Wednesday, 2018-10-03

« Tuesday, 2018-10-02 Index Thursday, 2018-10-04 »
*** markvoelker has quit IRC00:17
*** markvoelker has joined #openstack-keystone00:17
*** markvoelker has quit IRC00:21
*** gyee has quit IRC00:29
*** aojea has joined #openstack-keystone00:42
*** aojea has quit IRC00:46
*** Dinesh_Bhor has joined #openstack-keystone01:31
*** Dinesh_Bhor has quit IRC01:38
*** Dinesh_Bhor has joined #openstack-keystone01:47
*** dave-mccowan has joined #openstack-keystone01:56
*** markvoelker has joined #openstack-keystone02:18
*** cfriesen has quit IRC02:28
*** shyamb has joined #openstack-keystone02:36
*** markvoelker has quit IRC02:51
kmallocholy crap. i think i have it done.02:53
kmallocauth is running tests locally and then will be pushed up.02:53
kmalloc#endmeeting02:54
*** openstack changes topic to "Stein release schedule: https://releases.openstack.org/stein/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/rj0ECz2c/keystone-stein-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"02:54
openstackMeeting ended Wed Oct  3 02:54:02 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)02:54
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-10-02-17.04.html02:54
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-10-02-17.04.txt02:54
kmalloc(oopse, that went long02:54
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-10-02-17.04.log.html02:54
kmallocknikolla, ayoung, cmurphy, gagehugo: sorry about the massive patch =/02:54
*** shyam89 has joined #openstack-keystone02:55
gagehugouh oh02:56
*** shyamb has quit IRC02:59
*** Dinesh_Bhor has quit IRC03:00
*** Dinesh_Bhor has joined #openstack-keystone03:01
openstackgerritMorgan Fainberg proposed openstack/keystone master: WIP: Convert auth to flask native dispatching  https://review.openstack.org/60346103:07
openstackgerritMorgan Fainberg proposed openstack/keystone master: WIP: Convert auth to flask native dispatching  https://review.openstack.org/60346103:07
*** dave-mccowan has quit IRC03:08
*** shyam89 has quit IRC03:25
*** shyam89 has joined #openstack-keystone03:37
*** markvoelker has joined #openstack-keystone03:48
*** Dinesh_Bhor has quit IRC04:01
openstackgerritMorgan Fainberg proposed openstack/keystone master: WIP: Convert auth to flask native dispatching  https://review.openstack.org/60346104:03
*** Dinesh_Bhor has joined #openstack-keystone04:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert auth to flask native dispatching  https://review.openstack.org/60346104:05
kmallocthere we go04:06
kmallocgagehugo: +1797, -143504:07
kmallocgagehugo: =/04:07
kmallocgagehugo: and that passes local pep8,py27,py3504:08
kmallocand it should pass temptest.04:08
kmalloctempest*04:08
*** shyam89 has quit IRC04:11
*** Dinesh_Bhor has quit IRC04:20
*** markvoelker has quit IRC04:21
*** shyamb has joined #openstack-keystone04:53
*** Dinesh_Bhor has joined #openstack-keystone04:58
openstackgerritVishakha Agarwal proposed openstack/keystone master: Avoid using dict.get() in assertions  https://review.openstack.org/60746305:00
*** markvoelker has joined #openstack-keystone05:18
*** leeuwenrjj has joined #openstack-keystone05:37
*** shyamb has quit IRC05:51
*** markvoelker has quit IRC05:52
*** Dinesh_Bhor has quit IRC06:11
*** shyamb has joined #openstack-keystone06:21
*** dims has quit IRC06:24
*** dims has joined #openstack-keystone06:26
*** dims has quit IRC06:34
*** Dinesh_Bhor has joined #openstack-keystone06:35
*** dims has joined #openstack-keystone06:35
*** pcaruana has joined #openstack-keystone06:51
*** mbuil has joined #openstack-keystone07:18
*** Dinesh_Bhor has quit IRC07:19
*** jroll has quit IRC07:19
*** dmellado has quit IRC07:19
*** mbuil_ has quit IRC07:19
*** odyssey4me has quit IRC07:19
*** jroll has joined #openstack-keystone07:32
*** dmellado has joined #openstack-keystone07:32
*** odyssey4me has joined #openstack-keystone07:32
*** shyamb has quit IRC07:46
*** rcernin has quit IRC07:55
*** jroll has quit IRC08:13
*** dmellado has quit IRC08:13
*** odyssey4me has quit IRC08:13
*** markvoelker has joined #openstack-keystone08:18
*** jroll has joined #openstack-keystone08:27
*** dmellado has joined #openstack-keystone08:27
*** odyssey4me has joined #openstack-keystone08:27
*** Emine has joined #openstack-keystone08:41
*** shyamb has joined #openstack-keystone08:42
*** jroll has quit IRC08:51
*** dmellado has quit IRC08:51
*** odyssey4me has quit IRC08:51
*** markvoelker has quit IRC08:51
*** pjrusak has joined #openstack-keystone09:01
pjrusakhave a quick question about keystone identity endpoints post queens? i tried to figure out from documentation and kolla/devstack code which ports and endpoints are expected one and it's not clear for me09:05
