Monday, 2014-03-31

*** leseb has joined #openstack-keystone		00:04
*** dolphm has quit IRC		00:06
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Remove _delete_tokens function from federation controller https://review.openstack.org/83169	00:07
*** leseb has quit IRC		00:08
*** dolphm has joined #openstack-keystone		00:09
*** dstanek has joined #openstack-keystone		00:13
*** derek_c has quit IRC		00:15
*** jamielennox\|away is now known as jamielennox		00:17
*** lbragstad1 has joined #openstack-keystone		01:05
*** esmute_ has joined #openstack-keystone		01:12
*** dims has quit IRC		01:13
*** bada has quit IRC		01:13
*** esmute has quit IRC		01:13
*** Daviey has quit IRC		01:13
*** ayoung has quit IRC		01:13
*** lbragstad has quit IRC		01:13
*** esmute_ is now known as esmute		01:13
Mario_	Is devstack run_tests.sh compatible to openstack?	01:14
Mario_	see http://www.ibm.com/developerworks/cloud/library/cl-ldap-keystone/	01:15
*** Daviey has joined #openstack-keystone		01:17
*** ayoung has joined #openstack-keystone		01:20
*** bada has joined #openstack-keystone		01:20
*** dims has joined #openstack-keystone		01:20
jamielennox	Mario_: i'm not sure i understand the question	01:46
Mario_	jamielennox on that site it mentioned the run_test.sh but on my system I didn't found it	01:47
jamielennox	Mario_: that looks like the run_tests.sh available in keystone	01:48
jamielennox	i assume it's just using the LDAP server set up by devstack for it's live tests	01:48
Mario_	yeah but I don't have devstack, do it applicable to openstack that rely on the OS	01:49
jamielennox	Mario_: for testing we have fake LDAP tests because we can't rely on a real LDAP server for unit tests	01:50
jamielennox	if a server is available and we can run it against that we call that live tests	01:50
jamielennox	otherwise they will just be skipped	01:50
jamielennox	so what that example is doing is using devstack to setup an LDAP server and then running our ldap live tests against that server because it knows how to access it	01:51
Mario_	but it can be tested on available server? Am I right?	01:51
jamielennox	Mario_: it should be able to - i wouldn't test it against a production ldap server though	01:52
jamielennox	it will write users and do all sorts of other things you don't want on a real server	01:52
Mario_	I want to test my copy of the production one..	01:52
Mario_	is it possible jamielennox?	01:52
Mario_	I still bit confused on connecting ldap to the rest of the openstack services..	01:54
jamielennox	you can run it on production, but i'm not sure what sort of left overs there would be	01:54
jamielennox	i don't know of any generic testing we have - because the available users etc will be specific to your LDAP environment	01:54
Mario_	I need to eliminate probs one at a time, and see where the level probs is	01:55
Mario_	I able to display all users, tenant, role in using keystone command	01:55
jamielennox	Mario_: then i would probably start by running devstack and pointing the configuration at your server and seeing that it works	01:55
jamielennox	or just start keystone on it's own and use the command line to test it	01:56
jamielennox	LDAP is only used for user management so if you can create user, list users etc then it will be ok	01:56
Mario_	jamielennox: yeah but it seems the password is issue having the probs	01:56
jamielennox	Mario_: which password? i think we try to do an anonymous bind to the server using the user's password - but that's not my area	01:57
Mario_	I can only list as I didn't use the user_allow_create = false in my config	01:57
jamielennox	Mario_: wise	01:57
jamielennox	but you should be able to login with those users	01:57
Mario_	but when I see on the logs, it say [-] Authorization failed. Invalid user / password	01:59
*** mberlin1 has joined #openstack-keystone		01:59
jamielennox	Mario_: hmm, ok LDAP isn't really my area but i can try	01:59
Mario_	coz I tried with non-existing user, it doesn't show that kind of log	01:59
*** Daviey has quit IRC		02:00
*** mberlin has quit IRC		02:00
jamielennox	essentially you should be able to turn all LDAP queries into an equivalen ldapsearch query	02:00
Mario_	but there is part of the logs that says SELECT domain.id AS domain_id, domain.name AS domain_name, domain.enabled AS domain_ena$ FROM domain WHERE domain.id = %s jamielennox:	02:01
jamielennox	Mario_: that's ok - domains aren't managed by LDAP	02:01
Mario_	ah ok..	02:02
openstackgerrit	wanghong proposed a change to openstack/keystone: support conventional domain name with one or more dot https://review.openstack.org/79829	02:02
jamielennox	Mario_: see: http://adam.younglogic.com/2012/02/openstack-keystone-ldap-redux/	02:03
jamielennox	specifically: ldapsearch -x -D "dc=Manager,dc=younglogic,dc=com" -H ldap://localhost -w freeipa4all -b ou=Groups,dc=younglogic,dc=com "(objectClass=*)"	02:04
jamielennox	obviously your LDAP configuration is different, but you should be able to do a simple query like that with the user/password you are trying to log in with	02:04
