
kmalloc	Or to merge 2 emplty/new deployments into a single overcloud. Long running clouds probably cannot be merged, and should k2k (db headaches abound)	14:30
kmalloc	Mostly, it is tooling zzzeek was discussing to make it easier to use deployment tools (ooo) to build the single keystone up without hard-coding sql.	14:31
kmalloc	Nova should not be configured for a single region (nor any services should), the nature of Nova existing in a given region is enough, since it talks to it's local glance, etc. Keystone is the only thing spanning regions here, and all elements should be replicated .	14:33
lbragstad	with the proposal we talked about on tuesday, would that be a run-once type of thing?	14:36
kmalloc	Yeah, well, run once per new region being added.	14:36
*** dklyle has joined #openstack-keystone		14:36
lbragstad	and all the replication is handled by the database?	14:37
kmalloc	By galera	14:37
lbragstad	ok - cool	14:37
lbragstad	because https://etherpad.openstack.org/p/YVR-edge-keystone-brainstorming came across the ML today, too	14:37
kmalloc	With exception of the initial "make things consistent enough to work/add region data"	14:37
gagehugo	kmalloc should https://review.openstack.org/#/c/508412/ be deprecated-as-of-queens?	14:38
kmalloc	gagehugo: no, as of Rocky, it wasn't deprecated in Queens.	14:39
gagehugo	oh nvm, found the issue	14:39
kmalloc	The code says in Queens (the deprecation message)	14:39
kmalloc	Yah, on mobile, Gerrit is hard to comment in-line	14:39
gagehugo	https://review.openstack.org/#/c/508412/9/keystone/middleware/core.py@29	14:39
kmalloc	lbragstad: that is also why I want a dht sync of keystone data..	14:40
openstackgerrit	Gage Hugo proposed openstack/keystone master: Remove the TokenAuth middleware https://review.openstack.org/508412	14:40
kmalloc	lbragstad: I should spin up a really PoC of this.	14:40
kmalloc	gagehugo: thanks!	14:40
lbragstad	dht?	14:42
kmalloc	Distributed hash table	14:42
kmalloc	DHT keystone, replicate the data to all data centers and all endpoints	14:42
kmalloc	;)	14:43
kmalloc	We talked about this some in Denver. I think I am at a point I can start building my actual POC now.	14:43
lbragstad	ohhh	14:43
lbragstad	i might vaguely remember that?	14:44
lbragstad	we've been seeing a higher frequency of multi-region support	14:44
lbragstad	which is somewhat inconsistent with the use survey last year	14:45
*** spilla has joined #openstack-keystone		14:45
*** spilla has quit IRC		14:50
*** felipemonteiro_ has quit IRC		14:50
kmalloc	Yeah.	14:54
kmalloc	I'll spend some time and build the PoC up.	14:55
kmalloc	I guess it is time to do it.	14:55
kmalloc	JWE will make it way better/more usable as well.	14:56
kmalloc	Maybe I can have a PoC to show at the summit ;)	14:59
kmalloc	Doubtful, but hey.	15:00
*** mvenesio has quit IRC		15:00
kmalloc	lbragstad: ugh I still need a new laptop.	15:00
*** jmlowe has joined #openstack-keystone		15:04
lbragstad	JWE?	15:09
lbragstad	or JWS?	15:09
openstackgerrit	Pavlo Shchelokovskyy proposed openstack/keystoneauth master: Use defusedxml for XML parsing in SAML https://review.openstack.org/536761	15:12
*** spilla has joined #openstack-keystone		15:13
kmalloc	Asym	15:13
kmalloc	Vs sym, whichever that is.	15:14
lbragstad	oh - sure	15:14
lbragstad	yeah - i think that is the JWS (signing) bit.	15:14
lbragstad	JWE (encryption) behaves almost exactly like fernet	15:14
lbragstad	since it's asymmetric	15:14
lbragstad	but both are considered JWT	15:14
kmalloc	Right.	15:15
kmalloc	JWS. But yeah signed.	15:15
kmalloc	And not just HMAC	15:15
kmalloc	And JWE I would like, simply so we can maintain some opawueness on the wire..	15:15
*** david-lyle has joined #openstack-keystone		15:17
*** david-lyle has quit IRC		15:18
lbragstad	we need to figure out what we want to do with jws, too	15:20
