15:00:56 <SotK> #startmeeting storyboard
15:00:57 <openstack> Meeting started Wed Jun 15 15:00:56 2016 UTC and is due to finish in 60 minutes.  The chair is SotK. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:58 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:00 <openstack> The meeting name has been set to 'storyboard'
15:01:37 <anteaya> ah here you are
15:01:53 * ttx lurks but will have a call in a few
15:02:07 <SotK> #link https://wiki.openstack.org/wiki/Meetings/StoryBoard#Agenda_for_next_meeting Agenda
15:02:32 <SotK> I don't know of any announcements or urgent things this week
15:02:42 <Zara> nope
15:02:44 <anteaya> the bug sprint
15:03:07 <SotK> we announced it last week, but can do again
15:03:11 <anteaya> #link https://wiki.openstack.org/wiki/VirtualSprints#StoryBoard_Bug_Sprint
15:03:17 <anteaya> thanks
15:03:37 <SotK> #info REMINDER: StoryBoard's Bug Sprint is next week, 22nd and 23rd June
15:04:05 <SotK> #topic In Progress Work
15:04:24 <Zara> I didn't get around to updating agenda here
15:04:27 <SotK> I've finished up the timeline rework patch
15:04:35 <anteaya> yay!
15:04:39 <SotK> #link https://review.openstack.org/#/c/327231/
15:04:52 <SotK> Zara made a suggestion to improve it, which I'll implement after this meeting
15:05:26 <Zara> :D
15:05:32 <Zara> just to be pesky.
15:06:07 <Zara> as for me, I'm still in review mode and not looking at the gerrit integration right now. I believe anteaya is looking at that.
15:06:14 <anteaya> I am so
15:06:50 <anteaya> so for gerrit integration with mountains of help from zaro answering my silly quesitons, I have a local gerrit instance with the storyboard plugin configured
15:06:58 <Zara> \o/
15:07:07 <anteaya> it can find the storyboard-dev api and can successfully GET things
15:07:07 <SotK> :D
15:07:15 <anteaya> however it can't PUT or POST
15:07:42 <anteaya> I just discovered that as of right now the storyboard api requires you to be authenticated to get authenticated
15:08:06 <anteaya> which may be why the storyboard plugin can't yet complete actions that it needs to be authenticated to do
15:08:21 <SotK> (or redirects you to its configured openid provider's login page)
15:08:35 <anteaya> so I will do some gathering of thoughts on the best way to address how the storyboard plugin can become authenticated via the api
15:08:51 <anteaya> SotK: sorry, what to do you mean?
15:09:35 <anteaya> storyboard redirects an api call that needs authentication to the openid provider's login page?
15:10:02 <anteaya> I'm uncertain of the value of that action in this workflow, but will follow up with others and see what to do next
15:10:36 <anteaya> I am hoping to have the storyboard plugin on the review-dev server configured to find the storyboard-dev server for next week's bug event
15:10:44 <anteaya> that's all I had
15:11:51 <anteaya> at this point even without having auth via the api figured out I have confirmed taht the plugin can find the right storyboard instance which hopefully is enough to get it on review-dev
15:12:18 <SotK> so the ways to get an access token are (1) create a new access token for your user, which requires you to already have a valid token, or (2) do a GET for `/v1/openid/authorize` with some parameters, which redirects to a provider's login page (for OpenStack that is currently launchpad) for you to provide credentials (the provider redirects back to storyboard and tells it to give you a token on succe
15:12:24 <SotK> ss)
15:12:37 <anteaya> ah ha!
15:12:53 <anteaya> thank you, I will explore option (2)
15:13:38 <SotK> if you can string together the requests required for launchpad's login process, you may be able to persuade the API to give you a token
15:13:41 <SotK> but idk
15:14:03 <anteaya> well it is worth a shot, I will work in that direction to see what happens
15:14:05 <anteaya> thank you
15:15:13 <anteaya> I have no more on this item
15:15:19 <SotK> any other in-progress work?
15:15:40 <Zara> If I'm doing any, I've forgotten it
15:15:47 <anteaya> he he
15:17:01 <SotK> then we're at open discussion already
15:17:07 <SotK> #topic Open Discussion
15:17:11 <Zara> goodness
15:17:33 <anteaya> wow
15:17:39 <Zara> I have nothing to discuss.
15:17:47 <Zara> well, thanks, sotk, for tidying up s.o.o today
15:17:57 <Zara> I have been watching the emails pile up :)
15:18:00 <anteaya> I'm keen to start working on the api auth thing
15:18:10 <anteaya> an thanks SotK for tidying
15:18:21 <SotK> yw
15:18:30 <SotK> I tagged some things as low-hanging-fruit
15:18:36 <Zara> I'm probably missing context, is there a reason it's impossible to login manually once and then get tokens after that?
