19:00:09 #startmeeting keystone-office-hours 19:00:10 Meeting started Tue Jan 9 19:00:09 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:11 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:00:13 The meeting name has been set to 'keystone_office_hours' 19:03:20 o/ 19:05:15 i'm available to help with stuff 19:05:19 #link https://goo.gl/CsnU1M 19:05:23 and probably picking up ^ 19:05:28 something from there 19:10:09 https://bugs.launchpad.net/keystone/+bug/1728907 19:10:10 Launchpad bug 1728907 in OpenStack Identity (keystone) "Empty Fernet Key Files causing problems with token issue" [Low,Triaged] 19:10:21 would we want to handle empty files specifically for that? 19:10:46 yeah - there's probably some file validation to be done there 19:10:58 i think dolph had a patch up for that somewhere? 19:11:07 i don't remember if he was able to recreate 19:12:24 dolph's was https://review.openstack.org/#/c/443158/ 19:12:58 hmm 19:27:08 we could repropose that patch to master if needed 19:27:16 and update the bug report accordingly 19:46:01 https://review.openstack.org/#/c/530828/ and https://review.openstack.org/#/c/531915/ both close bugs 19:46:08 looking into the failures on https://review.openstack.org/#/c/531915/ 20:16:08 cmurphy: when you tested https://review.openstack.org/#/c/529914/11/keystone/identity/core.py,unified locally 20:16:23 cmurphy: did you make any changes to list_users()? 20:16:34 in the identity backend? 20:17:39 lbragstad: i think i have that one figured out, going to post a suggestion soon 20:17:46 you have to test it in all kinds of ways 20:18:14 if you have domain-specific configs enabled it's a totally different behavior from when you have a sql-only backend or an ldap-only backend 20:19:19 i think the way forward is not to change list_users in either backend and to only change list_users in the manager and to fix the shadow backend 20:21:47 mmm 20:21:50 that's fun lol 20:22:10 because there are permutations based on the different combinations of filters, too 20:22:48 (filtering on idp_id and name, like you said) 20:26:14 but - without seeing the code, that actually sounds like its on the right track 20:33:33 lbragstad sorry got pulled into meetings, I can take a look 20:34:38 gagehugo: no worries 21:14:32 Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager https://review.openstack.org/524747 21:14:32 Colleen Murphy proposed openstack/keystone master: Extract expiration validation to utils https://review.openstack.org/532257 21:14:33 Colleen Murphy proposed openstack/keystone master: WIP Add Application Credentials controller https://review.openstack.org/524423 21:21:25 Lance Bragstad proposed openstack/keystone master: Validate identity providers during token validation https://review.openstack.org/531915 21:21:32 ok - ^ should pass and it fixes a bug 21:21:54 cmurphy: you might be able to reuse the notification i added there 21:23:08 looking 21:55:28 Eric Fried proposed openstack/keystoneauth master: Fix masked variable name https://review.openstack.org/484340 22:00:03 #endmeeting