Wednesday, 2019-05-29

« Tuesday, 2019-05-28 Index Thursday, 2019-05-30 »
*** dave-mccowan has joined #openstack-keystone00:32
*** markvoelker has quit IRC00:33
*** dave-mccowan has quit IRC00:35
*** itlinux has joined #openstack-keystone00:55
*** itlinux has quit IRC01:37
*** itlinux has joined #openstack-keystone01:44
*** itlinux has quit IRC01:56
*** shyamb has joined #openstack-keystone02:21
*** itlinux has joined #openstack-keystone02:25
openstackgerritjacky06 proposed openstack/keystoneauth master: Replace git.openstack.org URLs with opendev.org URLs  https://review.opendev.org/65501602:30
*** markvoelker has joined #openstack-keystone02:34
*** shyamb has quit IRC02:44
*** lbragstad has quit IRC02:58
*** markvoelker has quit IRC03:08
*** threestrands has joined #openstack-keystone03:31
*** shyamb has joined #openstack-keystone03:42
*** altlogbot_2 has quit IRC03:44
*** altlogbot_3 has joined #openstack-keystone03:45
*** markvoelker has joined #openstack-keystone04:05
*** shyam89 has joined #openstack-keystone04:07
*** shyamb has quit IRC04:08
openstackgerritMerged openstack/keystone master: Add note about application credential ownership  https://review.opendev.org/66185204:09
*** jdwidari has quit IRC04:10
*** whoami-rajat has joined #openstack-keystone04:31
*** baffle has quit IRC04:36
*** markvoelker has quit IRC04:37
*** altlogbot_3 has quit IRC04:38
*** trident has quit IRC04:39
*** altlogbot_2 has joined #openstack-keystone04:39
*** altlogbot_2 has quit IRC04:40
*** altlogbot_2 has joined #openstack-keystone04:41
*** trident has joined #openstack-keystone04:41
*** baffle has joined #openstack-keystone04:42
*** shyam89 has quit IRC04:53
*** pcaruana has joined #openstack-keystone05:15
*** shyamb has joined #openstack-keystone05:22
*** markvoelker has joined #openstack-keystone05:34
*** vishakha has joined #openstack-keystone05:51
*** rcernin has quit IRC06:01
*** rcernin has joined #openstack-keystone06:01
*** shyamb has quit IRC06:07
*** shyamb has joined #openstack-keystone06:08
*** markvoelker has quit IRC06:08
*** shyamb has quit IRC06:35
*** shyamb has joined #openstack-keystone06:39
*** takamatsu has joined #openstack-keystone06:48
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: [WIP] update keyring version  https://review.opendev.org/66189706:48
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: Blacklist bandit 1.6.0 & cap sphinx for 2.7  https://review.opendev.org/66060906:50
*** rcernin has quit IRC06:52
*** shyamb has quit IRC06:56
*** shyamb has joined #openstack-keystone06:56
*** starborn has joined #openstack-keystone06:59
*** tesseract has joined #openstack-keystone07:05
*** markvoelker has joined #openstack-keystone07:05
*** shyamb has quit IRC07:12
*** awalende has joined #openstack-keystone07:13
*** shyamb has joined #openstack-keystone07:21
*** markvoelker has quit IRC07:37
*** itlinux has quit IRC07:42
*** Emine has joined #openstack-keystone07:43
*** xek_ has joined #openstack-keystone07:47
*** takamatsu has quit IRC07:52
*** takamatsu has joined #openstack-keystone08:00
*** shyamb has quit IRC08:04
*** tkajinam has quit IRC08:10
*** jdwidari has joined #openstack-keystone08:13
fricklercmurphy: if we change the default for the middleware keystone endpoint, with my patch deployers still have the option to override it, so I don't see how that would hard break a deployment like gyee claimed08:21
fricklercmurphy: also we do not have to decide what the new default will be right now. I still think that my argument for a 'public'-only deployment being the most simple case and thus being the preferred default still holds08:22
*** jdwidari has quit IRC08:32
fricklercmurphy: humm, I should've read your comment on the patch first. I think I can live with that as a compromise, updating the patch now08:33
*** markvoelker has joined #openstack-keystone08:34
*** takamatsu has quit IRC08:52
*** shyamb has joined #openstack-keystone08:56
*** markvoelker has quit IRC09:08
*** threestrands has quit IRC09:54
*** markvoelker has joined #openstack-keystone10:05
*** shyamb has quit IRC10:05
*** shyamb has joined #openstack-keystone10:05
*** yuxin_ has quit IRC10:13
*** yuxin_ has joined #openstack-keystone10:17
*** markvoelker has quit IRC10:37
*** shyamb has quit IRC10:38
*** shyamb has joined #openstack-keystone11:03
*** raildo has joined #openstack-keystone11:31
*** markvoelker has joined #openstack-keystone11:34
*** redrobot has quit IRC11:39
*** tesseract has quit IRC11:53
*** tesseract has joined #openstack-keystone11:53
*** markvoelker has quit IRC11:54
*** markvoelker has joined #openstack-keystone11:54
*** redrobot has joined #openstack-keystone12:23
*** lbragstad has joined #openstack-keystone12:32
*** whoami-rajat has quit IRC12:51
*** gmann has quit IRC12:53
*** shyamb has quit IRC12:59
openstackgerritMerged openstack/keystone master: Don't throw valueerror on bootstrap  https://review.opendev.org/66020313:01
