Monday, 2019-09-16

*** jamesmcarthur has joined #openstack-keystone		00:05
*** jamesmcarthur has quit IRC		00:09
*** jamesmcarthur has joined #openstack-keystone		00:15
*** jamesmcarthur has quit IRC		00:25
*** jamesmcarthur has joined #openstack-keystone		00:59
*** jamesmcarthur has quit IRC		01:10
*** lbragstad has quit IRC		01:39
*** markvoelker has joined #openstack-keystone		01:53
*** markvoelker has quit IRC		01:58
*** dklyle has quit IRC		02:11
*** david-lyle has joined #openstack-keystone		02:11
*** lbragstad has joined #openstack-keystone		02:18
wxy-xiyuan	cmurphy: last Friday is Chinese Mid-autumn Festival, I was not online. Sorry.	02:29
*** idlemind has quit IRC		02:46
openstackgerrit	Lance Bragstad proposed openstack/keystone master: WIP: Remove unused and unnecessary policies https://review.opendev.org/682266	02:56
*** rcernin has quit IRC		02:59
*** jamesmcarthur has joined #openstack-keystone		03:10
*** vishakha has joined #openstack-keystone		03:12
*** markvoelker has joined #openstack-keystone		03:24
*** markvoelker has quit IRC		03:29
*** rcernin has joined #openstack-keystone		03:46
*** jhesketh has joined #openstack-keystone		03:50
*** jamesmcarthur has quit IRC		04:01
*** jamesmcarthur has joined #openstack-keystone		04:04
*** jamesmcarthur has quit IRC		04:17
openstackgerrit	Vishakha Agarwal proposed openstack/keystonemiddleware master: [WIP] Generate pdf documentation https://review.opendev.org/682271	04:41
openstackgerrit	Vishakha Agarwal proposed openstack/keystoneauth master: [WIP] Generate pdf documentation https://review.opendev.org/682272	04:50
*** Luzi has joined #openstack-keystone		04:59
*** jawad_axd has joined #openstack-keystone		04:59
*** pcaruana has joined #openstack-keystone		05:11
*** etp has joined #openstack-keystone		05:14
*** cp has quit IRC		05:20
*** dancn has joined #openstack-keystone		05:58
*** dancn has quit IRC		06:16
*** jamesmcarthur has joined #openstack-keystone		06:18
*** jamesmcarthur has quit IRC		06:23
*** markvoelker has joined #openstack-keystone		06:24
*** dancn has joined #openstack-keystone		06:27
*** markvoelker has quit IRC		06:30
openstackgerrit	Vishakha Agarwal proposed openstack/keystoneauth master: [WIP] Generate pdf documentation https://review.opendev.org/682272	06:41
*** rha has joined #openstack-keystone		06:43
openstackgerrit	Vishakha Agarwal proposed openstack/keystonemiddleware master: [WIP] Generate pdf documentation https://review.opendev.org/682271	06:44
*** trident has quit IRC		06:48
*** trident has joined #openstack-keystone		06:57
*** trident has quit IRC		07:03
*** trident has joined #openstack-keystone		07:12
*** ivve has joined #openstack-keystone		07:32
*** FlorianFa has quit IRC		07:36
*** cp has joined #openstack-keystone		07:38
*** FlorianFa has joined #openstack-keystone		07:41
*** xek_ has joined #openstack-keystone		08:05
*** xek_ has quit IRC		08:19
*** markvoelker has joined #openstack-keystone		08:27
*** markvoelker has quit IRC		08:32
openstackgerrit	Vishakha Agarwal proposed openstack/keystonemiddleware master: [WIP] Generate pdf documentation https://review.opendev.org/682271	09:31
openstackgerrit	Vishakha Agarwal proposed openstack/keystoneauth master: [WIP] Generate pdf documentation https://review.opendev.org/682272	09:34