*** jroll has joined #openstack-keystone09:05
*** dmellado has joined #openstack-keystone09:05
*** odyssey4me has joined #openstack-keystone09:05
pjrusakcurrently devstack setup keystone to listen on 80 whith routes http://service_host/identity/ while kolla deploys keystone with classic manner 35357 and 5000 port. which is the proper way now?09:05
*** Emine has quit IRC09:12
*** Emine has joined #openstack-keystone09:25
*** shyamb has quit IRC10:01
*** shyamb has joined #openstack-keystone10:03
*** Emine has quit IRC10:07
*** kukacz has quit IRC10:12
*** kukacz has joined #openstack-keystone10:13
*** leeuwenrjj has quit IRC10:28
*** shyamb has quit IRC10:34
*** shyamb has joined #openstack-keystone10:41
gmanncmurphy: gagehugo can you guys check this tempest patch if that is write approach to skip the keystone write operation test - https://review.openstack.org/#/c/585536/710:46
*** mvkr has quit IRC10:48
*** leeuwenrjj has joined #openstack-keystone10:48
*** markvoelker has joined #openstack-keystone10:49
*** mvkr has joined #openstack-keystone11:02
*** markvoelker has quit IRC11:22
*** shyamb has quit IRC11:34
*** shyamb has joined #openstack-keystone11:34
*** shyamb has quit IRC11:42
*** raildo has joined #openstack-keystone11:48
*** shyamb has joined #openstack-keystone12:02
*** Emine has joined #openstack-keystone12:14
*** dave-mccowan has joined #openstack-keystone12:20
*** jdennis has quit IRC12:51
*** jdennis has joined #openstack-keystone13:05
*** jdennis has quit IRC13:05
*** shyamb has quit IRC13:05
*** jdennis has joined #openstack-keystone13:06
*** shyamb has joined #openstack-keystone13:07
*** aojea_ has joined #openstack-keystone13:09
*** aojea_ has quit IRC13:13
*** aojea_ has joined #openstack-keystone13:15
*** mvkr has quit IRC13:23
*** aojea_ has quit IRC13:28
*** aojea_ has joined #openstack-keystone13:29
*** aojea_ has quit IRC13:33
*** cfriesen has joined #openstack-keystone13:39
*** mvkr has joined #openstack-keystone13:50
*** shyamb has quit IRC13:58
*** shyamb has joined #openstack-keystone14:01
*** adriant has quit IRC14:03
*** adriant has joined #openstack-keystone14:04
*** leeuwenrjj has quit IRC14:20
*** ayoung has quit IRC14:20
*** shyamb has quit IRC14:24
*** mbeierl has quit IRC14:25
*** mbeierl has joined #openstack-keystone14:43
*** mbeierl has quit IRC14:44
gagehugogmann looking14:44
kmallocO/14:56
kmallocLooks like I need to fix federation, but otherwise good on auth.14:56
*** Emine has quit IRC14:58
*** leeuwenrjj has joined #openstack-keystone15:08
*** pcaruana has quit IRC15:33
kmallocpjrusak: on port 80/44315:56
kmallocpjrusak: under /identity is the preferred way.15:56
kmallocProper is very subjective. But our recommendation is standard http ports and sub-url mounting.15:57
leeuwenrjjkmalloc, did you get around to create an example for the integration of middleware?15:58
kmallocleeuwenrjj: sorry i did not, i got buried in the current set of patches and dog emergencies.15:59
kmallocleeuwenrjj: i'll probably be able to do it today. i have minimal fixes still needed for the horrible patch to convert auth to flask (and it is super hard to switch that context)16:00
leeuwenrjjNo worries no rush. Just post it in the IRC if you have it. I'm in Europe so I will go offline soon but I will read it back. Thx!16:01
*** gyee has joined #openstack-keystone16:06
kmallocleeuwenrjj: sounds good.16:09
kmallocleeuwenrjj: i expect to be onto that today because i have some other non-code related things to stand up this week too.16:09
*** aojea has joined #openstack-keystone16:15
*** shyamb has joined #openstack-keystone16:17
*** aojea has quit IRC16:19
*** leeuwenrjj has quit IRC16:26
*** shyamb has quit IRC16:28
*** dims has quit IRC16:28
*** dims_ has joined #openstack-keystone16:35
kmallocknikolla: need your eyes on a security bug16:41
*** ayoung has joined #openstack-keystone16:48
kmallocayoung: should have auth change done today. it's brutal, but it's ... there16:48
kmallocayoung: it's passing everything but federation tests, but i think i have that solved now16:48
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert auth to flask native dispatching  https://review.openstack.org/60346116:51
kmallocknikolla: auth flaskification is ready for eyes.16:56
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert auth to flask native dispatching  https://review.openstack.org/60346117:12
kmallocalso... sorry =/17:12
*** tbharath has joined #openstack-keystone17:12
tbharathHi, I have Openstack queens setup. Is there a way to enable keystone v2 version in Queens setup?17:13
kmalloctbharath: it is not possible. V2 was removed from keystone completely17:15
