Friday, 2019-07-12

« Thursday, 2019-07-11 Index Saturday, 2019-07-13 »
openstackgerritguang-yee proposed openstack/keystone master: update documentation for X.509 tokenless auth  https://review.opendev.org/66979000:28
*** gyee has quit IRC00:28
*** rcernin has quit IRC00:34
*** rcernin has joined #openstack-keystone00:35
*** dklyle has joined #openstack-keystone00:49
*** irclogbot_1 has joined #openstack-keystone00:55
*** irclogbot_1 has quit IRC01:00
*** imacdonn has quit IRC01:14
*** imacdonn has joined #openstack-keystone01:15
*** irclogbot_2 has joined #openstack-keystone01:25
*** rafaelweingartne has quit IRC01:32
*** irclogbot_2 has quit IRC01:34
*** irclogbot_3 has joined #openstack-keystone02:25
*** irclogbot_3 has quit IRC02:30
*** altlogbot_0 has joined #openstack-keystone02:47
*** altlogbot_0 has quit IRC02:52
*** awalende has joined #openstack-keystone02:59
*** awalende has quit IRC03:03
*** irclogbot_1 has joined #openstack-keystone03:21
*** irclogbot_1 has quit IRC03:26
openstackgerritpengyuesheng proposed openstack/python-keystoneclient master: Bump the openstackdocstheme extension to 1.20  https://review.opendev.org/66879503:38
*** irclogbot_0 has joined #openstack-keystone03:51
*** whoami-rajat has joined #openstack-keystone03:55
*** irclogbot_0 has quit IRC03:56
*** dklyle has quit IRC04:06
*** rcernin has quit IRC04:54
*** irclogbot_1 has joined #openstack-keystone04:59
*** new_student1411 has joined #openstack-keystone05:07
*** pcaruana has joined #openstack-keystone05:13
*** jistr has quit IRC05:15
*** new_student14119 has joined #openstack-keystone05:15
openstackgerritColleen Murphy proposed openstack/keystonemiddleware master: Add validation of app cred access rules  https://review.opendev.org/63336905:16
*** irclogbot_1 has quit IRC05:16
*** jistr has joined #openstack-keystone05:18
*** new_student1411 has quit IRC05:18
*** altlogbot_1 has joined #openstack-keystone06:09
*** altlogbot_1 has quit IRC06:14
*** irclogbot_2 has joined #openstack-keystone06:35
*** irclogbot_2 has quit IRC06:40
*** ivve has joined #openstack-keystone06:46
*** dancn has joined #openstack-keystone06:47
*** awalende has joined #openstack-keystone07:23
*** xek has joined #openstack-keystone07:36
*** shyamb has joined #openstack-keystone07:49
*** aning_ has quit IRC07:55
*** shyamb has quit IRC07:59
*** altlogbot_3 has joined #openstack-keystone08:01
*** altlogbot_3 has quit IRC08:04
*** aning has joined #openstack-keystone08:07
*** aning__ has joined #openstack-keystone08:10
*** altlogbot_2 has joined #openstack-keystone08:11
*** aning has quit IRC08:12
*** altlogbot_2 has quit IRC08:16
*** altlogbot_1 has joined #openstack-keystone08:17
*** tkajinam has quit IRC08:19
*** altlogbot_1 has quit IRC08:22
*** altlogbot_1 has joined #openstack-keystone08:23
*** altlogbot_1 has quit IRC08:28
*** shyamb has joined #openstack-keystone08:46
*** altlogbot_0 has joined #openstack-keystone08:53
*** altlogbot_0 has quit IRC08:58
*** irclogbot_1 has joined #openstack-keystone08:59
*** irclogbot_1 has quit IRC09:04
*** shyamb has quit IRC10:05
*** irclogbot_0 has joined #openstack-keystone10:31
*** irclogbot_0 has quit IRC10:38
*** shyamb has joined #openstack-keystone10:40
*** irclogbot_2 has joined #openstack-keystone10:41
*** irclogbot_2 has quit IRC10:44
*** rafaelweingartne has joined #openstack-keystone10:53
rafaelweingartneHello guys, we noticed that Keystone is not pushing event messages to RabbitMQ;it seems related to "CONF.notification_format " being "cadf" by default.10:54
rafaelweingartneLooking at the code, it looks like if we set the config to 'basic', then it would work.However, we wonder. If we want to use cadf. Do we need some extra config?I am assuming Keystone will keep using oslo.messaging for this job as well.10:54
