Tuesday, 2014-07-01

*** daneyon has quit IRC00:04
openstackgerritClayton O'Neill proposed a change to openstack/keystone: Add pluggable range functions for token flush  https://review.openstack.org/10172600:13
*** zigo has quit IRC00:17
*** zigo has joined #openstack-keystone00:21
*** gokrokve has quit IRC00:26
*** praneshp has quit IRC00:27
*** erecio has joined #openstack-keystone00:28
*** zigo has quit IRC00:35
*** marcoemorais has quit IRC00:45
*** marcoemorais has joined #openstack-keystone00:45
*** zigo has joined #openstack-keystone00:47
*** henrynash has quit IRC00:48
*** marcoemorais has quit IRC00:49
*** marcoemorais has joined #openstack-keystone00:49
*** rodrigods has quit IRC00:54
*** marcoemorais has quit IRC00:55
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Convert keystone CLI to use auth plugins  https://review.openstack.org/9568001:03
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Plugin loading from config objects  https://review.openstack.org/7954201:03
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Session loading from conf  https://review.openstack.org/9501501:03
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Session loading from CLI options  https://review.openstack.org/9567801:03
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Allow loading auth plugins from CLI  https://review.openstack.org/9567901:03
*** gokrokve has joined #openstack-keystone01:05
*** dstanek is now known as dstanek_zzz01:06
*** gokrokve_ has joined #openstack-keystone01:07
*** rodrigods has joined #openstack-keystone01:09
*** gokrokve has quit IRC01:10
*** richm has left #openstack-keystone01:16
*** diegows has quit IRC01:20
*** erecio has quit IRC01:23
*** hrybacki has quit IRC01:25
openstackgerritLance Bragstad proposed a change to openstack/keystone: Fix docs for pki_setup and ssl_setup references  https://review.openstack.org/10369701:28
*** hrybacki has joined #openstack-keystone01:29
*** hrybacki has quit IRC01:32
*** mberlin has quit IRC01:34
*** dstanek_zzz is now known as dstanek01:36
morganfainbergdtroyer, ping wanted to check up with you on two devstack changes01:39
morganfainbergdtroyer, https://review.openstack.org/#/c/102326/ and https://review.openstack.org/#/c/101611/01:39
openstackgerritA change was merged to openstack/keystonemiddleware: add README  https://review.openstack.org/10362801:45
*** gokrokve_ has quit IRC01:45
morganfainbergdtroyer, responded to your comment on the latter one01:46
openstackgerritA change was merged to openstack/keystonemiddleware: add CONTRIBUTING.rst  https://review.openstack.org/10363101:46
*** mberlin has joined #openstack-keystone01:50
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add a fixture for Keystone version discovery  https://review.openstack.org/9984601:53
*** stevemar has joined #openstack-keystone02:08
*** nsquare has quit IRC02:11
*** bobt has joined #openstack-keystone02:19
*** rodrigods has quit IRC02:23
*** zhiyan_ is now known as zhiyan02:38
*** navid has quit IRC02:41
openstackgerritLance Bragstad proposed a change to openstack/keystone: Fix docs and scripts for pki_setup and ssl_setup  https://review.openstack.org/10369702:44
openstackgerritLance Bragstad proposed a change to openstack/keystone: Fix docs and scripts for pki_setup and ssl_setup  https://review.openstack.org/10369702:46
*** dims_ has quit IRC02:46
*** zhiyan is now known as zhiyan_02:50
*** zhiyan_ is now known as zhiyan02:51
dstaneklbragstad_: i just commented again on that review - i think two minor tweaks and then a +2 is in order02:58
*** harlowja is now known as harlowja_away03:02
*** harlowja_away is now known as harlowja03:09
*** praneshp has joined #openstack-keystone03:10
*** harlowja is now known as harlowja_away03:10
*** harlowja_away is now known as harlowja03:11
*** praneshp_ has joined #openstack-keystone03:13
*** praneshp has quit IRC03:16
*** praneshp_ is now known as praneshp03:16
jamielennoxdstanek: assume you're gone but i change that review so keystoneclient will always depend on oslo.config03:26
dstanekjamielennox: i'm never gone!03:33
dstanekjamielennox: nice, i'll take a look03:34
jamielennoxdstanek: that might not be healthy03:34
jamielennoxit was was https://review.openstack.org/#/c/95015/03:34
jamielennoxthanks, i need to push that along03:34
morganfainbergdstanek, you should sleep sometime :P03:35
morganfainbergjamielennox, ah conf patch redux?03:36
dstanekmorganfainberg: ha, it's not even midnight yet03:36
jamielennoxmorganfainberg: i caved and used oslo.config for describing plugin parameters later in the series03:36
morganfainbergjamielennox ah03:37
jamielennoxif i'm going to do that there's no point checking whether it's available03:37
jamielennoxmeans we will always have a dep on oslo.config though03:37
morganfainbergnot a lot different than most of OpenStack03:37
jamielennoxmorganfainberg: it's different on the client side03:37
dstanekjamielennox: i'd be surprised if that doesn't eventually change03:45
jamielennoxdstanek: yea, well given that the servers are a large precentage of the consumers it's not a big deal, i know dtroyer is against it for OSC, but he has it there implicitly now anyway03:46
*** daneyon has joined #openstack-keystone03:46
jamielennoxthe annoying part is that i get almost no current benefit from it, oslo.config is kinda crap unless you are writing servers03:47
jamielennoxit gives them a reason to fix that though03:47
dstanekjamielennox: is there any reason why you created the _make classmethod instead of just specifying the default values on construct?03:59
*** chandan_kumar has joined #openstack-keystone03:59
kashyapHi, can any other more experienced Keystone dev please confirm my testing (and NACK) here is valid? -- https://review.openstack.org/#/c/103188/ (Register the CA chain in glance)03:59
jamielennoxdstanek: construct() is a little funny in that it takes an in/out dictionary so that after calling construct you can tell if you have leftover kwargs04:00
dstanekjamielennox: ah, it's misleading because the name is kwargs, but it's not actually kwargs04:01
dstanekthat part was folded away in the review :-(04:02
*** fifieldt has quit IRC04:11
*** gyee has quit IRC04:11
*** jamielennox has quit IRC04:11
*** ekarlso has quit IRC04:11
*** chmouel has quit IRC04:11
*** gyee_ has quit IRC04:11
*** ByteSore has quit IRC04:11
*** mrda has quit IRC04:12
*** erecio has joined #openstack-keystone04:21
*** mrda has joined #openstack-keystone04:22
*** fifieldt has joined #openstack-keystone04:22
*** gyee has joined #openstack-keystone04:22
*** chmouel has joined #openstack-keystone04:22
*** gyee_ has joined #openstack-keystone04:22
*** ekarlso has joined #openstack-keystone04:22
*** jamielennox has joined #openstack-keystone04:22
*** ByteSore has joined #openstack-keystone04:22
*** gyee has quit IRC04:31
*** jamielennox has quit IRC04:31
*** gyee has joined #openstack-keystone04:31
*** jamielennox has joined #openstack-keystone04:32
*** IAmNewB has joined #openstack-keystone04:44
*** gokrokve has joined #openstack-keystone04:45
IAmNewBHello, I am setting up keystone with postgres database, while db_sync i am getting error "[root@swiftProxyNode ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone 2014-06-30 22:08:36.304 10925 CRITICAL keystone [-] (OperationalError) could not connect to server: Connection refused Is the server running on host "keystonehost" and accepting TCP/IP connections on port 5432?  None None"04:45
jamielennoxIAmNewB: what is the connection string in your config file?04:47
jamielennoxthe [database] connection= string04:47
IAmNewBjamielennox : connection = postgresql://keystone:Passw0rd@keystonehost/keystone04:49
jamielennoxso is keystonehost correct there? you're saying that the machine name is keystonehost?04:49
IAmNewBkeystonehost host is resolving to the ip address of machine04:50
jamielennoxok, so can you telnet keystonehost 5432 ?04:51
IAmNewBi changed keystonehost to now my connection looks like connection = postgresql://keystone:Passw0rd@
IAmNewBnow i am getting 2014-06-30 22:17:53.437 11427 CRITICAL keystone [-] (OperationalError) FATAL:  Ident authentication failed for user "keystone"  None None04:51
jamielennoxoh - ok, i think you've got postgres misconfigured04:51
jamielennoxi'm not particularly good at postgres configs, but what do you have in your hba.conf?04:52
IAmNewBfor telnet keystonehost 5432 it is saying the connection refused04:52
*** nsquare has joined #openstack-keystone04:52
jamielennoxok, so postgres isn't accepting connections on the port04:53
*** erecio has quit IRC04:53
IAmNewBis it /etc/hba.conf ? or /var/lib/pgsql/data/pg_hba.conf04:53
jamielennoxthe second04:54
jamielennox(oh - and is postgres running? )04:54
IAmNewBlocal   all         all                               ident host    all         all          ident host    all         all         ::1/128               ident host all all trust04:55
IAmNewByes, postmaster (pid  10912) is running...04:55
jamielennoxfor host all all ident change ident to md504:56
jamielennoxrestart, have another try04:57
jamielennoxalso do sudo netstat -ltpn and make sure postgres is in there on :543204:58
IAmNewByes, it started working04:58
jamielennoxit might be an iptables rule or something04:58
IAmNewBi can add user and list user04:58
IAmNewBthank you very much04:59
jamielennoxIAmNewB: no problem04:59
*** ajc_ has joined #openstack-keystone04:59
IAmNewBwhat was the issue and how you noticed it ?05:00
jamielennoxso that last parameter in pg_hba.conf is what sort of authentication mechanism you use when connection to postgres05:01