lbragstad	i suppose you could reuse that	15:20
lbragstad	for the signing bit	15:20
lbragstad	in your PoC	15:21
*** alex_xu has quit IRC		15:24
kmalloc	JWS (signing) is good in general, so we can know a token is infact valid before handing off to keystone.	15:24
kmalloc	Faster rejection is good.	15:24
kmalloc	Or even that KS can tell before pulling it apart.	15:25
openstackgerrit	Ben Nemec proposed openstack/pycadf master: add lower-constraints job https://review.openstack.org/556085	15:27
*** dklyle has quit IRC		15:28
*** dklyle has joined #openstack-keystone		15:33
lbragstad	sure	15:35
lbragstad	there are certainly use cases for it	15:35
lbragstad	and since we don't have jwe support currently, we could just implementing signing as it's own jwt token provide	15:36
lbragstad	provider*	15:36
lbragstad	token_providers = ['fernet', 'jws']	15:36
lbragstad	and later	15:36
lbragstad	token_providers.append('jwe')	15:36
*** oikiki has joined #openstack-keystone		15:37
lbragstad	where the jws provider is an opinionated version of a signing provider	15:37
*** pcaruana has quit IRC		15:52
*** abhi89 has joined #openstack-keystone		16:05
*** rmascena has joined #openstack-keystone		16:06
abhi89	kmalloc: Hi Morgan.. reg https://bugs.launchpad.net/keystone/+bug/1767323, which we discussed yesterday.. just wanted to know if you will be working on this defect?	16:08
openstack	Launchpad bug 1767323 in OpenStack Identity (keystone) "Keystone ldap logs personal information" [Medium,Triaged]	16:08
*** raildo has quit IRC		16:08
kmalloc	abhi89: I plan to, but it is not at the top of my list. I am also happy to let someone else work on it and review it. Unfortunately, not a lot of current contributors are familiar with LDAP	16:10
*** germs has joined #openstack-keystone		16:10
*** germs has quit IRC		16:10
*** germs has joined #openstack-keystone		16:10
*** gyee has joined #openstack-keystone		16:13
abhi89	kmalloc: yes, not many contributors on ldap related things.. if you have this defect on your list (not priority though), can i assign it you then, & you can work on it later!	16:14
kmalloc	updated it and targeted it to R3	16:20
abhi89	thanks	16:22
*** nicolasbock has quit IRC		16:22
*** nicolasbock has joined #openstack-keystone		16:24
*** mvenesio has joined #openstack-keystone		16:28
*** spilla has quit IRC		16:32
*** pcaruana has joined #openstack-keystone		16:36
*** abhi89 has quit IRC		16:40
*** mvk has quit IRC		16:41
*** pcaruana has quit IRC		16:44
*** spilla has joined #openstack-keystone		16:48
*** oikiki has quit IRC		16:53
*** knasim-wrs has joined #openstack-keystone		16:55
*** oikiki has joined #openstack-keystone		16:55
knasim-wrs	hi folks, I'm trying to determine if Openstack Keystone can be used as the Authentication/Auth service for Docker and Docker-Registry	16:56
knasim-wrs	i.e as described here: https://docs.docker.com/registry/spec/auth/token/	16:56
knasim-wrs	we already have Openstack Pike deployed in our product so now bringing in Container Orchestration, if I can integrate Docker with Keystone then I can support Docker talking to some other Openstack services like Neutron or Ceilometer	16:57
knasim-wrs	was looking at tokenless auth in keystone...https://docs.openstack.org/keystone/pike/advanced-topics/configure_tokenless_x509.html	16:58
knasim-wrs	has anybody here played around with this?	16:58
knasim-wrs	@lbragstad	16:58
knasim-wrs	@lbragstad: have you guys done any work with integrating Keystone with Docker?	16:59
*** edmondsw has quit IRC		17:02
*** edmondsw has joined #openstack-keystone		17:03
lbragstad	knasim-wrs: i haven't played with integrating docker directly with keystone, no	17:06
kmalloc	knasim-wrs: i'd need to see how docker does auth	17:06
knasim-wrs	they seem to use OAUTH2: https://docs.docker.com/registry/spec/auth/token/	17:07
