Saturday, 2014-03-01

ayoung	morganfainberg, I was just looking at that. I think the logic there is wrong	00:06
ayoung	it fetches the roles out of the backend, which means if the roles change between token creation and conversion, you would get different values. It pre-supposed revoke_by_id semantics	00:07
ayoung	morganfainberg, you know how you asked to see what the dictionary looks like for 'is_revoked"	00:07
ayoung	token_data dictionary	00:07
morganfainberg	ayoung, aye	00:07
ayoung	its built in the Provider code...	00:08
morganfainberg	ayoung, ah.	00:08
ayoung	and I don't like it	00:08
morganfainberg	ayoung, hey this is why i ask these questions ;)	00:08
ayoung	link in a sec	00:08
morganfainberg	ayoung, cool.	00:08
ayoung	https://review.openstack.org/#/c/55908/63/keystone/token/provider.py line 118	00:09
ayoung	for v2 (which has a bug I found)	00:09
ayoung	and then line 162	00:09
ayoung	Now...I know what you are thinking:	00:09
ayoung	seems wrong to not just pass in the token....	00:09
morganfainberg	ayoung, yeah.	00:09
ayoung	I would need to do "flatten"	00:10
morganfainberg	ayoung, but if that is the way we need to do it (only good option atm), so be it...	00:10
ayoung	but I really don';t like that the v2 and v3 code paths are different	00:10
morganfainberg	flatten would be, imo, a bit cleaner	00:10
morganfainberg	but i can see where that might be icky	00:10
morganfainberg	ayoung, ++	00:10
ayoung	yeah, icky	00:10
morganfainberg	ayoung, i really want to see that "problem" go away	00:10
ayoung	I want to see v2 tokens go away, too	00:10
morganfainberg	ayoung, might need to wait until K to "really" be resolved (bye bye v2)	00:10
ayoung	I suspect we could issue nothing be v3 tokens and be fine	00:11
ayoung	nothing but	00:11
morganfainberg	actually...	00:11
morganfainberg	maybe that is the real fix.	00:11
morganfainberg	option "only issue v3 tokens"	00:11
ayoung	yep	00:12
morganfainberg	revocation events require that, same as PKI	00:12
morganfainberg	ayoung, this might make things too easy ... :P	00:12
ayoung	not really...this logic works...but I need to do more testing...I think I need to have a set of data, and do "v2 token is revoked " and "v3 data is revoked"	00:12
ayoung	dolphm, can we stop issuing v2 tokens?	00:13
ayoung	actually, we really can't	00:13
ayoung	since the token data is what is returned from the validate call, there might be 3rd party apps using that data	00:13
morganfainberg	no, we can't well not unless we make it an optional thing	00:13
morganfainberg	correct	00:13
ayoung	ok, not to be solved today	00:14
ayoung	I don';t think I'm going to do "flatten" here either...but I might when I port this code to the client	00:14
ayoung	cuz auth token is going to need it	00:14
ayoung	so this just needs to work.	00:14
morganfainberg	ayoung, fair enough	00:15
morganfainberg	ayoung, maybe in J we offer an "issue v3 only option" to help people transition more cleanly	00:15
ayoung	++	00:15
morganfainberg	even if they still use some V2 keystone api calls	00:15
morganfainberg	ayoung, sounds good to me	00:15
ayoung	morganfainberg, we need the v2 v3 interop from the client we talked about. Then transition should be straightforward. Did that make it in?	00:16
morganfainberg	ayoung, no, think thats going to be J	00:16
ayoung	No the client fix is not aligned with Ice	00:16
morganfainberg	ayoung, ooh	00:16
morganfainberg	ayoung, uhm.	00:16
morganfainberg	ayoung, not sure.	00:16
* ayoung looks		00:17
ayoung	https://review.openstack.org/#/c/75731/	00:18
morganfainberg	oh that change is pretty simple	00:19
ayoung	morganfainberg, ^^ is the simplest hack to make it work	00:19
morganfainberg	yeah	00:19
ayoung	logic looks a touch convoluted even for a simple patch like that	00:19
ayoung	looks like there is a loophole in there where hasattr(self, '_management_url'): is true but _management_url is None	00:20
ayoung	needs to and those two checks together	00:21