jamielennoxi can't remember what ident does, but it's something to do with getting your username from the operating system05:01
jamielennoxchanging that to md5 says to expect the username and password (an md5 hash of the password) to be presented in the connection - and we need that here05:02
jamielennoxas for noticing it, i've just done it a few times05:03
IAmNewBwith ident if i try to do psql with keystone it fails with  psql -h localhost -U keystone -W Password for user keystone:  psql: could not connect to server: Connection refused Is the server running on host "localhost" and accepting TCP/IP connections on port 5432? FATAL:  Ident authentication failed for user "keystone"05:04
IAmNewBbut with md5 i am able to login05:04
IAmNewBthanks for the explaination and help05:05
*** dstanek is now known as dstanek_zzz05:05
*** harlowja is now known as harlowja_away05:06
*** ukalifon has joined #openstack-keystone05:09
*** dstanek_zzz is now known as dstanek05:13
*** topol has quit IRC05:19
*** daneyon has quit IRC05:21
*** daneyon has joined #openstack-keystone05:21
*** dstanek is now known as dstanek_zzz05:28
*** tkelsey has joined #openstack-keystone05:32
*** gokrokve has quit IRC05:33
*** daneyon has quit IRC05:33
*** chandan_kumar has quit IRC05:37
openstackgerritguang-yee proposed a change to openstack/keystone: X.509 SSL certificate authentication plugin  https://review.openstack.org/10373605:42
*** gyee has quit IRC05:47
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/10338006:00
openstackgerritA change was merged to openstack/keystone: Move bash8 to run under pep8 tox env  https://review.openstack.org/10329906:07
*** zigo has quit IRC06:13
*** henrynash has joined #openstack-keystone06:13
*** stevemar has quit IRC06:13
*** zigo has joined #openstack-keystone06:14
*** dstanek_zzz is now known as dstanek06:29
*** henrynash has quit IRC06:32
*** chandan_kumar has joined #openstack-keystone06:41
*** nsquare has quit IRC06:51
*** amerine has quit IRC06:56
openstackgerritwanghong proposed a change to openstack/keystone: Do not consume trust uses when create token fails  https://review.openstack.org/10344506:59
*** nsquare has joined #openstack-keystone06:59
*** amerine has joined #openstack-keystone06:59
*** nsquare has quit IRC07:00
openstackgerritlawrancejing proposed a change to openstack/keystone: Fix the section name in CONTRIBUTING.rst  https://review.openstack.org/10375807:00
*** amerine_ has joined #openstack-keystone07:03
*** BAKfr has joined #openstack-keystone07:05
openstackgerritlawrancejing proposed a change to openstack/python-keystoneclient: Add CONTRIBUTING.rst  https://review.openstack.org/10376107:06
*** amerine has quit IRC07:06
openstackgerritDavid Stanek proposed a change to openstack/keystone: Fixes the order of assertEqual arguments  https://review.openstack.org/7751407:12
openstackgerritwanghong proposed a change to openstack/keystone: trustor_user_id not available in v2 trust token  https://review.openstack.org/10182907:12
*** morganfainberg is now known as morganfainberg_Z07:12
*** amerine has joined #openstack-keystone07:18
*** amerine__ has joined #openstack-keystone07:19
*** amerine_ has quit IRC07:20
*** amerine has quit IRC07:23
*** dstanek is now known as dstanek_zzz07:24
*** praneshp has quit IRC07:27
*** amerine has joined #openstack-keystone07:31
*** amerine__ has quit IRC07:34
openstackgerritwanghong proposed a change to openstack/keystone: auth tests should not require admin token  https://review.openstack.org/10186107:37
*** mrda is now known as mrda-away07:49
*** erecio has joined #openstack-keystone07:51
*** leseb has joined #openstack-keystone07:55
*** morganfainberg_Z is now known as morganfainberg07:55
*** mberlin has quit IRC08:01
*** marekd|away is now known as marekd08:08
*** henrynash has joined #openstack-keystone08:11
*** dstanek_zzz is now known as dstanek08:15
*** mberlin has joined #openstack-keystone08:15
*** erecio has quit IRC08:24
*** dstanek is now known as dstanek_zzz08:25
*** leseb has quit IRC08:38
*** leseb has joined #openstack-keystone08:38
*** andreaf_ has joined #openstack-keystone08:39
*** leseb has quit IRC08:42
openstackgerritlawrancejing proposed a change to openstack/python-keystoneclient: Use immutable arg rather mutable arg  https://review.openstack.org/10380108:42
*** leseb has joined #openstack-keystone09:00
*** andreaf has quit IRC09:10
*** andreaf_ is now known as andreaf09:11
*** andreaf_ has joined #openstack-keystone09:11
*** dstanek_zzz is now known as dstanek09:16
openstackgerrithenry-nash proposed a change to openstack/keystone: Add identity mapping capability  https://review.openstack.org/10243009:17
*** lbragstad_ has quit IRC09:22
*** jdennis has quit IRC09:22
*** jdennis has joined #openstack-keystone09:23
*** lbragstad_ has joined #openstack-keystone09:24
*** dstanek is now known as dstanek_zzz09:26
*** oomichi has quit IRC09:30
*** dstanek_zzz is now known as dstanek09:48
*** henrynash has quit IRC09:52
*** henrynash has joined #openstack-keystone09:53
*** amerine has quit IRC09:53
*** dstanek is now known as dstanek_zzz09:58
*** amerine has joined #openstack-keystone10:08
*** chandan_kumar has quit IRC10:47
*** leseb has quit IRC10:47
*** leseb has joined #openstack-keystone10:47
*** dstanek_zzz is now known as dstanek10:49
*** openstack has joined #openstack-keystone10:51
-dickson.freenode.net- [freenode-info] why register and identify? your IRC nick is how people know you. http://freenode.net/faq.shtml#nicksetup10:51
*** leseb has quit IRC10:52
*** dstanek is now known as dstanek_zzz10:59
*** jaosorior has joined #openstack-keystone11:06
*** dims_ has joined #openstack-keystone11:07
*** topol has joined #openstack-keystone11:11
*** rodrigods has joined #openstack-keystone11:15
*** rodrigods has quit IRC11:16
*** tkelsey has quit IRC11:17
*** leseb has joined #openstack-keystone11:18
*** chandan_kumar has joined #openstack-keystone11:20
*** erecio has joined #openstack-keystone11:22
*** leseb has quit IRC11:24
*** IAmNewB has quit IRC11:25
*** diegows has joined #openstack-keystone11:28
otwieraczI wanted to send my patch for review.11:30
otwieraczI've created branch „fix_bug_1313837”.11:31
otwieraczBut I am not sure how I should now push my changes.11:32
openstackgerritAndre Aranha proposed a change to openstack/keystone: Hierarchical Multitenacy  https://review.openstack.org/10385011:33
openstackgerritJuan Manuel Ollé proposed a change to openstack/python-keystoneclient: Keystoneclient create user API should have optional password.  https://review.openstack.org/9759711:35
*** leseb has joined #openstack-keystone11:42
marekdotwieracz: commit your changes11:43
marekdotwieracz: and type git review (I assume you have configured gerrit)11:43
otwieraczand then git review?11:43
marekdotwieracz: if everything is fine new branch will be created on gerrit11:44
openstackgerritSlawomir Gonet proposed a change to openstack/keystone: Exception messages format changed to match one used in other componetns (no period at the end of message in cases where it can make problems while copying from terminal).  https://review.openstack.org/10385211:45
*** dstanek_zzz is now known as dstanek11:50
*** leseb has quit IRC11:56
*** leseb has joined #openstack-keystone12:00
*** dstanek is now known as dstanek_zzz12:00
*** achampion has quit IRC12:04
*** kashyap_bbiab has joined #openstack-keystone12:08
*** kashyap_bbiab has quit IRC12:09
*** kashyap_bbiab has joined #openstack-keystone12:09
*** kashyap` has joined #openstack-keystone12:10
*** kashyap has quit IRC12:11
*** kashyap_bbiab has quit IRC12:14
*** kashyap` is now known as kashyap12:16
*** ajc_ has quit IRC12:17
*** rodrigods has joined #openstack-keystone12:17
*** dhellmann is now known as dhellmann_12:19
*** mitz_ has quit IRC12:25
*** dims_ has quit IRC12:32
*** dims_ has joined #openstack-keystone12:32
*** hrybacki has joined #openstack-keystone12:42
*** hrybacki has quit IRC12:43
*** hrybacki has joined #openstack-keystone12:43
*** tkelsey has joined #openstack-keystone12:43
*** dstanek_zzz is now known as dstanek12:50
*** topol has quit IRC12:54
*** xianghuihui has joined #openstack-keystone12:56
*** chandan_kumar has quit IRC12:59
*** achampion has joined #openstack-keystone12:59
*** xianghui has quit IRC12:59
*** dstanek is now known as dstanek_zzz13:00
*** _elmiko is now known as elmiko13:07
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/10180013:07
*** chandan_kumar has joined #openstack-keystone13:07
*** nkinder_ has quit IRC13:09
*** rodrigods has quit IRC13:14
*** joesavak has joined #openstack-keystone13:17
*** chandan_kumar is now known as chandankumar13:30
*** topol has joined #openstack-keystone13:31
*** hrybacki_ has joined #openstack-keystone13:31
openstackgerritMarek Denis proposed a change to openstack/identity-api: Fix links sections in OS-FEDERATION docs  https://review.openstack.org/10388813:32
openstackgerritMarek Denis proposed a change to openstack/identity-api: Fix links sections in federation mapping docs  https://review.openstack.org/10388813:34
*** hrybacki has quit IRC13:35
*** hrybacki_ has quit IRC13:36
*** bobt has quit IRC13:38
*** rodrigods has joined #openstack-keystone13:42
*** rodrigods has quit IRC13:42
*** rodrigods has joined #openstack-keystone13:42
*** hrybacki has joined #openstack-keystone13:42
*** dstanek_zzz is now known as dstanek13:51
*** nkinder_ has joined #openstack-keystone13:55
*** chandan_kumar has joined #openstack-keystone13:58
*** chandankumar has quit IRC13:59
*** chandan_kumar is now known as chandan|afk14:00
*** chandan|afk is now known as ciypro|afk14:00
*** david-lyle has joined #openstack-keystone14:01
*** chandan_kumar has joined #openstack-keystone14:04
*** gokrokve has joined #openstack-keystone14:06
hrybackibknudson: could I pick your brain about the test in https://review.openstack.org/#/c/103229/2/keystoneclient/tests/v2_0/test_endpoints.py  ?14:07