knasim-wrs	It appears that Keystone only supports oauth1 ... is that True ?	17:07
knasim-wrs	Are there any plans for oauth2 support in Keystone ?	17:07
kmalloc	soooo... keystone doesn't do oauth2 as an IDP really	17:07
kmalloc	which is what we'd need to support, afaict then	17:07
kmalloc	with docker being the SP.	17:07
knasim-wrs	:(	17:08
kmalloc	(service provider)	17:08
kmalloc	it is something we could support in the future.	17:08
knasim-wrs	Docker Registry / Docker Daemon do not appear to support ‘oauth1’	17:08
kmalloc	but it's not currently on the roadmap	17:08
knasim-wrs	thanks kmalloc	17:08
kmalloc	the oauth1 support in keystone isn't great either =/	17:08
knasim-wrs	this is the request that Docker-Registry is sending to Keystone:	17:08
knasim-wrs	May 10 14:30:58 devstack devstack@keystone.service[10183]: INFO keystone.common.wsgi [None req-f88fb5e6-1d4a-402a-a5b4-cf6c32494004 None None] GET https://128.224.186.148/identity/v3/auth/tokens?account=admin&client_id=docker&offline_token=true&service=128.224.150.223%3A443	17:09
kmalloc	mostly keystone simply offers login for exchange of an openstack-specific bearer token	17:09
kmalloc	that then can be used to talk to other services.	17:09
kmalloc	(openstack-services*)	17:09
kmalloc	yeah. we don't support that.	17:09
*** oikiki has quit IRC		17:09
kmalloc	we could work to make keystone a more full-featured IDP (we have done some of the work)	17:09
kmalloc	however, its a long road	17:09
knasim-wrs	it talks about this "static token" if you look at the link: https://docs.docker.com/registry/spec/auth/token/	17:10
knasim-wrs	and then Docker just retrieves this static token	17:10
kmalloc	right. the keystone token is highly, highly openstack specific	17:10
kmalloc	i'm sure docker would have no idea what to do with the content	17:10
knasim-wrs	yeah the Federation stuff can be simplified... as in support running under UWGI / Gunicorn... and the whole Mappings and Protocol stuff is a nightmare to understand	17:10
knasim-wrs	ok then looks like we'll have to use another Auth backend for Docker	17:11
*** david-lyle has joined #openstack-keystone		17:11
*** oikiki has joined #openstack-keystone		17:11
kmalloc	yeah, you might want to look into an auth system that does OIDC (whichs hould support oauth2 by nature) and use that as the auth source for Keystone as well	17:11
kmalloc	then it's at least unified user data	17:11
kmalloc	the alternative is to use something like... magnum (or one of the COE integration projects openstack has)	17:12
kmalloc	i'm not sure which one is currently "winning" or is most featureful, but those can talk to keystone and docker/k8s/mesos/etc, providing the link for what you're looking for (unless i'm mis-reading your request)	17:13
*** dklyle has quit IRC		17:14
lbragstad	taking lunch quick	17:15
knasim-wrs	thanks man :)	17:15
*** david-lyle has quit IRC		17:15
*** dklyle_ has joined #openstack-keystone		17:15
knasim-wrs	so ur suggesting maybe using Magnum (kmalloc)	17:15
knasim-wrs	we have Magnum running in our stack	17:16
kmalloc	or whichever COE project in oepnstack is working the best for you	17:16
kmalloc	it offloads the "talk to openstack components" from docker/k8s to the layer above it	17:17
kmalloc	magnum may be what you're looking for... it may not	17:17
*** felipemonteiro has joined #openstack-keystone		17:17
kmalloc	i haven't played with those bits in quite a while	17:17
knasim-wrs	thanks... its a place to start	17:18
kmalloc	:)	17:19
kmalloc	happy to help	17:19
knasim-wrs	I was thinking ... use an LDAP server that supports oath2 and use it for docker and as the keystone backend	17:19
knasim-wrs	keystone already supports LDAP as an Identity backend... I could just tie Docker to LDAP instead and authenticate their	17:19
knasim-wrs	the idea is to use the same keystone users for auth... since the Docker webUI is going to be nested within Horizon	17:20