15:18:43 <SotK> they are of variable low-ness in their hanging
15:18:54 <SotK> but all fairly low
15:20:23 <Zara> oh, and pedro's suggested approach to auth for gerrity things was to give storyboard the ability to have a user whose token never expired
15:20:28 <Zara> and use that for automated things
15:20:29 <anteaya> Zara: it is a plugin
15:20:59 <anteaya> that would be reasonable, then the token could be stored somewhere on configuration
15:21:14 <anteaya> either in puppet heira or in gerrit config
15:21:18 <anteaya> fungi: ^^
15:21:34 <SotK> that would seem sensible to me
15:21:42 <anteaya> discussing gerrit storyboard plugin auth issue
15:22:02 <SotK> you could login manually once to get a token, then use the API to request a token with an extreme length
15:22:02 <anteaya> would a token that could only be expired manually be safe to use?
15:22:33 <fungi> so to restate, making sure i've got the proposal correct, we would have a storyboard account for gerrit with a non-expiring token
15:22:50 <fungi> that is to say, an account in storyboard for gerrit to use
15:23:04 <SotK> either non-expiring on very long lived
15:23:19 <Zara> is this storyboard or just storyboard-dev at this point?
15:23:50 <fungi> and the reason for that is the gerrit plugin to connect to storyboard doesn't know how to reauthenticate api calls?
15:24:14 <anteaya> at this point storyboad-dev, but if we are making a design decision it would affect storyboard eventually
15:24:35 <anteaya> fungi: so far, that is my conclusion, however we could check with zaro to confirm that
15:25:01 <fungi> as in it "stops working" after a short while?
15:25:17 <anteaya> well reauthenticiate or authenticate in the first place with openid
15:25:32 <anteaya> no, it can't perform any PUT or POST actions, only GET actions
15:25:42 <fungi> oh, the api authentication relies on openid somehow?
15:25:48 <anteaya> and so I am concluding that auth is an issue preventing PUT or POST
15:25:53 <anteaya> yes it does
15:25:56 <fungi> i will admit i haven't played with storyboard's api yet
15:26:08 <anteaya> fair enough, I'm learning myself
15:26:37 <anteaya> but SotK believes that I can call out to openid via the storyboard api, but it doesn't sound like he has experience doing so himself
15:27:00 <anteaya> and is uncertain of the results
15:27:01 <fungi> i suppose implementing openid authentication in the plugin is potentially less work than building digest or shared secret auth support into sb?
15:27:12 <anteaya> so the discussion moved to long lived token so I pinged you
15:27:13 <SotK> I did a curl request to get the redirect URL once, but didn't try to chase any further down the rabbit hole
15:27:43 <anteaya> let me spend some time investigating and will return next week with more facts
15:27:50 <anteaya> then we can revisit the discussion?
15:27:52 <fungi> or _was_ less work i guess (sounds like it's implemented now)
15:27:53 <anteaya> is that fair?
15:28:07 <anteaya> I don't know yet what is more or less work
15:28:15 <fungi> sounds reasonable
15:28:21 <anteaya> great thank you
15:28:32 <anteaya> thanks for popping in with no notice fungi
15:28:40 <fungi> but just to confirm, sb currently only supports openid auth
15:29:09 <SotK> yes
15:29:10 <fungi> so any reauthentication the plugin might need to do will have to be new openid callouts
15:29:23 <fungi> makes sense then, thanks
15:29:36 <anteaya> fungi: the plugin can get a new token if the old token hasnt' expired yet
15:29:39 <SotK> fungi: it could create itself a new access token whilst it still had a valid one
15:29:56 <anteaya> but it has to call out to openid to start the process or if the current token has expired
15:30:03 <persia> Yes.
15:30:05 <fungi> and what's our token expiration set for currently?
15:30:24 <fungi> (sorry if i'm asking things explained earlier)
15:30:27 <anteaya> in the gui it is one hour, I'm not sure if there is a default for api token creation
15:30:37 <SotK> there is
15:30:38 <anteaya> fungi: not to worry, thanks for being involved
15:30:44 <SotK> its in the puppet manifest, one sec
15:31:12 <anteaya> SotK: but we can configure the api token default expiration to be whatever we want?
15:31:21 <anteaya> storyboard doesn't specify a default?
15:31:53 <SotK> the default in the puppet manifest is 1 hour (s.o.o uses the default)
15:32:12 <SotK> storyboard doesn't specify a default, is defined in the configuration file
15:32:20 <anteaya> but we could change that via the puppet manifest it sounds like
15:32:25 <anteaya> oh awesome, thank you
15:33:00 <fungi> does the plugin currently support openid, or are you having to authenticate with your browser and then stick something into the plugin config?
15:33:12 <anteaya> I don't know
15:33:33 <fungi> oh, so you haven't tested it out successfully yet i guess
15:33:34 <anteaya> in the plugin config I entered my ubuntuone username (email) and password
15:33:52 <fungi> and that worked (at least for an hour)?
