Thursday, 2016-12-15

« Wednesday, 2016-12-14 Index Friday, 2016-12-16 »
*** ducttape_ has quit IRC00:02
*** jamespage has quit IRC00:06
*** jamespage has joined #openstack-meeting-cp00:13
*** jamespage has quit IRC00:17
*** lamt has quit IRC00:35
*** gouthamr has quit IRC00:45
*** jamespage has joined #openstack-meeting-cp00:45
*** ducttape_ has joined #openstack-meeting-cp01:27
*** ducttape_ has quit IRC01:28
*** harlowja has quit IRC03:03
*** ducttape_ has joined #openstack-meeting-cp03:22
*** ducttape_ has quit IRC03:45
*** ducttape_ has joined #openstack-meeting-cp03:47
*** markvoelker has quit IRC03:49
*** ducttape_ has quit IRC03:50
*** ducttape_ has joined #openstack-meeting-cp03:50
*** markvoelker has joined #openstack-meeting-cp04:51
*** markvoelker has quit IRC04:55
*** noama has quit IRC05:28
*** noama has joined #openstack-meeting-cp05:28
*** dhellmann has quit IRC05:39
*** dhellmann has joined #openstack-meeting-cp05:39
*** coolsvap has joined #openstack-meeting-cp06:10
*** markvoelker has joined #openstack-meeting-cp06:51
*** markvoelker has quit IRC06:56
*** beisner has quit IRC07:12
*** jamespage has quit IRC07:32
*** jamespag` has joined #openstack-meeting-cp07:32
*** beisner has joined #openstack-meeting-cp07:44
*** jamespag` is now known as jamespage07:53
*** markvoelker has joined #openstack-meeting-cp08:52
*** ducttape_ has quit IRC08:53
*** markvoelker has quit IRC08:58
*** skazi has quit IRC10:32
*** markvoelker has joined #openstack-meeting-cp10:54
*** markvoelker has quit IRC10:59
*** ducttape_ has joined #openstack-meeting-cp11:02
*** sdague has joined #openstack-meeting-cp11:11
*** david-lyle has quit IRC12:05
*** david-lyle has joined #openstack-meeting-cp12:05
*** rarcea has joined #openstack-meeting-cp12:05
*** scottda has quit IRC12:11
*** markvoelker has joined #openstack-meeting-cp12:55
*** markvoelker has quit IRC13:00
*** gouthamr has joined #openstack-meeting-cp13:45
*** scottda has joined #openstack-meeting-cp13:59
*** bastafidli has joined #openstack-meeting-cp14:04
*** lamt has joined #openstack-meeting-cp14:09
*** gouthamr has quit IRC14:20
*** gouthamr has joined #openstack-meeting-cp14:28
*** edtubill has joined #openstack-meeting-cp14:44
*** edtubill has quit IRC14:44
*** markvoelker has joined #openstack-meeting-cp14:45
*** edtubill has joined #openstack-meeting-cp14:45
*** bastafidli has quit IRC14:55
*** jaugustine_ has joined #openstack-meeting-cp15:24
*** jaugustine_ is now known as jaugustine15:25
*** itisha has joined #openstack-meeting-cp16:31
*** bastafidli has joined #openstack-meeting-cp16:50
*** ducttape_ has quit IRC17:10
*** ducttape_ has joined #openstack-meeting-cp17:10
*** ducttape_ has quit IRC17:15
*** rarcea has quit IRC17:31
*** ducttape_ has joined #openstack-meeting-cp17:34
*** harlowja has joined #openstack-meeting-cp18:31
*** itisha has quit IRC18:52
*** harlowja has quit IRC18:52
*** bastafidli has quit IRC19:03
*** itisha has joined #openstack-meeting-cp19:28
*** r1chardj0n3s has joined #openstack-meeting-cp19:59
stevemaro/20:00
stevemarping ayoung, crinkle, david-lyle, dolphm, dstanek, edtubill, kenji-i, knikolla, lbragstad, r1chardj0n3s, rderose, robcresswell, stevemar20:00
edtubillo/20:01
r1chardj0n3so/20:01
lbragstado/20:01
stevemarhowdy folks20:01
david-lyleo/20:01
stevemardo we have a specific meeting tag for this meeting?20:01
stevemarkeystone-horizon?20:01
crinkleo/20:01
knikollao/20:01
stevemarhorizon-keystone apparently20:01
stevemar#startmeeting horizon-keystone20:02
openstackMeeting started Thu Dec 15 20:02:02 2016 UTC and is due to finish in 60 minutes.  The chair is stevemar. Information about MeetBot at http://wiki.debian.org/MeetBot.20:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.20:02