*** felipemonteiro_ has joined #openstack-keystone		17:20
knasim-wrs	so I need to tie into Keystone Identity somehow... if not at the frontend, then certainly at the backend	17:20
*** abhi89 has joined #openstack-keystone		17:21
knasim-wrs	kmalloc: is that what you meant when you said, "yeah, you might want to look into an auth system that does OIDC (whichs hould support oauth2 by nature) and use that as the auth source for Keystone as well "	17:23
knasim-wrs	as in unifying the keystone identity backend to say LDAP which does support Oauth2.0 extensions	17:24
*** felipemonteiro has quit IRC		17:24
kmalloc	sure, or use keystone's federation with an OIDC identity provider	17:25
kmalloc	keycloak (from redhat) could be an example	17:26
*** abhi89 has quit IRC		17:38
*** dklyle_ has quit IRC		17:46
*** rcernin has joined #openstack-keystone		17:52
*** dklyle_ has joined #openstack-keystone		17:58
*** knasim-wrs has quit IRC		17:59
*** abhi89 has joined #openstack-keystone		18:05
*** tesseract-RH has joined #openstack-keystone		18:08
*** tesseract has quit IRC		18:09
*** tesseract-RH has quit IRC		18:11
*** tesseract has joined #openstack-keystone		18:11
*** liuzz_ has joined #openstack-keystone		18:15
*** abhi89 has quit IRC		18:16
*** masuberu has joined #openstack-keystone		18:16
*** liuzz has quit IRC		18:17
*** vegarl has quit IRC		18:18
*** jgrassler has quit IRC		18:18
*** vegarl has joined #openstack-keystone		18:19
*** jgrassler has joined #openstack-keystone		18:19
*** masber has quit IRC		18:19
*** toddnni has quit IRC		18:19
*** toddnni has joined #openstack-keystone		18:22
*** tesseract has quit IRC		18:49
*** rcernin has quit IRC		18:50
*** felipemonteiro__ has joined #openstack-keystone		18:51
*** felipemonteiro_ has quit IRC		18:51
*** pcichy has joined #openstack-keystone		18:58
*** felipemonteiro_ has joined #openstack-keystone		19:04
*** felipemonteiro__ has quit IRC		19:07
*** rcernin has joined #openstack-keystone		19:09
*** mvk has joined #openstack-keystone		19:13
openstackgerrit	Merged openstack/pycadf master: add lower-constraints job https://review.openstack.org/556085	19:14
*** felipemonteiro_ has quit IRC		19:14
*** felipemonteiro_ has joined #openstack-keystone		19:14
*** rcernin has quit IRC		19:15
lbragstad	i suppose it's about that time to start building out etherpads	19:16
kmalloc	lbragstad: our paste-ini is all wonky still and has lots of v2.0 references	19:18
kmalloc	we should fix that.	19:18
* kmalloc checks to be sure on master		19:18
lbragstad	yeah - i was looking at that yesterday...	19:18
kmalloc	yep	19:18
lbragstad	is it safe to remove?	19:18
lbragstad	i know we have a weird relationship with that kind of stuff, because we have the ability to break deployments	19:18
kmalloc	should be safe	19:23
kmalloc	i mean... we have to make sure we don't break anyone... i'm not sure how to fix this easily	19:23
kmalloc	give me a few, i think i can roll up a "ditch paste" patch while i'm digging around with the stuff we talked about yesterday	19:24
kmalloc	lbragstad: oh...	19:25
kmalloc	lbragstad: i found out why S3 and EC2 are not in core...	19:25
kmalloc	it was "legal concerns"	19:26
kmalloc	and had a -2 from dolph	19:26
lbragstad	ah...	19:26
lbragstad	that makes sense i suppose	19:26
kmalloc	lbragstad: i don't know how we can fix this, but tl;dr i think we need to revisit	19:26
lbragstad	because we could reimplement an API and mark it with an Apache license I assume?	19:26
lbragstad	couldn't*	19:26
kmalloc	not really that	19:27
kmalloc	but ibm specifically had legal concerns	19:27
lbragstad	hmm	19:27
kmalloc	they require removing (from disk) that code	19:27
lbragstad	oh - yeah... i remember that now	19:27
kmalloc	honestly, i think we need to figure a way out of this and either come to grips we ship it or we work with the TC and remove it	19:27