15:33:56 <anteaya> I cant' tell if that was useful or not since that isn't required for GET actions
15:34:06 <anteaya> which is all I can confirm it can do at the moment
15:34:11 <fungi> i see. thanks
15:34:22 <anteaya> then I moved to figuring out the api myself for PUT and POST
15:34:27 <SotK> hmm, what happens with PUTs and POSTs then?
15:34:43 <anteaya> I don't know
15:34:44 <fungi> if it turns out that the plugin does work for post operations as well with that configured, then it's presumably already doing an openid dance itself
15:34:59 <anteaya> I haven't yet figured out how to do a PUT myself yet
15:35:11 <anteaya> possibly?
15:35:45 <fungi> in which case it may simply be sufficient to convince zaro or someone to add reauthentication support into that plugin
15:35:54 <anteaya> if I can figure out the correct curl commands myself then I can feel armed with the knowledge to look at log files or request them from the storyboard-dev server
15:36:06 <fungi> sounds good
15:36:07 <anteaya> yes, that might be the route forward
15:36:12 <anteaya> thanks
15:36:25 <SotK> anteaya: is there a way you can see the response the server gives the plugin?
15:36:31 <anteaya> I don't know
15:36:45 <anteaya> I don't know what to look for yet so I don't know where to look
15:36:53 <anteaya> I haven't looked to find where to look for that yet
15:36:58 <anteaya> on my local gerrit
15:37:24 <fungi> if there's no debugging for that (perhaps in the gerrit log files?) then you might have to set up your test deployment to be http-only and use tcpdump to capture the packets for that exchange
15:37:24 <anteaya> figuring out the api for myself seemed like my first step
15:37:53 <anteaya> oh okay I might follow up with you on how to do that after I get an actual api PUT to work for me
15:38:02 <fungi> happy to help, sure
15:38:07 <anteaya> that sounds exciting
15:38:09 <anteaya> thank you
15:38:16 <fungi> packet sniffers are always exciting
15:38:20 <anteaya> woooo
15:38:29 <fungi> (for some definitions of always and exciting at least)
15:38:34 <anteaya> ha ha ha
15:39:13 <anteaya> I'm out of things to say here
15:39:15 <Zara> I'd imagine POSTs will be easier than PUTs to test auth things
15:39:27 <anteaya> oh okay fair enough
15:39:45 <anteaya> shows you how much I know about api things
15:39:57 * SotK wonders if there has been any progress with identifying blocking issues for migration
15:40:58 <anteaya> well since I consider gerrit storyboard integration very important
15:41:09 <anteaya> I haven't gone shopping for many opinions until this is in place
15:41:34 <anteaya> since once it is in place folks might decide that they are happy and their nits are minor instead of critical
15:41:54 <anteaya> like when dinner tastes so much better when the waiter keeps your drinks filled
15:43:05 <anteaya> I do think having expanded docs on the api will be helpful
15:43:22 <anteaya> like telling folks where in the gui to find their tokens, that isn't discoverable
15:43:42 <anteaya> and an example of how to use their token in a curl command
15:43:54 <anteaya> and how to auth with openid to get a token
15:44:13 <anteaya> I think these points would be helpful to have in teh api docs
15:44:32 <anteaya> but that is my personal opinion
15:45:42 <anteaya> I also think the utc timestamps thing is important for us to be able to set for infra instances
15:45:59 <anteaya> Jim was very clear that he wanted that
15:46:59 <anteaya> also dhellmann's point about how he wants to use the api
15:47:27 <anteaya> if his usecase is covered I think that should be added to the api docs
15:47:35 <SotK> seems fair, I imagine gerrit integration will make things much better
15:47:40 <anteaya> now I can't yet figure out how to edit the api docs
15:47:48 <anteaya> thanks, that is my hope too
15:48:12 <anteaya> so I hope that the api docs can in fact contain the information we would like it to contain
15:48:23 <anteaya> I haven't figured out yet how they are generated
15:49:18 <anteaya> so like I said I hope to have the storybroard gerrit integration in place on test servers by next week's bug event and hope to get some initial feedback on it from sprinit participants
15:49:32 <anteaya> then address the obvious things then take it wider
15:51:11 <anteaya> but if we can work on utc timestamps and expanding the api docs in the meantime I think that will be time well spent
15:51:43 * SotK expects so too, I was hoping to look at the timestamp stuff at some point in my pile of timeline reworking
15:54:16 <SotK> any other points to discuss?
15:54:30 <anteaya> awesome thank you
15:54:38 <anteaya> I'm happy
15:56:55 <Zara> I don't have anything right now
16:00:07 <smcginnis> SotK: end meeting? :)
16:00:09 <SotK> #endmeeting