Tuesday, 2019-03-19

« Monday, 2019-03-18 Index Wednesday, 2019-03-20 »
*** markvoelker has joined #openstack-keystone00:03
*** markvoelker has quit IRC00:07
*** dave-mccowan has quit IRC00:11
*** gyee has quit IRC00:15
*** jamesmcarthur has joined #openstack-keystone00:20
*** markvoelker has joined #openstack-keystone00:35
*** markvoelker has quit IRC00:49
*** jamesmcarthur has quit IRC01:11
*** dustinc has quit IRC01:22
*** whoami-rajat has joined #openstack-keystone01:25
*** shyamb has joined #openstack-keystone01:26
*** rodrigods has joined #openstack-keystone01:42
*** dave-mccowan has joined #openstack-keystone01:52
*** lbragstad has quit IRC01:56
*** lbragstad has joined #openstack-keystone02:09
*** ChanServ sets mode: +o lbragstad02:09
*** jamesmcarthur has joined #openstack-keystone02:20
*** dave-mccowan has quit IRC02:23
*** erus has joined #openstack-keystone02:24
*** jamesmcarthur has quit IRC02:25
*** jamesmcarthur has joined #openstack-keystone02:38
*** jamesmcarthur has quit IRC02:43
*** shyam89 has joined #openstack-keystone02:50
*** shyamb has quit IRC02:53
*** itlinux has joined #openstack-keystone03:05
*** shyam89 has quit IRC03:08
*** zzzeek has quit IRC03:10
*** shyamb has joined #openstack-keystone03:11
*** jamesmcarthur has joined #openstack-keystone03:14
*** zzzeek has joined #openstack-keystone03:16
rm_workanyone run into issues recently running unit tests on a macbook?03:23
rm_worki'm running it again to try to get the major error, i lost it to scrollback03:24
*** jamesmcarthur has quit IRC03:31
*** jamesmcarthur has joined #openstack-keystone03:31
*** shyamb has quit IRC03:52
*** shyamb has joined #openstack-keystone03:52
*** shyamb has quit IRC03:58
rm_workah there it is04:01
rm_work"ValueError: option error" on 5915 tests out of 6322 T_T04:01
rm_worklbragstad: you had a +2 on the other version of https://review.openstack.org/#/c/599447/ but this one was technically first so the other was abandoned04:05
rm_workif you wanted to do something with this one ;)04:05
rm_workanyway, my error seems to be with something in the python-ldap lib04:17
rm_worknot sure why though, no version seems to work, so i'm guessing it's local04:17
rm_workerg, looks like this: https://mail.python.org/pipermail/python-ldap/2016q3/003777.html04:30
rm_workwonder what workarounds people are using04:30
*** erus has quit IRC04:31
*** jamesmcarthur has quit IRC04:40
*** dklyle has quit IRC04:44
*** dklyle has joined #openstack-keystone04:45
openstackgerritMerged openstack/keystone master: Use ForbiddenAction for invalid action instead of Forbidden  https://review.openstack.org/64389005:23
*** shyamb has joined #openstack-keystone05:39
*** shyamb has quit IRC05:41
*** shyamb has joined #openstack-keystone05:41
*** shyamb has quit IRC06:32
*** shyamb has joined #openstack-keystone06:36
*** lbragstad has quit IRC06:38
*** markvoelker has joined #openstack-keystone06:51
*** jaosorior has quit IRC06:55
*** jaosorior has joined #openstack-keystone06:57
*** itlinux has quit IRC06:57
*** itlinux has joined #openstack-keystone06:58
*** shyamb has quit IRC07:13
*** pcaruana has joined #openstack-keystone07:14
*** shyamb has joined #openstack-keystone07:16
*** itlinux has quit IRC07:21
*** pcaruana has quit IRC07:33
*** pcaruana has joined #openstack-keystone07:34
*** shyamb has quit IRC07:53
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:02
*** awalende has joined #openstack-keystone08:11
*** phasespace has joined #openstack-keystone08:22
*** shyamb has joined #openstack-keystone08:41
*** dklyle has quit IRC09:08
*** dklyle has joined #openstack-keystone09:09
*** kukacz has quit IRC09:11
*** xek has joined #openstack-keystone09:15
*** tkajinam has quit IRC09:18
*** kukacz has joined #openstack-keystone09:28
*** kukacz has quit IRC09:29
*** kukacz has joined #openstack-keystone09:30
*** shyamb has quit IRC09:31
*** shyamb has joined #openstack-keystone09:34
*** kukacz has quit IRC09:39
*** kukacz has joined #openstack-keystone09:39
*** shyamb has quit IRC09:45
*** dustinc has joined #openstack-keystone10:03
*** rcernin has quit IRC11:24
openstackgerritMerged openstack/oslo.policy master: Update master for stable/stein  https://review.openstack.org/64407511:56