Mario_	i try it with backend_entities as I didn't have it	02:04
jamielennox	if you can't then that's a configuration issue on the LDAP server otherwise it's a keystone issue	02:05
jamielennox	Mario_: be aware that that article is dated feb 2012 so some of the actual config might be out of date	02:05
jamielennox	(i'd rely on what's listed in the config file)	02:05
Mario_	jamielennox: I used mine using the command ldapsearch -LLxWD cn=admin,dc=example,dc=com	02:18
Mario_	and it displays all the entries on it	02:19
Mario_	ldapsearch -LLxWD cn=admin,dc=example,dc=com objectClass=*	02:20
jamielennox	i'll be honest i don't know what those flags do - i assume you are then prompted for a password	02:21
jamielennox	i also don't have an LDAP server i can test it on myself	02:21
Mario_	yes you prompted with the password	02:21
Mario_	hope there will be a simple ldif so we can test or try with it. So we can be based on it	02:22
Mario_	it seems on the documentations doesn't mentioned with it.	02:22
openstackgerrit	Jamie Lennox proposed a change to openstack/python-keystoneclient: Add service name to catalog https://review.openstack.org/78410	02:23
Mario_	some said it on the policy.json, but no idea what is this?	02:24
Mario_	jamielennox: i will try that link that there is seems a solutions on it..	02:38
jamielennox	Mario_: policy is different, that's what a user is allowed to do once they are autenticated	02:44
jamielennox	if you are sesing invalid user/pass then i assume it's the ldap which is failing	02:44
Mario_	I will try to compare the ldif mentioned on Adam's site.. maybe my admin account as it has existing one... which also the default user of the keystone	02:46
*** gtt116__ has quit IRC		03:16
openstackgerrit	wanghong proposed a change to openstack/keystone: For ldap, API wrongly reports user is in group https://review.openstack.org/80934	03:25
openstackgerrit	Rui Chen proposed a change to openstack/keystone: Fix create_region_with_id raise 500 Error bug https://review.openstack.org/75816	03:33
openstackgerrit	Rui Chen proposed a change to openstack/keystone: Fix create_region_with_id raise 500 Error bug https://review.openstack.org/75816	03:46
*** dstanek has quit IRC		04:16
*** dstanek has joined #openstack-keystone		04:18
*** gokrokve has joined #openstack-keystone		04:41
*** gokrokve has quit IRC		04:52
*** gokrokve has joined #openstack-keystone		04:52
openstackgerrit	David Stanek proposed a change to openstack/keystone: Replace all use of mox with mock https://review.openstack.org/84050	04:59
openstackgerrit	David Stanek proposed a change to openstack/keystone: setUp must be called on a fixture's parent first https://review.openstack.org/84051	04:59
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fix cache configuration checks https://review.openstack.org/84052	04:59
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the size limit tests in Python 3 https://review.openstack.org/84053	05:00
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the policy tests in Python 3 https://review.openstack.org/84054	05:00
openstackgerrit	David Stanek proposed a change to openstack/keystone: Adds several more tests to the Python 3 test run https://review.openstack.org/84055	05:00
openstackgerrit	David Stanek proposed a change to openstack/keystone: Make the py33 Jenkins job happy https://review.openstack.org/83565	05:00
openstackgerrit	David Stanek proposed a change to openstack/keystone: wip: this needs to be made in oslo https://review.openstack.org/83833	05:00
openstackgerrit	David Stanek proposed a change to openstack/keystone: First real Python 3 tests https://review.openstack.org/83834	05:00
*** gokrokve_ has joined #openstack-keystone		05:10
*** gokrokve has quit IRC		05:13
*** gokrokve_ has quit IRC		05:15
*** gokrokve has joined #openstack-keystone		05:16
*** gokrokve has quit IRC		05:20
*** dstanek has quit IRC		05:33
*** dstanek has joined #openstack-keystone		05:34
*** gokrokve has joined #openstack-keystone		05:46
*** gokrokve_ has joined #openstack-keystone		05:49
*** chandan_kumar has joined #openstack-keystone		05:50
*** gokrokve has quit IRC		05:51
*** topol has quit IRC		05:56
*** gokrokve_ has quit IRC		05:59
openstackgerrit	Jenkins proposed a change to openstack/keystone: Imported Translations from Transifex https://review.openstack.org/83955	06:02
*** dvorak has quit IRC		06:05
*** dstanek has quit IRC		06:08
*** dstanek has joined #openstack-keystone		06:10
*** bvandenh has joined #openstack-keystone		06:10
*** marcoemorais has joined #openstack-keystone		06:17
openstackgerrit	Rui Chen proposed a change to openstack/keystone: Fix create_region_with_id raise 500 Error bug https://review.openstack.org/75816	06:25
