19:02:26 #startmeeting keystone-office-hours 19:02:27 Meeting started Tue Jan 16 19:02:26 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:02:28 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:02:31 The meeting name has been set to 'keystone_office_hours' 19:08:56 kmalloc: can you show me an example of one of our tables that use an int as the PK? checking a few the only one i've found so far is password which isn't exposed publicly 19:09:06 sure. 19:09:07 sec. 19:10:42 most are the new tables 19:10:57 aka, localuser nonlocaluser, etc, this is all because the rest is historical 19:11:07 and changing the id/pk structure is hard(tm) 19:12:07 kmalloc: are you suggesting that the ID that's exposed to the user should be an int rather than a uuid? or you want two columns? 19:12:20 no, two columns 19:12:27 okay 19:12:51 the int PK should just be used internal PK, and referenced for FKs etc as needed 19:13:07 but converting to the user, the app_cred_id the user sees is "uuid" 19:13:19 and the int pk is always stripped 19:13:54 i wont be too picky if you don't want to do this. 19:14:16 it is just a better mechanism for the RDBMS backends. 19:14:24 no that all sounds fine, i was going to object if you were wanting the external ID to be an int 19:15:43 nope, 100% should not expose the PK as an int :) 19:16:08 should be a separate id that is "user-friendly/unique" for whatever value uuid is user-friendly 19:24:14 jamielennox, or anyone that can answer for him...I was creating a session in some resurrected code using keystoneclient.auth.Session...specificallty, I need the arg parse stuff. Do we have comparable examples for keystoneauth1? 19:28:37 keystoneauth1.loading.cli.register_argparse_arguments( something? 19:34:28 cli arg parsing? 19:35:13 ayoung: https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L32 and https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L77 19:35:27 register adds the values to argparse 19:35:55 so you pass your parser and the ARGV in 19:36:28 and then the load_from_argparse does the plugin magic based upon the compiled argparse results 19:40:00 kmalloc, right...what do I need to do to call that? 19:40:03 before I had 19:40:37 https://github.com/admiyo/ossipee/blob/master/ossipee-inventory.py#L9 19:40:43 kmalloc, ^^ 19:41:00 seems like there is one more call there than there should be 19:41:15 hmm. 19:41:27 that was keystone client,. based on jamielennox 19:41:30 's example 19:41:41 so I would think I would be mapping one to one with ksa 19:42:14 AttributeError: module 'keystoneauth1.loading.adapter' has no attribute 'load_from_argparse_arguments' 19:42:24 So it is something different 19:43:28 and the warning I got on the old code was 19:43:43 UserWarning: Using keystoneclient sessions has been deprecated. Please update your software to use keystoneauth1. 19:43:51 so something to make a ksa session, I think 19:47:46 Colleen Murphy proposed openstack/keystone master: Add application credentials db migration https://review.openstack.org/524927 19:48:12 argparse.ArgumentError: argument --os-auth-type/--os-auth-plugin: conflicting option strings: --os-auth-type, --os-auth-plugin 19:48:15 hmmm 19:52:44 that sounds like you've registered multiple times 19:54:40 kmalloc, got successful code for doing this? 19:55:38 not on hand 19:58:51 Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928 20:01:36 maybe we need to say jamielennox 's names 3 times to summon him 20:09:25 Merged openstack/keystone master: Implement controller logic for system user assignments https://review.openstack.org/515215 20:14:08 o/ 20:39:51 Lance Bragstad proposed openstack/keystoneauth master: Implement system scope https://review.openstack.org/529665 20:41:02 cmurphy: jamielennox ^ my ksa system scope patch 20:41:13 i reworked it to expect a string instead of a boolnea 20:41:16 boolean* 20:43:44 kmalloc, I wonder if I should just jump to using osc-lib 20:44:45 looks like it goes too far in the init process, won't let me controll the parts I need before parsing, etc, but I can probably duplicate what iti is doing 20:57:36 dtroyer, I was trying to update some code that origianlly followed jamielennox 's approach to creating a sessions, but it has bit rotted. As I track what is going on now, I wonder if I should be using osc-lib 20:58:07 the code is mostly neutron and nova calls for setting up and tearing down a development environ, and I might decided to redo it using shade. 