kmalloc	it is either "in" or "out"	19:27
kmalloc	i don't like this middleground	19:27
kmalloc	so. do you want me to revisit the patch.	19:28
kmalloc	https://review.openstack.org/#/c/274973/10	19:28
kmalloc	part of the issue is "ditching" paste is likely to run us into the same issue	19:28
lbragstad	yeah - it will have to live somewhere, right?	19:28
kmalloc	pretty much	19:29
lbragstad	how would we approach this if we wanted to move to flask tomorrow?	19:31
kmalloc	It would just get rolled in	19:43
kmalloc	Just like anything else.	19:43
kmalloc	In fact, I think I'm going to look at a flask conversion instead of anything else... It dumps baggage and makes this a lot easier.	19:44
lbragstad	cool - i figured that's what we ultimately want	19:44
lbragstad	and figured that was the primary driver for the consolidation	19:45
lbragstad	i'm all for using someone else's perfectly round wheel :)	19:45
*** hoonetorg has quit IRC		19:46
mordred	kmalloc: I just discovered a bug in the get_all_version_data method we added ... it's a small one - basically, the default value of a paremeter does not match the docs or intent	19:48
mordred	kmalloc: keystoneauth1.session.Session.get_all_version_data ... the interface parameter	19:48
mordred	kmalloc: interface='public' is the value on the auth plugin - and is what is documented - but we released with =None ... which way do you think we should fix it?	19:49
*** dklyle_ is now known as dklyle		19:50
*** pcichy has quit IRC		19:51
*** felipemonteiro__ has joined #openstack-keystone		19:59
*** spilla has quit IRC		19:59
*** spilla has joined #openstack-keystone		20:00
*** hoonetorg has joined #openstack-keystone		20:00
kmalloc	Oooh	20:00
kmalloc	Uhm sec	20:00
kmalloc	This is tough... We released.	20:01
*** felipemonteiro_ has quit IRC		20:02
lbragstad	what is it, measure once cut twice?	20:39
openstackgerrit	Felipe Monteiro proposed openstack/keystone-specs master: Patrole (RBAC) Keystone Gating https://review.openstack.org/464678	20:43
openstackgerrit	Felipe Monteiro proposed openstack/keystone-specs master: Patrole (RBAC) Keystone Gating https://review.openstack.org/464678	20:47
*** rmascena has quit IRC		20:47
*** mvenesio has quit IRC		20:53
*** martinus__ has quit IRC		20:56
*** ayoung has quit IRC		20:56
*** felipemonteiro__ has quit IRC		21:00
*** felipemonteiro has joined #openstack-keystone		21:02
*** ayoung has joined #openstack-keystone		21:08
*** edmondsw has quit IRC		21:14
*** edmondsw has joined #openstack-keystone		21:15
*** felipemonteiro has quit IRC		21:17
*** ayoung has quit IRC		21:19
*** edmondsw has quit IRC		21:19
*** spilla has quit IRC		21:23
*** felipemonteiro has joined #openstack-keystone		21:23
*** ayoung has joined #openstack-keystone		21:30
*** dave-mccowan has joined #openstack-keystone		21:39
*** felipemonteiro has quit IRC		21:44
*** felipemonteiro has joined #openstack-keystone		21:46
*** felipemonteiro has quit IRC		22:14
*** oikiki has quit IRC		22:16
*** nicolasbock has quit IRC		22:50
*** nicolasbock has joined #openstack-keystone		22:50
kmalloc	lbragstad: yeah	22:54
kmalloc	mordred: i think... we can issue a point release to fix this	22:54
kmalloc	and say OMG broken	22:54
kmalloc	lbragstad: ^	22:55
kmalloc	but....	22:55
kmalloc	we did release...	22:55
*** germs has quit IRC		23:26
*** germs has joined #openstack-keystone		23:27
*** germs has quit IRC		23:27
*** germs has joined #openstack-keystone		23:27
*** liuzz has joined #openstack-keystone		23:40
*** liuzz_ has quit IRC		23:40
mordred	kmalloc: I knew you were going to like this one	23:52
kmalloc	So IMO, fix and point release asap	23:52
kmalloc	This was a bug that only hit the latest release, right?	23:52
kmalloc	If we move fast, we call it a defect, not a behavior.	23:53

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!