*** gokrokve_ has joined #openstack-keystone14:07
bknudsonhrybacki: ok14:07
hrybackibknudson: please keep in mind I'm still learning a lot of these testing functions14:08
hrybackibknudson: so what I really want is to submit a request like the one on line 8714:09
*** chandan_kumar is now known as chandankumar14:09
bknudsonhrybacki: isn't that what line 112 does?14:09
hrybackiand then make sure that the endpoint was created like we would expect using adminurl=None and internalurl=None14:09
bknudsonhrybacki: the client tests don't actually create anything14:10
hrybackiit does -- I was basing the test structure off of the test on line 4214:10
bknudsonthe client tests simulate what the server would respond with14:10
*** gokrokve has quit IRC14:11
bknudsonso the client tests need to validate that an API call generates the expected request and can parse the expected response14:11
hrybackithat's what the stub_url call is for?14:11
bknudsony, stub_url generates the simulated response from the server14:11
hrybackiokay, and _that_ should return a json with the other params + admin/internalurl=None14:12
hrybackiand 'self.client.endpoints.create(...)' will post to that stubbed url and get the response I just talked about back?14:13
bknudsonmaybe stub_url should setup the response so that it has admin/internalurl=None... I'm not sure what the server typically responds with in this case.14:14
bknudsongive it a try14:14
openstackgerritRyan Bak proposed a change to openstack/keystone: LDAP: Added documentation for debug_level option  https://review.openstack.org/9467914:14
bknudsony, 'self.client.endpoints.create(...)' does a request and the stubbed url will generate a reply14:15
bknudsonif the client call hits the wrong url then it would get a 404 or something14:16
*** jamielennox has quit IRC14:17
*** radez_g0` is now known as radez14:18
*** jamielennox has joined #openstack-keystone14:19
openstackgerritMarek Denis proposed a change to openstack/identity-api: Remove Trusted Attributes API from Identity docs  https://review.openstack.org/10390514:19
*** erecio has quit IRC14:19
*** daneyon has joined #openstack-keystone14:20
hrybackibknudson: okay so when I set the stub_url json to include adminurl: None, internalurl: None, the 'None's become 'null's after being pulled from httpretty.last_request().body14:20
*** jamielennox_ has joined #openstack-keystone14:21
*** daneyon has quit IRC14:21
*** daneyon has joined #openstack-keystone14:21
bknudsonhrybacki: weird.14:22
bknudsonhrybacki: is that a bug in httpretty?14:22
hrybackibknudson: I'm not sure -- want me to post a patch so you can see it?14:22
*** jamielennox_ is now known as jamielennox|away14:22
hrybackior recreate it rather14:22
bknudsonhrybacki: might as well14:23
*** jamielennox has quit IRC14:23
openstackgerrithenry-nash proposed a change to openstack/keystone: Add identity mapping capability  https://review.openstack.org/10243014:24
*** rodrigods has quit IRC14:25
*** rodrigods has joined #openstack-keystone14:25
hrybackibknudson: it'll be up in a second -- my vm seems to loose it's network connection whenever my laptop sleeps forcing me to restart the vm14:27
*** dims_ has quit IRC14:28
openstackgerritHarry Rybacki proposed a change to openstack/python-keystoneclient: Add tests without optional create endpoint params  https://review.openstack.org/10322914:28
*** vhoward- has joined #openstack-keystone14:31
bknudsonhrybacki: I tried running the test and it fails14:32
hrybackiyes, because the None's are being converted to Nulls and I'm not sure why14:33
bknudsonI don't know what that means... None is converted to Nulls14:33
hrybackione second14:34
*** vhoward- has left #openstack-keystone14:34
marekdbknudson: how usually is None represented when Keystone returns it in JSON response?14:36
marekdbknudson: is it somehow serialized to binary (or something)?14:36
bknudsonJSON uses null for the same thing that python uses None for14:36
hrybackibknudson: okay, on line 104 of test_endpoints assertRequestBodyIs is called against the expected response starting on line 8614:36
marekdbknudson: exactly, maybe httpretty maps None->null because it sees json14:37
hrybackibut when the body from the last request is called via 'last_request_body = httpretty.last_request().body' the 'None's that were sent in the actual request have become 'null'14:37
hrybackiand the test fails14:38
hrybackimarekd: if that's the case how would I account for that in the test?14:38
otwieraczpy33 tests do not pass for me.14:40
*** gokrokve_ has quit IRC14:40
otwieraczeven on original keystone sources14:40
*** dims_ has joined #openstack-keystone14:41
bknudsonhrybacki: the test fails for me because the expected request doesn't match the actual request14:42
bknudsonthe actual request has "u'adminurl': None, u'internalurl': None" and the reference request doesn't have those.14:42
openstackgerritA change was merged to openstack/keystone: Updated from global requirements  https://review.openstack.org/10180014:43
*** daneyon has quit IRC14:44
hrybackibknudson: well I'm not sure how to check against the request body that was sent (as it will never match the response)14:46
hrybackibknudson: should I modify it post request (adding the Nones it should have) and then check against that?14:46
bknudsonhrybacki: do the tests pass if you "modify it post request (adding the Nones it should have)" ?14:48
hrybackibknudson: yes, but this all seems rather hackish14:51
bknudsonhrybacki: that's probably not the right way to do it then14:51
*** gokrokve has joined #openstack-keystone14:52
hrybackibknudson: indeed, I'm just not sure how to move forward14:53
bknudsonseems like eq_body_without_defaults should have 'adminurl': None, 'internalurl': None14:53
hrybackibknudson: but then we aren't actually testing create() without handing it those defaults, right?14:54
*** xianghuihui has quit IRC14:54
bknudsonhrybacki: the call to create() is at line 98 in https://review.openstack.org/#/c/103229/3/keystoneclient/tests/v2_0/test_endpoints.py14:54
bknudsonand that call doesn't use adminurl or internalurl , so the defaults will be used14:55
hrybackibknudson: god damnit14:55
hrybackithank you14:55
bknudsonno problem14:57
*** mitz_ has joined #openstack-keystone14:57
*** mitz_ has quit IRC14:57
hrybackibknudson: as far as populating the service_id with a UUID, should that be done for the just above mine as well? If so, should I do that in this change or should that be another change?14:59
*** vhoward- has joined #openstack-keystone14:59
*** david-lyle has quit IRC14:59
*** david-lyle has joined #openstack-keystone15:00
*** dstanek is now known as dstanek_zzz15:02
bknudsonhrybacki: don't make changes in urelated parts of the code in the same commit.15:03
*** david-lyle has quit IRC15:03
bknudsonso that would be a separate commit if you think it's worth it15:03
*** david-lyle has joined #openstack-keystone15:03
*** david-lyle has quit IRC15:03
hrybackibknudson++ uniformity is good. Should there be a bug created for the other test and then a commit to close that bug? Trying to get the workflow down.15:04
hrybackiuniformity in code is good15:04
*** david-lyle has joined #openstack-keystone15:04
bknudsonif you want to open a bug you can do that. I wouldn't.15:04
*** gokrokve has quit IRC15:08
*** mitz has quit IRC15:08
*** jsavak has joined #openstack-keystone15:08
*** dstanek_zzz is now known as dstanek15:09
*** joesavak has quit IRC15:11
*** mitz has joined #openstack-keystone15:12
*** david-lyle has quit IRC15:12
openstackgerritDolph Mathews proposed a change to openstack/keystone-specs: Propose Specification for Endpoint Group Filter  https://review.openstack.org/10202315:16
openstackgerritHarry Rybacki proposed a change to openstack/python-keystoneclient: Add tests without optional create endpoint params  https://review.openstack.org/10322915:19
*** praneshp has joined #openstack-keystone15:20
dolphmhrybacki: for refactors that only impact developers, bug reports don't serve too much use15:26
hrybackidolphm: okay15:26
*** erecio has joined #openstack-keystone15:33
hrybackiDo the zuul tests have any sort of priority metrics built in that we know of?15:35
openstackgerritMarek Denis proposed a change to openstack/identity-api: Add public key API for Identity provider  https://review.openstack.org/10392515:39
marekddolphm: hey there. I pushed some changed for public_keys tied to IdP objects in Keystone. I don't have any strong opinions whether the key should be directly embeded in identity_provider object or tied to it.15:40
marekddolphm: https://review.openstack.org/#/c/103925/1/v3/src/markdown/identity-api-v3-os-federation-ext.md15:40
*** gokrokve has joined #openstack-keystone15:43
*** dstanek is now known as dstanek_zzz15:47
dolphmmarekd: would there ever be multiple public keys per idp?15:49
dolphmmarekd: if it's 1:1, then i'd just include it as an attribute of an IdP. if it could be 1:many or even many:many, then make it a separate collection15:50
dolphmhrybacki: priority metrics?15:50
dolphmhrybacki: some changes are marked as priority, but i'm not sure what that looks like in zuul's API. i just know that those changes can jump ahead in the queue15:51