*** krsna has quit IRC		00:30
*** gokrokve_ has quit IRC		00:32
*** david-lyle has joined #openstack-keystone		00:41
*** gokrokve has joined #openstack-keystone		00:41
*** browne1 has quit IRC		00:52
*** richm has quit IRC		00:55
*** gokrokve has quit IRC		00:56
*** ayoung has quit IRC		01:01
*** ayoung has joined #openstack-keystone		01:08
*** devlaps1 has joined #openstack-keystone		01:20
*** devlaps has quit IRC		01:21
*** devlaps1 has quit IRC		01:22
*** devlaps has joined #openstack-keystone		01:23
*** devlaps has quit IRC		01:23
*** ChanServ sets mode: +o dolphm		01:33
*** achampion has joined #openstack-keystone		01:43
*** gokrokve has joined #openstack-keystone		01:46
*** lnxnut has joined #openstack-keystone		02:10
*** lnxnut has quit IRC		02:52
*** lnxnut has joined #openstack-keystone		02:55
*** marcoemorais has quit IRC		03:00
*** dolphm is now known as dolphm_503		03:00
*** devlaps has joined #openstack-keystone		03:03
*** devlaps has quit IRC		03:28
*** amcrn has quit IRC		03:29
*** lbragstad has joined #openstack-keystone		03:31
*** dolphm_503 is now known as dolphm		03:39
*** dolphm is now known as dolphm_503		03:52
*** lnxnut has quit IRC		04:18
*** lnxnut has joined #openstack-keystone		04:22
*** harlowja is now known as harlowja_away		04:31
*** dolphm_503 is now known as dolphm		04:43
*** chandan_kumar has joined #openstack-keystone		04:48
*** wchrisj has quit IRC		04:49
ayoung	morganfainberg, any chance you are around and can help me with a dogpile question? I need to use it to syncronize the revoke tree	04:51
morganfainberg	ayoung, hehe sure	04:51
ayoung	so...	04:51
ayoung	https://review.openstack.org/#/c/55908/63/keystone/contrib/revoke/core.py	04:52
ayoung	line 179	04:52
* morganfainberg is unfortunately not out having a drink yet, but fortunately able to help		04:52
* ayoung had scotch hours ago...		04:52
morganfainberg	i might pour some of the cognac here that is on my desk	04:52
ayoung	I think this is last thing before I can repost.	04:52
morganfainberg	but i'm debugging some sql migrate issues production	04:52
morganfainberg	and.	04:53
ayoung	Noice!	04:53
morganfainberg	i might need a new phone now	04:53
morganfainberg	sigh	04:53
ayoung	ouch	04:53
morganfainberg	just poured coffee all over my desk and phone	04:53
morganfainberg	sigh	04:53
ayoung	anyway...if I want to use dogpile to syncronize the built Revoke Tree between greenthreads, what should I look at as an example	04:54
morganfainberg	hmm	04:54
morganfainberg	kvs is sufficient yes?	04:54
morganfainberg	in-mem that is	04:54
morganfainberg	brb getting towel	04:55
*** dolphm is now known as dolphm_503		04:55
morganfainberg	ok back	04:57
ayoung	Ooh, that just happend? I thought you were talking about something that happened earlier tonight.	04:57
ayoung	Sorry	04:57
ayoung	kvs...sufficient to start.	04:57
morganfainberg	no i mean i went to type and poured coffee on myself.	04:58
ayoung	probably should be memcached also in the future	04:58
morganfainberg	you could probably just use the same backend you're using for the events	04:58
ayoung	nope	04:58
morganfainberg	just use another key	04:58
morganfainberg	wrap in a lock	04:58
morganfainberg	no?	04:58
ayoung	they might be stored in sql	04:58
morganfainberg	oh oh	04:59
morganfainberg	right	04:59
morganfainberg	hmm.	04:59
morganfainberg	same mechanics as you're doing now, probably not configurable to begin with	04:59
ayoung	not sure how cleanly they are going to serialize....	04:59
morganfainberg	just hard set openstack.kvs.memory as the driver	04:59
morganfainberg	this is a case where i wish we could toggle off the copy mechanism in that backend	05:00
ayoung	with kvs, it just stores python objects, right? No serialization?	05:00
morganfainberg	correct	05:00
ayoung	hmmm	05:00
morganfainberg	it's an in-memory dict	05:00
morganfainberg	but get/set does a copy.deepcopy	05:00
morganfainberg	let me check something	05:00
ayoung	OK...I can do that...probably will wait until tomorrow	05:00
morganfainberg	you should eb able to use dogpile.memory.MemoryBackend	05:01
morganfainberg	it wont do copy/deepcopy so changes will affect the cached values	05:01