*** ivve has quit IRC11:01
*** ivve has joined #openstack-keystone11:01
*** altlogbot_1 has joined #openstack-keystone11:03
*** shyam89 has joined #openstack-keystone11:08
*** altlogbot_1 has quit IRC11:08
*** shyamb has quit IRC11:08
*** tesseract has joined #openstack-keystone11:08
*** altlogbot_1 has joined #openstack-keystone11:12
*** altlogbot_1 has quit IRC11:16
*** shyam89 has quit IRC11:39
*** shyam89 has joined #openstack-keystone11:48
*** altlogbot_0 has joined #openstack-keystone12:07
*** altlogbot_0 has quit IRC12:08
*** markvoelker has quit IRC12:45
*** viks___ has quit IRC12:46
*** viks___ has joined #openstack-keystone12:48
*** dancn has quit IRC12:50
*** raildo has joined #openstack-keystone13:03
*** whoami-rajat has quit IRC13:25
*** whoami-rajat has joined #openstack-keystone13:25
*** shyam89 has quit IRC13:33
*** vishalmanchanda has quit IRC13:35
*** irclogbot_0 has joined #openstack-keystone13:35
*** irclogbot_0 has quit IRC13:38
*** irclogbot_2 has joined #openstack-keystone14:09
*** FlorianFa has quit IRC14:11
openstackgerritNate Johnston proposed openstack/keystonemiddleware master: Fix context issue for neutron audit  https://review.opendev.org/50865914:12
*** altlogbot_0 has joined #openstack-keystone14:13
*** ivve has quit IRC14:14
openstackgerritNate Johnston proposed openstack/keystonemiddleware master: Fix context issue for neutron audit  https://review.opendev.org/50865914:26
*** awalende has quit IRC14:27
openstackgerritVadym Markov proposed openstack/oslo.policy master: Correctly handle IO errors at policy file load  https://review.opendev.org/67057114:27
*** awalende has joined #openstack-keystone14:27
*** awalende has quit IRC14:31
*** bnemec is now known as beekneemech14:34
*** hoonetorg has quit IRC14:40
*** rafaelweingartne has quit IRC14:41
*** TheJulia is now known as needssleep14:52
*** markvoelker has joined #openstack-keystone14:53
*** kplant has joined #openstack-keystone14:55
*** markvoelker has quit IRC14:56
*** hoonetorg has joined #openstack-keystone14:56
*** awalende has joined #openstack-keystone14:59
*** awalende has quit IRC15:04
kplantcould anyone recommend an article for configuring keystone-to-keystone federation?15:06
*** ayoung has quit IRC15:12
*** ayoung has joined #openstack-keystone15:12
*** Krenair has quit IRC15:20
*** Krenair has joined #openstack-keystone15:34
*** ayoung has quit IRC15:44
*** ayoung has joined #openstack-keystone15:48
openstackgerritMichael Bayer proposed openstack/keystone master: Allow JsonBlob to accommodate SQL NULL result sets  https://review.opendev.org/67059215:59
*** gyee has joined #openstack-keystone16:01
cmurphysomewhat dense change but could i ask for reviews on https://review.opendev.org/633369 it's green now16:04
openstackgerritVadym Markov proposed openstack/oslo.policy master: Correctly handle IO errors at policy file load  https://review.opendev.org/67057116:04
kmalloccmurphy: reading.16:05
cmurphyty16:05
cmurphyalso an easier ksm one https://review.opendev.org/65999416:05
kmallocthe migrations and ro for all stuff is really going slow because of the construction16:05
kmallocat least code review i can do with the noise16:05
kmalloccmurphy: so far i like it... but i just read the commit message no code :P16:06
kmalloc>.>16:06
kmalloc<.<16:06
kmalloc^_^16:06
cmurphythat's half the battle16:06
kmallocone comment, a release note would be good to add (followup is fine)16:07
cmurphyah good point16:07
kmallocis this the last blueprint?! woooooo16:07
cmurphyi think so16:07
kmallocis the _path_matches intended to convert to PCRE compat regex?16:10
kmalloc(re module)16:10
kmalloccmurphy: it might actually be easier (long term) to create path groups where {tag} is a token and ** is a token, then iterate through and re-construct the path replacing {tag} with * and ** with .*.16:13
kmallocI know.. that comment is stupid dense.16:14
cmurphykmalloc: yeah it's supposed to be converting it from a glob to a regex, definitely would like to make that prettier and more sustainable16:14