*** dave-mccowan has joined #openstack-keystone11:57
*** raildo has joined #openstack-keystone12:08
*** dustinc has quit IRC12:20
*** markvoelker has quit IRC12:24
*** mchlumsky has joined #openstack-keystone12:33
*** erus has joined #openstack-keystone12:37
coreycbcmurphy: thanks for the review on https://review.openstack.org/#/c/643670/. who should I seek out to get another +2 on that?12:43
*** erus has quit IRC12:43
*** erus has joined #openstack-keystone12:44
cmurphyneedscoffee: knikolla gagehugo wxy-xiyuan ^12:44
coreycbthanks12:46
*** mchlumsky has quit IRC12:56
*** mchlumsky has joined #openstack-keystone12:58
*** jmlowe has quit IRC13:19
eruso/13:22
*** lbragstad has joined #openstack-keystone13:34
*** ChanServ sets mode: +o lbragstad13:34
*** erus has quit IRC13:34
cmurphylbragstad: o/ coreycb is looking for reviews on https://review.openstack.org/#/c/643670/13:35
*** erus has joined #openstack-keystone13:35
lbragstadack13:35
lbragstadcmurphy we're good with https://review.openstack.org/#/c/599447/ yeah?13:36
cmurphylbragstad: yep13:36
cmurphygot some other reviews to fix the rocky ci if you are looking for things to do https://review.openstack.org/643599 https://review.openstack.org/64271613:39
lbragstadi'm +2 on both of those, thanks for giving stable/rocky some love13:43
lbragstadi can single approve if needed - i don't see kmalloc around13:43
* cmurphy pats stable/rocky on the head13:44
cmurphyhe still has his casual friday nick so i don't think he's around13:44
lbragstadaha13:45
lbragstadcasual tuesdays can totally be a thing13:45
*** erus has quit IRC13:45
cmurphylol13:45
cmurphycoreycb: should we wait to merge https://review.openstack.org/613648 until we have the backport for https://review.openstack.org/#/c/643670/ ?13:47
lbragstadi assume we still need https://review.openstack.org/#/c/641128/ and https://review.openstack.org/#/c/642026/ merged before we can officially cut rc113:49
cmurphyi think so13:49
cmurphyor else we would definitely need an rc213:49
lbragstad++13:51
gagehugoo/13:51
cmurphyyay gagehugo13:51
cmurphycan you review those ^13:51
gagehugolooking13:52
cmurphyalso wondering if we need to be fixing https://bugs.launchpad.net/keystone/+bug/1819957 for rc1, or if we even can considering it touches keystonemiddleware which is frozen?13:52
openstackLaunchpad bug 1819957 in keystonemiddleware "Caching with stale data when a server disconnects due to network partition and reconnects" [High,Triaged] - Assigned to Morgan Fainberg (mdrnstm)13:52
cmurphyhopefully kmalloc is around today13:53
cmurphythanks gagehugo13:54
gagehugo\o/13:54
*** whoami-rajat has quit IRC13:55
needscoffeerm_work:  unit tests on os x have been flaky for years. Has to do with a few things, incluodng the lack of updated open source libraries/headers at the system level (brew doesn't solve it)14:02
rm_workYeah, figured it out14:03
rm_workIt was bad system ldap lib14:03
needscoffeerm_work: not recommended and I gave up maintaining it around mitaka (I think I was the last person to maintain it)14:03
rm_workBrew did actually fix it in my case :(14:04
rm_workErr, :)14:04
needscoffeeYep, the fix is replacing the lib or changing ldap python each download. It broke other things when I tried the former.14:04
rm_workHad to install openldap with Brew and export the includes path14:04
rm_workSeems to work fine14:05
needscoffeeYeah, I really don't recommend that .14:05
rm_workIt's cask-only otherwise so doesn't interfere with the system14:05
rm_workI just export it in whatever she'll I'm doing tox stuff in14:05
needscoffeeI had to do a system reinstall when I did that..*shrug*14:06
needscoffeeBut fwiw, os x is not a maintained platform for tests for keystone14:06