hrybackidolphm: okay -- was just wondering if it did anything odd while determining what changes get the most resources15:52
*** stevemar has joined #openstack-keystone15:52
dolphmhrybacki: oh, i'm not aware of any kind of priority in that respect15:52
*** stevemar has quit IRC15:52
*** thedodd has joined #openstack-keystone15:54
marekddolphm: well, old specs include multiple keys, but...do we really need it? There is only one pub/priv keypair configured in Keystone awhen it comes to PKI tokens, right?15:55
dolphmmarekd: for token signing? yes15:56
marekddolphm: yes, for token signing.15:56
marekddolphm: imho at the current state it will work essentialy in the same way...15:56
marekddolphm: KeystoneIdP will rather sign the token, not encrypt it.15:57
*** praneshp has quit IRC15:57
marekddolphm: unless you think token to be used w/ remote cloud should be encrypted.15:57
morganfainbergdolphm, marekd, wouldn't there need to be multiple keys per idp for rotation? or is that out of scope?15:58
marekdmorganfainberg: rotation?15:59
morganfainbergmarekd, changing the keys (security)15:59
morganfainbergmarekd, strictly operator concern15:59
*** praneshp has joined #openstack-keystone15:59
marekdthis would be human step, how often do you think this should be caried out?15:59
marekdand why not just replace keys?16:00
marekdmorganfainberg: ^^16:00
morganfainbergmarekd, that was why i asked if it was out of scope16:00
morganfainbergmarekd, and i'm fine with it being out of scope16:00
marekdmorganfainberg: dolphm if we have multiple keys than we are risking or a round robin: "lets try key 1, ohh, didn't work, how about key 2?, this one didn't work either so let's raise an exception"16:01
*** vhoward- has left #openstack-keystone16:01
marekddolphm: morganfainberg are we good with that?16:02
*** chandankumar has quit IRC16:02
morganfainbergmarekd, sure. no need to do multiple keys16:03
*** david-lyle has joined #openstack-keystone16:03
marekdmorganfainberg: as i said i don't have strong opinions, just trying to follow the  KISS rule :-)16:04
morganfainbergmarekd, ++16:04
marekdmorganfainberg: dolphm: are we good with just signing a token, or it should be encrypted? I think signing is fine. All in all we will try not to expose any sensitive information.16:05
raildoSomeone can explain me how it works  (if it works) the API Policies in Keystone: http://developer.openstack.org/api-ref-identity-v3.html#policies-v3 ?16:09
*** BAKfr has quit IRC16:14
*** guitarzan has joined #openstack-keystone16:15
guitarzanhi folks, this might be a dumb question, but what is supposed to happen when you have two endpoints to the same service type in the same region?16:18
*** zhiyan is now known as zhiyan_16:19
*** leseb has quit IRC16:19
*** gyee_ has quit IRC16:20
*** joesavak has joined #openstack-keystone16:20
*** erecio has quit IRC16:21
*** jose-idar has joined #openstack-keystone16:21
*** jsavak has quit IRC16:23
*** andreaf has quit IRC16:26
*** gyee has joined #openstack-keystone16:28
*** dstanek_zzz is now known as dstanek16:28
openstackgerritMarek Denis proposed a change to openstack/identity-api: Add public key API for Identity provider  https://review.openstack.org/10392516:36
*** tkelsey has quit IRC16:40
*** dims_ has quit IRC16:41
*** dims_ has joined #openstack-keystone16:42
*** erecio has joined #openstack-keystone16:48
morganfainbergi think i'm spoiled by Mock() being so much better than Mox16:51
*** jaosorior has quit IRC16:52
openstackgerritLance Bragstad proposed a change to openstack/keystone: Fix docs and scripts for pki_setup and ssl_setup  https://review.openstack.org/10369716:52
*** bobt has joined #openstack-keystone16:58
*** chandan_kumar has joined #openstack-keystone17:04
*** harlowja_away is now known as harlowja17:06
henrynashmorganfainberg, ayoung: https://review.openstack.org/#/c/102430 is looking for a final +2…17:07
*** richm has joined #openstack-keystone17:07
*** amcrn has joined #openstack-keystone17:14
*** amcrn has quit IRC17:15
*** dstanek is now known as dstanek_zzz17:22
*** nsquare has joined #openstack-keystone17:23
*** dstanek_zzz is now known as dstanek17:25
lbragstad_dstanek: thanks for the info on the doc strings17:26
*** rodrigods_ has joined #openstack-keystone17:28
*** lbragstad_ is now known as lbragstad17:31
otwieraczok, guys:17:32
otwieraczThere's problem with commit message line length.17:33
otwieraczWhat should I do? Resend it? or what?17:33
*** erecio has quit IRC17:35
dstaneklbragstad_: np17:38
dstanekotwieracz: yes, fix the message by amending the commit and then run 'git review' again17:39
dstanekotwieracz: 'git review' will know it's an update as long as you don't remove the change-id17:39
*** hrybacki has quit IRC17:41
*** hrybacki has joined #openstack-keystone17:44
*** hrybacki has quit IRC17:46
dstanekotwieracz: i added a few comments to your review. if you think they are valid please include in your next review17:46
otwieraczOK, so now I should edit sources and then make ammend, right?17:47
*** erecio has joined #openstack-keystone17:50
*** dhellmann_ is now known as dhellmann17:53
openstackgerritSlawomir Gonet proposed a change to openstack/keystone: Exception messages format changed to match one used in other componetns (no period at the end of message in cases where it can make problems while copying from terminal).  https://review.openstack.org/10385217:54
dstanekotwieracz: your comment still needs a bit of work17:59
*** bobt has quit IRC17:59
otwieraczdstanek: Thanks for notes.18:00
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not use keystone's config for nova's port  https://review.openstack.org/10320418:04
*** nkinder_ has quit IRC18:04
*** jamielennox|away is now known as jamielennox18:04
dstanekotwieracz: no, problem18:05
morganfainbergtopol, ^ fixed the typo you pointed out18:05
topolmorganfainberg, OK, will re-review soon18:05
otwieraczdstanek: http://wklej.org/hash/5020435c4cd/18:07
otwieraczdstanek: now it's better?18:07
topolmorganfainberg, done!18:09
*** harlowja is now known as harlowja_away18:10
dstanekotwieracz: remove period on line 1 and resize the rest of the lines to just under 72 chars18:10
otwieraczdstanek: http://paste.lisp.org/display/14305918:11
dstanekotwieracz:  Read "Summary of GIT commit message structure" on that wiki page18:11
*** thedodd has quit IRC18:11
openstackgerritSlawomir Gonet proposed a change to openstack/keystone: Ending periods in exceptioon messages deleted  https://review.openstack.org/10385218:12
dstanekotwieracz: in your paste exception is misspelled and you probably want 'contained a period'18:18
otwieraczI see.18:19
*** nkinder_ has joined #openstack-keystone18:21
otwieraczdstanek: OK, what you think about Matt Fischer proposition?18:26
dstanekotwieracz: ?18:26
dstanekmfisch: ^18:26
otwieraczLine 271:                        " %(details)s")18:27
otwieraczThis is getting into a nitpick but I'd prefer:18:27
otwieracz"Conflict occurred attempting to store %(type)s: %(details)s")18:27
*** hrybacki has joined #openstack-keystone18:28
*** erecio has quit IRC18:28
dstanekotwieracz: yes, i agree with that - i wrote that here https://review.openstack.org/#/c/103852/1/keystone/exception.py18:29
dstanekotwieracz: sorry that i'll slow to respond - trying to pay attention in the Keystone team meeting18:29
otwieraczTry to copy „foobar:” from terminal.18:29
otwieraczfoobar: is copying.18:29
dstanekfor me it doesn't :-(18:30
hrybackiwould someone mind taking a glance at the jenkins failures here: https://review.openstack.org/#/c/103229/  I think they may have been a fluke. Is there a way to re-run them without submitting a new patch?18:30
dstanekmaybe separate them with a -? '%(type)s - %(details)s'18:30
otwieraczdstanek: Will be better.18:30
openstackgerritA change was merged to openstack/python-keystoneclient: Adjust Python 2.6 OSerror-on-EPIPE workaround  https://review.openstack.org/9680518:32
*** harlowja_away is now known as harlowja18:33
*** hrybacki_ has joined #openstack-keystone18:34
*** hrybacki has quit IRC18:35
*** thedodd has joined #openstack-keystone18:36
*** hrybacki_ has quit IRC18:37
*** erecio has joined #openstack-keystone18:37
*** nkinder_ has quit IRC18:43
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Session loading from conf  https://review.openstack.org/9501518:44
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Session loading from CLI options  https://review.openstack.org/9567818:44
*** rodrigods_ has quit IRC18:46
*** nkinder_ has joined #openstack-keystone18:55
*** marcoemorais has joined #openstack-keystone18:59
jamielennoxmarekd: sorry, i've had your email sitting there for a few days meaning to get back to you19:01
marekdjamielennox: no worries19:01
marekdjamielennox: i am fine with squeezing everything in one auth-plugin and passing kwargs twice.19:02
jamielennoxi haven't looked at your saml patches for a little while19:02
jamielennoxso it'll need to be one auth plugin for the sake of loading it from configs /CLI19:02
jamielennoxhowever what i was trying to say from the other review is that internally you could manage it as multiple plugins19:03
marekdand i did...19:03
jamielennoxok - i don't think i've looked since then19:03
marekdjamielennox: but that's not my point :-)19:03
marekdjamielennox: essentialy i split the plugins - one does federation studd, gets unscoped token19:04
*** hrybacki has joined #openstack-keystone19:04
marekdand you should later call another plugin, for scoping token only that uses unscoped plugin token. It actually wraps it.19:04
marekdbut i didn't mean that.19:04
