Wednesday, 2018-10-24

« Tuesday, 2018-10-23 Index Thursday, 2018-10-25 »
*** felipemonteiro has joined #openstack-keystone00:25
*** dnguyen has quit IRC00:34
*** sapd1 has quit IRC01:16
*** sapd1 has joined #openstack-keystone01:18
*** imacdonn has quit IRC01:23
*** imacdonn has joined #openstack-keystone01:24
*** litao has joined #openstack-keystone01:40
*** Dinesh_Bhor has joined #openstack-keystone01:43
*** itlinux has quit IRC01:46
*** felipemonteiro has quit IRC02:20
vishakhalbragstad, kmalloc : Just wanted to propose for backporting of  trust_flush CLI, so that user can have that functionality in previous version too.02:37
vishakhahttps://review.openstack.org/#/c/589378/02:38
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Add missing release note for ironic discovery fix  https://review.openstack.org/61287202:52
mordredkmalloc, cmurphy, lbragstad: ^^ I was about to propose a bugfix ksa release, but realized there was no release note for the bugfix that would have prompted that release02:53
openstackgerritayoung proposed openstack/keystone-specs master: Predictable Ids  https://review.openstack.org/61209903:00
ayoungmordred, isn't it.....Ironic?03:01
mordredayoung: you've been waiting years for a good opportunity to say that havne't you? :)03:01
ayoung(•_•)03:01
ayoung( •_•)>⌐■-■03:02
ayoung (⌐■_■)03:02
mordredayoung: also - you may have added emacs autosave files to that change03:02
ayoungalmost certainly03:02
* ayoung needs to add them to keystone-specs .gitignore03:02
openstackgerritayoung proposed openstack/keystone-specs master: Predictable Ids  https://review.openstack.org/61209903:03
ayoungmordred, the funny thing is they passed the pep8 check03:03
mordredhahaha03:03
openstackgerritayoung proposed openstack/keystone-specs master: Ignore Emacs autosave files  https://review.openstack.org/61287503:05
ayounggnight03:06
openstackgerritayoung proposed openstack/oslo.policy master: WIP Command line switch to set project id  https://review.openstack.org/61287903:56
*** Dinesh_Bhor has quit IRC04:06
*** spsurya has joined #openstack-keystone04:24
*** Dinesh_Bhor has joined #openstack-keystone04:26
*** Ebukha has joined #openstack-keystone04:41
*** dave-mccowan has quit IRC04:57
*** felipemonteiro has joined #openstack-keystone05:07
*** pvradu has joined #openstack-keystone05:16
*** pvradu has quit IRC06:18
*** raginbajin has quit IRC06:32
*** raginbajin has joined #openstack-keystone06:34
*** pvradu has joined #openstack-keystone06:38
*** pvradu has quit IRC06:42
*** pvradu has joined #openstack-keystone06:43
*** Dinesh_Bhor has quit IRC07:00
*** rcernin has quit IRC07:03
*** pcaruana has joined #openstack-keystone07:05
*** felipemonteiro has quit IRC07:06
*** Dinesh_Bhor has joined #openstack-keystone07:09
*** threestrands has quit IRC07:13
openstackgerritVishakha Agarwal proposed openstack/keystone master: [WIP] Implement scope_type checking for role_assignments  https://review.openstack.org/60921007:13
*** Ebukha has quit IRC07:15
*** xek has joined #openstack-keystone07:31
*** Ebukha has joined #openstack-keystone07:41
*** shyamb has joined #openstack-keystone07:50
*** shyamb has quit IRC07:58
*** shyamb has joined #openstack-keystone07:59
*** Ebukha has quit IRC08:00
*** Dinesh_Bhor has quit IRC08:01
*** pvradu_ has joined #openstack-keystone08:08
*** shyamb has quit IRC08:09
*** pvradu has quit IRC08:11
vishakhalbragstad, wxy-xiyuan : for https://review.openstack.org/#/c/612226/. I have updated the doc of unified limits about the maximum and minimum value set for limits.08:20
openstackgerritMerged openstack/keystone master: Remove pre-flask legacy code  https://review.openstack.org/60983908:29