needscoffeeSo things might break randomy14:06
rm_workThat's ... Weird. Brew is very well sandboxed from what I've experienced14:06
needscoffeeOr not mirror Linux testing14:07
rm_workAnywho, kk14:07
needscoffeeBrew was not as good years ago14:07
needscoffeeAnd I do mean years.14:07
rm_workYeah I maintain osx testing compatability in Octavia, it can definitely be a pain14:07
needscoffeeI used a VM that pulled in via export (vagrant) the local filesystem for keystone.14:08
needscoffeeWhen things were too painful on os x14:09
cmurphyhey needscoffee14:09
cmurphyi have some questions for you14:09
*** needscoffee is now known as kmalloc14:09
kmalloccmurphy: ask away14:09
cmurphykmalloc: https://bugs.launchpad.net/keystone/+bug/1819957 severe enough for rc1/rc2?14:09
openstackLaunchpad bug 1819957 in keystonemiddleware "Caching with stale data when a server disconnects due to network partition and reconnects" [High,Triaged] - Assigned to Morgan Fainberg (mdrnstm)14:09
kmallocI am pre-coffee, but here.14:09
kmallocProbably good to land it.if we can14:10
kmallocIt is a 2-line fix.14:10
cmurphywhat about for keystonemiddleware, do we need an ffe for that?14:10
kmallocWe can either fix oslo-cache or in keystone and middleware14:10
kmallocAnd yes, we need to fix it there too.14:11
kmallocI am thinking keystone/ksm is easier to fix and cache in train and forward14:11
kmallocThis requires back ports as well14:11
*** erus has joined #openstack-keystone14:12
kmallocOslo-cache in train and forward14:12
kmallocI am happy to fix in either place though14:12
erushi kmalloc :)14:12
cmurphywhichever you think is best14:12
kmallocbnemec: ^cc re fixing in oslo-cache vs in keystone/ksm14:12
* bnemec reads14:13
kmalloccmurphy: I'll check back-portability14:13
kmallocIf it is easier to catch both with oslo-cache I'll try to do that14:13
kmallocIt is on my "today" list14:13
kmallocIncluding backports14:14
* bnemec notes that every Tuesday is casual Tuesday when you WFH14:14
* bnemec reads the actual relevant parts of the discussion14:14
cmurphy:P14:14
kmallocbnemec: ah, going for the pajama irc-ing? ;)14:14
* kmalloc had a Dr appointment yesterday and was mostly offline. 14:15
coreycbcmurphy: sorry for the delay. it wouldn't hurt to merge the 2 backports at the same time.14:15
kmalloccmurphy: anything else?14:15
cmurphycoreycb: okay14:15
cmurphykmalloc: next question, did you get anywhere with https://bugs.launchpad.net/keystone/+bug/1801873 ?14:15
openstackLaunchpad bug 1801873 in OpenStack Identity (keystone) "Unable to delete domains when users was managed by LDAP back-end" [Medium,New]14:15
kmallocI have not.14:16
cmurphyokay i'll try to look into it14:16
kmallocI know where the code needs to be fixed, it isnt fun (tests are gross for ldap)14:16
*** xek_ has joined #openstack-keystone14:17
kmallocIt wasnt a bad rabbit hole, but it went deeper than I expected.14:17
bnemecAren't they always?14:17
cmurphyit always does T.T14:17
*** mvkr has quit IRC14:18
bnemeckmalloc: I agree re: Fixing in Keystone vs. oslo.cache for this cycle.14:18
cmurphykmalloc: last question, are you going to take https://bugs.launchpad.net/keystone/+bug/1817313 or should i look at it?14:18
openstackLaunchpad bug 1817313 in OpenStack Identity (keystone) "RBAC Enforcer Programming Error raised for malformed federation protocol request" [High,Triaged]14:18
bnemecI feel like it's easier to do another release of a service project than an Oslo lib at this point.14:18
kmallocbnemec: keystonemiddleware isn't exactly easy to release this late in14:19
kmallocAbout the same pain as oslo lib14:19
*** xek has quit IRC14:19
cmurphyyeah :/14:19
kmalloccmurphy: I'll hop on that one14:19
bnemeckmalloc: Oh, the fix is in middleware, not keystone itself?14:19
kmallocbnemec: both14:19
cmurphyyay thanks kmalloc14:19
kmallocAnd impacts anything using oslo-cache14:19
bnemeckmalloc: If we fix it in oslo.cache does that mean you don't need to fix both?14:19
