Sunday, 2014-08-10

« Saturday, 2014-08-09 Index Monday, 2014-08-11 »
*** hrybacki has quit IRC00:14
*** ayoung has quit IRC01:25
openstackgerritA change was merged to openstack/keystone: Use functions in oslo.utils  https://review.openstack.org/11215701:32
openstackgerritA change was merged to openstack/keystone: Remove strutils and timeutils from openstack-common.conf  https://review.openstack.org/11215801:32
*** ayoung has joined #openstack-keystone01:37
ayoungmorganfainberg, in case you are awake  https://bugs.launchpad.net/keystone/+bug/135476501:38
uvirtbotLaunchpad bug 1354765 in keystone "Valid V3 tokens reported as invalid" [Critical,New]01:38
*** grantbow has joined #openstack-keystone01:41
*** stevemar has quit IRC02:01
openstackgerritA change was merged to openstack/keystone: Remove fixture from openstack-common.conf  https://review.openstack.org/10325502:31
morganfainbergayoung, i saw the email, i'll look at it on monday02:37
morganfainbergayoung, however, the unique id calculation shouldn't have changed and/or we have a test gap (tempest AND unit)02:38
morganfainbergayoung, also uhhh, "unscoped" token list domains?02:39
*** xianghui has quit IRC02:40
morganfainbergayoung, or are you just using the wrong phrase at the top of the bug?02:40
*** xianghui has joined #openstack-keystone02:41
*** stevemar has joined #openstack-keystone02:42
*** xianghui has quit IRC03:00
ayoungmorganfainberg, yeah, that was a typo.  I have unscoped tokens on the brain03:09
morganfainbergayoung, likely this has been broken for a while03:10
ayoungmorganfainberg, it caught me by surprise.  It smells like something is out of sync between creating the token, hashing it, persisting, and hashing the persisted form03:10
ayoungI don't think so03:10
morganfainbergayoung, the way we create the unique id *hasn't* changed03:10
ayoungI've been pointing people at thje v3 token example for a while03:10
ayoungI know.03:10
ayoungit should be md5 everywhere still03:10
morganfainbergayoung, like i said, i think it's been broken for a while (as in sometime in the juno cycle)03:10
ayoungmorganfainberg, do you have a devstack handy?  Maybe its just mine?03:11
morganfainbergnope, and i need to get dinner. wont be able to take more than the code glance at it till monday03:11
ayoungseems to me this is something that should be caught by unit tests03:11
ayoungno problem03:11
morganfainbergexactly.03:11
morganfainbergcheck your admin account's roels on demo03:11
morganfainbergmake sure it actually has admin03:11
ayoungNot policy03:11
ayoungI've run in the debugger that far03:12
ayoungOh, BTW, remote-pdb is easy03:12
ayoungunlike pydevd,  when remote hits a breakpoint, it sits and waits and listens on a socket.  Then you telnet to that port and you are in a debug session03:12
ayoungNo, it fails in the middleware get_token  call because the token_id is invalid03:13
morganfainbergmy guess is this will resolve itself once i fix the middleware03:13
morganfainbergwhich is blocking on the federated user domain stuff03:13
ayoungYeah.  That is kindof what I was thinking03:13
ayoungfeh, really?03:13
morganfainbergyes03:13
morganfainbergrevocation events *cant* handle a token with a user that has no domain :(03:14
morganfainbergso can't pass the unit tests.03:14
ayoungthat is a trivial thing to fix03:14
morganfainbergright, but the question is do we "fix" revocation events or do we fix the token?03:14
ayoungboth03:14
ayoungthere is no reason to hard require a domain in the token03:15
morganfainbergnegative. if tokens always have users with domain data, we make it so a token w/o it can't validate03:15
morganfainbergwe should make that a determiniation, which we haven't03:15
morganfainbergthat was part of that conversation03:15
ayoungbecause the user id comes from a domain, and if the domain is disabled we want to have the token disabled?03:15
morganfainbergis a token (currently malformed without user['domain'] based on identity-api) valid03:15
morganfainbergyep03:15
ayounghmmm....I agree on that point03:16
morganfainbergif all tokens for XXX domain are invalid users for domain XXX i think are invalid (i think thats the way it works)03:16
morganfainbergerm tokens for any user on domain XXX03:16
* morganfainberg is only half thinking keystone atm. i was merrily about to grab dinner03:16
morganfainberg:P03:16
ayoungstill, it should not be up to revocation events to check that the token has all required values03:17
