#openstack-keystone log

19:00:09 <lbragstad> #startmeeting keystone-office-hours
19:00:10 <openstack> Meeting started Tue Jan  9 19:00:09 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:11 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:00:13 <openstack> The meeting name has been set to 'keystone_office_hours'
19:03:20 <gagehugo> o/
19:05:15 <lbragstad> i'm available to help with stuff
19:05:19 <lbragstad> #link https://goo.gl/CsnU1M
19:05:23 <lbragstad> and probably picking up ^
19:05:28 <lbragstad> something from there
19:10:09 <gagehugo> https://bugs.launchpad.net/keystone/+bug/1728907
19:10:10 <openstack> Launchpad bug 1728907 in OpenStack Identity (keystone) "Empty Fernet Key Files causing problems with token issue" [Low,Triaged]
19:10:21 <gagehugo> would we want to handle empty files specifically for that?
19:10:46 <lbragstad> yeah - there's probably some file validation to be done there
19:10:58 <lbragstad> i think dolph had a patch up for that somewhere?
19:11:07 <lbragstad> i don't remember if he was able to recreate
19:12:24 <cmurphy> dolph's was https://review.openstack.org/#/c/443158/
19:12:58 <gagehugo> hmm
19:27:08 <lbragstad> we could repropose that patch to master if needed
19:27:16 <lbragstad> and update the bug report accordingly
19:46:01 <lbragstad> https://review.openstack.org/#/c/530828/ and https://review.openstack.org/#/c/531915/ both close bugs
19:46:08 <lbragstad> looking into the failures on https://review.openstack.org/#/c/531915/
20:16:08 <lbragstad> cmurphy: when you tested https://review.openstack.org/#/c/529914/11/keystone/identity/core.py,unified locally
20:16:23 <lbragstad> cmurphy: did you make any changes to list_users()?
20:16:34 <lbragstad> in the identity backend?
20:17:39 <cmurphy> lbragstad: i think i have that one figured out, going to post a suggestion soon
20:17:46 <cmurphy> you have to test it in all kinds of ways
20:18:14 <cmurphy> if you have domain-specific configs enabled it's a totally different behavior from when you have a sql-only backend or an ldap-only backend
20:19:19 <cmurphy> i think the way forward is not to change list_users in either backend and to only change list_users in the manager and to fix the shadow backend
20:21:47 <lbragstad> mmm
20:21:50 <lbragstad> that's fun lol
20:22:10 <lbragstad> because there are permutations based on the different combinations of filters, too
20:22:48 <lbragstad> (filtering on idp_id and name, like you said)
20:26:14 <lbragstad> but - without seeing the code, that actually sounds like its on the right track
20:33:33 <gagehugo> lbragstad sorry got pulled into meetings, I can take a look
20:34:38 <lbragstad> gagehugo: no worries
21:14:32 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager  https://review.openstack.org/524747
21:14:32 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Extract expiration validation to utils  https://review.openstack.org/532257
21:14:33 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller  https://review.openstack.org/524423
21:21:25 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Validate identity providers during token validation  https://review.openstack.org/531915
21:21:32 <lbragstad> ok - ^ should pass and it fixes a bug
21:21:54 <lbragstad> cmurphy: you might be able to reuse the notification i added there
21:23:08 <cmurphy> looking
21:55:28 <openstackgerrit> Eric Fried proposed openstack/keystoneauth master: Fix masked variable name  https://review.openstack.org/484340
22:00:03 <lbragstad> #endmeeting