kmallocAdmittedly, a small number of things14:20
kmallocCorrect14:20
kmallocBut it also.needs to be backported14:20
kmallocAnd ksm didn't use oslo-cache that long ago14:20
bnemecIf we're going to backport it for stein anyway we might as well just merge the fix now and get it in for release.14:20
kmallocSo it might be easier to backport a non-oslo cache fix14:20
bnemecAh14:21
kmallocI need to check.14:21
bnemecIt's pretty clear I don't know what I'm talking about here so I will most likely support whatever you suggest. :-)14:22
*** phasespace has quit IRC14:32
*** dustinc has joined #openstack-keystone14:36
*** jamesmcarthur has joined #openstack-keystone14:39
*** mvkr has joined #openstack-keystone14:47
*** itlinux has joined #openstack-keystone14:47
*** jmlowe has joined #openstack-keystone14:54
knikollao/14:57
knikollaildikov: o/14:57
erus\o14:58
knikollahey erus :)14:58
ildikovknikolla: hi14:58
erushi knikolla how are you? :)14:58
ildikovknikolla: I wanted to ask you if you're still working on this patch: https://review.openstack.org/#/c/484121/ ?14:59
*** awalende has quit IRC15:10
openstackgerriterus proposed openstack/keystone master: Add new attribute to the federation protocol API  https://review.openstack.org/63730515:12
*** awalende has joined #openstack-keystone15:16
openstackgerritKristi Nikolla proposed openstack/keystone master: Added keystone identity provider installation to Devstack plugin  https://review.openstack.org/48412115:16
*** awalende has quit IRC15:16
ildikovknikolla: thanks :)15:17
knikollaildikov: just revised based on comments, but it seems the rebase was weird. giving it a look.15:17
ildikovI hope it's just some small hiccup15:18
openstackgerritKristi Nikolla proposed openstack/keystone master: Added keystone identity provider installation to Devstack plugin  https://review.openstack.org/48412115:22
*** whoami-rajat has joined #openstack-keystone15:22
knikollaildikov: yeah, i just hand't pulled in a while, haha.15:23
ildikov:)15:23
knikollacmurphy: i'll answer here if that's okay with you15:25
knikollaboth samltest and k2k are configured alongside each other, and the tests are separate15:28
knikollathe id and endpoints are hardcoded for k2k tests https://review.openstack.org/#/c/580041/3/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py15:28
*** jmlowe has quit IRC15:29
openstackgerritMerged openstack/keystone master: PY3: Ensure LDAP searches use unicode attributes  https://review.openstack.org/64367015:29
knikollawe can switch to keystone-only at a later date.15:30
cmurphyknikolla: oh I see, so we can't stop relying on samltest15:31
knikollaWe can, but feels safer to run both for a bit.15:32
cmurphyis there a real difference in what they're testing? they're both basically going through /OS-FEDERATION/identity_providers/%s/protocols/%s/auth15:34
knikollacmurphy: the difference is on how you get the saml assertion.15:35
knikollaand there was a weird inconsistency in one of the headers when getting an unscoped token from the assertion15:35
cmurphyah yeah15:36
knikollabut essentially you are right. we're just getting the headers from shibboleth.15:36
*** yan0s has joined #openstack-keystone15:41
openstackgerritKristi Nikolla proposed openstack/keystone-specs master: Renewable Application Credentials  https://review.openstack.org/60420115:49
*** raildo has quit IRC15:51
*** raildo has joined #openstack-keystone15:51
cmurphyyay ^15:53
kmallocoh hi. i might be awake now15:58
kmallocyay coffee15:58
cmurphyyay15:58
*** wxy| has joined #openstack-keystone15:59
knikollai've almost entirely ditched my office for coffee shops15:59
*** jaosorior has quit IRC16:02
*** ayoung has joined #openstack-keystone16:04
*** jamesmcarthur has quit IRC16:04
*** jamesmcarthur has joined #openstack-keystone16:05
openstackgerritKristi Nikolla proposed openstack/keystone master: Add documentation for service tokens  https://review.openstack.org/63111016:12