kmallocyeah best bet is to straight up split into groups and then iterate and swap, prevents odd behavior where {tag}* [bad rule] turns into potentially **16:15
kmallocand then turns into .* inappropriately16:15
kmalloci think the rules are more fragile with this conversion than they need to be, but.... I am not seeing a reason to swap it here.16:16
kmallocwe should fix in a followup.16:16
kmallocI would like to see some explicit glob->regex conversion tests.16:16
kmallocnot through the middleware itself. but really just confirm the _path_matches works as expected.16:17
cmurphyi am happy to change it now, it's definitely hairy and if it's messed up it's a security vulnerability16:17
* kmalloc nods.16:17
kmalloci'm still reading it16:17
kmallocmaking sure it doesn't break anything16:17
kmallocany glob->regex is going to be risky, i don't care which one we have to start as long as we iterate to make it better in the long run16:18
kmallocbut a high confidence that we default to a broken rule means denial over overly broad acceptance is my only concern :)16:18
kmallocso, do we have an example of the {tag} based path we're subbing {tag} to *.16:19
kmallocerm to "*" not "*."16:19
cmurphykmalloc: in the client fixtures line 370 and 38516:21
kmalloc++ yeah haven't gotten through the whole review.16:22
*** awalende has joined #openstack-keystone16:29
*** awalende has quit IRC16:33
kmalloccmurphy: ok i have comments on the glob->regex16:34
kmalloccmurphy: i'm still reviewing but wanted to get those up fast for you.16:34
cmurphythanks kmalloc16:35
*** xek has quit IRC17:53
*** xek has joined #openstack-keystone17:53
*** kplant has quit IRC18:04
*** new_student14119 has quit IRC18:19
openstackgerritMerged openstack/keystonemiddleware master: print auth version for request strategy in debug  https://review.opendev.org/65999418:27
openstackgerritMichael Bayer proposed openstack/keystone master: Allow JsonBlob to accommodate SQL NULL result sets  https://review.opendev.org/67059218:46
*** irclogbot_2 has quit IRC18:49
*** edmondsw_ has quit IRC18:49
*** irclogbot_2 has joined #openstack-keystone18:52
kmalloczzzeek: for the null jsonblob, should it explicitly cast to a {} instead of a None being in the spirit of empty json? otherwise that change looks fine to me.19:02
kmallocs/cast/return19:03
zzzeekkmalloc: are you referring to the test case ?19:04
kmallocno the actual return19:04
kmallocso, if value is None, return {}19:04
zzzeekkmalloc: the actual return is accurate IMO19:04
kmallocbeing that {} is valid "json" in python parlance19:04
zzzeekJSON has 'null', that's valid json19:04
zzzeek>>> import json19:05
zzzeek>>> json.loads('null') is None19:05
kmallocah.19:05
kmalloci was thinking the inverse19:05
kmallocnvm, lgtm19:05
zzzeek{} OTOH is not None, it's an empty dict :)19:05
kmallocconstruction outside my house is making my brain ... angry19:05
kmallocand it's been going on for 2 weeks... only another ... 1-2 months of this to go19:06
zzzeekkmalloc: same here !    sqla has JSON datatypes which is why ive been aroudn this block already19:06
zzzeek(construction outside)19:06
kmallocyeah they're replacing gas mains here =/19:06
kmallocdude, construction SUCKS.19:06
zzzeekwe have a contractor putting in posts he hit my sprinkler lines twice19:06
kmallocanyway, +2 to your change, upgrading.19:06
kmalloc*eyeroll* HOW DO YOU HIT A ... anyway19:07
zzzeekwell you dig a hole and htere is it, sorta19:07
kmalloclike... do people not even check these things anymore?19:07
kmallocsure... but, you'd think there would be the minimal "is there something here?" before you start digging.19:07
zzzeekwelp guy just fixed it so. that's done19:12
*** tesseract has quit IRC19:33
*** whoami-rajat has quit IRC19:45
*** pcaruana has quit IRC20:59
*** raildo has quit IRC21:01
*** xek has quit IRC22:05
« Thursday, 2019-07-11 Index Saturday, 2019-07-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!