morganfainberg	but you can still use the locking semantics i added to the keystone kvs stuff	05:02
morganfainberg	it _should_ work, but i haven't tested it extensively with greenthreads/threading	05:02
morganfainberg	it relies on threading.lock which iirc is patched	05:03
ayoung	I'll write it up and post...its pretty simple, I think	05:05
ayoung	Oooh...I need to be able to overide the backing store for Event storage...any reason not do open it up to storage other than In Memory?	05:06
morganfainberg	ayoung, hm. nah. it's just for syncronization between greenthreads	05:07
morganfainberg	i don't think it'll make a huge difference/benefit to share outside / across processes	05:07
ayoung	for events, it will be the actual backing store...I would like to get persistance	05:07
morganfainberg	ayoung, right. which you will get with Redis or mongo or whatever	05:08
morganfainberg	and yes that should be configurable	05:08
ayoung	for the tree...I'll leave that to later, but I might make it a config option as well. It might be useful for Apache based, to not have to rebuild the tree everytime	05:08
morganfainberg	but i don't see a need to make the tree part more than in-mem	05:08
ayoung	so memcached too	05:08
morganfainberg	aye memcached is... ok	05:08
morganfainberg	:P	05:08
*** wchrisj__ has joined #openstack-keystone		05:16
ayoung	dagnabit...just using the cache buys me nothing unless I copy	05:20
ayoung	Ok..headed to bed...I need to think about this.	05:20
*** stevemar has joined #openstack-keystone		05:42
*** ChanServ sets mode: +v stevemar		05:42
*** dolphm_503 is now known as dolphm		05:46
*** dolphm is now known as dolphm_503		05:56
*** chandan_kumar has quit IRC		06:01
*** chandan_kumar has joined #openstack-keystone		06:13
*** marcoemorais has joined #openstack-keystone		06:19
*** wchrisj__ has quit IRC		06:22
*** chandan_kumar has quit IRC		06:28
*** chandan_kumar has joined #openstack-keystone		06:40
*** dstanek has quit IRC		06:46
*** dolphm_503 is now known as dolphm		06:47
*** chandan_kumar has quit IRC		06:48
*** dolphm is now known as dolphm_503		06:56
*** chandan_kumar has joined #openstack-keystone		06:58
*** stevemar has quit IRC		06:59
*** chandan_kumar has quit IRC		07:22
*** dolphm_503 is now known as dolphm		07:47
*** marcoemorais1 has joined #openstack-keystone		07:50
*** marcoemorais has quit IRC		07:50
*** dolphm is now known as dolphm_503		07:57
*** marcoemorais1 has quit IRC		08:00
*** morganfainberg is now known as morganfainberg_Z		08:33
*** gokrokve has quit IRC		08:38
*** gokrokve_ has joined #openstack-keystone		08:41
*** gokrokv__ has joined #openstack-keystone		08:43
*** gokrokve_ has quit IRC		08:45
*** dolphm_503 is now known as dolphm		08:48
*** dolphm is now known as dolphm_503		08:58
*** david_lyle_ has joined #openstack-keystone		09:10
*** david-lyle has quit IRC		09:13
*** david-lyle has joined #openstack-keystone		09:13
*** david_lyle_ has quit IRC		09:15
*** gokrokv__ has quit IRC		09:17
*** gokrokve has joined #openstack-keystone		09:48
*** dolphm_503 is now known as dolphm		09:49
*** gokrokve_ has joined #openstack-keystone		09:49
*** chandan_kumar has joined #openstack-keystone		09:50
*** gokrokve has quit IRC		09:52
*** dolphm is now known as dolphm_503		09:59
*** chandan_kumar has quit IRC		10:02
*** david_lyle_ has joined #openstack-keystone		10:19
*** david-lyle has quit IRC		10:23
*** chandan_kumar has joined #openstack-keystone		10:24
*** dolphm_503 is now known as dolphm		10:50
*** dolphm is now known as dolphm_503		11:00
*** chandan_kumar has quit IRC		11:36
*** dolphm_503 is now known as dolphm		11:50
*** chandan_kumar has joined #openstack-keystone		11:53
*** dolphm is now known as dolphm_503		12:00
*** chandan_kumar has quit IRC		12:38
*** dolphm_503 is now known as dolphm		12:51
*** dolphm is now known as dolphm_503		13:01
*** dstanek has joined #openstack-keystone		13:33
*** ChanServ sets mode: +v dstanek		13:33
*** dolphm_503 is now known as dolphm		13:35
*** dolphm is now known as dolphm_503		14:17
*** dstanek has quit