*** itlinux has quit IRC16:17
*** itlinux has joined #openstack-keystone16:44
*** wxy| has quit IRC16:45
*** mvkr has quit IRC16:47
lbragstadin other news16:55
lbragstadapparently nova has a policy vision documents that has existed since 2014 o.)16:55
lbragstado.016:55
cmurphywow16:56
lbragstadhttps://docs.openstack.org/nova/latest/reference/policy-enforcement.html16:56
*** mriedem has joined #openstack-keystone17:02
*** jmlowe has joined #openstack-keystone17:02
mriedemlbragstad: we should avoid mentioning configuring services' [keystone_authtoken] section to use www_authenticate_uri yeah? that's a v2 relic right?17:02
cmurphyno, www_authenticate_uri is required, not v2-specific17:03
lbragstadwww_authenticate_uri is a more descriptive of an old and confusing alternative we were using17:03
mriedemhmm, ok, context: https://review.openstack.org/#/c/643938/5/doc/source/install/from-pypi.rst@13917:03
cmurphywww_authenticate_uri and auth_url should both be set17:04
mriedemhmm17:07
mriedemwe don't have www_authenticate_uri in any of the nova install docs,17:07
mriedemor the placement install docs for the distro-based instructions17:07
mriedemnor is it set by devstack http://logs.openstack.org/76/644576/1/check/tempest-full-py3/7769ef9/controller/logs/etc/placement/placement_conf.txt.gz17:08
mriedemso it seems entirely optional17:08
cmurphywell, it is kind of optional because of how openstackclient works17:10
cmurphywhat it does is if it doesn't see a token in the X-Auth-Token header it sets the WWW-Authenticate header in its response to the user17:10
cmurphyto yell at them to go authenticate17:10
cmurphybut most clients sidestep that and go to keystone first anyways17:11
*** jmlowe has quit IRC17:13
knikollalbragstad: cmurphy: I +A-ed the first two patches on https://etherpad.openstack.org/p/keystone-stein-rc2-tracking . should i have unapprove and wait for RC1 first?17:19
cmurphyknikolla: no let's go for it17:20
*** gyee has joined #openstack-keystone17:24
lbragstadthanks knikolla17:27
knikollai'll keep reviewing then17:28
*** erus has quit IRC17:31
*** yan0s has quit IRC17:33
*** jmlowe has joined #openstack-keystone17:34
*** jamesmcarthur has quit IRC17:39
* lbragstad steps away for lunch 17:53
*** jamesmcarthur has joined #openstack-keystone17:54
*** mriedem has left #openstack-keystone17:58
*** itlinux has quit IRC18:02
*** jmlowe has quit IRC18:04
*** jamesmcarthur has quit IRC18:12
openstackgerritMerged openstack/keystone master: Add schema placeholders for Stein  https://review.openstack.org/64202618:14
*** jamesmcarthur has joined #openstack-keystone18:14
*** jamesmcarthur has quit IRC18:14
*** jamesmcarthur has joined #openstack-keystone18:14
*** rafaelweingartne has joined #openstack-keystone18:21
rafaelweingartneHello Keystone guys, is it possible to map users from an IdP to a domain that is different from the domain to which the IdP is registered?18:21
rafaelweingartneI mean, in the mapping, when creating a user, I can define the "domain" for this user18:21
rafaelweingartnehowever, this is not working. Keystone is always adding the user to the IdP domain18:22
knikollarafaelweingartne: nope, it seems to be hardcoded. https://github.com/openstack/keystone/blob/2e5b58caa7f1f39b04458aecd1bc3360031169bb/keystone/identity/core.py#L1437-L143818:26
rafaelweingartneah, that broke all of our assumptions :(18:29
rafaelweingartnedo you know the reason to hard code it?18:30
rafaelweingartneI mean, the attribute mappings are allowing such configs, so it seems natural to accept whatever is mapped in the attribute mapping rules18:30
*** jmlowe has joined #openstack-keystone18:47
rafaelweingartneI have another question. What would happen if I map a local user in OpenStack that is in a different domain from the domain of the IdP18:53
rafaelweingartnewould it work?18:53
rafaelweingartneI am testing this case, and I seem to get in an infinite loop, but I am not finding an error in the log file18:54
knikollarafaelweingartne: can i see the mapping you are using?18:55