openstackgerrit	David Stanek proposed a change to openstack/keystone: Make the py33 Jenkins job happy https://review.openstack.org/83565	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: Replace all use of mox with mock https://review.openstack.org/84050	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: setUp must be called on a fixture's parent first https://review.openstack.org/84051	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fix cache configuration checks https://review.openstack.org/84052	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the size limit tests in Python 3 https://review.openstack.org/84053	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: wip: this needs to be made in oslo https://review.openstack.org/83833	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the policy tests in Python 3 https://review.openstack.org/84054	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: First real Python 3 tests https://review.openstack.org/83834	06:30
openstackgerrit	David Stanek proposed a change to openstack/keystone: Adds several more tests to the Python 3 test run https://review.openstack.org/84055	06:30
*** marekd\|away is now known as marekd		06:38
*** marcoemorais has quit IRC		06:54
*** gokrokve has joined #openstack-keystone		06:56
*** gokrokve has quit IRC		07:01
*** jaosorior has joined #openstack-keystone		07:02
*** flaper87\|afk is now known as flaper87		07:02
*** zhiyan_ is now known as zhiyan		07:05
*** chandan_kumar has quit IRC		07:06
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Add CRUD operations for Fedration Mapping Rules. https://review.openstack.org/83742	07:09
openstackgerrit	Jamie Lennox proposed a change to openstack/python-keystoneclient: Session Documentation https://review.openstack.org/84070	07:15
openstackgerrit	Jamie Lennox proposed a change to openstack/python-keystoneclient: Document authentication plugins https://review.openstack.org/84071	07:15
*** jamielennox is now known as jamielennox\|away		07:17
*** Gippa has joined #openstack-keystone		07:18
*** dstanek has quit IRC		07:34
openstackgerrit	xu-haiwei proposed a change to openstack/keystone: Fix the order of assertEqual arguments(pemutils, v3_catalog, etc) https://review.openstack.org/77514	07:59
*** leseb has joined #openstack-keystone		08:18
*** Daviey has joined #openstack-keystone		08:42
*** leseb_ has joined #openstack-keystone		08:48
*** RockKuo_TW_PC has joined #openstack-keystone		08:48
*** leseb has quit IRC		08:49
*** RockKuo_TW has quit IRC		08:52
*** bvandenh has quit IRC		08:55
*** gokrokve has joined #openstack-keystone		08:57
*** bvandenh has joined #openstack-keystone		09:01
*** gokrokve has quit IRC		09:02
*** leseb_ has quit IRC		09:16
*** leseb has joined #openstack-keystone		09:25
*** Gippa has quit IRC		09:57
*** Gippa has joined #openstack-keystone		09:58
*** gokrokve has joined #openstack-keystone		09:58
*** jaosorior has quit IRC		10:00
*** gokrokve has quit IRC		10:03
*** dstanek has joined #openstack-keystone		10:13
*** leseb has quit IRC		10:15
*** leseb has joined #openstack-keystone		10:16
*** Gippa has quit IRC		10:16
*** dstanek has quit IRC		10:18
*** leseb has quit IRC		10:20
*** Gippa has joined #openstack-keystone		10:37
*** andreaf has joined #openstack-keystone		10:58
*** gokrokve has joined #openstack-keystone		10:59
*** leseb has joined #openstack-keystone		11:00
*** lbragstad1 has quit IRC		11:01
*** leseb has quit IRC		11:03
*** leseb has joined #openstack-keystone		11:03
*** gokrokve has quit IRC		11:03
*** leseb has quit IRC		11:04
*** leseb has joined #openstack-keystone		11:05
*** thiagop has quit IRC		11:07
*** thiagop has joined #openstack-keystone		11:08
*** topol has joined #openstack-keystone		11:14
*** jaosorior has joined #openstack-keystone		11:18
*** lbragstad has joined #openstack-keystone		11:31
*** saju_m has joined #openstack-keystone		11:51
openstackgerrit	Zhang Yang proposed a change to openstack/keystone: Fix dict wrong use in ec2 auth https://review.openstack.org/78837	11:55
*** gokrokve has joined #openstack-keystone		12:00
*** saju_m has quit IRC		12:00
*** zhiyan is now known as zhiyan_		12:01
*** gokrokve has quit IRC		12:05
*** saju_m has joined #openstack-keystone		12:06
*** saju_m has quit IRC		12:08
*** leseb has quit IRC		12:37
*** leseb has joined #openstack-keystone		12:38
*** dims has quit IRC		12:38
*** leseb has quit IRC		12:42
*** leseb has joined #openstack-keystone		12:46
*** bknudson has quit IRC		12:47
*** dims has joined #openstack-keystone		12:52
openstackgerrit	Zhang Yang proposed a change to openstack/keystone: Fix dict wrong use in ec2 auth https://review.openstack.org/78837	12:53
*** gokrokve has joined #openstack-keystone		13:01
*** browne has joined #openstack-keystone		13:05
*** gokrokve has quit IRC		13:06
*** bknudson has joined #openstack-keystone		13:08
*** zhiyan_ is now known as zhiyan		13:14
*** kun_huang has joined #openstack-keystone		13:20
*** ChanServ sets mode: +o dolphm		13:24
*** joesavak has joined #openstack-keystone		13:26
*** nkinder has quit IRC		13:49
*** zigo has quit IRC		13:50
openstackgerrit	Raildo Mascena de Sousa Filho proposed a change to openstack/keystone: Filter User by project https://review.openstack.org/84136	13:53