openstackgerritMerged openstack/keystone master: Remove paste-ini  https://review.openstack.org/60984108:29
*** sayalilunkad has quit IRC08:33
*** sayalilunkad has joined #openstack-keystone08:33
*** shyamb has joined #openstack-keystone08:43
*** Ebukha has joined #openstack-keystone08:50
*** Dinesh_Bhor has joined #openstack-keystone08:58
openstackgerritwangxiyuan proposed openstack/keystone master: Remove useless "clean" file  https://review.openstack.org/61295409:02
*** Emine has joined #openstack-keystone09:13
cmurphylbragstad: I don't think we wrote down anywhere the long-term plan for the proxy IdP idea except in ptg recaps, where would be a good place to make note of that? the trello board? launchpad? i don't really want to write a spec just yet09:22
*** Ebukha has quit IRC09:27
*** Ebukha has joined #openstack-keystone09:32
*** shyamb has quit IRC09:37
*** shyamb has joined #openstack-keystone09:37
*** Ebukha has quit IRC10:02
*** aloga has quit IRC10:08
*** Ebukha has joined #openstack-keystone10:12
*** shyamb has quit IRC10:14
*** shyam89 has joined #openstack-keystone10:14
*** shyam89 has quit IRC10:18
*** pvradu_ has quit IRC10:38
*** pvradu has joined #openstack-keystone10:38
*** shyamb has joined #openstack-keystone10:45
*** dave-mccowan has joined #openstack-keystone11:14
*** Dinesh_Bhor has quit IRC11:15
*** xek has quit IRC11:21
*** xek has joined #openstack-keystone11:22
*** shyamb has quit IRC11:30
*** Dinesh_Bhor has joined #openstack-keystone11:33
*** litao has quit IRC11:34
*** Dinesh_Bhor has quit IRC11:45
*** raildo has joined #openstack-keystone11:51
*** shyamb has joined #openstack-keystone11:52
*** shyamb has quit IRC11:58
*** pvradu_ has joined #openstack-keystone12:04
*** pvradu has quit IRC12:08
*** aloga has joined #openstack-keystone12:11
*** mvkr has quit IRC12:29
*** jrist has quit IRC12:40
*** dave-mccowan has quit IRC13:02
*** bnemec has joined #openstack-keystone13:04
*** dave-mccowan has joined #openstack-keystone13:04
*** Ebukha_ has joined #openstack-keystone13:06
*** mchlumsky has joined #openstack-keystone13:07
*** Ebukha_ has quit IRC13:07
*** Ebukha_ has joined #openstack-keystone13:07
*** Ebukha has quit IRC13:08
*** mvkr has joined #openstack-keystone13:17
*** ebukha has joined #openstack-keystone13:43
*** felipemonteiro has joined #openstack-keystone13:49
lbragstadcmurphy yeah - a trello card is fine13:52
lbragstadwhatever is easiest for you - it could even be an etherpad13:52
cmurphymaybe both13:53
cmurphyan etherpad on its own would get lost13:53
lbragstadyeah13:53
*** ebukha has quit IRC14:04
*** jrist has joined #openstack-keystone14:06
*** jrist has quit IRC14:09
*** jrist has joined #openstack-keystone14:09
*** pvradu_ has quit IRC14:14
*** pvradu has joined #openstack-keystone14:14
*** shyamb has joined #openstack-keystone14:16
*** jrist has quit IRC14:24
kmalloc++14:38
*** jrist has joined #openstack-keystone14:41
*** shyamb has quit IRC14:42
lbragstadalso - does anyone have good ideas for what we want to do for project onboarding?14:43
lbragstadi've treated all of them as open-discussions, mainly because i don't like talking about things people might already know about14:43
*** shyamb has joined #openstack-keystone14:44
*** felipemonteiro has quit IRC14:44
gagehugoo/14:53
cmurphyi like the open discussion format14:59
cmurphybtw https://trello.com/c/KvJnQTIY/100-keystone-federation-and-edge14:59
*** shyamb has quit IRC15:00
lbragstadcool - thanks15:01
*** felipemonteiro has joined #openstack-keystone15:12
lbragstadkmalloc stable review whenever you're up for it15:14
lbragstadhttps://review.openstack.org/#/c/612600/15:14
*** gyee has joined #openstack-keystone15:15
kmallocK15:20