*** jaosorior has joined #openstack-keystone		09:45
*** xek_ has joined #openstack-keystone		10:06
*** markvoelker has joined #openstack-keystone		10:28
*** dancn has quit IRC		10:31
*** markvoelker has quit IRC		10:33
*** tesseract has joined #openstack-keystone		10:51
*** tesseract has quit IRC		11:09
*** jawad_ax_ has joined #openstack-keystone		11:37
*** dancn has joined #openstack-keystone		11:39
*** jawad_axd has quit IRC		11:40
*** xek_ has quit IRC		12:00
*** dave-mccowan has joined #openstack-keystone		12:08
*** dancn has quit IRC		12:12
*** dave-mccowan has quit IRC		12:12
*** dave-mccowan has joined #openstack-keystone		12:13
*** dancn has joined #openstack-keystone		12:15
*** lbragstad has quit IRC		12:32
*** rcernin has quit IRC		12:35
*** etp has quit IRC		12:40
*** jamesmcarthur has joined #openstack-keystone		12:48
*** rcernin has joined #openstack-keystone		12:59
*** markvoelker has joined #openstack-keystone		13:04
*** markvoelker has quit IRC		13:09
*** raildo has joined #openstack-keystone		13:17
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org will be offline briefly starting at 14:00 UTC (that's roughly 30 minutes from now) for maintenance: http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009064.html		13:28
*** beekneemech is now known as bnemec		13:30
*** vishakha has quit IRC		13:33
*** xek has joined #openstack-keystone		13:35
*** Luzi has quit IRC		13:38
*** pcaruana has quit IRC		13:45
*** rcernin has quit IRC		13:49
*** noonedeadpunk has joined #openstack-keystone		13:57
jrosser	hello - we're having some trouble over in #openstack-ansible which might be related to this https://review.opendev.org/#/c/678322/11	13:57
jrosser	very short story is keystone-manage db_sync --check is misbehaving for us	13:58
noonedeadpunk	So once we're running keystone-manage db_sync --check it creates table migrate_version and exits with 0 even when database is empty	14:00
noonedeadpunk	and it should exit with 2 according to https://docs.openstack.org/keystone/pike/admin/identity-upgrading.html#using-db-sync-check	14:01
*** markvoelker has joined #openstack-keystone		14:02
*** jawad_ax_ has quit IRC		14:02
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is offline briefly for maintenance: http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009064.html		14:04
*** ChanServ changes topic to "The Gerrit service on review.opendev.org is offline briefly for maintenance: http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009064.html"		14:04
noonedeadpunk	So basically here's what has changed http://paste.openstack.org/show/776806/	14:06
*** pcaruana has joined #openstack-keystone		14:07
*** markvoelker has quit IRC		14:11
*** markvoelker has joined #openstack-keystone		14:12
noonedeadpunk	And everything ends up in failing "keystone-manage credential_migrate --keystone-user keystone --keystone-group keystone" due to missing encrypted_blob row inside credential table	14:14
*** markvoelker has quit IRC		14:17
*** jamesmcarthur has quit IRC		14:31
*** jamesmcarthur has joined #openstack-keystone		14:33
*** ChanServ changes topic to "Train release schedule: https://releases.openstack.org/train/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/ClKW9C8x/keystone-train-roadmap !!NOTE!! This Channel is Logged ( https://tinyurl.com/OpenStackKeystone )"		14:36
-openstackstatus- NOTICE: The Gerrit outage portion of the current maintenance is complete and the service is back on line, however reindexing for renamed repositories is still underway and some Zuul job fixes are in the process of being applied		14:36
*** jamesmcarthur has quit IRC		14:39
*** jamesmcarthur has joined #openstack-keystone		15:02
*** jamesmcarthur has quit IRC		15:07
*** openstackgerrit has quit IRC		15:08
*** xek has quit IRC		15:08
jrosser	cmorpheus: are you around?	15:16
cmorpheus	jrosser: noonedeadpunk hi, could you file a bug report?	15:18
*** cmorpheus is now known as cmurphy		15:19
cmurphy	kmalloc: ^ not sure if you're already on vacation	15:19