marekdwhen you want to get unscoped token back, you actually need to authenticate with your IdP.19:05
marekdthis can be HTTP Basic Auth, certificates, some REST protocol...everythig.19:05
marekdand this IdP auth should be configurable and pluggable.19:05
marekdit's like an auth plugin inside auth plugin.19:05
jamielennoxyea, following that19:06
jamielennoxi think what you would have to do is have a wrapper plugin which is the entrypoint for CLI/CONF19:06
*** ukalifon has quit IRC19:06
jamielennoxsuch that the outer p;lugin has conf arguments which tell it which inner plugins to load - and then it manages using them correctly19:07
marekdyeah, that was my concern...19:07
marekdit's like loading during parsing...19:08
marekdjamielennox: but what do you mean by saying entrypoint for CLI/CONF?19:08
jamielennoxyea, a lot of plugins are going to have that problem because you don't know what arguments are going to be required until the user puts an option in19:09
jamielennoxmarekd: so the plugins that are available via CLI/CONF are listed as entrypoints in the setup.cfg file19:09
marekdjamielennox: does it actually need  changes in the patches you are working on?19:10
jamielennoxif you haven't seen setuptools entrypoints you can google that one for a better explanation than i can give19:10
marekdi don't have much experience with setuptools, but 'google it' is more than enough.19:11
*** achampion has quit IRC19:11
jamielennoxmarekd: only the loading from CLI/CONF i think19:11
marekdjamielennox: ?19:11
jamielennoxso this shows the entrypoints: https://review.openstack.org/#/c/79542/10/setup.cfg19:11
jamielennoxin the format name = class to load19:11
jamielennoxso when i say --os-auth-plugin v2password that's where it looks to figure out what auth plugin to load19:12
marekdjamielennox: ah ok, easy19:12
jamielennoxso you will probably want a new plugin that manages inner plugins that is registered in that list19:12
jamielennoxbut that will likely only be used for CLI/CONF case and expect people who want to use it directly to use the old way19:13
jamielennoxso eventually when all these patches land you can add a new one for how to load all this from CLI, but i don't think you need to rebase your current changes on top of it19:14
marekdjamielennox: hmmm, are you thinking about manager-plugin just for inner plugins, or for all auth plugins?19:15
topolboris-42 your rally patch looks very good19:15
jamielennoxjust for the case where the auth sequence is going to require multiple inner plugins19:15
dolphmjamielennox: you didn't already have a patch up for keystonemiddleware to make everything private, did you?19:16
jamielennoxin the v2password case for example it's just one call19:16
jamielennoxdolphm: not yet19:16
marekdjamielennox: ok, so let's say i am adding my ecp plugin for ecp saml, i'd add entrypoint to setup.cfg, e.g.: saml2 = keystoneclient.auth.identity.v3.saml2:UnscopedToken19:17
marekdjamielennox: and another entry for a wrapper?19:17
marekdi am trying to imagine who would call who.19:17
jamielennoxmarekd: no because from a CLI perspective it will only know about one plugin19:17
jamielennoxi'm saying you'd create a new plugin lets say SamlManager and do saml2 = auth.identity....SamlManager19:18
jamielennoxone of the options that it would take would be a string that says which inner plugin to use - basic auth, REST, certs etc19:19
*** amcrn has joined #openstack-keystone19:19
jamielennoxand you would probably looks those up using the same entrypoint style listing19:19
jose-idar /leave19:19
*** achampion has joined #openstack-keystone19:19
*** jose-idar has left #openstack-keystone19:19
jamielennoxjose-idar: noooooo19:20
marekdjamielennox: ok, i get it now. and this SamlManager would simply do some parsing of the options from conf/cli.19:21
marekdwith Param objects and things like that19:21
jamielennoxmarekd: exactly, and then handle the unscoped tokens etc internally19:21
marekdjamielennox: makes sense. I will work on that.19:22
raildomorganfainberg: ping19:22
morganfainbergraildo, headed out to lunch :P sorry19:22
morganfainbergraildo backi in ~1h or so.19:22
jamielennoxmarekd: cool, i'd say no rush on that. it will take a while to get these patches through19:22
raildomorganfainberg: ok19:22
marekdjamielennox: this plugin would also have to import the inner plugin in runtime -so stevedore etc, right?19:23
jamielennoxmarekd: yea, that's how i would do it19:23
marekdjamielennox: ok, that's good starting point. Thanks!19:24
jamielennoxmarekd: np, i'll chase up the existing reviews too19:24
marekdjamielennox: thanks!19:24
dolphmmarekd: have an update to this? https://review.openstack.org/#/c/103905/19:29
dolphmmarekd: that got messy :(19:30
*** chandan_kumar has quit IRC19:31
marekddolphm: jenkins it failing on that :/19:32
marekdrecheck bug doesnt work19:33
dolphmmarekd: ah, same issue as yesterday?19:33
*** leseb has joined #openstack-keystone19:33
openstackgerritBob Thyne proposed a change to openstack/keystone-specs: Propose Specification for Endpoint Group Filter  https://review.openstack.org/10202319:33
marekdyes, bug was filed by stevemar but it doesnt help19:33
marekdi pushed bunch of doc patches and they all fail on it...19:33
marekdthat's why i am holding off with adding reviewers..19:33
marekdregarding 103905 i forgot to remove trusted_attributes from links' sections. let me do this *now*19:34
marekddolphm: ^^19:34
dolphmmarekd: thanks -- i was hoping to +2 even if jenkins is stuck19:35
marekddolphm: ah, ok19:35
marekd5 minutes please19:36
dolphmmarekd: sure - going to get caffeine19:36
marekddolphm: enjoy.19:36
openstackgerritMarek Denis proposed a change to openstack/identity-api: Remove Trusted Attributes API from Identity docs  https://review.openstack.org/10390519:41
marekddolphm: morganfainberg ^^19:41
boris-42topol thank you=)19:41
boris-42topol btw soon we will get profiler19:42
boris-42topol in gates19:42
*** rodrigods_ has joined #openstack-keystone19:42
topolboris-42, cool19:42
boris-42topol if there won't be too much issues19:42
boris-42topol with to much opinions=)19:42
topolboris-42 have you been interacting a lot with the refstack team?19:42
topolboris-42 some of my folks on that team have extensive performance optimization backgrounds.  So lots of synergies there19:43
boris-42topol nope not a lot19:43
boris-42topol I have a lot of experience in making things simple=)19:43
marekddolphm: i also found some mistakes in mapping HTTP responses in OS-FEDERATION docs: see https://review.openstack.org/#/c/10388819:43
topolboris-42, nothing wrong with that19:44
boris-42topol making it simple to fix openstack, will fix openstack=)19:44
boris-42topol so refstack is not abut bencmarking19:44
boris-42topol they are just running havana tempest19:44
topolboris-42. I agree19:44
boris-42topol btw rally can do this as well=)19:44
boris-42topol and from master=)19:44
dolphmmarekd: ++19:44
topolboris-42, just some folks over there with itnerest in common with yours. Thats all19:45
boris-42topol yep I know =)19:45
boris-42topol we spoke with them during summit19:45
openstackgerritMarek Denis proposed a change to openstack/identity-api: Fix links sections in federation mapping docs  https://review.openstack.org/10388819:47
dstanekhenrynash: done with that review now19:47
openstackgerritBrant Knudson proposed a change to openstack/keystone: JSON-Home PoC  https://review.openstack.org/10398319:49
marekddolphm: ehhh, could you please +2 https://review.openstack.org/#/c/103888/3 again? I missed the comma and added it after your review.19:53
marekddolphm: https://review.openstack.org/#/c/103888/2..3/v3/src/markdown/identity-api-v3-os-federation-ext.md19:53
dolphmmarekd: well now you have an extra comma :P19:53
marekdno comma after list?19:54
dolphmmarekd: you know there's a Revert button that does all this work for you, right?19:54
marekddolphm: no19:54
dolphmmarekd: do you have a Revert Change button next to Review here? https://review.openstack.org/#/c/60489/19:55
marekddolphm: yep.19:55
marekdshall i use it?19:55
dolphmmarekd: push it!19:55
dolphmmarekd: it just proposed an automated patch if it can19:55
openstackgerritMarek Denis proposed a change to openstack/identity-api: Revert "Trusted Attributes Policy for External Identity Providers"  https://review.openstack.org/10398619:56
marekddolphm: LOL, awesome :D :D :D19:56
marekddolphm: gonna abandon the other patch.19:57
dolphmmarekd: i tried to abandon it for you and did the wrong one, oops!19:57
marekddolphm: you abandoned the right patch?19:58
dolphmmarekd: no, you can abandon it19:59
marekdi did19:59
dolphmcan anyone following the above convo +2 this one: https://review.openstack.org/#/c/103986/20:00
dolphmi think +A will fail due to the new doc bug20:00
marekddolphm: speaking about mapping docs - there should be no comma after the list?20:00
dolphmmarekd: stick it into a JSON validator and find out20:00
marekddolphm: right.20:01
dolphmmarekd: i use "python -m json.tool"20:01
*** nkinder_ has quit IRC20:02
henrynashdstanek: thc20:04
*** gokrokve has quit IRC20:05
*** henrynash has quit IRC20:07
marekddolphm: thanks20:10
openstackgerritMarek Denis proposed a change to openstack/identity-api: Fix links sections in federation mapping docs  https://review.openstack.org/10388820:10
*** leseb has quit IRC20:10
*** leseb has joined #openstack-keystone20:10
dolphmmarekd: LGTM (but it did the first time too)20:10
marekddolphm: thanks. hope jenkins eventually lets this go through.20:11