kmalloctbharath: https://docs.openstack.org/releasenotes/keystone/queens.html#other-notes see the laste note.17:15
kmalloclast*17:15
kmalloctbharath: ultimately, v2 had some major security gaps that could not be closed easily. The solution was to migrate (over the course of ~4+ years) to v3. Queens is the release where we forced the issue. barring major security concerns, following the queens release, no APIs will be removed / contracts broken (intentionally, please let us know if something breaks in v3 in unexpected ways)17:17
tbharathsure, got it thanks for clarification kmalloc17:18
kmalloctbharath: happy to help.17:20
*** mvkr has quit IRC17:39
*** tbharath has quit IRC17:44
*** imacdonn has quit IRC18:21
*** imacdonn has joined #openstack-keystone18:21
*** pcaruana has joined #openstack-keystone18:24
*** itlinux has joined #openstack-keystone18:24
*** felipemonteiro has joined #openstack-keystone18:29
ayoungkmalloc, you are a rock.  Excellent18:30
*** mvkr has joined #openstack-keystone18:34
ayoungkmalloc, why changes like if not flask.request.remote_user:18:36
ayoungwhere the request comes from flask as opposed to passing it in as a parameter.  It seems more magical, and less explicit18:36
*** gyee has quit IRC18:50
*** pcaruana has quit IRC18:50
kmallocbecause the request object is held globally for a request now19:04
kmallocyou don't pass requests around, you reference then19:04
kmallocflask.request is the canonical location for the environment/request instance19:04
kmallocsimilar to flask.g is the global "app" (per request) context.19:05
kmallocsimply, flask doesn't pass a request around19:05
kmallocwebob does.19:05
kmallocit also means the request object is accessible wherever needed and not needing to be passed from auth controller to auth plugin to notification decorator to the identity_manager.authenticate method19:06
kmallocit's a lot cleaner than trying to find all places that a request is passed through in case something changed something. in this setup, you look for who sets values on flask.request19:06
kmallocso i contest, it is less explicit but not more magical, it is more like "we have a thread local store, use it"19:07
*** spartakos has joined #openstack-keystone19:25
kmallocmordred: this is largely taking the same stance we did with CLI moving early to OSC.19:37
kmallocmordred: bah. stupid cross-channel talk.19:38
mordredkmalloc: :)19:42
*** naptastic has joined #openstack-keystone20:17
*** spartakos has quit IRC20:17
*** gyee has joined #openstack-keystone20:24
*** aojea has joined #openstack-keystone20:36
*** aojea has quit IRC20:38
*** aojea has joined #openstack-keystone20:38
*** felipemonteiro has quit IRC20:40
*** pjrusak has quit IRC20:45
*** raildo has quit IRC20:53
*** spartakos has joined #openstack-keystone20:54
*** spartakos has quit IRC21:08
*** felipemonteiro has joined #openstack-keystone21:11
*** spartakos has joined #openstack-keystone21:26
*** naptastic has quit IRC21:43
openstackgerritMerged openstack/keystone master: Add hint back  https://review.openstack.org/60396421:51
*** itlinux has quit IRC22:09
*** spartakos has quit IRC22:17
*** rcernin has joined #openstack-keystone22:25
*** aojea has quit IRC22:43
*** spartakos has joined #openstack-keystone23:02
*** Zer0Byte_ has joined #openstack-keystone23:09
Zer0Byte_hi23:09
Zer0Byte_how i can use api 2.0 with domains?23:09
*** Zer0Byte_ has quit IRC23:37
*** itlinux has joined #openstack-keystone23:48
kmallocayoung: thanks for catching the recheck on auth23:48
*** mchlumsky has quit IRC23:49
ayoungkmalloc, NP.  I try to keep the big ones moving23:54
ayoungkmalloc, the changes looks ok.  I think I would have preferred you left things in auth/controllers.py that moved under api/_shared, but A) I assume you had a reason for that and B) even if you didn't I would not make you reverse it now23:56
kmallocayoung: shared between auth and os-federation23:57
kmallocayoung: specifically authenticate_for_token23:57
kmallocayoung: ultimately, we can deprecate the os-federation entries and move the primary ones under /auth and do the same thing we do for /auth/tokens/projects and just route both paths to the same resource23:58
kmallocayoung: if you notice at the top of keystone.api._shared.authentication you see a TODO23:58
kmalloc# TODO(morgan): Deprecate all auth flows in /v3/OS-FEDERATION, merge this code23:59
kmalloc# into keystone.api.auth. For now this is the best place for the code to23:59
kmalloc# exist.23:59
ayoungkmalloc, and I take it the code refereced HAS to be under api/ for flask reasons?23:59
kmallocno.23:59
kmallocbut it's "view" code23:59
« Tuesday, 2018-10-02 Index Thursday, 2018-10-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!