*** zigo has joined #openstack-keystone		13:58
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Add CRUD operations for Federated Protocols. https://review.openstack.org/83829	14:00
*** gokrokve has joined #openstack-keystone		14:01
*** dstanek has joined #openstack-keystone		14:04
*** gokrokve has quit IRC		14:06
*** rwsu has joined #openstack-keystone		14:06
*** stevemar has joined #openstack-keystone		14:07
stevemar	dolphm, lift the -2 from this patch please: https://review.openstack.org/#/c/74317/	14:08
*** leseb has quit IRC		14:12
*** leseb has joined #openstack-keystone		14:13
dolphm	stevemar: done!	14:13
*** stevemar has quit IRC		14:14
*** stevemar has joined #openstack-keystone		14:14
dolphm	jamielennox\|away: also unblocked https://review.openstack.org/#/c/78127/	14:15
openstackgerrit	Ilya Pekelny proposed a change to openstack/keystone: Sync test_migrations https://review.openstack.org/80618	14:16
openstackgerrit	Ilya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	14:16
*** zhiyan is now known as zhiyan_		14:22
*** david-lyle has joined #openstack-keystone		14:25
*** leseb has quit IRC		14:26
*** leseb has joined #openstack-keystone		14:27
*** leseb_ has joined #openstack-keystone		14:28
*** dstanek has quit IRC		14:30
*** leseb has quit IRC		14:31
*** nkinder has joined #openstack-keystone		14:35
*** jsavak has joined #openstack-keystone		15:01
*** gokrokve has joined #openstack-keystone		15:02
*** joesavak has quit IRC		15:04
openstackgerrit	Ilya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	15:04
Daviey	Hi, is this a new CI bug http://logs.openstack.org/81/83981/4/check/check-tempest-dsvm-full/b78800c/console.html ?	15:06
*** gokrokve has quit IRC		15:06
Daviey	can't see anything similar in the recheck page	15:06
Daviey	dammit, wrong window	15:10
*** gokrokve has joined #openstack-keystone		15:17
*** gokrokve_ has joined #openstack-keystone		15:20
*** gokrokve has quit IRC		15:21
*** andreaf has quit IRC		15:24
*** gyee has joined #openstack-keystone		15:30
ayoung	stevemar, I think that approach is a mistake	15:35
ayoung	https://review.openstack.org/#/c/74317/	15:35
ayoung	Jose has done so much for use that I am unwilling to -2...but we should not be going for Eventlet based Kerberos.	15:35
*** Gippa has left #openstack-keystone		15:39
stevemar	ayoung, i asked to lift the -2 because it was there when dolphm went through all the patches during the rc1 timeframe	15:39
ayoung	stevemar, OK.	15:39
ayoung	stevemar, I'm actually just working through a Kerberos and Keystone setup right now	15:40
stevemar	ayoung, i don't have any real issues with the design yet, there is no api spec or blueprint, but i'm just reviewing the code for logic right now	15:40
stevemar	(i guess having no api spec or blueprint would mean that i do have an issue with the design :P)	15:40
*** dstanek has joined #openstack-keystone		15:43
openstackgerrit	David Stanek proposed a change to openstack/keystone: Make the py33 Jenkins job happy https://review.openstack.org/83565	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Replace all use of mox with mock https://review.openstack.org/84050	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: setUp must be called on a fixture's parent first https://review.openstack.org/84051	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fix cache configuration checks https://review.openstack.org/84052	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the size limit tests in Python 3 https://review.openstack.org/84053	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: wip: this needs to be made in oslo https://review.openstack.org/83833	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Fixed the policy tests in Python 3 https://review.openstack.org/84054	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: First real Python 3 tests https://review.openstack.org/83834	15:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Adds several more tests to the Python 3 test run https://review.openstack.org/84055	15:47
*** jaosorior has quit IRC		15:50
*** dstanek has quit IRC		15:56
*** marcoemorais has joined #openstack-keystone		16:02
gyee	dolphm, are you working on https://bugs.launchpad.net/keystone/+bug/1299012. I can work on it if you have not started already. Please let me know.	16:05
dolphm	gyee: take it!	16:05
dolphm	gyee: be sure to attach patches to LP rather than using git-review/gerrit	16:06
gyee	dolphm, how do I do that?	16:06
dolphm	gyee: when you comment on a bug, there's a link to attach a patch	16:06
gyee	dolphm, got it, thanks	16:07
ayoung	dolphm, so I think we need to fix something for REMOTE_USER.	16:11
ayoung	and..I just got called to a meeting.	16:11
dolphm	ayoung: lol i'll be around	16:11