knikollai remember last playing around with mapping to local users over 2 years ago and it didn't seem to work too well.18:56
rafaelweingartnesure18:56
rafaelweingartnewhat is the openstack paste URL?18:57
knikollapaste.openstack.org18:57
*** jmlowe has quit IRC18:58
rafaelweingartnehttp://paste.openstack.org/show/748056/18:59
rafaelweingartneBTW: when I configure my user to have "openstack-user-status" attribute as "member", then my user is mapped, and I am able to login19:01
rafaelweingartnethe problem is that this creates a new user in the domain of the IdP19:01
rafaelweingartneI would like to be able to override that domain configuration19:01
knikollarafaelweingartne: i don't think "project" will work when setting type to local.19:11
*** awalende has joined #openstack-keystone19:11
rafaelweingartneno, it will not19:12
rafaelweingartneI have checked the code, when usign local, Keystone only uses the local reference of the user19:12
knikollayeah, i'd say there's too much going on right now in your mappings. try a simpler version with type "local" to figure out which of the sections is causing the loop.19:13
knikollabut outside of that, you can't currently create a shadow user in a different domain.19:13
*** awalende has quit IRC19:16
*** jmlowe has joined #openstack-keystone19:16
rafaelweingartnebut the local mapping works ...19:17
rafaelweingartneshame on me...19:17
rafaelweingartneI forgot to add the user to the group19:17
rafaelweingartnethat is why it was not able to login19:17
rafaelweingartneThanks!19:18
rafaelweingartneSometimes all we need is somebody to talk19:18
*** phasespace has joined #openstack-keystone19:18
*** rafaelweingartne has quit IRC19:25
knikollaglad it worked!19:36
*** jamesmcarthur has quit IRC19:41
*** jamesmcarthur has joined #openstack-keystone19:42
*** jamesmcarthur has quit IRC19:45
*** jamesmcarthur_ has joined #openstack-keystone19:45
*** jmlowe has quit IRC19:47
*** jamesmcarthur_ has quit IRC20:02
*** jamesmcarthur has joined #openstack-keystone20:03
*** jmlowe has joined #openstack-keystone20:07
*** jamesmcarthur has quit IRC20:08
*** jamesmcarthur has joined #openstack-keystone20:08
*** dustinc is now known as dustinc|afk20:09
*** itlinux has joined #openstack-keystone20:13
*** xek_ has quit IRC21:11
*** dustinc|afk is now known as dustinc21:21
openstackgerritColleen Murphy proposed openstack/keystone master: Add keystone's technical vision reflection  https://review.openstack.org/64137421:35
openstackgerritLance Bragstad proposed openstack/keystone master: Only validate tokens once per request  https://review.openstack.org/64149921:40
lbragstad^ *should* be ready for reviews, but the tests is kind ugly21:40
*** itlinux has quit IRC21:40
* lbragstad runs to daycare quick 21:40
rm_workhmm, having another test issue, this time *can't* replicate on my mac, only in my ci pipeline21:43
rm_workanyone ever seen this test be flaky for any reason before? keystone.tests.unit.test_cli.TestGroupMappingPurgeFunctional.test_purge_by_group_type21:43
rm_workalso, why are there cli tests in the keystone service?21:43
cmurphyit's the keystone-manage cli21:46
rm_workahh k21:46
rm_workhttp://paste.openstack.org/show/748071/ is what i'm getting21:50
rm_workseems to fail consistently in my CI, i'm still looking into it but if anyone has already seen this before, would love to know :D21:51
rm_workah this is on rocky21:52
*** whoami-rajat has quit IRC21:52
cmurphyhmm we haven't seen that on the rocky ci21:54
rm_workhmm k21:54
*** pcaruana has quit IRC22:08
*** jamesmcarthur has quit IRC22:08
*** mvkr has joined #openstack-keystone22:09
*** itlinux has joined #openstack-keystone22:16
*** rcernin has joined #openstack-keystone22:16
*** itlinux has quit IRC22:27
*** jamesmcarthur has joined #openstack-keystone22:30
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain reader functionality for user API  https://review.openstack.org/62331922:33