*** Emine has quit IRC15:22
kmalloclbragstad: until we have another core on stable, I am ok with single core approval on backports, esp. if clean15:22
lbragstadok15:22
kmallocSo, feel free to push those through, esp. since you and I do a lot of backpprting.15:22
* kmalloc is angling to get cmurphy stable core. :)15:23
kmallocIf she is up for it.15:23
cmurphystill need to get more stable reviews under my belt15:28
*** ebukha has joined #openstack-keystone15:28
*** felipemonteiro has quit IRC15:29
*** felipemonteiro has joined #openstack-keystone15:36
*** pcaruana has quit IRC15:49
*** felipemonteiro has quit IRC16:02
*** dave-mccowan has quit IRC16:02
*** itlinux has joined #openstack-keystone16:18
*** pvradu has quit IRC16:26
*** pvradu has joined #openstack-keystone16:26
openstackgerritMerged openstack/keystone master: Set min and max length for resource_name  https://review.openstack.org/61148416:27
*** pvradu has quit IRC16:31
kmalloccmurphy: sure. but i expect that to happen :)16:33
*** jmlowe has quit IRC16:39
*** imacdonn has quit IRC16:40
*** imacdonn has joined #openstack-keystone16:43
*** pcaruana has joined #openstack-keystone16:46
*** dnguyen has joined #openstack-keystone16:51
kmalloclbragstad: https://review.openstack.org/#/c/605539/18 responded to your comment16:55
*** jmlowe has joined #openstack-keystone16:55
kmalloclbragstad: this one likely needs an upgrade release note explicitly16:55
lbragstadkmalloc the credentials dict still has a token reference16:58
kmalloclbragstad: a *rendered* json blob?16:58
kmallocbecause the token_model != rendered16:59
lbragstadas in a json representation of the v3 API contract? yes16:59
kmallocwhere are we adding that to the credentials dict?16:59
lbragstadhttps://review.openstack.org/#/c/605539/18/keystone/server/flask/request_processing/middleware/auth_context.py@16716:59
lbragstadwe're not16:59
lbragstadwe add it to the context object16:59
lbragstadthen oslo.policy calls context.to_policy_values()16:59
kmallocthen it isn't available in the same way, is it?17:00
lbragstadwhich executes https://review.openstack.org/#/c/605539/18/keystone/common/context.py17:00
kmallocoh, gross17:00
kmallocok, please replicate the # NOTE from rbac_enforcer17:01
kmallocwe still need to evaluate how to rip that bit out17:01
kmallocideally we should deprecate / release not that it is going away17:02
lbragstadhttps://review.openstack.org/#/c/605539/18/keystone/common/context.py@7217:02
kmallocwe should never have a rendered token (contract) in the creds bit.17:02
lbragstadyeah - that ship sailed17:02
kmallocmostly because there is cruft in there. i think we can give a transitional bit with warnings17:02
kmalloc"hey go fix your policy"17:03
kmallocand load in the explicit direct values from the token model.17:03
kmallocso... is _keystone_specific values called only in https://review.openstack.org/#/c/605539/18/keystone/server/flask/request_processing/middleware/auth_context.py ?17:03
lbragstadi think so?17:04
lbragstadi'd need to double check17:04
kmallocif so, i'd like to move the render_token call down to the .to_policy_values17:04
kmallocso it is closer to the #note and very explicit on how icky it is17:04
lbragstadif we do that we'll be passing a TokenModel object through oslo.policy17:05
lbragstadjust fyi17:05
kmallocpop/re-render17:05
kmalloc?17:05
kmallocor move the note.17:05
kmallocimo the note should be where the render goes17:05
lbragstadok17:05
kmallocand we should backlog wrapping the normalize of the token to a thing that throws deprecation warnings and we should expand values from the token explicitly at the top level of the creds dict17:06