*** jimbaker has joined #openstack-keystone		16:23
*** kun_huang has quit IRC		16:36
*** RockKuo_TW_PC has quit IRC		16:46
*** harlowja_away is now known as harlowja		16:48
*** browne has quit IRC		16:50
*** RockKuo_iPad has joined #openstack-keystone		16:53
*** RockKuo_iPad has quit IRC		16:57
*** browne has joined #openstack-keystone		17:01
*** amerine_ is now known as amerine		17:08
*** leseb_ has quit IRC		17:08
*** leseb has joined #openstack-keystone		17:09
*** rwsu has quit IRC		17:11
*** leseb has quit IRC		17:13
*** gokrokve has joined #openstack-keystone		17:15
*** thiagop has quit IRC		17:17
*** gokrokve_ has quit IRC		17:18
*** thiagop has joined #openstack-keystone		17:20
*** bvandenh has quit IRC		17:24
*** thiagop has quit IRC		17:25
*** thiagop has joined #openstack-keystone		17:25
*** gokrokve has quit IRC		17:31
*** gokrokve has joined #openstack-keystone		17:32
*** gokrokve_ has joined #openstack-keystone		17:34
*** gokrokve has quit IRC		17:36
*** bvandenh has joined #openstack-keystone		17:36
*** gokrokve has joined #openstack-keystone		17:37
*** morganfainberg_Z is now known as morganfainberg		17:38
*** gokrokve_ has quit IRC		17:38
morganfainberg	gyee, dolphm, oh that is a fun one	17:40
gyee	morganfainberg, ya think? :-)	17:42
morganfainberg	gyee, yeah	17:42
morganfainberg	gyee, wow. that is just a bizzare one.	17:43
*** thiagop has quit IRC		17:43
morganfainberg	gyee, i see how it happened	17:43
gyee	morganfainberg, bizzare sure, but I don't think its a security problem	17:44
*** amcrn has joined #openstack-keystone		17:46
morganfainberg	gyee, ++ agree	17:46
*** gokrokve has quit IRC		17:49
*** gokrokve has joined #openstack-keystone		17:49
*** packet has joined #openstack-keystone		17:50
*** dstanek has joined #openstack-keystone		17:50
*** gokrokve has quit IRC		17:53
openstackgerrit	A change was merged to openstack/keystone: Fix the order of assertEqual arguments(keystoneclient, kvs, etc) https://review.openstack.org/77090	18:00
*** marcoemorais has quit IRC		18:03
*** marcoemorais has joined #openstack-keystone		18:07
*** leseb has joined #openstack-keystone		18:08
dstanek	morganfainberg: how's this look to you? https://review.openstack.org/#/c/84052/3	18:10
morganfainberg	dstanek, we need to bump version in global requirements.	18:11
morganfainberg	dstanek, oh wait a sec	18:11
morganfainberg	is is_configured something i implemented or something from upstream?	18:12
*** gyee has quit IRC		18:13
dstanek	morganfainberg: it's upstream	18:13
morganfainberg	ok let me see waht release i got that added in	18:13
morganfainberg	iirc that is newer than global requirements	18:13
dstanek	it shouldn't be because the tests are working OK in jenkins - unless our requirements.txt is newer than the global	18:14
morganfainberg	dstanek, we don't cap dogpile	18:14
dstanek	ah	18:14
morganfainberg	dstanek, >=	18:14
morganfainberg	0.5.1	18:15
*** gyee has joined #openstack-keystone		18:15
bknudson	there's no test that verifies that the min version still works	18:15
bknudson	we ran into that with oauthlib	18:15
morganfainberg	and with sqla	18:16
morganfainberg	going to propose a bump to 0.5.3	18:16
morganfainberg	for post requirement freeze branch (whenever that is)	18:17
dstanek	morganfainberg: ok, these are all Python 3 fixes so i'm not necessarily in a rush	18:17
morganfainberg	also py3k compat is an issue prior to that.	18:17
morganfainberg	0.5.3 fixes a py3k compat issue =/	18:17
morganfainberg	not on a method we use	18:18
morganfainberg	but still	18:18
dstanek	i agree	18:19
morganfainberg	dstanek, https://review.openstack.org/#/c/84200/	18:21
dstanek	nice, thanks	18:22
dstanek	morganfainberg: besides all of the reviews i've already posted i fixed 2 or 3 more test module	18:23
dstanek	s	18:23
dstanek	just have to clean up the change and push	18:23
morganfainberg	dstanek, cool	18:23
*** gokrokve has joined #openstack-keystone		18:29
*** leseb has quit IRC		18:30
*** leseb has joined #openstack-keystone		18:31
*** gokrokve has quit IRC		18:34
*** leseb has quit IRC		18:34
*** gokrokve has joined #openstack-keystone		18:37
*** gokrokve_ has joined #openstack-keystone		18:38
*** gokrokve has quit IRC		18:41
*** leseb has joined #openstack-keystone		18:43
*** gokrokve_ has quit IRC		18:43
*** gokrokve has joined #openstack-keystone		18:51
openstackgerrit	Andreas Jaeger proposed a change to openstack/keystone: Check that all po/pot files are valid https://review.openstack.org/84211	18:54
*** dstanek has quit IRC		18:54
*** joesavak has joined #openstack-keystone		18:56
*** leseb has quit IRC		18:58
*** jsavak has quit IRC		18:59
*** david-lyle has quit IRC		19:00
*** marcoemorais1 has joined #openstack-keystone		19:03
*** marcoemorais1 has quit IRC		19:03
*** marcoemorais1 has joined #openstack-keystone		19:03
*** marcoemorais has quit IRC		19:05
ayoung	dolphm, OK, I'm back, and I've done my homework. I want to remove the deprecation on http://git.openstack.org/cgit/openstack/keystone/tree/keystone/auth/plugins/external.py#n130	19:16
ayoung	Here's the deal: when setting up LDAP it makes more sense for the userid to be 'ayoung' then 'ayoung@REDHAT.COM'	19:17