*** openstack changes topic to " (Meeting topic: horizon-keystone)"20:02
openstackThe meeting name has been set to 'horizon_keystone'20:02
r1chardj0n3sstevemar: I cutnpaste the line from eavesdrop to keep it consistent ;-)20:02
stevemarr1chardj0n3s: that's what i did!20:02
r1chardj0n3s\o/20:02
stevemar#agenda https://etherpad.openstack.org/p/ocata-keystone-horizon20:02
stevemarnot really an agenda20:02
stevemar#link https://etherpad.openstack.org/p/ocata-keystone-horizon20:02
stevemarr1chardj0n3s: mind if i skip your thing til the end?20:03
stevemar(silence means yes in my book!)20:03
stevemarcrinkle: you're around, lets talk about your stuff first20:04
stevemarcrinkle: i think you had the TODO to re-work https://review.openstack.org/#/c/389337/20:04
r1chardj0n3sstevemar: yes, please do that thing20:04
rderoseo/20:04
stevemarcrinkle: are there any things we should look out for when reviewing it?20:04
stevemarcrinkle: looks like a lot of cut-n-paste of the project support20:05
crinklestevemar: well one thing is that it looks a little messy because i was trying to avoid duplicating code, so looking for feedback on how best to do that20:05
stevemar(not saying thats a bad thing)20:05
stevemarcrinkle: is there any UI work needed in the horizon side? i think a drop down no?20:06
crinklestevemar: yes, i meant to work on that too but didn't get to it yet20:07
stevemarcrinkle: s'all good20:07
stevemarno rel note, but it looks like doa doesn't do that20:07
stevemar*throws shade at david-lyle*20:07
david-lylewe put it all in horizon20:07
stevemardocumentation is kinda minimal too: http://docs.openstack.org/developer/django_openstack_auth/20:08
david-lylethe feature add in horizon is the only way it will be visible anyway20:08
stevemarcrinkle: looks good to me at a first glance20:08
stevemardavid-lyle: ah cool20:08
* stevemar tosses a +1 to crinkle20:08
david-lyleheck stevemar most people don't even know that library exists20:09
david-lyleI will walk through the updated patch20:09
crinklethanks guys20:09
david-lylethe domain listing seems reasonable20:09
david-lylebackend.py I want to dig into more20:09
stevemaryeah, utils change looks good20:10
stevemaruser.py looks like its just calling utils20:10
stevemari'll let david-lyle assess the backend.py bits20:10
david-lyleyup, it changing the logic around domain scoping changes that I want to be sure about20:10
stevemarcrinkle: you tried this out i assume?20:11
stevemaryou typically do20:11
crinklestevemar: yes20:11
david-lyleonly federated or both?20:11
stevemarcrinkle: cool, did you have to modify horizon?20:11
crinkledavid-lyle: both20:11
crinklestevemar: yes it requires horizon changes20:11
david-lylecrinkle: great, just checking, thanks20:12
stevemarcrinkle: cool20:12
stevemarsounds like that is moving along nicely, thanks colleen20:12
* stevemar forgot to use topic, noob20:12
crinklenp thanks for reviewing20:12
*** gagehugo has joined #openstack-meeting-cp20:13
stevemar#topic k2k20:13
*** openstack changes topic to "k2k (Meeting topic: horizon-keystone)"20:13
stevemaredtubill: yo20:13
edtubillhey20:13
edtubillso I have these two patches:  https://review.openstack.org/#/c/408435/1 (horizon) https://review.openstack.org/#/c/408450/1 (django_openstack_auth)20:13
edtubillThey need tests...20:13
stevemari think you have" https://review.openstack.org/#/q/topic:bp/k2k-horizon20:13
edtubillbut it would be cool if david-lyle or stevemar would be able to see if the approach take (at a high level) is okay to do.20:13
edtubillThose two patches are for that bp.20:14
