*** dave-mccowan has joined #openstack-keystone | 00:32 | |
*** markvoelker has quit IRC | 00:33 | |
*** dave-mccowan has quit IRC | 00:35 | |
*** itlinux has joined #openstack-keystone | 00:55 | |
*** itlinux has quit IRC | 01:37 | |
*** itlinux has joined #openstack-keystone | 01:44 | |
*** itlinux has quit IRC | 01:56 | |
*** shyamb has joined #openstack-keystone | 02:21 | |
*** itlinux has joined #openstack-keystone | 02:25 | |
openstackgerrit | jacky06 proposed openstack/keystoneauth master: Replace git.openstack.org URLs with opendev.org URLs https://review.opendev.org/655016 | 02:30 |
---|---|---|
*** markvoelker has joined #openstack-keystone | 02:34 | |
*** shyamb has quit IRC | 02:44 | |
*** lbragstad has quit IRC | 02:58 | |
*** markvoelker has quit IRC | 03:08 | |
*** threestrands has joined #openstack-keystone | 03:31 | |
*** shyamb has joined #openstack-keystone | 03:42 | |
*** altlogbot_2 has quit IRC | 03:44 | |
*** altlogbot_3 has joined #openstack-keystone | 03:45 | |
*** markvoelker has joined #openstack-keystone | 04:05 | |
*** shyam89 has joined #openstack-keystone | 04:07 | |
*** shyamb has quit IRC | 04:08 | |
openstackgerrit | Merged openstack/keystone master: Add note about application credential ownership https://review.opendev.org/661852 | 04:09 |
*** jdwidari has quit IRC | 04:10 | |
*** whoami-rajat has joined #openstack-keystone | 04:31 | |
*** baffle has quit IRC | 04:36 | |
*** markvoelker has quit IRC | 04:37 | |
*** altlogbot_3 has quit IRC | 04:38 | |
*** trident has quit IRC | 04:39 | |
*** altlogbot_2 has joined #openstack-keystone | 04:39 | |
*** altlogbot_2 has quit IRC | 04:40 | |
*** altlogbot_2 has joined #openstack-keystone | 04:41 | |
*** trident has joined #openstack-keystone | 04:41 | |
*** baffle has joined #openstack-keystone | 04:42 | |
*** shyam89 has quit IRC | 04:53 | |
*** pcaruana has joined #openstack-keystone | 05:15 | |
*** shyamb has joined #openstack-keystone | 05:22 | |
*** markvoelker has joined #openstack-keystone | 05:34 | |
*** vishakha has joined #openstack-keystone | 05:51 | |
*** rcernin has quit IRC | 06:01 | |
*** rcernin has joined #openstack-keystone | 06:01 | |
*** shyamb has quit IRC | 06:07 | |
*** shyamb has joined #openstack-keystone | 06:08 | |
*** markvoelker has quit IRC | 06:08 | |
*** shyamb has quit IRC | 06:35 | |
*** shyamb has joined #openstack-keystone | 06:39 | |
*** takamatsu has joined #openstack-keystone | 06:48 | |
openstackgerrit | Vishakha Agarwal proposed openstack/python-keystoneclient master: [WIP] update keyring version https://review.opendev.org/661897 | 06:48 |
openstackgerrit | Vishakha Agarwal proposed openstack/python-keystoneclient master: Blacklist bandit 1.6.0 & cap sphinx for 2.7 https://review.opendev.org/660609 | 06:50 |
*** rcernin has quit IRC | 06:52 | |
*** shyamb has quit IRC | 06:56 | |
*** shyamb has joined #openstack-keystone | 06:56 | |
*** starborn has joined #openstack-keystone | 06:59 | |
*** tesseract has joined #openstack-keystone | 07:05 | |
*** markvoelker has joined #openstack-keystone | 07:05 | |
*** shyamb has quit IRC | 07:12 | |
*** awalende has joined #openstack-keystone | 07:13 | |
*** shyamb has joined #openstack-keystone | 07:21 | |
*** markvoelker has quit IRC | 07:37 | |
*** itlinux has quit IRC | 07:42 | |
*** Emine has joined #openstack-keystone | 07:43 | |
*** xek_ has joined #openstack-keystone | 07:47 | |
*** takamatsu has quit IRC | 07:52 | |
*** takamatsu has joined #openstack-keystone | 08:00 | |
*** shyamb has quit IRC | 08:04 | |
*** tkajinam has quit IRC | 08:10 | |
*** jdwidari has joined #openstack-keystone | 08:13 | |
frickler | cmurphy: if we change the default for the middleware keystone endpoint, with my patch deployers still have the option to override it, so I don't see how that would hard break a deployment like gyee claimed | 08:21 |
frickler | cmurphy: also we do not have to decide what the new default will be right now. I still think that my argument for a 'public'-only deployment being the most simple case and thus being the preferred default still holds | 08:22 |
