#openstack-keystone log

19:02:26 <lbragstad> #startmeeting keystone-office-hours
19:02:27 <openstack> Meeting started Tue Jan 16 19:02:26 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:02:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:02:31 <openstack> The meeting name has been set to 'keystone_office_hours'
19:08:56 <cmurphy> kmalloc: can you show me an example of one of our tables that use an int as the PK? checking a few the only one i've found so far is password which isn't exposed publicly
19:09:06 <kmalloc> sure.
19:09:07 <kmalloc> sec.
19:10:42 <kmalloc> most are the new tables
19:10:57 <kmalloc> aka, localuser nonlocaluser, etc, this is all because the rest is historical
19:11:07 <kmalloc> and changing the id/pk structure is hard(tm)
19:12:07 <cmurphy> kmalloc: are you suggesting that the ID that's exposed to the user should be an int rather than a uuid? or you want two columns?
19:12:20 <kmalloc> no, two columns
19:12:27 <cmurphy> okay
19:12:51 <kmalloc> the int PK should just be used internal PK, and referenced for FKs etc as needed
19:13:07 <kmalloc> but converting to the user, the app_cred_id the user sees is "uuid"
19:13:19 <kmalloc> and the int pk is always stripped
19:13:54 <kmalloc> i wont be too picky if you don't want to do this.
19:14:16 <kmalloc> it is just a better mechanism for the RDBMS backends.
19:14:24 <cmurphy> no that all sounds fine, i was going to object if you were wanting the external ID to be an int
19:15:43 <kmalloc> nope, 100% should not expose the PK as an int :)
19:16:08 <kmalloc> should be a separate id that is "user-friendly/unique" for whatever value uuid is user-friendly
19:24:14 <ayoung> jamielennox, or anyone that can answer for him...I was creating a session in some resurrected code using keystoneclient.auth.Session...specificallty, I need the arg parse stuff.  Do we have comparable examples for keystoneauth1?
19:28:37 <ayoung> keystoneauth1.loading.cli.register_argparse_arguments(  something?
19:34:28 <kmalloc> cli arg parsing?
19:35:13 <kmalloc> ayoung: https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L32 and https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L77
19:35:27 <kmalloc> register adds the values to argparse
19:35:55 <kmalloc> so you pass your parser and the ARGV in
19:36:28 <kmalloc> and then the load_from_argparse does the plugin magic based upon the compiled argparse results
19:40:00 <ayoung> kmalloc, right...what do I need to do to call that?
19:40:03 <ayoung> before I had
19:40:37 <ayoung> https://github.com/admiyo/ossipee/blob/master/ossipee-inventory.py#L9
19:40:43 <ayoung> kmalloc, ^^
19:41:00 <ayoung> seems like there is one more call there than there should be
19:41:15 <kmalloc> hmm.
19:41:27 <ayoung> that was keystone client,. based on jamielennox
19:41:30 <ayoung> 's example
19:41:41 <ayoung> so I would think I would be mapping one to one with ksa
19:42:14 <ayoung> AttributeError: module 'keystoneauth1.loading.adapter' has no attribute 'load_from_argparse_arguments'
19:42:24 <ayoung> So it is something different
19:43:28 <ayoung> and the warning I got on the old code was
19:43:43 <ayoung> UserWarning: Using keystoneclient sessions has been deprecated. Please update your software to use keystoneauth1.
19:43:51 <ayoung> so something to make a ksa session, I think
19:47:46 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credentials db migration  https://review.openstack.org/524927
19:48:12 <ayoung> argparse.ArgumentError: argument --os-auth-type/--os-auth-plugin: conflicting option strings: --os-auth-type, --os-auth-plugin
19:48:15 <ayoung> hmmm
19:52:44 <kmalloc> that sounds like you've registered multiple times
19:54:40 <ayoung> kmalloc, got successful code for doing this?
19:55:38 <kmalloc> not on hand
19:58:51 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credentials driver  https://review.openstack.org/524928
20:01:36 <ayoung> maybe we need to say jamielennox 's names 3 times to summon him
20:09:25 <openstackgerrit> Merged openstack/keystone master: Implement controller logic for system user assignments  https://review.openstack.org/515215
20:14:08 <gagehugo> o/
20:39:51 <openstackgerrit> Lance Bragstad proposed openstack/keystoneauth master: Implement system scope  https://review.openstack.org/529665
20:41:02 <lbragstad> cmurphy: jamielennox ^ my ksa system scope patch
20:41:13 <lbragstad> i reworked it to expect a string instead of a boolnea
20:41:16 <lbragstad> boolean*
20:43:44 <ayoung> kmalloc, I wonder if I should just jump to using osc-lib
20:44:45 <ayoung> looks like it goes too far in the init process, won't let me controll the parts I need before parsing, etc, but I can probably duplicate what iti is doing
20:57:36 <ayoung> dtroyer, I was trying to update some code that origianlly followed jamielennox 's approach to creating a sessions, but it has bit rotted. As I track what is going on now, I wonder if I should be using osc-lib
20:58:07 <ayoung> the code is mostly neutron and nova calls for setting up and tearing down a development environ, and I might decided to redo it using shade.