stevemaredtubill: do you need guidance working on how to create more tests? i remember having trouble with that for doa and lhcheng helped me out20:14
edtubillSure20:15
stevemardavid-lyle: do you have time to help edtubill out with the tests?20:15
david-lyleI should20:15
stevemaredtubill: meet your new best friend20:15
david-lyleI'll review the patches this afternoon20:15
edtubillcool :)20:16
david-lyleand we can look at adding tests20:16
stevemarshould we go over the patches here like we did with crinkle's?20:16
edtubillplease let me know if the approach should be taken a different way.20:16
edtubillI put some comments in the commit message20:16
stevemarwe can start with the horizon one, https://review.openstack.org/#/c/408435/1 is much smaller :P20:16
david-lyleI also worry about crinkle and your d-o-a patches stomping on each other20:17
edtubillI'm willing to rebase..20:17
crinkleme too20:17
david-lylebackend.py is heavily redone in both20:17
david-lylebut we can cross that20:17
david-lylethe horizon patch seems reasonable20:19
stevemarah i see the "support / current / available" section is like regions: https://review.openstack.org/#/c/408435/1/openstack_dashboard/context_processors.py20:19
david-lyleyes20:20
edtubillI took inspiration from that yes :p20:20
stevemaredtubill: use "depends-on"20:20
david-lylemy only concern is that context_processors is executed on every request, don't want to prematurely optimize, but minimizing logic in there is desirable20:21
stevemardavid-lyle: edtubill can you check a config option before executing that code?20:21
edtubillI can add a flag or is there another place that I could potentially put that logic that doesn't run everytime?20:22
david-lyleI don't know that we have a k2k setting to check, and dynamically is better20:23
david-lylelet me look at it more closely20:23
stevemarany way to check the token in context_processors?20:23
edtubillI could also just look at the available_providers from the session variable and just skip the rest if its an empty list.20:23
stevemarsee if service_providers is empty or not20:23
david-lyleyour reading a value from the session and then short-circuiting most of the logic if there aren't multiple keystones20:23
david-lyletoken is on the session20:24
stevemardavid-lyle: rgr20:24
stevemardavid-lyle: maybe just "if not available_providers: break"20:24
*** stvnoyes has quit IRC20:24
stevemaror actually "if available_providers" then go into your logic20:24
stevemarskip it otherwise20:24
david-lylebut the provider list is already taken from the session in doa and put separately as a convenience20:24
*** stvnoyes has joined #openstack-meeting-cp20:25
david-lylestevemar: yeah something like that20:25
stevemaredtubill: commented20:26
stevemardavid-lyle: are you expecting tests for that patch?20:26
edtubillcool thx20:26
stevemardavid-lyle: and a release note?20:26
david-lylerelease note yes, testing that is difficult20:27
stevemaredtubill: know how to create a release note, yes?20:28
stevemardavid-lyle: understood20:28
edtubillnot really..20:28
edtubillis there some doc I can read?20:28
stevemaredtubill: http://docs.openstack.org/developer/keystone/developing.html#release-notes20:28
stevemaredtubill: just run... $ tox -e venv -- reno new bp-k2k-horizon20:29
david-lylewe have one similar since lhcheng added it to both20:29
edtubillok20:29
stevemaryou'll see a new file show up in horizon/releasenotes/notes, edit that file20:29
*** lamt has quit IRC20:29
stevemartry to think of it from a consumer perspective20:29
stevemarif you were to use it, what would you want to know, etc20:30
stevemarnow... https://review.openstack.org/#/c/408450/220:30