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain member functionality for user API  https://review.openstack.org/62332022:34
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain admin functionality for user API  https://review.openstack.org/62332122:34
openstackgerritLance Bragstad proposed openstack/keystone master: Add explicit testing for project users and the user API  https://review.openstack.org/62332222:34
openstackgerritLance Bragstad proposed openstack/keystone master: Remove user policies from policy.v3cloudsample.json  https://review.openstack.org/62332322:34
kmallocthats an odd one rm_work22:34
rm_workhmm, when i run the test by itself in the CI env, it passes, as well as if i just run the whole test_cli22:34
rm_workbut fails if i run the entire suite22:34
kmallocthat sounds like something is keeping state in your environjment incorrectly22:35
lbragstadlower-constraints on master seems to be hosed22:35
rm_worksomething is fishy here22:35
rm_worknot sure what that'd be22:35
rm_worklet me try running with parallelism off22:35
kmalloclbragstad: ugh.22:35
*** raildo has quit IRC22:35
rm_workunfortunately since it only fails as part of the full suite, testing these theories takes a while22:35
lbragstadkmalloc i'm not missing something am i? http://logs.openstack.org/18/624218/9/gate/openstack-tox-lower-constraints/e538a6e/testr_results.html.gz22:36
kmallocno it's on our end22:37
kmallocwe need to remap an import22:37
lbragstadah22:37
kmalloci think.22:37
kmallocno ...22:37
lbragstadsounds like something we'll need to get into rc forsure when22:37
lbragstadthen*22:37
kmallocthat isn't the root but we should fix22:37
kmallocDeprecationWarning: 'werkzeug.wsgi.DispatcherMiddleware' has moved to 'werkzeug.middleware.dispatcher.DispatcherMiddleware'. This import is deprecated as of version 0.15 and will be removed in version 1.0.22:38
kmallocso we need to import the new location22:38
kmallocto start.22:38
cmurphywhat the22:38
kmallocwerkzeug changed the location22:38
kmallocwerkzeug is the basis of flask22:38
kmallocwe import directly from werkzeug for the dispatcher (used for healthcheck etc)22:39
cmurphyon lower constraints? isn't the point of those that those are pinned to a specific version?22:39
kmallocoh wait LC?22:39
kmallocwell LC might have been bumped up.22:39
kmallocwhich hit that.22:39
lbragstadfor example - https://review.openstack.org/#/c/624218/22:39
kmallocbut we need to fix that **anyway**22:39
kmallocit might be obscuring the real cause of the error22:40
kmallocit looks lik that deprecation warning is the issue though22:40
cmurphyi guess Werkzeug isn't pinned in lower-constraints.txt, fastest fix is probably to pin it there, but i'm confused that it hit lower-constraints and not the regular tests22:43
lbragstad^ that's my question22:43
lbragstader - i share that same confusion22:44
*** jamesmcarthur has quit IRC22:45
*** jamesmcarthur has joined #openstack-keystone22:46
cmurphypy37: Werkzeug==0.14.1, lower-constraints: Werkzeug==0.15.022:49
cmurphyoh they released 5 hours ago22:49
cmurphymaybe mirror wasn't synced yet for one job22:50
*** jamesmcarthur has quit IRC22:52
cmurphyah okay so what happened is upper-constraints.txt *does* pin Werkzeug to 0.14.1 but our lower-constraints.txt *doesn't* pin it22:54
*** tkajinam has joined #openstack-keystone22:57
openstackgerritColleen Murphy proposed openstack/keystone master: Pin Werkzeug in lower-constraints  https://review.openstack.org/64469522:58
* cmurphy -> bed22:58
kmallocwell we should fix this in either case in our code.23:03
cmurphybut we don't have to until they raise the upper constraint in requirements23:03
kmallocfair point23:06
kmallocnot RC critical23:06
*** mchlumsky has quit IRC23:08
*** jamesmcarthur has joined #openstack-keystone23:14
*** jamesmcarthur has quit IRC23:30
*** jamesmcarthur has joined #openstack-keystone23:51
« Monday, 2019-03-18 Index Wednesday, 2019-03-20 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!