jrosser	yes we can - not really sure what we are describing right now other than "wierd things with new version"	15:19
*** ivve has quit IRC		15:20
cmurphy	the paste is a little confusing because the virtualenv name in the prompt is 'keystone-new' for both versions	15:22
cmurphy	trying to recreate	15:25
jrosser	the reason we find this is that our CI job that deploys from packages picks up very very new ones from rdo, and they are broken	15:26
jrosser	our source code based installs are pinned to a sha thats a bit older and are still working	15:26
jrosser	i made a bug https://bugs.launchpad.net/keystone/+bug/1844157	15:29
openstack	Launchpad bug 1844157 in OpenStack Identity (keystone) "keystone-manage db_sync --check misbehaves, version 15.1.0" [Undecided,New]	15:29
kmalloc	Nope not yet	15:32
kmalloc	Oh this. I think the _encrypted blob change for pgsql broke it. So we need to revert.	15:33
kmalloc	Let’s quick revert. Deal with fixing again just due to timelines.	15:34
cmurphy	i don't think that merged yet	15:34
cmurphy	https://review.opendev.org/681736	15:34
kmalloc	Hmm let me check.	15:34
kmalloc	Ok weird.	15:34
kmalloc	That was my guess	15:35
cmurphy	reproduced, going to git bisect	15:35
kmalloc	Ok.	15:35
kmalloc	This feels like a db_sync failed.	15:36
cmurphy	kmalloc: jrosser's guess is it's https://review.opendev.org/#/c/678322/11	15:36
kmalloc	Beyond what —check does.	15:37
kmalloc	Not sure how adding a table would cause that.	15:37
kmalloc	But it might be.	15:38
*** lbragstad has joined #openstack-keystone		15:41
*** jamesmcarthur has joined #openstack-keystone		15:42
kmalloc	I can offer some help post coffee.	15:42
cmurphy	just confirmed it is that patch http://paste.openstack.org/show/776811/	15:43
*** jamesmcarthur has quit IRC		15:45
*** jamesmcarthur has joined #openstack-keystone		15:45
*** gyee has joined #openstack-keystone		15:47
kmalloc	Weird. It also shows we don’t test db_sync check	15:54
kmalloc	I’ll be able to help in a few.	15:55
*** xek has joined #openstack-keystone		15:57
*** dancn has quit IRC		15:59
*** markvoelker has joined #openstack-keystone		16:13
*** markvoelker has quit IRC		16:18
*** markvoelker has joined #openstack-keystone		16:36
*** markvoelker has quit IRC		16:40
*** jmlowe has quit IRC		16:46
kmalloc	cmurphy: ok looking at this now trying to dig into why db_sync --check is doing the same thing it used to do and just saying "yup, everything is fine"	16:52
*** jamesmcarthur has quit IRC		17:03
*** jmlowe has joined #openstack-keystone		17:04
*** xek_ has joined #openstack-keystone		17:16
*** xek has quit IRC		17:18
cmurphy	aha i found it, this is fascinating and silly	17:23
cmurphy	the legacy upgrade versions start at 67 and so get_init_versions() returns 66	17:23
cmurphy	the new migration in expand_repo is 66	17:23
cmurphy	lol	17:23
cmurphy	i think we need to squash the new migrations so they end up less than 66?	17:24
*** jdwidari has joined #openstack-keystone		17:25
cmurphy	kmalloc: ^	17:27
*** jamesmcarthur has joined #openstack-keystone		17:27
kmalloc	sigh	17:42
kmalloc	ok.	17:42
kmalloc	i can squash the old ones.	17:42
kmalloc	i'll take that one to squash all of the old migrations down to a single "create"	17:42
kmalloc	and i'll also work to fix the get_init_versions to not care about the old repo	17:43
kmalloc	it'll still be 67 or 68	17:43
kmalloc	so... order	17:43
kmalloc	1) fix get_init_versions	17:43
kmalloc	because we wont care about the old repos	17:43
kmalloc	and 2) squash so we REALLY don't care	17:43
kmalloc	cmurphy: ^	17:44
cmurphy	kmalloc: okay, so once get_init_versions is fixed then it will be fine that the new version is 66?	17:46