20:58:15 <gagehugo> lbragstad not sure where exactly, but that is probably something good to document
20:58:33 <lbragstad> gagehugo: yeah
20:58:38 <lbragstad> dev docs maybe?
20:58:40 <gagehugo> I feel like that may have gotten brought up for tags as well before we nix'd the id
20:58:54 <gagehugo> sure
20:59:03 <lbragstad> oh - that's right, because tag name and project were unique..
20:59:07 <ayoung> kmalloc, if I use shade, is there a way I can keep the passwords out of config files?
20:59:11 <lbragstad> so no id required
21:00:14 <gagehugo> ye
21:04:51 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credentials driver  https://review.openstack.org/524928
21:08:20 <mordred> ayoung: the os_client_config.Config constructor supports a pw_func parameter which is a function to call in the case of a missing password
21:10:15 <mordred> ayoung: which, incidentally, is what osc-lib uses to prompt you for a password
21:10:46 <ayoung> mordred, so the thing I liked about creaing a session from cli args is that it get OS_PASSWORD implicitly.
21:11:05 <mordred> ah - yes. if that's all you want it's even easier
21:11:08 <ayoung> so people source the same .rc file as they do for cli calls, but then called my code instead
21:11:33 <ayoung> I'm really trying to not rewrite my 4 year old code
21:11:44 <openstackgerrit> Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place  https://review.openstack.org/534440
21:11:53 <mordred> yah. please don't resurrect any additional ways of creating keystone sessions - we've got that very well covered now :)
21:12:10 <ayoung> actually, last commit was Mar 17, 2016
21:12:39 <mordred> ayoung: all of the helper factory functions in os_client_config/__init__.py support passing in an argparse instance
21:13:10 <mordred> ayoung: and will register the common argparse options for you, then os_client_config will consume them when creating the config object
21:13:56 <ayoung> mordred, let me cut to the chase.  I need a novaclient and a neutron client from environ vars
21:14:02 <openstackgerrit> Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place  https://review.openstack.org/534440
21:14:24 <mordred> yup. that's SUPER easy
21:14:52 <ayoung> https://docs.openstack.org/os-client-config/latest/user/using.html  something off there?
21:15:02 <mordred> ayoung: do you specifically want an instance of python-novaclient and python-neutronclient? or do you want ksa Adapters to make REST calls on them?
21:15:15 <ayoung> um....
21:15:30 <ayoung> I was working with python-nova and pythonneutron clients
21:15:37 <mordred> gotcha.
21:15:48 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager  https://review.openstack.org/524747
21:15:50 <mordred> so for that, you want https://docs.openstack.org/os-client-config/latest/user/using.html#constructing-legacy-client-objects
21:15:50 <ayoung> from novaclient import client as novaclient
21:15:53 <mordred> yah
21:16:00 <mordred> I  mean- I'd avoid using that myself
21:16:14 <mordred> but if that's what you want, we got you covered :)
21:16:18 <ayoung> mordred, this code is almost old enough to buy cigaretts
21:16:27 <ayoung> just trying to get it working again
21:16:43 <ayoung> if I end up doing too much work, I'll redo it as an ansible playbook
21:16:45 <mordred> the simplest way is nova = os_client_config.make_client('compute', cloud='envvars')
21:16:59 <mordred> that'll get youa novaclient.Client from OS_ env vars
21:17:01 <ayoung> ++
21:17:05 <ayoung> I'll try that, thanks
21:17:18 <mordred> you can get fancier if you need to - like if you also want to support argparse arguments
21:18:16 <mordred> ayoung: nova = os_client_config.make_client('compute', cloud='envvars', options=Some_argparse_namespace_object)
21:18:37 <mordred> ayoung: let me know if you run in to any issues - the use case you describe should be pretty solid
21:20:32 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credentials db migration  https://review.openstack.org/524927
21:20:33 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credentials driver  https://review.openstack.org/524928
21:20:33 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager  https://review.openstack.org/524747
21:20:33 <mordred> os_client_config.make_client('compute', cloud='envvars', options=argparse.ArgumentParser()) will do the trick if you don't have any _other_ argparse items to add
21:20:34 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add Application Credentials controller  https://review.openstack.org/524423
21:20:34 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add application credential auth plugin  https://review.openstack.org/525346
21:20:35 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions  https://review.openstack.org/533431
21:20:35 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Add api-ref for application credentials  https://review.openstack.org/533744
22:00:35 <openstackgerrit> Lance Bragstad proposed openstack/oslo.policy master: Render deprecated policy names when generating files  https://review.openstack.org/532685
22:00:44 <lbragstad> whew - barely beat the buzzer!
22:00:47 <lbragstad> #endmeeting