openstackgerritHarry Rybacki proposed a change to openstack/python-keystoneclient: service_id should be random uuid  https://review.openstack.org/10398920:14
*** dims__ has joined #openstack-keystone20:15
*** leseb has quit IRC20:15
*** dims_ has quit IRC20:18
hrybackijamielennox: I'm still glancing over the session changes glance and cinder are trying to make but I'm not sure I understand the keystone side well enough to help. Any recommendations on getting up to speed?20:18
*** dims__ has quit IRC20:20
jamielennoxhrybacki: the keystone or the keystoneclient?20:20
hrybackijamielennox: likely both20:20
*** erecio has quit IRC20:21
*** marekd is now known as marekd|away20:21
hrybackijamielennox: Every time I think I get it I end up just getting more confused20:21
jamielennoxi know that feeling20:21
*** gokrokve has joined #openstack-keystone20:23
*** gokrokve has quit IRC20:23
jamielennoxhrybacki: ok, so are you looking particulary at auth or the structure of session in general?20:23
hrybackijamielennox: more so the flow of everything20:24
hrybackijamielennox: let's take glance for example -- a user requests an image for whatever reason, assuming that glance had switched to using keystoneclient/sessions how would the whole auth process work?20:25
jamielennoxglanceclient would construct a request body and pass it through to session20:29
jamielennoxit would include an endpoint filter with things like service_type and interface20:29
*** gokrokve has joined #openstack-keystone20:29
jamielennoxthe url would simply say /images because that's the part that glance knows20:29
jamielennoxsession session would get a token if required20:30
jamielennoxthen it would find the endpoint (base url) for glance20:30
jamielennoxthis is included in the token20:30
jamielennoxit appends /images to that url20:30
jamielennoxthen it's a fairly standard HTTP call20:31
*** dims__ has joined #openstack-keystone20:33
hrybackiwhat's the status on https://review.openstack.org/#/c/74908/11 ?20:33
*** gokrokve has quit IRC20:33
hrybackijamielennox: ^^20:33
*** leseb has joined #openstack-keystone20:36
jamielennoxhrybacki: there is a problem in the gate with merging it20:37
*** amcrn has quit IRC20:38
jamielennoxcurrently if you supply both a user/pass and an admin token, if the token fails then it gets cleared and falls back to user/pass20:38
jamielennoxthis happens in trove in the gate and is wrong20:38
jamielennoxi have this review: https://review.openstack.org/#/c/97163/ which would fix trove20:39
jamielennoxhowever it's failing because of trove problems with the gate20:39
hrybackijamielennox: well that's frustrating20:39
jamielennoxoops, not that one20:39
jamielennoxwell both would do it20:40
hrybackiand revocation events needs 7490820:41
jamielennoxit does?20:41
*** dims__ has quit IRC20:41
hrybackisorry, my patch merging it with middleware20:42
hrybackior change rather20:42
jamielennoxit shouldn't really20:42
hrybackiayoung had a solid reason (which I can't recall presently) for using your session patch20:43
jamielennoxauth token has worked as is for a long time, converting it to session should just be standardizing things20:43
jamielennoxwas it just applying pressure?20:43
*** gokrokve has joined #openstack-keystone20:43
hrybackijamielennox: could I get you to glance at these fails: https://review.openstack.org/#/c/103229/  -- I think it was a jenkins mix up20:44
*** nkinder_ has joined #openstack-keystone20:45
*** daneyon has joined #openstack-keystone20:47
jamielennoxhrybacki: so you can make jenkins run again with a "recheck bug XXXXX" or recheck no bug20:48
jamielennoxbut if it's coming from one of the python26/27 then it's probably your fault20:49
jamielennoxoh - but not always20:49
hrybackitox ran on my machine20:49
hrybackiand it looked like a dependency install issue20:49
jamielennoxyea, it's a jenkins issue20:50
jamielennoxso typically go to http://status.openstack.org/rechecks/20:50
jamielennoxthe third bug looks like it's proabbly your one 132681320:51
hrybackiah, so comment 'recheck buck 1326813'20:51
jamielennoxs/buck/bug then yes20:51
hrybackiyes recheck bug20:52
*** daneyon has quit IRC20:55
boris-42jamielennox hi man20:55
*** daneyon has joined #openstack-keystone20:56
openstackgerritBrant Knudson proposed a change to openstack/python-keystoneclient: Sync with oslo-incubator fd90c34a9  https://review.openstack.org/10399720:56
openstackgerritBrant Knudson proposed a change to openstack/python-keystoneclient: Config fixture from oslo-incubator is not used.  https://review.openstack.org/10399820:56
jamielennoxboris-42: hey20:57
*** guitarzan has left #openstack-keystone20:59
boris-42jamielennox could you pls take a look at small patch21:00
boris-42jamielennox in python client21:00
boris-42jamielennox https://review.openstack.org/#/c/103367/1/keystoneclient/session.py21:00
boris-42jamielennox heh actually I can use importuils21:01
boris-42jamielennox cause they are in keystoneclient21:01
jamielennoxboris-42: i have never heard of that21:01
boris-42jamielennox about what? importutils?21:01
boris-42jamielennox it's my lib21:02
jamielennoxi'll have to look it up, in general the only thing i'd say (without knowing how the lib works) is you can import osprofiler.web as osprofiler_web rather than do the assign21:02
boris-42jamielennox I think I will use oslo importuils21:03
jamielennoxboris-42: where's the repo? is there a readme there?21:04
boris-42jamielennox so it will be osprofier_web = try_import("osprofiler.wb", None)21:04
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Sync with oslo-incubator fd90c34a9  https://review.openstack.org/10399921:04
boris-42jamielennox read me is in repo https://github.com/stackforge/osprofiler21:04
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Clean up openstack-common.conf  https://review.openstack.org/10400021:04
jamielennoxboris-42: you can, i don't think there's much of an advantage there - catching ImportError is a fairly standard operation21:04
boris-42jamielennox yep but there is function21:04
boris-42jamielennox that does exactly that21:04
jamielennoxif anything for me the except ImportError is clearer because it's an obvious python statement and i don't have to go looking for what oslo import utils does21:05
boris-42jamielennox https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/openstack/common/importutils.py#L68-L7321:05
jamielennoxbut whatever works21:06
boris-42jamielennox yep21:06
boris-42jamielennox try import is done to avoid dependency in python client21:07
boris-42jamielennox from osporifler21:07
jamielennoxso is osprofiler always on if it is imported?21:07
boris-42jamielennox so actually it's very lazy21:08
boris-42jamielennox if somewhere in the same process you did profiler.init()21:08
boris-42jamielennox it will add special header (actually 2)21:08
boris-42jamielennox otherwise it's noop method21:08
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Clean up openstack-common.conf  https://review.openstack.org/10400021:08
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Sync with oslo-incubator fd90c34a9  https://review.openstack.org/10399921:08
boris-42jamielennox even if there is lib21:08
boris-42jamielennox we are putting this code in clients to be able to build one trace that goes through services of different projects21:09
jamielennoxso your review isn't trying to actually trying to profile the HTTP request in any way, just add the trace id context to the ongoing request21:09
*** hrybacki has quit IRC21:11
dolphmjamielennox: that's the next step21:11
boris-42jamielennox yep21:12
jamielennoxdolphm: yea, if you're going to have profiles then request() is a good one to profile21:12
boris-42jamielennox so another service in middleware will process it21:12
morganfainbergraildo, back.21:12
dolphmboris-42: so it's the clients generating the request ID, right?21:12
boris-42dolphm nope21:13
boris-42dolphm client doesn't generate anything21:13
dolphmboris-42: oh? then i misunderstood something21:13
dolphmboris-42: is it generated by middleware?21:13
boris-42it's handled by profiler21:13
boris-42osprofiler has thread safe list21:13
boris-42(that is actually stack)21:13
boris-42and when you are doing profiler.init(<base-id>, <parnet-id>)21:14
jamielennoxdolphm: yea, looks like the profiler is a constant for the service: https://github.com/stackforge/osprofiler/blob/master/osprofiler/web.py#L24-L2821:14
boris-42you are putting to that list 2 <uuids>21:14
boris-42every call of profiler.start() will put one more uuid21:14
boris-42every proffer.stop() will pop from that list21:15
boris-42dolphm that's is how we are handling nested calls of profiler21:15
morganfainbergdolphm, wanted me to look at the spec [see the ping in my scroll back]21:15
jamielennoxboris-42: i see profiler.start and .stop in the readme - you have a contextmanager and a decorator there somewhere right?21:15
boris-42jamielennox yep lemme just point you to the cod21:16
morganfainbergdolphm, devstack change merged btw21:16
jamielennoxboris-42: that's ok, i just couldn't see one21:16
boris-42jamielennox https://github.com/stackforge/osprofiler/blob/master/osprofiler/profiler.py#L23-L2421:16
boris-42jamielennox this is where we are storing profiler instance21:16
boris-42jamielennox this is what happens on init() https://github.com/stackforge/osprofiler/blob/master/osprofiler/profiler.py#L31-L4421:16
boris-42jamielennox and this is base class https://github.com/stackforge/osprofiler/blob/master/osprofiler/profiler.py#L10121:17
boris-42jamielennox it's instance is stored in thread safe varaibel21:17
boris-42jamielennox and here is the https://github.com/stackforge/osprofiler/blob/master/osprofiler/profiler.py#L10721:17