*** jdwidari has quit IRC | 08:32 | |
frickler | cmurphy: humm, I should've read your comment on the patch first. I think I can live with that as a compromise, updating the patch now | 08:33 |
*** markvoelker has joined #openstack-keystone | 08:34 | |
*** takamatsu has quit IRC | 08:52 | |
*** shyamb has joined #openstack-keystone | 08:56 | |
*** markvoelker has quit IRC | 09:08 | |
*** threestrands has quit IRC | 09:54 | |
*** markvoelker has joined #openstack-keystone | 10:05 | |
*** shyamb has quit IRC | 10:05 | |
*** shyamb has joined #openstack-keystone | 10:05 | |
*** yuxin_ has quit IRC | 10:13 | |
*** yuxin_ has joined #openstack-keystone | 10:17 | |
*** markvoelker has quit IRC | 10:37 | |
*** shyamb has quit IRC | 10:38 | |
*** shyamb has joined #openstack-keystone | 11:03 | |
*** raildo has joined #openstack-keystone | 11:31 | |
*** markvoelker has joined #openstack-keystone | 11:34 | |
*** redrobot has quit IRC | 11:39 | |
*** tesseract has quit IRC | 11:53 | |
*** tesseract has joined #openstack-keystone | 11:53 | |
*** markvoelker has quit IRC | 11:54 | |
*** markvoelker has joined #openstack-keystone | 11:54 | |
*** redrobot has joined #openstack-keystone | 12:23 | |
*** lbragstad has joined #openstack-keystone | 12:32 | |
*** whoami-rajat has quit IRC | 12:51 | |
*** gmann has quit IRC | 12:53 | |
*** shyamb has quit IRC | 12:59 | |
openstackgerrit | Merged openstack/keystone master: Don't throw valueerror on bootstrap https://review.opendev.org/660203 | 13:01 |
*** jdwidari has joined #openstack-keystone | 13:06 | |
*** dmellado has quit IRC | 13:25 | |
*** dmellado has joined #openstack-keystone | 13:25 | |
openstackgerrit | Jens Harbott (frickler) proposed openstack/keystonemiddleware master: Add a new option to choose the Identity endpoint https://review.opendev.org/651790 | 13:41 |
*** vishakha has quit IRC | 13:51 | |
*** awalende has quit IRC | 13:53 | |
*** awalende has joined #openstack-keystone | 13:54 | |
*** awalende_ has joined #openstack-keystone | 13:57 | |
*** awalende has quit IRC | 13:58 | |
openstackgerrit | Merged openstack/keystone-specs master: Update tracking reference for federated attrs spec https://review.opendev.org/659876 | 13:58 |
*** starborn has quit IRC | 13:59 | |
*** awalende_ has quit IRC | 14:02 | |
*** whoami-rajat has joined #openstack-keystone | 14:03 | |
*** gmann has joined #openstack-keystone | 14:10 | |
*** itlinux has joined #openstack-keystone | 14:11 | |
*** awalende has joined #openstack-keystone | 14:22 | |
*** awalende has quit IRC | 14:27 | |
*** vishalmanchanda has joined #openstack-keystone | 14:32 | |
*** itlinux has quit IRC | 14:41 | |
gagehugo | o/ | 14:45 |
lbragstad | o/ | 14:47 |
cmurphy | \o | 14:51 |
frickler | cmurphy: so defaulting to the internal endpoint doesn't work in gate because devstack doesn't set up internal endpoints it seems: http://logs.openstack.org/90/651790/10/check/tempest-full/10c44bb/controller/logs/screen-g-api.txt.gz#_May_29_14_28_35_930698 | 15:06 |
*** shyamb has joined #openstack-keystone | 15:07 | |
frickler | cmurphy: so I'm back to suggesting to use public as default. deployers concerned about security can still override to internal | 15:07 |
cmurphy | frickler: couldn't we also override it in devstack though? | 15:12 |
frickler | cmurphy: we could, but then we'd need to add the option in devstack before it is present in middleware, which sounds a bit wrong to me. | 15:14 |
frickler | cmurphy: or split this patch into three steps. a) add config option with admin default, release that one, b) patch devstack, c) change default and to another release | 15:15 |
frickler | s/ to/ do/ | 15:16 |
* frickler needs to leave, will check back later | 15:16 | |
cmurphy | frickler: i like that approach | 15:17 |
*** shyamb has quit IRC | 15:24 | |
*** gyee has joined #openstack-keystone | 15:33 | |
*** altlogbot_2 has quit IRC | 15:35 | |
*** altlogbot_0 has joined #openstack-keystone | 15:36 | |
*** irclogbot_0 has quit IRC | 15:36 | |
lbragstad | this refactor to use setUpClass might be trickier than i originally anticipated | 15:37 |