kmallocso we don't need to render json in the creds dict forever17:06
kmallocthere is no reason to keep audit-ids and such in there17:06
lbragstadyeah - i agree17:06
kmallocthnx17:07
kmallocthe note move and backlog bit can be a followup17:07
kmalloci'll +2 that as is.17:07
*** irclogbot_3 has quit IRC17:08
*** irclogbot_3 has joined #openstack-keystone17:08
kmallocdone and commented17:08
*** ebukha has quit IRC17:08
lbragstadi have to respin the tempest patch that is holding everything up - but i should be able to get to that today17:09
lbragstader - it's somewhere on my list17:09
*** Ebukha_ has quit IRC17:10
kmallocsure17:15
kmalloci also pushed the 2 cache backports +1 since you +2'd.17:15
kmalloc(+1 Workflow)17:15
* kmalloc tries to think what is next on the long list now that Flaskification is done.17:16
kmallocoh. i need to revisit a TON of keystone bugs.17:16
* kmalloc knows what he is doing today17:16
lbragstadwe have the system scope bugs :)17:16
kmalloci'm going through to make sure i close out anything fixed by flask17:16
lbragstadi just know you're itching to work on one of those17:16
kmalloci know we have things17:16
kmalloc:P17:16
kmallochah, i *so* want to write that code... :P17:17
* kmalloc drips more sourcasm (sarcasm) on that for lbragstad to enjoy.17:17
* kmalloc watches lbragstad fall into the sar-chasm ... /me sees himself out17:17
* lbragstad shakes head17:18
kmalloc.. hey you're a dad now...17:18
*** jmlowe has quit IRC17:18
kmallocyou should totally enjoy the dad jokes... they aren't soda pressing...17:19
kmallochttps://shirtoid.com/wp-content/uploads/2018/03/Joke-a-Cola.jpg17:19
lbragstad...17:20
*** irclogbot_3 has quit IRC17:21
*** pvradu has joined #openstack-keystone17:23
*** pvradu has quit IRC17:27
*** mvkr has quit IRC17:34
gagehugolol17:42
*** dnguyen has left #openstack-keystone17:49
kmalloclbragstad: lots of bug triaging in keystone-server done18:07
kmallocmoving on to ksm/ksc18:07
gagehugokmalloc: nice!18:08
*** mvkr has joined #openstack-keystone18:17
gyeekmalloc, my inbox is full of keystone bug emails today, for your good deed, so thank you :-)18:33
kmallocgyee: hehe18:36
kmallocit's long overdue18:36
*** dnguyen_ has joined #openstack-keystone18:39
*** mchlumsky_ has joined #openstack-keystone18:39
*** jistr_ has joined #openstack-keystone18:42
*** itlinux_ has joined #openstack-keystone18:43
*** aloga_ has joined #openstack-keystone18:43
*** tridde has joined #openstack-keystone18:43
*** jhesketh_ has joined #openstack-keystone18:44
*** itlinux has quit IRC18:48
*** mchlumsky has quit IRC18:48
*** aloga has quit IRC18:48
*** sayalilunkad has quit IRC18:48
*** raginbajin has quit IRC18:48
*** FlorianFa has quit IRC18:48
*** zzzeek has quit IRC18:48
*** trident has quit IRC18:48
*** rook has quit IRC18:48
*** jistr has quit IRC18:48
*** spotz has quit IRC18:48
*** errr has quit IRC18:48
*** jhesketh has quit IRC18:48
*** sayalilunkad has joined #openstack-keystone18:50
*** errr has joined #openstack-keystone18:50
*** spotz has joined #openstack-keystone18:52
*** rook has joined #openstack-keystone18:54
*** rook has quit IRC18:54
*** rook has joined #openstack-keystone18:54
*** rook is now known as Guest7909518:55
*** jmlowe has joined #openstack-keystone19:00
*** openstackgerrit has quit IRC19:06
*** Guest79095 is now known as rook19:13
*** felipemonteiro has joined #openstack-keystone19:22
kmalloclbragstad: ok i think i've run through all of our projects.19:23
*** irclogbot_3 has joined #openstack-keystone19:24
*** ksavich_ has joined #openstack-keystone19:27
*** ksavich_ has quit IRC19:27
ayounggyee!19:47
gyeeayoung!!!19:48