jamielennoxi was just looking for an:21:17
jamielennoxdef func():21:17
boris-42jamielennox ah there is no decorator for that21:17
boris-42jamielennox it will be soon21:17
boris-42jamielennox I was just going to write it21:18
boris-42there will be something like21:18
boris-42from osprofiler import profiler21:18
jamielennoxboris-42: ok - well the addition to session looks fine to me21:18
boris-42@profiler.trace(name, info={})21:18
boris-42def some_method()21:18
boris-42so there will be 1) manual profiler.start()/stop() 2) with statement profiler.Trace() 3) and decorator @profiler.trace()21:19
dolphmdavid-lyle: regarding https://blueprints.launchpad.net/horizon/+spec/federated-horizon21:19
boris-42jamielennox but I am not sure that we should send any notification inside python clients21:19
boris-42jamielennox I mean trace it21:19
boris-42jamielennox but probably I am wrong)21:19
dolphmdavid-lyle: it *is* stalled, but it sounds like there's a new dev starting a rax (and a ux designer?) that was going to work on it. i'll try to follow up on that21:20
jamielennoxboris-42: so i guess it depends, the way i see it is that you are checking that something has done the init() already and so it's not going to affect the CLI or anything21:20
david-lyledolphm, that would be great, I think there's a lot to tackle there21:21
jamielennoxyour other option is to add it to the requesting code on all of the servers21:21
boris-42jamielennox hm other opinion?21:21
boris-42jamielennox maybe other part of code?)21:21
boris-42jamielennox it will be something like that21:22
boris-42jamielennox https://review.openstack.org/#/c/103368/21:22
boris-42jamielennox so ultimate goal is to bind everything together21:22
boris-42jamielennox so we will be able to add any amount of traces() in patch + change rally task config in keystone source21:23
boris-42jamielennox and get all these traces under load21:23
*** leseb has quit IRC21:23
jamielennoxyep, Session.request will get you there fastest21:23
boris-42jamielennox and find where is the issue in one click21:23
*** rodrigods_ has quit IRC21:24
dolphmdavid-lyle: i honestly wouldn't expect it to be completed in Juno at this point, but i'd love to see us try21:25
dolphmdavid-lyle: i also haven't seen deepak's work out of tree, so i could be underestimating21:25
jamielennoxboris-42: so i'm ok to carry that in session because it means you'll get it for free in the projects as i push session around21:26
boris-42jamielennox yep it will be nice to have this stuff in one place=)21:26
david-lyledolphm: prof chadwick indicated that deepak may have been a bit off course21:26
jamielennoxso long as it has no effect if profiler is not available/not initialized21:26
boris-42jamielennox yep no affects21:27
david-lyleI haven't looked beyond the BP21:27
boris-42jamielennox lemme just update patch21:27
jamielennoxdolphm, boris-42: just to check osprofiler is something that has been approved and accepted by the community/TC?21:28
dolphmdavid-lyle: that tends to be chadwick's position on a lot of things :) but i have no reason to agree/disagree in this case21:28
boris-42jamielennox I hope so, we already have merged it in global requirement and ceilometer21:28
boris-42jamielennox there is olso.messaging left=)21:29
david-lyledolphm: fair enough21:30
jamielennoxboris-42: that's fine - just don't want to take on anything too experimental/3rd party21:30
openstackgerritBoris Pavlovic proposed a change to openstack/python-keystoneclient: Add profiling support to Keystone  https://review.openstack.org/10336721:32
boris-42jamielennox I did it a bit nicer ^21:32
*** dims__ has joined #openstack-keystone21:36
*** joesavak has quit IRC21:42
*** radez is now known as radez_g0n321:43
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Extracting get group roles for project logic to drivers.  https://review.openstack.org/8602521:47
*** leseb has joined #openstack-keystone21:47
*** topol has quit IRC21:51
jamielennoxboris-42: is it possible to add a get_trace_id_headers() call?21:51
boris-42jamielennox everything is possible21:52
*** achampion has quit IRC21:52
boris-42jamielennox but there is reason why I change get_trace_id_headers()21:52
boris-42to add_trace_id_headers()21:52
boris-42jamielennox to avoid human factors =)21:53
boris-42jamielennox and mistakes21:53
jamielennoxits not a big deal but id feel more comfortable doing headers.update(osprofiler_web.get_trace_id_headers()) because at the point you are calling headers already contains x-auth-token whic is sensitive data21:53
boris-42jamielennox okay i can fix that21:54
boris-42jamielennox in any case I need new version21:54
boris-42jamielennox seems like so21:54
boris-42jamielennox 0.2.0 is comming21:54
jamielennoxif we do it as is i would like to call add_() when the headers dict is still empty21:54
jamielennoxor at least before token is added21:54
boris-42jamielennox no worries I will make via update21:55
boris-42jamielennox but tomorrow21:55
boris-42jamielennox see you=)21:55
jamielennoxboris-42: thanks, later21:55
dolphmmorganfainberg: https://review.openstack.org/#/c/102326/ merged; jamielennox: is there a patch to privatize things in auth_token?21:59
dolphmjamielennox: i know i asked earlier, but then i think i ran away (if you answered)21:59
morganfainbergdolphm, quick run away before he answers, then ask again in like 20 minutes :P ;)22:00
jamielennoxdolphm: i'm about half way through22:00
*** rodrigods_ has joined #openstack-keystone22:02
*** mrda-away is now known as mrda22:02
*** rodrigods_ has quit IRC22:04
dolphmmorganfainberg: jamielennox: marekd|away: an api change landed in identity-api before the spec was approved or the api was finished - here's a revert https://review.openstack.org/#/c/103986/22:09
morganfainbergdolphm, wait how did that happne?22:09
dolphmmorganfainberg: see the reverted commit hash22:10
morganfainbergdolphm, hm.22:10
morganfainbergdolphm, aren't we supposed to be getting rid of the identity-api repo?22:10
morganfainbergdolphm, on a related note22:10
dolphmmorganfainberg: relatedly, i was thinking about the same thing22:10
morganfainbergdolphm, +2, but not sure how to fix doc builds22:11
dolphmmorganfainberg: neither do i22:11
dolphmmorganfainberg: +A'd so we can find it quickly later22:12
morganfainbergdolphm, works for me22:12
morganfainbergdolphm, i'm going to post (today) a fix to keystone that normalizes the HEAD and GET requests (since we need it to flip to apache deployed gate)22:16
morganfainbergdolphm, i think it's going to break a lot of things :(22:16
dolphmmorganfainberg: response codes?22:16
morganfainbergdolphm, yeah22:16
morganfainbergdolphm, do what we talked about, everything is a GET,HEAD22:16
morganfainbergand make the wsgi code strip the body22:16
dolphmas long as they stay within the 2xx range for example, we're allowed to do so, at least22:16
morganfainbergright, i think tempest and other things are gonna get really cranky22:17
morganfainbergjust a hunch22:17
dolphmmorganfainberg: probably :(22:17
morganfainbergi'll tag ya on the code once i get it posted22:17
morganfainberghow hot has San Antonio been the last couple days?22:18
morganfainbergsince... you know we're all decending there shortly :)22:18
dolphmmorganfainberg: 90's and humid22:18
morganfainbergah, good time to stay in doors and air conditioned!22:19
*** leseb has quit IRC22:20
*** dstanek is now known as dstanek_zzz22:28
openstackgerritBrant Knudson proposed a change to openstack/keystone: JSON-Home PoC  https://review.openstack.org/10398322:31
*** elmiko is now known as _elmiko22:33
dolphmprobably should have cancelled tuesday's keystone meeting - no one showed up to the one before last hackathon22:34
bknudson"Changing which response code is returned on success "22:34
jamielennoxdolphm: let me know in advance22:35
dolphmjamielennox: updating the agenda to say it's cancelled now22:35
*** dolphm changes topic to "Keystone meeting cancelled July 8th because | Hackathon July 9-11: http://dolphm.com/openstack-keystone-hackathon-for-juno/"22:37
jamielennoxbknudson: fixed your question in https://review.openstack.org/#/c/95015/15 - when you get a sec22:38
*** thedodd has quit IRC22:38
bknudsonjamielennox: thanks22:40
jamielennoxbknudson: anything i can do to get that moved along - just got another email regarding it :)22:40
*** dims__ has quit IRC22:44
morganfainbergbknudson, correct, except that we have a mismatch on what is returned depending on deployment method22:44
morganfainbergbknudson, HTTP 204 is returned incorrectly on HEAD requests, apache will turn those into 200s22:44
morganfainbergwe can't really fix the latter22:44
bknudsonseems like we have a conflict between api stability and being able to run in apache22:45
bknudsonbetween a rock and a hard place22:45
morganfainbergworse, we're breaking the HTTP spec22:46
morganfainbergbknudson, The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself. This method is22:47
morganfainberg often used for testing hypertext links for validity, accessibility, and recent modification.22:47
bknudsonwe do that all over.22:47
bknudson(break the HTTP spec)22:47
jamielennoxlol - i just had this conversation with someone earlier, swift apparently uses HEAD and returns data as well22:48
bknudsonfor example we don't return Location header on created22:48
morganfainbergi think this case we either need to fix the ~5-7 incorrect 204s or we need redact running under apache.22:48
bknudsonI don't think keystone is so bad as to return data on HEAD22:48