kmalloc	should be	17:47
cmurphy	okay sounds great	17:47
kmalloc	because i basically will make it ignore the base repo for the check	17:47
kmalloc	it'll be a "is the base repo run" but ignore the numbers	17:48
kmalloc	and we'll do the squash (or something else) to make it really a "snapshot" starting point	17:48
kmalloc	so it'll change the underlying code to error similarly if the base repo isn't run	17:49
kmalloc	rather than trying to unify the code	17:49
*** openstackgerrit has joined #openstack-keystone		17:57
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Split protection unit tests into its own job https://review.opendev.org/680788	17:57
*** jmlowe has quit IRC		17:57
kmalloc	hmm	18:01
*** jamesmcarthur has quit IRC		18:08
kmalloc	cmurphy: oh this is an even more basic bug, get_init_Version is never called with any path	18:12
kmalloc	so, we always return the legacy_repo version	18:12
kmalloc	facepalm	18:12
cmurphy	kmalloc: hrm i didn't see a problem with that because somehow it still ends up doing the non-legacy migrations anyway	18:13
kmalloc	got it fixed	18:14
kmalloc	yeah, but the issue is it's always returning verison 67	18:14
kmalloc	so, at version 66...	18:14
cmurphy	yeah	18:14
kmalloc	or whatever, you're saying everything is up to date	18:14
kmalloc	so it's a 2 line fix	18:15
kmalloc	proposing it now	18:15
kmalloc	https://www.irccloud.com/pastebin/fUQLzGpE/	18:18
kmalloc	cmurphy: ^	18:18
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Use correct repo for initial version check https://review.opendev.org/682447	18:19
kmalloc	cmurphy: let me get a release note for that written now	18:19
cmurphy	seems to work	18:20
noonedeadpunk	I want to say that the rootcause is really amazing:)	18:22
noonedeadpunk	and thanks for quickly fixing that	18:23
noonedeadpunk	just wondering how it has passed CI though....	18:24
*** jamesmcarthur has joined #openstack-keystone		18:25
cmurphy	seems we don't have any tests for --check	18:25
*** jamesmcarthur has quit IRC		18:25
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Use correct repo for initial version check https://review.opendev.org/682447	18:26
kmalloc	cmurphy: ^ with release note	18:26
kmalloc	we do need an additional test or three for check	18:26
kmalloc	but that at least can get pushed through quickly to fix the core issue, tests can be added in addendum / followup	18:26
kmalloc	i... am not sure the best way off the top of my head to test --checlk	18:26
cmurphy	i'm fine with that	18:27
cmurphy	noonedeadpunk: are you able to point your CI at the bugfix patch to check that it works for you?	18:27
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Use correct repo for initial version check https://review.opendev.org/682447	18:28
kmalloc	now with less broken yaml.	18:28
kmalloc	cmurphy: and we should absolutely still squash the legacy repo to a snapshot starting place (honestly I'd like to rework it to not be a migrate repo anymore)	18:28
kmalloc	but i don't know if i have the mental bandwidth for that, squashes are always semi-nightmarish to dfo	18:29
kmalloc	do*	18:29
cmurphy	yeah it looks unfun	18:29
kmalloc	i did the previous ones, it basically means creating the schema and then dumping it, re-writing the base starting point and doing the sync multiple times on multiple db engines to make sure it is correct	18:30
kmalloc	i think it took me 10hrs to do the last squash	18:30
*** markvoelker has joined #openstack-keystone		18:37
kmalloc	noonedeadpunk: happy to help	18:37
*** markvoelker has quit IRC		18:42
*** xek has joined #openstack-keystone		18:42
*** xek_ has quit IRC		18:45
jrosser	likewise thanks for the quick turnaround there	18:45