*** irclogbot_2 has joined #openstack-keystone | 15:37 | |
gagehugo | for the unit tests? | 15:37 |
lbragstad | yeah... | 15:37 |
lbragstad | we use `self` _everywhere_ | 15:37 |
gagehugo | 🤔 | 15:38 |
lbragstad | i mean - with the protection tests, it's not as bad as the API tests we had | 15:38 |
lbragstad | but... | 15:38 |
* lbragstad finds a rubber duck | 15:39 | |
lbragstad | if we start with https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L232 just as an example | 15:41 |
lbragstad | we do some really basic setup - like loading keystone, its backends, and setting a couple of important configuration options https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L238-L241 | 15:41 |
lbragstad | calling setUp() is what handles bootstrap https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L238 | 15:42 |
lbragstad | then we have just a couple calls to finish up the role assignments for the user and grab a token to test with https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/protection/v3/test_domains.py#L246-L263 | 15:43 |
lbragstad | i was thinking we'd just pull the bootstrapping operations into something like a SystemReaderTests method that has a setUpClass() method | 15:44 |
lbragstad | (setUpClass() methods are @classmethods themselves) | 15:44 |
*** tesseract has quit IRC | 15:44 | |
lbragstad | but i think the problem with that will be that bootstrap requires the backends to be loaded in order to user the PROVIDERS | 15:45 |
lbragstad | and all that is done using loadapp() of BaseTestCase | 15:45 |
lbragstad | https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/core.py#L689 | 15:45 |
lbragstad | (which isn't a classmethod, it's needs an instance of the test case class to set things up) | 15:46 |
lbragstad | e.g., it appears to be written to be called from setUp(self') | 15:46 |
cmurphy | maybe that could be refactored to be done as a class method? or write a duplicate loadapp() method that works in a class method? | 15:48 |
lbragstad | i guess one option would be to retrofit BaseTestCase to work with classmethods | 15:48 |
lbragstad | cmurphy you beat me to it | 15:48 |
cmurphy | ha | 15:48 |
cmurphy | i didn't want your rubber duck to be too quiet | 15:48 |
lbragstad | quiet rubber ducks are the worst | 15:49 |
lbragstad | but - reading the comments for BaseTestCase - it seems like that was eventually the plan? https://opendev.org/openstack/keystone/src/commit/2eeb8d5cd5681b693350ca2879ede11bd8ce7d9a/keystone/tests/unit/core.py#L611-L617 | 15:49 |
gagehugo | kinda looks like it | 15:53 |
*** itlinux has joined #openstack-keystone | 15:54 | |
lbragstad | cool - i'll probably end up lumping everything in a single patch and break it up if it works | 15:55 |
*** shyamb has joined #openstack-keystone | 15:56 | |
*** shyamb has quit IRC | 16:20 | |
*** Emine has quit IRC | 16:31 | |
*** dave-mccowan has joined #openstack-keystone | 16:39 | |
kmalloc_away | yeah the plan was to do baseclass changes in a non-crappy way | 16:55 |
*** kmalloc_away is now known as kmalloc | 16:55 | |
lbragstad | o/ | 16:56 |
lbragstad | yeah - taking a look at it | 16:56 |
lbragstad | so long as it's just BaseTestCase, it might not be terribad | 16:56 |
lbragstad | looks like it's just setting up the app and loading backends | 16:56 |
* lbragstad has two meetings then should be able to try it out | 16:57 | |
openstackgerrit | Merged openstack/keystoneauth master: Resolves a typo in a link to use Application Credentials https://review.opendev.org/660886 | 16:59 |
*** lbragstad has quit IRC | 16:59 | |
*** lbragstad has joined #openstack-keystone | 17:00 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone-specs master: Update access rules spec with decisions from PTG https://review.opendev.org/661784 | 17:45 |
kmalloc | anyway... i'm... clearly back | 17:46 |
cmurphy | \o/ | 17:48 |
larsks | Does there exist anything like a "hello world" for writing a keystone-authenticated service? I'd like to point some interns at a relatively simple example... | 17:52 |