*** jdwidari has joined #openstack-keystone13:06
*** dmellado has quit IRC13:25
*** dmellado has joined #openstack-keystone13:25
openstackgerritJens Harbott (frickler) proposed openstack/keystonemiddleware master: Add a new option to choose the Identity endpoint  https://review.opendev.org/65179013:41
*** vishakha has quit IRC13:51
*** awalende has quit IRC13:53
*** awalende has joined #openstack-keystone13:54
*** awalende_ has joined #openstack-keystone13:57
*** awalende has quit IRC13:58
openstackgerritMerged openstack/keystone-specs master: Update tracking reference for federated attrs spec  https://review.opendev.org/65987613:58
*** starborn has quit IRC13:59
*** awalende_ has quit IRC14:02
*** whoami-rajat has joined #openstack-keystone14:03
*** gmann has joined #openstack-keystone14:10
*** itlinux has joined #openstack-keystone14:11
*** awalende has joined #openstack-keystone14:22
*** awalende has quit IRC14:27
*** vishalmanchanda has joined #openstack-keystone14:32
*** itlinux has quit IRC14:41
gagehugoo/14:45
lbragstado/14:47
cmurphy\o14:51
fricklercmurphy: so defaulting to the internal endpoint doesn't work in gate because devstack doesn't set up internal endpoints it seems: http://logs.openstack.org/90/651790/10/check/tempest-full/10c44bb/controller/logs/screen-g-api.txt.gz#_May_29_14_28_35_93069815:06
*** shyamb has joined #openstack-keystone15:07
fricklercmurphy: so I'm back to suggesting to use public as default. deployers concerned about security can still override to internal15:07
cmurphyfrickler: couldn't we also override it in devstack though?15:12
fricklercmurphy: we could, but then we'd need to add the option in devstack before it is present in middleware, which sounds a bit wrong to me.15:14
fricklercmurphy: or split this patch into three steps. a) add config option with admin default, release that one, b) patch devstack, c) change default and to another release15:15
fricklers/ to/ do/15:16
* frickler needs to leave, will check back later15:16
cmurphyfrickler: i like that approach15:17
*** shyamb has quit IRC15:24
*** gyee has joined #openstack-keystone15:33
*** altlogbot_2 has quit IRC15:35
*** altlogbot_0 has joined #openstack-keystone15:36
*** irclogbot_0 has quit IRC15:36
lbragstadthis refactor to use setUpClass might be trickier than i originally anticipated15:37
*** irclogbot_2 has joined #openstack-keystone15:37
gagehugofor the unit tests?15:37
lbragstadyeah...15:37
lbragstadwe use `self` _everywhere_15:37
gagehugo🤔15:38
lbragstadi mean - with the protection tests, it's not as bad as the API tests we had15:38
lbragstadbut...15:38
* lbragstad finds a rubber duck15:39
lbragstadif we start with https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L232 just as an example15:41
lbragstadwe do some really basic setup - like loading keystone, its backends, and setting a couple of important configuration options https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L238-L24115:41
lbragstadcalling setUp() is what handles bootstrap https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L23815:42
lbragstadthen we have just a couple calls to finish up the role assignments for the user and grab a token to test with https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L246-L26315:43
lbragstadi was thinking we'd just pull the bootstrapping operations into something like a SystemReaderTests method that has a setUpClass() method15:44
lbragstad(setUpClass() methods are @classmethods themselves)15:44
*** tesseract has quit IRC15:44
lbragstadbut i think the problem with that will be that bootstrap requires the backends to be loaded in order to user the PROVIDERS15:45
lbragstadand all that is done using loadapp() of BaseTestCase15:45
lbragstadhttps://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/core.py#L68915:45
lbragstad(which isn't a classmethod, it's needs an instance of the test case class to set things up)15:46
lbragstade.g., it appears to be written to be called from setUp(self')15:46
cmurphymaybe that could be refactored to be done as a class method? or write a duplicate loadapp() method that works in a class method?15:48
lbragstadi guess one option would be to retrofit BaseTestCase to work with classmethods15:48
lbragstadcmurphy you beat me to it15:48
cmurphyha15:48
cmurphyi didn't want your rubber duck to be too quiet15:48
lbragstadquiet rubber ducks are the worst15:49
lbragstadbut - reading the comments for BaseTestCase - it seems like that was eventually the plan? https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/core.py#L611-L61715:49
gagehugokinda looks like it15:53
*** itlinux has joined #openstack-keystone15:54
lbragstadcool - i'll probably end up lumping everything in a single patch and break it up if it works15:55