ayoung	the second is a kerberos view of the world.	19:17
ayoung	sorry, make that usernmae	19:17
ayoung	usename	19:17
ayoung	that being said....disregard, we don't need that.	19:18
* ayoung goes back to homework		19:18
ayoung	OK, we are good. Once I set KrbLocalUserMapping on I got the right outcome. No change necessary, leave the deprecation in there.	19:21
marekd	Good evening everybody!	19:27
marekd	stevemar: o/, wondering if we could talk about that: https://review.openstack.org/#/c/83742/2/keystoneclient/v3/contrib/federation/mappings.py	19:28
stevemar	marekd, sure	19:28
marekd	stevemar: what did you mean by json object? rules in that case are just list of rules and I am basically expecting somebody to put some rules as an argument...	19:29
stevemar	so, it you look at here: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md#policy	19:31
stevemar	marekd, the blob part: "blob": "{\"default\": false}",	19:31
stevemar	i think we should treat rules the same way?	19:31
openstackgerrit	A change was merged to openstack/python-keystoneclient: Reference docstring for auth_token fields https://review.openstack.org/70617	19:34
*** topol has quit IRC		19:36
*** topol has joined #openstack-keystone		19:36
marekd	stevemar: looking.	19:36
stevemar	marekd, just trying to think of how to most easily create a mapping	19:37
stevemar	i suppose it's just a matter of an extra jsonutils call (loads or dumps)	19:38
*** gokrokve has quit IRC		19:40
*** gokrokve has joined #openstack-keystone		19:40
*** topol has quit IRC		19:41
openstackgerrit	Andreas Jaeger proposed a change to openstack/keystone: Check that all po/pot files are valid https://review.openstack.org/84211	19:42
*** gokrokve_ has joined #openstack-keystone		19:42
*** gokrokve has quit IRC		19:45
openstackgerrit	Andreas Jaeger proposed a change to openstack/keystone: Check that all po/pot files are valid https://review.openstack.org/84211	19:46
*** andreaf has joined #openstack-keystone		19:47
*** david-lyle has joined #openstack-keystone		19:47
gyee	ayoung, is there a use case for remote_user and password auth to yield a different user_id?	19:55
gyee	I am looking at this test https://github.com/openstack/keystone/blob/master/keystone/tests/test_v3_auth.py#L2077	19:55
ayoung	gyee, I wanted to knock the REALM off the REMOTE_USER so it matched the uid field in LDAP	19:56
ayoung	hmmm	19:56
gyee	ayoung, so that's a valid test then?	19:56
ayoung	looking	19:56
ayoung	gyee, ah...that was thinking MFA	19:56
gyee	I am trying to make a patch for https://bugs.launchpad.net/keystone/+bug/1299012	19:56
ayoung	so REMOTE_USER could be ayoung@OPENSTACK.ORG but password would just be ayoung	19:57
gyee	ayoung, 5 failed tests related to remote user and password auth combination	19:57
gyee	ayoung, but the 'user_id' should be the same right?	19:57
ayoung	gyee, so I guess it should be "if any of them fails, they all fail?"	19:57
ayoung	user_id....no clue	19:58
openstackgerrit	A change was merged to openstack/keystone: Enable concurrent testing by default https://review.openstack.org/83584	19:58
ayoung	gyee, I guess you need to decided "they all match" or "last one wins"	19:58
gyee	ayoung, the decision is all match	19:58
ayoung	gyee, always?	19:58
gyee	if two pulg-ins yield a different user_id, then something is not right	19:59
*** dstanek has joined #openstack-keystone		20:01
*** marcoemorais1 has quit IRC		20:02
*** marcoemorais has joined #openstack-keystone		20:03
*** marcoemorais has quit IRC		20:03
*** marcoemorais has joined #openstack-keystone		20:03
*** dstanek has quit IRC		20:05
marekd	stevemar: allright, i am back in here. you say the blob part: >> "blob": "{\"default\": false}", <<	20:06
marekd	stevemar: but...you want to send rules as a string directly to the create() method?	20:06
stevemar	marekd, just wanted to bring it to your attention :)	20:16
marekd	stevemar: sure, thanks, I am just asking whether this was your point :-) To expect rules as a string, not an object.	20:17
stevemar	marekd, actually, i think it's fine	20:18
stevemar	it should default to an array, like you have it	20:19
*** rwsu has joined #openstack-keystone		20:22
marekd	ah, but later, pass jsonized string to the 'upper' methods, instead of valid Python object...	20:22
marekd	stevemar: hmmm, to be honest I don't really super-like this idea.	20:22
marekd	stevemar: it's like we should json.dumps() it as late as possible, only to put it into the tcp packets, and probably decode at the server as soon as possible..then you can use it as an object, not a string.	20:23
marekd	stevemar: that's my personal feeling. correct me if I am missing something :)	20:24
*** Mario_ has quit IRC		20:30
*** Mario_ has joined #openstack-keystone		20:31
openstackgerrit	Raildo Mascena de Sousa Filho proposed a change to openstack/keystone: Filter User by project https://review.openstack.org/84136	20:42
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Add CRUD operations for Fedration Mapping Rules. https://review.openstack.org/83742	20:44