20:58:15 lbragstad not sure where exactly, but that is probably something good to document 20:58:33 gagehugo: yeah 20:58:38 dev docs maybe? 20:58:40 I feel like that may have gotten brought up for tags as well before we nix'd the id 20:58:54 sure 20:59:03 oh - that's right, because tag name and project were unique.. 20:59:07 kmalloc, if I use shade, is there a way I can keep the passwords out of config files? 20:59:11 so no id required 21:00:14 ye 21:04:51 Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928 21:08:20 ayoung: the os_client_config.Config constructor supports a pw_func parameter which is a function to call in the case of a missing password 21:10:15 ayoung: which, incidentally, is what osc-lib uses to prompt you for a password 21:10:46 mordred, so the thing I liked about creaing a session from cli args is that it get OS_PASSWORD implicitly. 21:11:05 ah - yes. if that's all you want it's even easier 21:11:08 so people source the same .rc file as they do for cli calls, but then called my code instead 21:11:33 I'm really trying to not rewrite my 4 year old code 21:11:44 Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place https://review.openstack.org/534440 21:11:53 yah. please don't resurrect any additional ways of creating keystone sessions - we've got that very well covered now :) 21:12:10 actually, last commit was Mar 17, 2016 21:12:39 ayoung: all of the helper factory functions in os_client_config/__init__.py support passing in an argparse instance 21:13:10 ayoung: and will register the common argparse options for you, then os_client_config will consume them when creating the config object 21:13:56 mordred, let me cut to the chase. I need a novaclient and a neutron client from environ vars 21:14:02 Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place https://review.openstack.org/534440 21:14:24 yup. that's SUPER easy 21:14:52 https://docs.openstack.org/os-client-config/latest/user/using.html something off there? 21:15:02 ayoung: do you specifically want an instance of python-novaclient and python-neutronclient? or do you want ksa Adapters to make REST calls on them? 21:15:15 um.... 21:15:30 I was working with python-nova and pythonneutron clients 21:15:37 gotcha. 21:15:48 Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager https://review.openstack.org/524747 21:15:50 so for that, you want https://docs.openstack.org/os-client-config/latest/user/using.html#constructing-legacy-client-objects 21:15:50 from novaclient import client as novaclient 21:15:53 yah 21:16:00 I mean- I'd avoid using that myself 21:16:14 but if that's what you want, we got you covered :) 21:16:18 mordred, this code is almost old enough to buy cigaretts 21:16:27 just trying to get it working again 21:16:43 if I end up doing too much work, I'll redo it as an ansible playbook 21:16:45 the simplest way is nova = os_client_config.make_client('compute', cloud='envvars') 21:16:59 that'll get youa novaclient.Client from OS_ env vars 21:17:01 ++ 21:17:05 I'll try that, thanks 21:17:18 you can get fancier if you need to - like if you also want to support argparse arguments 21:18:16 ayoung: nova = os_client_config.make_client('compute', cloud='envvars', options=Some_argparse_namespace_object) 21:18:37 ayoung: let me know if you run in to any issues - the use case you describe should be pretty solid 21:20:32 Colleen Murphy proposed openstack/keystone master: Add application credentials db migration https://review.openstack.org/524927 21:20:33 Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928 21:20:33 Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager https://review.openstack.org/524747 21:20:33 os_client_config.make_client('compute', cloud='envvars', options=argparse.ArgumentParser()) will do the trick if you don't have any _other_ argparse items to add 21:20:34 Colleen Murphy proposed openstack/keystone master: Add Application Credentials controller https://review.openstack.org/524423 21:20:34 Colleen Murphy proposed openstack/keystone master: Add application credential auth plugin https://review.openstack.org/525346 21:20:35 Colleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions https://review.openstack.org/533431 21:20:35 Colleen Murphy proposed openstack/keystone master: Add api-ref for application credentials https://review.openstack.org/533744 22:00:35 Lance Bragstad proposed openstack/oslo.policy master: Render deprecated policy names when generating files https://review.openstack.org/532685 22:00:44 whew - barely beat the buzzer! 22:00:47 #endmeeting