* kmalloc tries to decide what to work on next now that bug triage, gerrit cleanup, and flask are done19:49
ayoungkmalloc, I want to unify users and auth creds under a new concept: principals.  I'm thinking oauth1 code we have should probably have soemthing in there as well19:49
kmallocayoung: i have no issues with a principals concepts19:49
ayounggyee, I don't supposed there is any chance we'll see you in Berlin, is there?19:49
kmallocconcept*19:49
ayoungkmalloc, anything else that should be in there besides those 3?19:50
*** jmlowe has quit IRC19:50
kmalloctechnically groups are probably valid to put there19:50
kmallocbut nothing else19:50
kmallocsince you can assign directly to a group19:50
ayoungI was thinking about that, as we assigne roles to groups, but...a group never authenticates19:50
kmallocyeah19:50
kmallocthat was where i was going next19:50
ayoungI think that they are  related but separate concept, and maybe we need principal groups19:51
kmallocmaybe19:51
kmalloc*shrug*19:51
gyeeayoung, nah, I won't be coming to Berlin. Can't travel till probably January.19:51
kmallocgyee: so denver?19:51
ayoungyeah that19:51
gyeethere's an event in Denver?19:52
kmallocgyee: next summit/ptg post berlin19:52
gyeeoh19:52
gyeeI would love that attend that one if I can19:52
ayoungApr/May timeframe19:52
kmalloc^19:52
kmallocalso... does this mean we'll get you back contributing to keystone?19:52
kmalloc;)19:52
* kmalloc is hopeful.19:52
gyeeme too. I am getting rusty with the code.19:53
ayoungstart with reviews19:53
gyeeyeah man :-)19:53
ayoungyou have the history on a lot of this, best way you can contribute is to share it back19:53
* kmalloc wonders19:54
gyeehistory? flask erased all that :-)19:54
kmallocayoung: you think ksm restructure to drop the extra custom code in keystone for authcontext is worth the quick pass19:54
ayoung?19:54
kmalloclike as a priority19:54
kmallocwe are overloading a bunch of stuff in webob-specific ways in keystone because ksm does it that way19:55
ayoungSo...the issue there has always beeen that Keystone has a much more efficeitn path to the data19:55
kmalloci can isolate with one extra layer ksm code we lean on.19:55
kmallocright i almost want to go back to not using KSM in keystone19:55
kmalloctbh.19:55
ayoungif we can clean up KSM middleware, I'd say hell yea19:55
ayoungif we can make KSM non-webob-like, isn;'t that huge?19:56
kmalloci think the streamlining is nice...ish. but really we use so little of that code now we need a way to populate oslo-context and lookup a token19:56
kmallocksm will not be non-webob really ever19:56
kmallocthat is way too much churn19:56
kmalloci can make the parts keystone consumes not webob19:56
kmallocbut it's really only useful internal to keystone still that way19:56
*** felipemonteiro has quit IRC19:57
ayoungwould other services be able to use it, too?  I had someone trying to use KSM and flask19:57
kmallocKSM works fine in front of flask19:57
kmallocas is19:57
kmallockeystone is special because we have to overload the "get me a token" bit19:57
kmallocand do direct db lookups and handle exceptions in a different way19:57
ayoungMy gut says to push it through now19:59
kmallocyeah19:59
kmallocthat is my feeling19:59
ayoungits fresh in your head19:59
kmalloci'll circle up on the openapi doc bit after that19:59
ayoungcoo19:59
kmalloci THINK i am going to embed the openapi doc server at something like /openapi20:00
kmallocor openapidoc20:00
kmallocso it's not taking an extra port on keystone (obv. it will be optional)20:01
kmallocbut it'll be a nice thing to have for poking at keystone20:01
ayoungWould you expect to be able to link to it from /hostname20:01
ayounghttps://hostname20:01