*** awalende has joined #openstack-keystone | 17:55 | |
*** awalende has quit IRC | 17:59 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone-specs master: Add spec for immutable resources https://review.opendev.org/624692 | 18:04 |
cmurphy | larsks: i don't know of one, at least we don't maintain one | 18:07 |
larsks | cmurphy: no worries; thanks for letting me know. | 18:07 |
cmurphy | that sounds like a really useful thing though, if you find one or write one let us know so we can add it to our docs | 18:07 |
larsks | Sure! We'll see what we come up with. | 18:08 |
openstackgerrit | Gage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support https://review.opendev.org/613675 | 18:10 |
gagehugo | cmurphy ^ lemme know if that upgrade note needs any tweaking | 18:10 |
cmurphy | gagehugo: release note looks fine but i'm doubling down on the certfile/keyfile/cafile opts | 18:17 |
lbragstad | cmurphy dolph had an echo app to showcase that a while ago, i'd have to go dig it up | 18:18 |
lbragstad | if the token was valid, the response dumped out system information from the host | 18:19 |
cmurphy | lbragstad: oh! actually we still have that https://opendev.org/openstack/keystonemiddleware/src/branch/master/keystonemiddleware/echo | 18:20 |
cmurphy | larsks: we do have one ^ | 18:20 |
lbragstad | sweet! | 18:22 |
lbragstad | i have no idea what condition that is in... it might need some fixing? | 18:22 |
cmurphy | lol yeah | 18:22 |
lbragstad | sounds like a great intern project ;) | 18:23 |
openstackgerrit | Gage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support https://review.opendev.org/613675 | 18:23 |
gagehugo | I added those config options back in as well | 18:23 |
cmurphy | ty | 18:24 |
gagehugo | oh I missed them in the fixes | 18:25 |
openstackgerrit | Gage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support https://review.opendev.org/613675 | 18:26 |
openstackgerrit | Merged openstack/keystoneauth master: Replace git.openstack.org URLs with opendev.org URLs https://review.opendev.org/655016 | 18:45 |
cmurphy | kmalloc: since you're back https://review.opendev.org/636645 | 18:52 |
*** konetzed has left #openstack-keystone | 19:03 | |
kmalloc | +2 | 19:04 |
kmalloc | i expect i'll have the resource options stuff posted soon | 19:14 |
kmalloc | then back to the IDP Broker work. | 19:14 |
*** joshualyle has joined #openstack-keystone | 19:21 | |
*** dklyle has quit IRC | 19:21 | |
openstackgerrit | Gage Hugo proposed openstack/keystonemiddleware master: Remove PKI/PKIZ support https://review.opendev.org/613675 | 19:21 |
*** joshualyle has quit IRC | 19:25 | |
*** dklyle has joined #openstack-keystone | 19:29 | |
*** joshualyle has joined #openstack-keystone | 19:33 | |
*** joshualyle has quit IRC | 19:37 | |
*** joshualyle has joined #openstack-keystone | 20:04 | |
*** joshualyle has quit IRC | 20:05 | |
*** xek_ has quit IRC | 20:21 | |
*** itlinux has quit IRC | 21:05 | |
*** whoami-rajat has quit IRC | 21:13 | |
*** itlinux has joined #openstack-keystone | 21:13 | |
*** vishalmanchanda has quit IRC | 21:13 | |
*** pcaruana has quit IRC | 21:23 | |
*** ayoung has joined #openstack-keystone | 21:24 | |
*** jdwidari has quit IRC | 21:25 | |
*** raildo has quit IRC | 21:49 | |
*** joshualyle has joined #openstack-keystone | 22:06 | |
*** joshualyle has quit IRC | 22:11 | |
openstackgerrit | Colleen Murphy proposed openstack/keystone master: Update mission statement and vision reflection https://review.opendev.org/662106 | 22:32 |
*** tkajinam has joined #openstack-keystone | 22:54 | |
*** awalende has joined #openstack-keystone | 23:00 | |
*** awalende has quit IRC | 23:05 | |
*** rcernin has joined #openstack-keystone | 23:06 | |
*** rcernin has quit IRC | 23:07 | |
*** rcernin has joined #openstack-keystone | 23:07 | |
openstackgerrit | Merged openstack/keystone master: Adds caching of credentials https://review.opendev.org/636645 | 23:32 |
*** lbragstad has quit IRC | 23:34 | |
*** lbragstad has joined #openstack-keystone | 23:34 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!