IRC		14:22
*** dstanek has joined #openstack-keystone		14:36
*** ChanServ sets mode: +v dstanek		14:36
*** dolphm_503 is now known as dolphm		14:36
*** lnxnut has quit IRC		14:58
*** lnxnut has joined #openstack-keystone		15:04
*** dolphm is now known as dolphm_503		15:05
*** dolphm_503 is now known as dolphm		15:25
*** lnxnut has quit IRC		15:27
*** dstanek has quit IRC		15:28
*** lnxnut has joined #openstack-keystone		15:35
*** dolphm is now known as dolphm_503		15:37
*** lnxnut has quit IRC		15:39
*** dolphm_503 is now known as dolphm		15:56
*** dstanek has joined #openstack-keystone		16:28
*** ChanServ sets mode: +v dstanek		16:28
*** lnxnut has joined #openstack-keystone		16:35
*** lnxnut has quit IRC		16:40
*** dolphm is now known as dolphm_503		16:40
*** lnxnut has joined #openstack-keystone		17:00
*** wchrisj has joined #openstack-keystone		17:22
*** wchrisj has quit IRC		17:26
*** nkinder has quit IRC		17:26
*** wchrisj has joined #openstack-keystone		17:28
*** wchrisj has quit IRC		17:31
*** dolphm_503 is now known as dolphm		17:35
*** marcoemorais has joined #openstack-keystone		17:35
*** marcoemorais has quit IRC		17:39
*** gokrokve_ has quit IRC		17:43
*** gokrokve has joined #openstack-keystone		17:43
*** thedodd has joined #openstack-keystone		17:49
*** lnxnut has quit IRC		17:52
*** lnxnut has joined #openstack-keystone		17:53
*** lnxnut has quit IRC		18:20
*** lnxnut has joined #openstack-keystone		18:21
*** lnxnut has quit IRC		18:21
*** lnxnut has joined #openstack-keystone		18:22
*** lnxnut has quit IRC		18:26
*** wchrisj has joined #openstack-keystone		18:39
*** wchrisj has quit IRC		18:48
*** leseb has joined #openstack-keystone		18:50
*** wchrisj has joined #openstack-keystone		18:56
*** ayoung has quit IRC		18:59
*** dolphm is now known as dolphm_503		19:00
*** wchrisj has quit IRC		19:06
*** leseb has quit IRC		19:08
*** dolphm_503 is now known as dolphm		19:20
*** lnxnut has joined #openstack-keystone		19:23
*** leseb has joined #openstack-keystone		19:24
*** leseb has quit IRC		19:24
*** lnxnut has quit IRC		19:27
*** dolphm is now known as dolphm_503		19:29
*** lnxnut has joined #openstack-keystone		19:35
*** lnxnut has quit IRC		19:40
*** topol has joined #openstack-keystone		20:04
*** topol_ has joined #openstack-keystone		20:06
*** topol has quit IRC		20:09
*** topol_ is now known as topol		20:09
*** topol has quit IRC		20:20
*** dolphm_503 is now known as dolphm		20:20
*** leseb has joined #openstack-keystone		20:22
*** lnxnut has joined #openstack-keystone		20:35
*** rwsu has quit IRC		20:40
*** lnxnut has quit IRC		20:40
*** ayoung has joined #openstack-keystone		20:45
*** leseb has quit IRC		20:51
*** dolphm is now known as dolphm_503		20:58
*** thedodd has quit IRC		21:05
*** leseb has joined #openstack-keystone		21:18
*** wchrisj has joined #openstack-keystone		21:34
*** lnxnut has joined #openstack-keystone		21:35
*** lnxnut has quit IRC		21:40
*** leseb has quit IRC		21:43
*** leseb has joined #openstack-keystone		21:44
*** leseb has quit IRC		21:48
*** dolphm_503 is now known as dolphm		21:49
*** wchrisj has quit IRC		21:54
*** dolphm is now known as dolphm_503		21:58
*** leseb has joined #openstack-keystone		22:09
*** dolphm_503 is now known as dolphm		22:14
*** dolphm is now known as dolphm_503		22:17
*** ayoung has quit IRC		22:20
*** dolphm_503 is now known as dolphm		22:27
*** ayoung has joined #openstack-keystone		22:33
*** lnxnut has joined #openstack-keystone		22:35
*** lnxnut has quit IRC		22:40
*** dolphm is now known as dolphm_503		23:29
*** dolphm_503 is now known as dolphm		23:30
*** lnxnut has joined #openstack-keystone		23:35
*** leseb has quit IRC		23:39
*** dolphm is now known as dolphm_503		23:39
*** leseb has joined #openstack-keystone		23:39
*** lnxnut has quit IRC		23:40
*** leseb has quit IRC		23:44
*** leseb has joined #openstack-keystone		23:44
*** dolphm_503 is now known as dolphm		23:49
*** dolphm is now known as dolphm_503		23:59
*** leseb has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!