*** shyamb has joined #openstack-keystone15:56
*** shyamb has quit IRC16:20
*** Emine has quit IRC16:31
*** dave-mccowan has joined #openstack-keystone16:39
kmalloc_awayyeah the plan was to do baseclass changes in a non-crappy way16:55
*** kmalloc_away is now known as kmalloc16:55
lbragstado/16:56
lbragstadyeah - taking a look at it16:56
lbragstadso long as it's just BaseTestCase, it might not be terribad16:56
lbragstadlooks like it's just setting up the app and loading backends16:56
* lbragstad has two meetings then should be able to try it out16:57
openstackgerritMerged openstack/keystoneauth master: Resolves a typo in a link to use Application Credentials  https://review.opendev.org/66088616:59
*** lbragstad has quit IRC16:59
*** lbragstad has joined #openstack-keystone17:00
openstackgerritColleen Murphy proposed openstack/keystone-specs master: Update access rules spec with decisions from PTG  https://review.opendev.org/66178417:45
kmallocanyway... i'm... clearly back17:46
cmurphy\o/17:48
larsksDoes there exist anything like a "hello world" for writing a keystone-authenticated service? I'd like to point some interns at a relatively simple example...17:52
*** awalende has joined #openstack-keystone17:55
*** awalende has quit IRC17:59
openstackgerritColleen Murphy proposed openstack/keystone-specs master: Add spec for immutable resources  https://review.opendev.org/62469218:04
cmurphylarsks: i don't know of one, at least we don't maintain one18:07
larskscmurphy: no worries; thanks for letting me know.18:07
cmurphythat sounds like a really useful thing though, if you find one or write one let us know so we can add it to our docs18:07
larsksSure! We'll see what we come up with.18:08
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support  https://review.opendev.org/61367518:10
gagehugocmurphy ^ lemme know if that upgrade note needs any tweaking18:10
cmurphygagehugo: release note looks fine but i'm doubling down on the certfile/keyfile/cafile opts18:17
lbragstadcmurphy dolph had an echo app to showcase that a while ago, i'd have to go dig it up18:18
lbragstadif the token was valid, the response dumped out system information from the host18:19
cmurphylbragstad: oh! actually we still have that https://opendev.org/openstack/keystonemiddleware/src/branch/master/keystonemiddleware/echo18:20
cmurphylarsks: we do have one ^18:20
lbragstadsweet!18:22
lbragstadi have no idea what condition that is in... it might need some fixing?18:22
cmurphylol yeah18:22
lbragstadsounds like a great intern project ;)18:23
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support  https://review.opendev.org/61367518:23
gagehugoI added those config options back in as well18:23
cmurphyty18:24
gagehugooh I missed them in the fixes18:25
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support  https://review.opendev.org/61367518:26
openstackgerritMerged openstack/keystoneauth master: Replace git.openstack.org URLs with opendev.org URLs  https://review.opendev.org/65501618:45
cmurphykmalloc: since you're back https://review.opendev.org/63664518:52
*** konetzed has left #openstack-keystone19:03
kmalloc+219:04
kmalloci expect i'll have the resource options stuff posted soon19:14
kmallocthen back to the IDP Broker work.19:14
*** joshualyle has joined #openstack-keystone19:21
*** dklyle has quit IRC19:21
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support  https://review.opendev.org/61367519:21
*** joshualyle has quit IRC19:25
*** dklyle has joined #openstack-keystone19:29
*** joshualyle has joined #openstack-keystone19:33
*** joshualyle has quit IRC19:37
*** joshualyle has joined #openstack-keystone20:04
*** joshualyle has quit IRC20:05
*** xek_ has quit IRC20:21
*** itlinux has quit IRC21:05
*** whoami-rajat has quit IRC21:13
*** itlinux has joined #openstack-keystone21:13
*** vishalmanchanda has quit IRC21:13
*** pcaruana has quit IRC21:23
*** ayoung has joined #openstack-keystone21:24
*** jdwidari has quit IRC21:25
*** raildo has quit IRC21:49
*** joshualyle has joined #openstack-keystone22:06
*** joshualyle has quit IRC22:11
openstackgerritColleen Murphy proposed openstack/keystone master: Update mission statement and vision reflection  https://review.opendev.org/66210622:32
*** tkajinam has joined #openstack-keystone22:54
*** awalende has joined #openstack-keystone23:00
*** awalende has quit IRC23:05
*** rcernin has joined #openstack-keystone23:06
*** rcernin has quit IRC23:07
*** rcernin has joined #openstack-keystone23:07
openstackgerritMerged openstack/keystone master: Adds caching of credentials  https://review.opendev.org/63664523:32
*** lbragstad has quit IRC23:34
*** lbragstad has joined #openstack-keystone23:34
« Tuesday, 2019-05-28 Index Thursday, 2019-05-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!