marekd	stevemar: ^^ ?	20:44
marekd	jamielennox\|away: stevemar: also this could be reviewed. I hope I addressed all the issues: https://review.openstack.org/#/c/83337/	20:53
*** harlowja is now known as harlowja_away		21:00
*** Mario_ has quit IRC		21:05
*** marcoemorais has quit IRC		21:05
*** marcoemorais has joined #openstack-keystone		21:06
morganfainberg	ayoung, want to bug you about the delete_user calls in assignment patchset, https://review.openstack.org/#/c/80368/ I think we have some wires crossed based upon your assertion	21:18
morganfainberg	ayoung, let me know when you have a few minutes (no rush, can be tomorrow/wed/etc)	21:18
ayoung	morganfainberg, gah	21:18
ayoung	um...looking	21:18
*** harlowja_away is now known as harlowja		21:19
morganfainberg	ayoung, you -2'd it, like i said can be later this week	21:19
ayoung	morganfainberg, yeah....	21:19
*** joesavak has quit IRC		21:19
ayoung	but you've already triggered the interrupt....	21:19
morganfainberg	ayoung, lol if you switch back you can not lose everything	21:20
morganfainberg	ayoung, hurry	21:20
ayoung	too late	21:20
ayoung	core dumped	21:20
morganfainberg	ayoung, damn sorry.	21:20
ayoung	heh no problem. did he resubmit this with changed docs?	21:20
morganfainberg	ayoung, he asked me to help him understand.	21:21
ayoung	so assignemtn should not be triggering delete_users at all, and I panicked and thought that was what the code was doing...is it?	21:21
ayoung	delete_user(self, user_id):989 def handle_delete_user(self, user_id):	21:22
ayoung	975 """Deletes all assignments for a user.	21:22
morganfainberg	no the original code (afaict) was identity triggering a call on assignment on delete_user	21:22
ayoung	as opposed to handle_delete user....OK, that is not a bad name...	21:22
morganfainberg	since identity != assignment	21:22
morganfainberg	so the change here should be to move to the internal callback structure vs. having the drivers call cross-subsystem	21:23
morganfainberg	where only some of the drivers call it.	21:23
ayoung	morganfainberg, just wanted to make sure that the pattern for LDAP, tightly coupling the identity and assignment sides, was not continued	21:23
ayoung	so deleting a user in identity triggeres a callback in the assignment backend>	21:23
morganfainberg	ayoung, that is how it should work, and the intention	21:23
morganfainberg	whether assignment actually does anything is up to the assignment backend / manager	21:24
ayoung	https://review.openstack.org/#/c/80368/9/keystone/credential/core.py why is that not using the decorator?	21:24
morganfainberg	which line?	21:24
ayoung	morganfainberg, the notification decorator, around the delete functions?	21:25
ayoung	its not there...he has that structure he registers on init instead	21:25
morganfainberg	ayoung, we have a notification decorator now to listen for events?	21:26
ayoung	morganfainberg, no, to emit them	21:26
morganfainberg	because credential_api isn't emitting a delete credential event	21:26
ayoung	OK.../me backassed.	21:26
ayoung	disregard	21:26
morganfainberg	yeah no worries.	21:26
ayoung	https://review.openstack.org/#/c/80368/9/keystone/identity/core.py is the decoratro duh	21:26
morganfainberg	ayoung, yep.	21:27
ayoung	this is what you get when I am deep in Kerberos mode...	21:27
morganfainberg	ayoung, no worries man.	21:27
morganfainberg	ayoung, i see some more things in here i am fairly adamantly against and could cause rather nasty issues.	21:27
ayoung	removed the -2	21:27
ayoung	like?	21:28
morganfainberg	ayoung, cool. let me go mark this up with a bunch of -1.	21:28
ayoung	fire 'way	21:28
morganfainberg	ayoung, thanks, i was concerned i was misreading your intention.	21:28
morganfainberg	ayoung, wanted to be sure it was addressed so i could explain it to the reviewer	21:28
morganfainberg	erm submitter	21:28
ayoung	morganfainberg, I misread the patch. Was thinking it was doing something else	21:28
morganfainberg	ayoung, not a worry, it's why i poked ya for it	21:28
morganfainberg	the -1s will be because there is order changes to how deletions are being done now.	21:29
morganfainberg	anyway, i'll let ya back to kerberos land.	21:30
*** stevemar has quit IRC		21:32
ayoung	morganfainberg, thanks...I guess I need to actually get SSL done first, and then Kerberos	21:34
*** andreaf has quit IRC		21:38
*** andreaf has joined #openstack-keystone		21:44
*** flaper87 is now known as flaper87\|afk		21:57
*** dims has quit IRC		21:57
morganfainberg	do we have a V3 specification and what is needed for projects to use V3 (fully support it?)	21:58
morganfainberg	e.g. "why should we use V3 and how do we get there" for projects (e.g. nova) that are currently on V2	21:59
*** andreaf has quit IRC		22:00
*** packet has quit IRC		22:02
*** andreaf has joined #openstack-keystone		22:08
*** lbragstad has quit IRC		22:08
*** nkinder has quit IRC		22:11
*** dims has joined #openstack-keystone		22:12
*** bknudson has quit IRC		22:27
*** lbragstad has joined #openstack-keystone		22:35
morganfainberg	gyee, dolphm, am i crazy, but it looks like keystone.assignment.backends.ldap.ProjectApi.add_user and .remove_user aren't used	22:35