cmurphy	jrosser: are you able to point your CI at the bugfix patch to check that it works for you?	18:46
jrosser	hmm	18:47
cmurphy	ah i guess you said it was found by the rdo packages	18:47
cmurphy	so maybe not so easy	18:47
jrosser	well the original place this failed was the one which consumes RDO packages so thats going to be brok until that merges	18:47
jrosser	but i wonder if we can convince our source install to point to a before & after	18:48
*** openstackgerrit has quit IRC		18:52
kmalloc	and, tbh, we probably would have not found this until this patch was in gate anyway	18:54
kmalloc	the immutable one	18:54
kmalloc	it was really just an oversight	18:54
kmalloc	all the code was setup to handle the case we have now anyway	18:54
jrosser	well i made some test patches	19:00
jrosser	this should fail as it uses tip of current keystone master https://review.opendev.org/682459	19:00
jrosser	and this should pass as it's using patch #682447 https://review.opendev.org/682460	19:01
jrosser	but i never did it like this pulling the commit from review.o.o, we can't do a depends-on here as the keystone source isn't part of an OSA job	19:02
cmurphy	looks like it might work	19:03
*** jdwidari has quit IRC		19:03
*** jamesmcarthur has joined #openstack-keystone		19:33
jrosser	cmurphy: looking reasonable - i see the first source install job on #682459 just failed like the RDO one, and the same job on #682460 is past keystone and now installing cinder	19:34
cmurphy	jrosser: awesome	19:37
lbragstad	https://review.opendev.org/#/c/621023/ totally slipped under my radar	20:00
cmurphy	oops	20:02
lbragstad	looks to be the only one left with system-scope https://bugs.launchpad.net/keystone/+bugs?field.tag=system-scope	20:02
lbragstad	https://bugs.launchpad.net/keystone/+bugs?field.tag=default-roles should be empty now, too?	20:03
lbragstad	cmurphy looks like you left a comment on https://bugs.launchpad.net/keystone/+bug/1818732	20:03
openstack	Launchpad bug 1818732 in OpenStack Identity (keystone) "EC2 credential API doesn't use default roles" [Low,Fix released] - Assigned to Vishakha Agarwal (vishakha.agarwal)	20:03
cmurphy	yeah meant to close it	20:03
lbragstad	\o/	20:03
cmurphy	lbragstad: do you have cycles to work on https://review.opendev.org/#/c/621023/ ? i'd be happy to get it in before rc1	20:04
lbragstad	possibly - i'll have to pick it up at night	20:05
lbragstad	it must only be limits?	20:06
* lbragstad checks if registered limits also need to be done		20:06
cmurphy	i think registered limits would only be for system users right?	20:06
lbragstad	all users can list/get registered limits	20:07
lbragstad	e.g., if a project doesn't have an override, they're allowed to get the registered limit informaiton	20:07
cmurphy	ah well looks like we already have that covered	20:08
lbragstad	e29ff512bb2a5dde3f9eec2b2a2ec596384ec1a2	20:08
cmurphy	scope_types=['system', 'domain', 'project'] for get/list	20:08
lbragstad	https://review.opendev.org/#/c/621017/	20:08
lbragstad	^ that should take care of the registered limit bit, i think?	20:09
cmurphy	ya i think we're good there	20:10
lbragstad	awesome - so it's just limits	20:10
*** jamesmcarthur has quit IRC		20:15
*** jamesmcarthur has joined #openstack-keystone		20:16
lbragstad	cmurphy trying to catch up on the context in https://review.opendev.org/#/c/621023/	20:19
lbragstad	i broke it into multiple policy strings as a way of making each shorter? instead of having one huge, long check string that covered each scope case...	20:19