stevemar+386, yowza!20:30
r1chardj0n3sneeds more code deletion20:30
stevemaredtubill: are you trying to squeeze in a refactor?20:31
edtubillyeah.. I didn't want to rewrite scoping code...20:31
stevemaredtubill: thats totally fair20:31
stevemaredtubill: can i ask that you break the patch up?20:31
edtubillI can undo it if it makes it easier to review and do refactoring later.20:31
edtubillsure.20:31
stevemarone patch to do the split, some stuff from backend.py into base.py (that can land first)20:32
stevemaras long as it's a pure refactor it should be easy to approve and need no tests20:32
stevemarthen it'll just be the k2k code to review20:32
edtubillSure, are you guys okay with the approach of making a new Auth plugin even though it doesn't really get used at Log in time? (although it might in the future)20:33
edtubillThe other plugins get used only at log in time.20:33
stevemari don't think there are any negative impacts there20:34
r1chardj0n3syep20:34
david-lyleI don't have a reason against right now20:35
stevemaredtubill: need a hand with breaking things up?20:35
edtubillI think I remember how to break things up.20:35
stevemaredtubill: ping me if you need a hand20:36
edtubillokay will do.20:36
stevemaralright, next topic20:36
*** kbyrne has quit IRC20:36
stevemar#topic v3 policy is terribad20:36
*** openstack changes topic to "v3 policy is terribad (Meeting topic: horizon-keystone)"20:36
edtubillAlso a quick note, last time I used federation I get errors at viewing instances... am I the only one seeing this error?20:36
stevemaro_O20:37
edtubillI'll wait to ask this question later :p20:37
stevemarprobably gonna need more data than that :)20:37
stevemarthis topic relates to line 47 on https://etherpad.openstack.org/p/ocata-keystone-horizon20:37
stevemari have a feeling this will involve keystone fixing something20:37
stevemardoes anyone have any background on https://bugs.launchpad.net/oslo.policy/+bug/1547684 ?20:38
openstackLaunchpad bug 1547684 in oslo.policy "Attribute error on Token object when using domain scoped token" [Undecided,New]20:38
stevemarayoung had a comment: that had https://review.openstack.org/#/c/165908/ merged, everything would be good20:38
r1chardj0n3sno further background from me beyond that error, I'm afraid20:39
stevemarlooks like policy is just terrible: https://launchpadlibrarian.net/242578504/policy_token.py20:39
stevemari can look into this, if no one else has any insight20:40
stevemarremoving token.is_admin_project:True seems to solve the issue20:41
stevemarlooking at: https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json20:41
stevemari love how you publish something that is unusable20:42
stevemarwe*20:42
r1chardj0n3s:-)20:42
stevemari think "token.is_admin_project:True" is just wrong20:42
stevemarshould it be "target.token.is_admin_project:True" ?20:43
stevemarlet me go talk to some people20:43
stevemarnext topic20:43
stevemar#topic Visualisation of policy / role20:43
*** openstack changes topic to "Visualisation of policy / role (Meeting topic: horizon-keystone)"20:43
stevemarr1chardj0n3s: ^20:43
r1chardj0n3sohai20:43
stevemarr1chardj0n3s: did you rub the sleep out of your eyes yet?20:43
r1chardj0n3sso this came up earlier this week that some way of visualising policy and RBAC controls would be super helpful, especially in the face of ... rather opaque at times policy files :-)20:44
r1chardj0n3sI was wondering whether there'd been any prior art on this?20:44
stevemarr1chardj0n3s: kinda like how network topologies are visualized?20:45
david-lylevisualize what aspect?20:45