morganfainberg	gyee, afaict that is the whole reason https://review.openstack.org/#/c/80368 needs the notification before the delete occurs	22:36
morganfainberg	gyee, dolphm, which is (as far as i am concerned) a non-starter	22:36
*** lbragstad has quit IRC		22:47
openstackgerrit	Marek Denis proposed a change to openstack/python-keystoneclient: Add CRUD operations for Federated Protocols. https://review.openstack.org/83829	22:53
*** marekd is now known as marekd\|away		22:56
*** marcoemorais has quit IRC		23:00
*** marcoemorais has joined #openstack-keystone		23:01
*** marcoemorais has quit IRC		23:01
*** marcoemorais has joined #openstack-keystone		23:01
*** jamielennox\|away is now known as jamielennox		23:06
gyee	morganfainberg, sorry I was afk, looking now	23:08
morganfainberg	gyee, no worries.	23:08
morganfainberg	gyee, i really don't think that call is used anywhere else (or the .add_user one)	23:08
morganfainberg	gyee, but i wanted a sanity check.	23:09
gyee	morganfainberg, I agree, we shouldn't be sending notification prior to the actual operation	23:10
morganfainberg	gyee, ok cool	23:16
morganfainberg	thanks	23:16
*** nkinder has joined #openstack-keystone		23:21
*** david-lyle has quit IRC		23:30
jamielennox	dtroyer: hey, does this satisfy some of your need for auth/session split? https://review.openstack.org/#/c/83673/	23:44
jamielennox	it makes the whole thing very request-y but i like the idea (though i'm still fairly happy with not actually subclassing requests.Session)	23:45
*** Chicago has quit IRC		23:46
dtroyer	it still feels backwards to me…you have Session containing auth-y things rather than just knowing how to ask an auth object passed in to do that for it	23:46
dtroyer	I think the subclass question is orthoganal and we can arm-wrestle for that one	23:47
jamielennox	so you mean how it calls auth.get_endpoint and auth.get_token?	23:47
dtroyer	btw, it was trying to test the subclass version that finally brought me around to httpretty, at least for low-level stuff	23:47
jamielennox	session.get_token and session.get_endpoint are essentially just v. thin wrappers around that	23:47
jamielennox	dtroyer: i saw that there is some other mocking thing people want to bring in - i don't mind httpretty is kind of ugly internally	23:48
dtroyer	so I might be able to swallow that, it is much better than before	23:48
jamielennox	but i was thinking when i wrote: https://review.openstack.org/#/c/82007/	23:49
jamielennox	that it's so very easy when passing a requests.Session object that that would be an ideal place to write out own request stubbing logic that would actually test all of our stack	23:49
jamielennox	I mean the only call ever made to a requests.Session object is .request - stub that for testing	23:50
dtroyer	I haven't tried, damn, what was it…httmock? or something like that. it looks new though, not sure about its maturity level yet.	23:50
*** browne has quit IRC		23:50
jamielennox	something like that, it's the same thing but it stubs as the requests level which has pros and cons	23:51
jamielennox	but i chose httpretty because at the time (and still) there are clients using httplib and httpretty covered both	23:51
jamielennox	and honestly the socket interface is way more stable than requests at least lately	23:51
dtroyer	yeah, for requests-level and below I'm happy with it. above that I'm not sure especially the higher you get up the stack	23:53
dtroyer	and I haven't had an issue mocking out session.requests for everything else	23:53
dtroyer	err, Session.request()	23:53
jamielennox	my issue with mocking session.requests is every time an argument changes the mock has to change	23:53
*** david-lyle has joined #openstack-keystone		23:53
jamielennox	eg, i was trying to fit kc sessions into cinderclient and i would have to change all the arguments for things like forwarding which the mock shouldn't care about	23:54
dtroyer	I think you're just in a quagmire there no matter which way you slice it ;)	23:54
jamielennox	anyway - it was making me thing that if you can pass a Fake Session object like in that review then we can do really simple testing that way	23:55
dtroyer	I do like that idea	23:56
*** RockKuo_iPad has joined #openstack-keystone		23:57
*** david-lyle has quit IRC		23:58
jamielennox	alright - i'll add some tests and bring the passing auth plugin out of WIP	23:58
*** RockKuo_iPad has quit IRC		23:58
jamielennox	once it was done i liked it as well because it means eg horizon will get a lot better use out of it	23:58
jamielennox	the only concern i have is that i'm completely clobbering the requests auth= kwarg but i can do a work around for that	23:59
*** gokrokve_ has quit IRC		23:59
*** gokrokve has joined #openstack-keystone		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!