lbragstad	looking at https://review.opendev.org/#/c/621023/12/keystone/api/limits.py@93	20:20
*** jamesmcarthur has quit IRC		20:21
*** guilhermesp has joined #openstack-keystone		20:21
*** cjloader has joined #openstack-keystone		20:23
*** openstackgerrit has joined #openstack-keystone		20:37
openstackgerrit	Lance Bragstad proposed openstack/keystone master: WIP: Remove unused and unnecessary policies https://review.opendev.org/682266	20:37
*** markvoelker has joined #openstack-keystone		20:38
*** pcaruana has quit IRC		20:38
lbragstad	looks like https://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/project.py#L149-L157 still needs to be done, too	20:39
cmurphy	bah	20:41
lbragstad	using https://review.opendev.org/#/c/682266/2/etc/policy.v3cloudsample.json to flush these out	20:42
lbragstad	should investigate identity:list_role_assignments_for_tree, too	20:42
*** markvoelker has quit IRC		20:43
*** jamesmcarthur has joined #openstack-keystone		20:45
*** trident has quit IRC		20:47
*** markvoelker has joined #openstack-keystone		20:49
*** xek has quit IRC		20:52
*** raildo has quit IRC		20:57
*** trident has joined #openstack-keystone		20:59
*** markvoelker has quit IRC		21:00
lbragstad	cmurphy want me to open a bug for the project tags stuff?	21:00
cmurphy	lbragstad: yeah probably best	21:01
cmurphy	lest we trick ourselves into thinking the work is done	21:01
lbragstad	done https://bugs.launchpad.net/keystone/+bug/1844194 https://bugs.launchpad.net/keystone/+bug/1844193	21:11
openstack	Launchpad bug 1844194 in OpenStack Identity (keystone) "Project tags don't use default roles" [Undecided,New]	21:11
openstack	Launchpad bug 1844193 in OpenStack Identity (keystone) "Project tags should account for different scopes." [Undecided,New]	21:11
* lbragstad sigh		21:12
lbragstad	i suppose we could refactor https://opendev.org/openstack/keystone/src/commit/18e0080af3dcc0a96ff5d98aeb5f517080a35fb2/keystone/common/policies/project_endpoint.py#L19-L67 to not use the base.RULE_ADMIN_REQUIRED bit anymore	21:12
lbragstad	those _could_ be simpler and just use (role:admin and system_scope:all)	21:12
openstackgerrit	Colleen Murphy proposed openstack/keystone master: DRY up credential policies https://review.opendev.org/682488	21:14
lbragstad	i guess during the migration to system-scope a user with 'admin' will be able to access the project-endpoint API until enforce_scope=True	21:14
cmurphy	that's kinda the way it is now though right?	21:16
lbragstad	correct	21:16
lbragstad	i guess my question is do we expect to have that case covered before someone plans on migrating (keystone at least)?	21:16
lbragstad	bah - well maybe it doesn't matter... for something like project-endpoints	21:17
lbragstad	if someone wants to migrate they can use (role:admin and system_scope:all) today and it will work with that API fine	21:17
lbragstad	because we don't do any filtering in the api based on project or domain scoped tokens	21:17
cmurphy	not sure what you mean by having that case covered	21:18
lbragstad	sorry - i was wondering if we needed to merge a patch that changed the defaults for project-endpoint policies to use base.SYSTEM_ADMIN instead or base.RULE_ADMIN_REQUIRED	21:18
lbragstad	s/or/of/	21:19
cmurphy	okay yeah i'm wondering about that too	21:19
lbragstad	thoughts?	21:19
cmurphy	thinking out loud - so rule:admin_required just means role:admin, base.SYSTEM_ADMIN means role:admin and system_scope:all but while the policies are deprecated that's effectively the same thing, and also once enforce_scope=true and the deprecated policies are removed it's also the same thing	21:21