ayoungjust that a token it is given is revoked or not...03:17
morganfainbergno, that should be part of .validate_token03:17
morganfainberg:)03:17
ayounglet split it into two pieces03:17
ayoungfirst, hack the revocation events code such that it passes.  Then add an explicit check that at token has all required data03:17
morganfainbergfixing the middleware will run this all through validate and validate *should* start ensuring all the values we expect are there03:17
morganfainbergeh.03:18
morganfainbergi think we have a lot of fixing in revocation events to make that happen03:18
morganfainbergyour build tokenmodel makes some assumptions about format03:18
morganfainbergeasier to just do the latter03:18
ayoungyeah03:18
morganfainbergand gets us to the same place :)03:19
ayoungthen the broken v3 stuff needs to be addressed first03:19
ayoungI'll see if i can find a root cause03:19
ayoungjust wondered if you could see something that might have changed to break it?03:19
ayoungAnyway, go eat.  I'm headed to bed03:19
morganfainbergnah, i commented on the bug w/ my quick trace of the code03:19
morganfainbergand that it looked the same as before03:19
morganfainbergcatch ya on monday03:20
ayoungI have a feeling it is something about the marshalling of the PKIZ token, such that what is getting hashed the first time does not match what keys hashed the second time03:20
morganfainbergwe can do more indepth searching (also, very curious what gap we have in testing )03:20
ayoungkeys -> gets03:21
morganfainbergeh, could be keystoneclient cms being dumb about re-hashing tokens03:21
ayoungnope03:21
ayoungI did straight curl03:21
morganfainbergthat would be unfortunate03:21
morganfainbergcms.hash_token03:21
morganfainbergor whatever it is03:21
ayoungMaybe, but I'll trace it can get you more data03:21
morganfainbergneed to make sure cms.hash_token(cms.hash_token(token)) isn't being dumb because thats how we get the id.03:21
morganfainbergsure03:21
morganfainbergor we can just sync up and do the deep dive on monday03:22
morganfainbergit *is* the weekend dude :)03:22
ayoungOh.  Yeah. Hadn't noticed03:22
* morganfainberg goes to watch GotG post dinner, lets see if i can get the non-make-me-want-to-vomit-3d version03:22
ayoungKids asleep upstairs.  Wife is in NT.03:23
morganfainberge.g. non-3d03:23
morganfainberghehe03:23
morganfainbergwell, have a good evening man. catch ya monday03:23
morganfainberg:)03:23
ayoungGotG was pretty good.  I'm with you on non 3d03:23
*** stevemar has quit IRC03:44
openstackgerritayoung proposed a change to openstack/keystone: Clean whitespace off token.  https://review.openstack.org/11310803:57
*** stevemar has joined #openstack-keystone04:04
stevemarayoung, morganfainberg i was supposed to watch GotG this weekend, but it's gonna have to wait til later on in the week :(04:18
*** ayoung has quit IRC04:18
*** marzif_ has quit IRC04:26
*** chandankumar_ has joined #openstack-keystone04:29
*** amirosh has joined #openstack-keystone04:57
*** chandankumar_ has quit IRC04:59
*** RicoLin has joined #openstack-keystone05:14
openstackgerritOpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/11192006:05
*** amirosh has quit IRC06:05
*** ukalifon has joined #openstack-keystone06:08
*** rkofman has joined #openstack-keystone06:16
*** bvandenh has quit IRC06:20
*** RicoLin has quit IRC06:45
*** RicoLin has joined #openstack-keystone06:46
*** rkofman has left #openstack-keystone06:51
*** amirosh has joined #openstack-keystone07:02
*** amirosh has quit IRC07:07
*** RicoLin has quit IRC07:19
*** RicoLin has joined #openstack-keystone07:20
*** bvandenh has joined #openstack-keystone07:59
*** hrybacki has joined #openstack-keystone07:59
*** chandankumar has joined #openstack-keystone08:03
*** amirosh has joined #openstack-keystone08:03
*** amirosh has quit IRC08:08
*** tomoiaga has joined #openstack-keystone08:09
*** tomoiaga has quit IRC08:16
*** bvandenh has quit IRC08:20
*** bvandenh has joined #openstack-keystone08:21
*** chandankumar has quit IRC08:24
*** bvandenh has quit IRC08:26
*** chandankumar has joined #openstack-keystone08:32
*** hrybacki has quit IRC08:41
*** chandankumar has quit IRC08:43
*** amirosh has joined #openstack-keystone09:04
*** henrynash has joined #openstack-keystone09:05
*** amirosh has quit IRC09:09
*** chandankumar has joined #openstack-keystone09:18