r1chardj0n3sI guess so, kinda. Being able to say "hey, what exactly can this role do, based on policy?"20:45
stevemarit also stinks that policy is file based20:45
stevemarhmm20:46
stevemarget the roles from the token, and try enforcing all entries in all policies?20:47
david-lyleyeah but targets come into play too20:47
r1chardj0n3spossibly just one role at a time, but yeah, some sensible way of dealing with targes too20:47
stevemarr1chardj0n3s: you'd get back something like "identity:create_region" passes and another thing doesn't20:47
r1chardj0n3syeah20:48
stevemaryeah, its not easy, but it sounds do-able20:48
david-lylewithout attaching to resources I'm not sure how useful it will be20:48
stevemarwas there some desire to see this from an operator?20:48
david-lyleor is this a tool for operators who are defining policy?20:48
r1chardj0n3syeah, this is something coming from operators20:49
david-lylewhat was the specific ask?20:49
r1chardj0n3sI don't have any more on the specifics, sorry20:49
stevemarr1chardj0n3s: unfortunately, editing the policy won't be easy :)20:49
r1chardj0n3sI was mostly wondering whether anyone had done any sort of visualisation like this before20:49
david-lyleif only policy was centralized ...20:49
* stevemar throws a fish at david-lyle20:50
* david-lyle claps like a seal20:50
stevemarlol20:50
stevemarr1chardj0n3s: okay, get back a bit more data i guess?20:50
stevemarsounds a bit hand-wavey right now20:50
david-lyletough to know of prior art without undestanding the type of visualization20:51
r1chardj0n3syep, given the answer to my question seems to be "no... we think" then I'll go back for more detail on what's actually desired20:51
stevemarcool20:51
stevemarsounds like we're all wrapped up for this week20:51
stevemar#topic open discussion20:51
*** openstack changes topic to "open discussion (Meeting topic: horizon-keystone)"20:51
stevemarcancel next week obvs20:51
r1chardj0n3syep, and week after, probably20:52
stevemari mean, i like you people, but not that much20:52
stevemarr1chardj0n3s: yes20:52
r1chardj0n3scoolo20:52
stevemarany last qs?20:52
stevemarthanks everyone!20:53
r1chardj0n3snarf20:53
stevemarhave a great weekend, do that last minute shopping20:53
r1chardj0n3sthanks stevemar20:53
david-lylethanks20:53
stevemar#endmeeting20:53
*** openstack changes topic to " (Meeting topic: cinder-nova-api-changes)"20:53
openstackMeeting ended Thu Dec 15 20:53:25 2016 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)20:53
openstackMinutes:        http://eavesdrop.openstack.org/meetings/horizon_keystone/2016/horizon_keystone.2016-12-15-20.02.html20:53
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/horizon_keystone/2016/horizon_keystone.2016-12-15-20.02.txt20:53
openstackLog:            http://eavesdrop.openstack.org/meetings/horizon_keystone/2016/horizon_keystone.2016-12-15-20.02.log.html20:53
*** r1chardj0n3s has left #openstack-meeting-cp20:53
*** bastafidli has joined #openstack-meeting-cp20:59
*** jaugustine has quit IRC21:19
*** jgriffith is now known as jgriffith_AutoAw21:40
*** jgriffith_AutoAw is now known as jgriffith21:52
*** edtubill has quit IRC21:55
*** gouthamr has quit IRC22:16
*** _ducttape_ has joined #openstack-meeting-cp22:20
*** ducttape_ has quit IRC22:23
*** _ducttape_ has quit IRC22:24
*** bastafidli has quit IRC22:28
*** gagehugo has left #openstack-meeting-cp22:29
*** jgriffith is now known as jgriffith_AutoAw22:47
*** jgriffith_AutoAw is now known as jgriffith22:47
*** markvoelker has quit IRC23:13
*** itisha has quit IRC23:22
*** harlowja has joined #openstack-meeting-cp23:58
« Wednesday, 2016-12-14 Index Friday, 2016-12-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!