cmurphy	so i think the only argument for changing it would be just to make sure all of the policies go through a common deprecation and removal process	21:21
cmurphy	but also - list_projects_for_endpoint should be changed to role:reader	21:22
cmurphy	so if we're going to do that we might as well fix all of them	21:22
lbragstad	once the deprecated policies are removed, i don't think role:admin == role:admin and system_scope:all ?	21:22
cmurphy	it will when enforce_scope=true	21:22
lbragstad	when enforce_scope=True and those deprecated policies are removed, project and domain administrators won't be able to call the project-endpoints API	21:23
jrosser	cmurphy: we're not quite fixed with #682447, see https://a3e174dd787d1569c081-614f3af0609b64225912d2a4919c81df.ssl.cf5.rackcdn.com/682460/1/check/openstack-ansible-deploy-aio_lxc-ubuntu-bionic/feb5da0/logs/ara-report/result/0117a50d-68fc-4f52-90f5-4563f258a97d/	21:24
cmurphy	jrosser: you need to update your version of tempest https://review.opendev.org/678379	21:25
jrosser	oooh, right, let me add that in too	21:26
jrosser	we only move all our git pins forward every two weeks or so, and i guess theres lots of flux at the moment	21:26
openstackgerrit	Lance Bragstad proposed openstack/keystone master: WIP: Remove unused and unnecessary policies https://review.opendev.org/682266	21:29
*** markvoelker has joined #openstack-keystone		21:35
*** Ben78 has joined #openstack-keystone		21:43
*** markvoelker has quit IRC		21:45
*** rcernin has joined #openstack-keystone		21:47
* gagehugo sees project tags		21:51
cmurphy	gagehugo: care to take https://bugs.launchpad.net/bugs/1844194 and https://bugs.launchpad.net/bugs/1844193 ?	21:53
openstack	Launchpad bug 1844194 in OpenStack Identity (keystone) "Project tags don't use default roles" [High,Triaged]	21:53
openstack	Launchpad bug 1844193 in OpenStack Identity (keystone) "Project tags should account for different scopes." [High,Triaged]	21:53
lbragstad	gagehugo cmurphy i have a patch almost done	21:55
gagehugo	lbragstad: I will review it then	21:56
cmurphy	lbragstad: overachiever	21:56
gagehugo	lol	21:56
lbragstad	here i didn't know if gagehugo was going to be around - sure enough as i'm about to wrap up the commit he comes strollin' through the door	21:57
lbragstad	;)	21:57
lbragstad	actually - i just missed the part about project users being able to list tags within their project	22:01
lbragstad	i suppose that's going to apply to domain users, too	22:01
gagehugo	yeah	22:04
*** spatel has joined #openstack-keystone		22:08
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add default roles and scope checking to project tags https://review.opendev.org/682503	22:12
lbragstad	gagehugo cmurphy ^ that's a start	22:12
*** spatel has quit IRC		22:12
lbragstad	just need to rewrite https://review.opendev.org/#/c/682503/1/keystone/tests/unit/protection/v3/test_projects_tags.py,unified@117 and https://review.opendev.org/#/c/682503/1/keystone/tests/unit/protection/v3/test_projects_tags.py,unified@133	22:13
lbragstad	to make sure project and domain users can actually get project tags for projects they have authorization on	22:13
lbragstad	or a domain user being able to get project tags for projects within their domain	22:13
lbragstad	other than that, the rest of the tests should be good	22:14
lbragstad	it'll need the boilerplate release note and a little more clean up	22:14
*** markvoelker has joined #openstack-keystone		22:26
*** tkajinam has joined #openstack-keystone		22:54
*** hoonetorg has quit IRC		23:11
*** hoonetorg has joined #openstack-keystone		23:25
*** jamesmcarthur has quit IRC		23:37

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!