*** bvandenh has joined #openstack-keystone09:31
*** chandankumar has quit IRC09:48
*** bvandenh has quit IRC09:51
*** bvandenh has joined #openstack-keystone09:53
*** RicoLin has quit IRC09:55
*** RicoLin has joined #openstack-keystone09:56
*** RicoLin has quit IRC10:00
*** amirosh has joined #openstack-keystone10:05
*** bvandenh has quit IRC10:09
*** amirosh has quit IRC10:09
*** henrynash has quit IRC10:38
*** stevemar has quit IRC10:47
*** rico has joined #openstack-keystone10:55
*** rico has quit IRC10:58
*** RicoLin has joined #openstack-keystone10:58
*** amirosh has joined #openstack-keystone11:06
*** amirosh_ has joined #openstack-keystone11:08
*** amirosh has quit IRC11:08
*** amirosh_ has quit IRC11:12
*** henrynash has joined #openstack-keystone11:24
*** RicoLin has quit IRC11:55
*** amirosh has joined #openstack-keystone12:08
*** amirosh has quit IRC12:13
*** amirosh has joined #openstack-keystone12:30
*** henrynash has quit IRC12:36
*** henrynash has joined #openstack-keystone12:36
*** diegows has joined #openstack-keystone12:56
*** henrynash has quit IRC13:40
*** boris-42 has quit IRC14:02
openstackgerritAlexey Miroshkin proposed a change to openstack/keystone: Support the hints mechanism in list_credentials()  https://review.openstack.org/11309114:06
*** amirosh has quit IRC14:07
*** amirosh has joined #openstack-keystone14:07
*** amirosh has quit IRC14:12
*** ukalifon has quit IRC14:37
*** henrynash has joined #openstack-keystone14:40
openstackgerritMarek Denis proposed a change to openstack/keystone: Remove __BaseFederationExtension.  https://review.openstack.org/11313614:54
*** henrynash has quit IRC14:55
*** rustlebee is now known as russellb14:55
*** ayoung has joined #openstack-keystone14:59
*** amirosh has joined #openstack-keystone15:11
*** amirosh has quit IRC15:39
*** amirosh has joined #openstack-keystone15:39
*** amirosh has quit IRC15:44
*** stevemar has joined #openstack-keystone16:06
*** stevemar has quit IRC16:09
*** amirosh has joined #openstack-keystone16:48
*** rwsu has quit IRC16:50
*** hrybacki has joined #openstack-keystone17:18
*** amirosh has quit IRC17:30
*** amirosh has joined #openstack-keystone17:31
*** amirosh has quit IRC17:36
*** hrybacki has quit IRC17:47
*** diegows has quit IRC18:10
*** amirosh has joined #openstack-keystone18:11
*** amirosh has quit IRC18:16
*** henrynash has joined #openstack-keystone18:33
*** stevemar has joined #openstack-keystone18:44
*** amirosh has joined #openstack-keystone18:52
*** jorge_munoz has joined #openstack-keystone19:01
*** jorge_munoz has quit IRC19:03
*** ukalifon has joined #openstack-keystone19:10
*** nbarnett has joined #openstack-keystone19:16
openstackgerritAlexey Miroshkin proposed a change to openstack/keystone: Support the hints mechanism in list_credentials()  https://review.openstack.org/11309119:18
*** nbarnett has quit IRC19:25
*** amirosh has quit IRC19:25
*** ukalifon has quit IRC19:25
*** nbarnett has joined #openstack-keystone19:25
*** amirosh has joined #openstack-keystone19:25
*** nbarnett has quit IRC19:27
*** PsionTheory has joined #openstack-keystone19:28
*** amirosh has quit IRC19:30
*** hrybacki has joined #openstack-keystone19:48
*** hrybacki has quit IRC19:53
*** bvandenh has joined #openstack-keystone20:13
*** openstack has joined #openstack-keystone20:17
*** joesavak has joined #openstack-keystone20:26
*** hrybacki has joined #openstack-keystone20:29
*** bvandenh has quit IRC20:29
openstackgerritSteve Martinelli proposed a change to openstack/keystone: Add notifications for role assignment created and deleted events  https://review.openstack.org/11220420:32
*** joesavak has quit IRC20:33
*** PsionTheory has quit IRC20:38
*** stevemar has quit IRC21:14
*** boris-42 has joined #openstack-keystone21:14
*** henrynash has quit IRC21:19
*** hrybacki has quit IRC21:37
*** fifieldt__ has joined #openstack-keystone21:44
*** fifieldt_ has quit IRC21:48
*** joesavak has joined #openstack-keystone22:23
*** diegows has joined #openstack-keystone22:30
*** jsavak has joined #openstack-keystone22:58
*** joesavak has quit IRC23:00
*** hrybacki has joined #openstack-keystone23:04
*** jamielennox|away is now known as jamielennox23:32
*** oomichi has joined #openstack-keystone23:45
*** hrybacki has quit IRC23:59
« Saturday, 2014-08-09 Index Monday, 2014-08-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!