kmallocby default it uses port 500020:01
ayoungyeah, ignore that20:01
kmallocso https://hostname:500020:01
ayoungyou and I see eye to eye on that one...20:02
kmallocso i was thinking https://hostname/identity/openapidoc20:02
ayounghttps://hostname/v320:02
kmallocand then everything is normally embeded under that e.g. /v3/projects20:02
kmallocetc20:02
ayounghttps://hostname/identity/v320:02
kmalloclike you'd expect20:02
kmallocso wherever keystone lives we have /v3 and /openapidoc20:02
ayoungso versionless for things like openapi doc?20:02
kmallocyeah.20:02
ayoungand auth?20:03
ayounghttps://hostname/identity/auth20:03
kmallocyes.20:03
kmallocand catalog20:03
ayounghttps://hostname/identity/catalog20:03
kmalloc++20:03
ayoungversionless?20:03
kmallocyes.20:03
kmallocif we need versions, we make that part of the request or under catalog20:03
kmalloccatalog versions, and auth versions != CRUD versions20:03
ayoungI kindof love this idea20:04
ayoungversions suck20:04
kmallocexactly20:04
kmallocit also lines up what i want to do with a real v420:04
ayoungshhhh20:04
kmallocwhere we restructure things logically and drop cruft20:04
ayoungyou'll scare the muggles20:04
kmallocbut that is way far out20:04
ayoungoh, wait, we'ere safe here20:04
kmallocyeah it's not -dev :P20:04
kmallocor the ML20:04
kmallocwe got kicked out of -dev...20:04
kmalloc(haha i laughed when i made that argument at the summit, but i know we were explicitly asked to get our own channel)20:05
kmalloci would have happily stayed in -dev20:05
*** felipemonteiro has joined #openstack-keystone20:05
*** felipemonteiro has quit IRC20:10
ayoungkmalloc, -dev has since become a wasteland20:11
ayounghttps://docs.openstack.org/barbican/latest/api/reference/secrets.html#payload-response20:11
*** jmlowe has joined #openstack-keystone20:11
ayoung200 OK.  Beer20:12
* kmalloc runs off to do car repair things20:12
kmallocback later20:12
*** irclogbot_3 has quit IRC20:21
lbragstaddid jaosorior write the docs for that API?20:23
lbragstador was that hrybacki ?20:23
hrybacki?20:26
hrybackiLOL20:26
hrybackimust have been Ozz20:26
*** pcaruana has quit IRC20:50
lbragstadit's no secret ozz likes beer...20:50
* lbragstad laughs at his own pun20:50
cmurphyi'm not sure you're getting the hang of this dadjoke thing lbragstad20:53
*** aojea has joined #openstack-keystone20:55
*** openstackgerrit has joined #openstack-keystone20:55
openstackgerritIslam Musleh proposed openstack/keystone master: admin endpoint that uses port 35357 changed to port 5000 because we no longer use that port  https://review.openstack.org/61316320:55
*** raildo has quit IRC21:03
*** openstack has quit IRC21:03
*** openstack has joined #openstack-keystone21:04
*** ChanServ sets mode: +o openstack21:04
*** xek_ has joined #openstack-keystone21:05
*** xek has quit IRC21:07
*** xek_ has quit IRC21:08
lbragstadi need a manual for dadjokes21:10
*** spsurya has quit IRC21:21
*** itlinux_ has quit IRC21:33
*** Ebukha has joined #openstack-keystone21:47
*** Ebukha has quit IRC21:50
*** ebukha has joined #openstack-keystone21:51
*** bnemec has quit IRC21:55
*** felipemonteiro has joined #openstack-keystone22:22
*** felipemonteiro has quit IRC22:25
*** aojea has quit IRC22:40
openstackgerritCollins Okolo proposed openstack/keystone master: Update third endpoint legacy port for Keystone v3 API  https://review.openstack.org/61317123:03
*** rcernin has joined #openstack-keystone23:05
*** itlinux has joined #openstack-keystone23:05
*** dnguyen_ has quit IRC23:10
*** openstackgerrit has quit IRC23:20
*** ebukha has quit IRC23:53
« Tuesday, 2018-10-23 Index Thursday, 2018-10-25 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!