bknudsonmorganfainberg: or have a config option!!!22:48
morganfainbergbecause we can't gate on it :P22:49
*** dstanek_zzz is now known as dstanek22:49
morganfainbergbknudson, so i need to know if something was previously a 204? or a 200?22:49
bknudsonmorganfainberg: send a note to the ml22:49
morganfainbergbknudson, seeing how much is broken before i do that22:49
morganfainbergbknudson, plan was to post a WIP see how broken it was then hit the ML up22:50
bknudsonmorganfainberg: ok22:50
gyeemorganfainberg, jamielennox, you guys aware of any known issues with httpretty and mock? they don't seem to play nice together. Like mocking each other out of something22:50
morganfainbergbknudson, and actually keystone doesn't prevent data from being sent on head22:50
morganfainbergbknudson, we just tend not to do it22:50
morganfainbergbknudson, the change i am working on would explicitly prevent body data from being sent22:51
bknudsonit would be safer to prevent it... seems like that's something any decent HTTP server lib would enforce22:51
morganfainbergputting the code in keystone.common.wsgi.render_response22:51
jamielennoxgyee: i don't think so22:52
jamielennoxgyee: but i hate httpretty at the moment so i'm willing to hear more22:52
morganfainberglol, looks like 3 bad unit tests so far, and i know of one tempest test that would be broken for sure.22:52
gyeejamielennox, http://paste.openstack.org/show/85279/22:54
gyeethis traceback seem to show httpretty and mock and messing with each other22:55
gyeestarts in httpretty but ends in mock22:55
gyeesome voodoo22:56
jamielennoxgyee: have you spoken to hrybacki?22:57
jamielennoxhe is also looking at glanceclient and sessions22:58
*** rodrigods_ has joined #openstack-keystone22:58
gyeejamielennox, I have a patch going already22:58
*** dims__ has joined #openstack-keystone22:58
gyeeits basically getting glanceclient to support v322:59
gyeethe session stuff should be a separate patch is it needs *a lot more work*22:59
jamielennoxgyee: oh, ok i didn't realize that was yours23:01
gyeeI didn't start it, just trying to finish it as the original author is not available23:02
gyeebut I can work with hrybacki on the session stuff23:02
jamielennoxgyee: yea, he's still coming up to speed - i think i should probably have started him on an easier one23:03
gyeeI spent quite a bit of time staring at that code already23:03
jamielennoxwell - he asked and i said it was the 'most interesting'23:03
gyeejamielennox, he's going to hate you :)23:03
gyeethat code is pretty hairy23:04
jamielennoxyea, i went through it again recently23:04
*** rodrigods_ has quit IRC23:05
jamielennoxso as you're involved here want to look at https://review.openstack.org/#/c/95015/15 and https://review.openstack.org/#/c/95678/23:05
jamielennoxthey're the session loading ones from CONF and CLI23:05
jamielennoxthey've both got a +2 already23:05
gyeeoh, k, lemme look it over and A+ them23:06
jamielennoxcool, because the auth plugins are the complicated part and we haven't even got there yet :)23:07
*** oomichi has joined #openstack-keystone23:07
jamielennoxgyee: i don't see mock anywhere in that traceback23:08
openstackgerritBrant Knudson proposed a change to openstack/keystone: JSON-Home PoC  https://review.openstack.org/10398323:08
gyeejamielennox, btw, when you dig into glanceclient code, beware of the easter eggs they'll deposit into your environment. See https://github.com/openstack/python-glanceclient/blob/master/glanceclient/v2/shell.py#L2923:08
jamielennoxummm - wtf!23:09
gyeethose will cause your tests to fail spectacularly when running repeatedly23:09
jamielennoxat least they've got it isolated to the CLI23:09
jamielennoxwhat does it do otherwise?23:09
jamielennoxthere doesn't appear to be an else case there that will do anything23:10
gyeeno idea23:10
gyeehaven't had time to dig any deeper23:10
jamielennoxwhat does it do? is it trying to do jsonschema on the clientside?23:11
gyeeseem like it23:12
jamielennoxit's not jsonschema23:12
gyeethat file is empty after all the tests are done23:12
gyeebut if you tox again, your env will be totally messed up23:13
gyeeI have to manually remove that file after each test run23:13
bknudsongyee: mock it23:13
gyeemock yeah!23:13
jamielennoxit seems to be something like setting CLI args based on what it can discover from glance that the properties are23:14
jamielennoxi can't see the request though23:14
jamielennoxgyee: regarding httpretty i made my own replacement that i'm going to try and get through requirements23:16
jamielennoxit's requests only but it's just less of a pain23:17
gyeejamielennox, cool, I think there's an issue with using httpretty and mock together, but I can't pinpoint it yet23:18
jamielennoxand it's a fairly easy conversion from httpretty so for something like glance which is still httplib you'd go tests -> httpretty -> requests_mock23:18
jamielennoxi'm not really sure how to start that ball rolling, just a review against requirements?23:18
gyeeyeah, if you are making your own package23:19
jamielennoxyea, it's all pypi-ed and readthedocs etc23:19
jamielennoxjust means once it's in requirements it needs to be api stable23:21
gyeeonce its in global requirements then we can make use of it23:21
jamielennoxi just spent ages converting the nova tests to use it, will have to switch them all23:23
jamielennoxuse httpretty i mean23:23
jamielennoxbut i'm so sick of httpretty23:23
gyeeyeah need to find out what's the deal with httpretty and mock, I may end up dropping it and use mock exclusively for now23:25
jamielennoxwhat are you mocking?23:27
gyeeversion discovery23:27
gyeeversion discovery from keystone23:27
jamielennoxvia mock?23:27
gyeeyeah, maybe we should add this in keystoneclient fixtures23:28
jamielennoxmy point was more that why are you doing it via mock rather than httpretty?23:29
jamielennoxi'm not sure the -1s there are valid  so you can review that one too23:29
gyeeyeah, going through them23:29
gyeejamielennox, Haneef's comment is valid23:30
gyeeversion discovery is not in the official v3 spec23:31
gyeeso not all cloud provider are supporting it at the moment23:31
jamielennoxright but in terms of a fixture i only want to support building something that is valid right?23:31
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements  https://review.openstack.org/10401823:32
gyeeright, but we are raising DiscoveryFailure if version data is available but incompatible23:33
jamielennoxok, but that's not to do with the fixture code, that's to do with general discovery23:34
gyeeso we have 3 possible cases 1) identity service supports version discovery; 2) identity service support version discovery but incompatible with keystoneclient, and 2) identity service does not support version discovery23:34
gyeewell, fixtures are used to aide testing right?23:35
gyeeif we can test all three scenarios in one place that would be awesome23:35
jamielennoxbut isn't that all tested by the discovery code we already have?23:37
jamielennoxmost of that test_discovery file is testing exactly that23:37
gyeeintegration tests?23:38
gyeefor example, I  need something to cause a DiscoveryFailure from discovery so I can catch that error in glanceclient and act accordingly23:40
gyeemaybe that I can do with just mock23:40
gyeeignore what Haneef said then :)23:41
jamielennoxbut you could create a v2 only discovery and then look for v3 to do that23:42
jamielennoxi just feel this is testing the functionality of the discover command, where this review is about a fixture - the opposite side23:43
jamielennoxgyee: if you have an example of a test that i could add for a +2 i'll do it23:47
gyeejamielennox, https://review.openstack.org/#/c/82126/25/tests/test_shell.py line 25523:49
gyeethat test case simulates identity service does not support version discovery23:49
gyeejamielennox, question on https://review.openstack.org/#/c/95678/6/keystoneclient/session.py23:50
gyeedo we need to worry about the backward compatbility options23:51
gyeelike --certfile --keyfile23:51
jamielennoxgyee: we will but not in the general case i think23:51
jamielennoxso i like to think as if we were starting from scratch what would we need to provide to that client23:51
gyeereason I am asking is that once clients are integrated with this code, they'll still need to maintain backward compatibility for awhile23:51
gyeeso they'll need to handle those options separately23:52
jamielennoxand we don't want to load up a helper mechanism with deprecated optoins that it never had23:52
jamielennoxyep, it'll be up to the client code to handle the deprecation from the old parameter to the new one23:52
gyeejamielennox, I agree with you23:52
jamielennoxi think those options are fairly standard though?23:52
jamielennoxi took them from keystoneclient which took them from novaclient...23:53
gyeeyes, problem is each client have their own legacy options23:53
jamielennoxdtroyer did a cleanup of all these things a while ago23:53
jamielennoxgyee: yea, we can't support all those cases in a general way23:53
gyeebut sure, lets force them to converge into one set23:53
gyeeuser experience ftw!23:53
gyeeconsistent user experience23:54
jamielennoxyep, the old clients may be always a bit screwy the new ones will be fine23:58
openstackgerritA change was merged to openstack/python-keystoneclient: Session loading from conf  https://review.openstack.org/9501523:59
jamielennoxalso if we really get pushback on things like it should support --os-cert-file then it's easier to add it later than remove it23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!