Friday, 2015-01-30

*** abhirc has quit IRC		00:00
*** abhirc has joined #openstack-keystone		00:00
openstackgerrit	Shraddha Pandhe proposed openstack/python-keystoneclient: Keystone tries to save the auth_ref in the keyring in store_auth_ref_in_keyring and the auth_ref retrieval happens in get_auth_ref_from_keyring during authentication. Please note that both these methods are part of httpclient.py and not shell.py. Hence, i https://review.openstack.org/151478	00:02
openstackgerrit	Shraddha Pandhe proposed openstack/python-keystoneclient: Keystoneclient doesn't look at cached auth_ref in keyring https://review.openstack.org/151478	00:03
morganfainberg	hehe	00:03
*** oomichi has joined #openstack-keystone		00:05
*** nellysmitt has joined #openstack-keystone		00:09
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Add get_communication_params interface to plugins https://review.openstack.org/141267	00:12
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Add get_headers interface to authentication plugins https://review.openstack.org/140894	00:13
*** nellysmitt has quit IRC		00:14
*** joesavak has quit IRC		00:15
*** SpamapS has left #openstack-keystone		00:16
*** david-lyle is now known as david-lyle_afk		00:31
*** dims has quit IRC		00:32
openstackgerrit	Nathan Kinder proposed openstack/oslo.policy: Improve policy documentation https://review.openstack.org/150953	00:44
openstackgerrit	Merged openstack/keystone: do parameter check before updating endpoint_group https://review.openstack.org/146040	00:45
*** spandhe has quit IRC		00:46
*** tellesnobrega_ has quit IRC		00:47
*** _cjones_ has quit IRC		00:51
*** _cjones_ has joined #openstack-keystone		00:52
nkinder	morganfainberg: what's the process around getting +A on specs? Is that only done after discussion in the weekly meeting?	00:55
nkinder	morganfainberg: was wondering about this one - https://review.openstack.org/#/c/148229/	00:55
rodrigods	nkinder, think this one didn't receive a +A because both +2 were from engineers from the same company	00:56
nkinder	rodrigods: ah, I see	00:56
*** fifieldt has quit IRC		01:00
rodrigods	stevemar2, maybe you can approve this change? https://review.openstack.org/#/c/148080/ (has already 2 +2)	01:00
rodrigods	stevemar2, or we never should +A something that has not approved dependencies?	01:01
jamielennox	morganfainberg: so swift doesn't use oslo.config - AT ALL - how do we handle that and not have people configure auth_token from paste?	01:01
* jamielennox thinks that he didn't break devstack - swift broke devstack		01:01
*** avozza is now known as zz_avozza		01:05
*** jaosorior has quit IRC		01:14
*** zzzeek has quit IRC		01:18
*** lhcheng has quit IRC		01:20
*** zz_avozza is now known as avozza		01:26
*** markvoelker_ has quit IRC		01:34
*** markvoelker has joined #openstack-keystone		01:35
*** markvoelker has quit IRC		01:40
*** ayoung has joined #openstack-keystone		01:41
*** ChanServ sets mode: +v ayoung		01:41
stevemar2	rodrigods, yeah, no point in +A'ing something that has a dependency	01:43
*** _cjones_ has quit IRC		01:44
*** lhcheng has joined #openstack-keystone		01:44
*** lhcheng_ has joined #openstack-keystone		01:46
*** ayoung has quit IRC		01:46
*** lhcheng has quit IRC		01:48
*** tellesnobrega_ has joined #openstack-keystone		01:53
*** ljfisher has quit IRC		01:56
*** samueldmq_ has quit IRC		02:00
*** lhcheng_ has quit IRC		02:00
*** ayoung has joined #openstack-keystone		02:01
*** ChanServ sets mode: +v ayoung		02:01
*** packet has quit IRC		02:07
*** nellysmitt has joined #openstack-keystone		02:10
*** abhirc has quit IRC		02:11
*** nellysmitt has quit IRC		02:14
morganfainberg	jamielennox, uhm..	02:16
morganfainberg	jamielennox, no good idea	02:16
openstackgerrit	Brant Knudson proposed openstack/keystone: Move eventlet server options to a config section https://review.openstack.org/130962	02:17
openstackgerrit	Brant Knudson proposed openstack/keystone: Regenerate sample config file https://review.openstack.org/151505	02:17
jamielennox	i think it essentially means i don't get to deprecate passing options via paste	02:19
*** erkules_ has joined #openstack-keystone		02:19
jamielennox	and i need to come up with some way of supporting both	02:19
*** erkules has quit IRC		02:22
openstackgerrit	Merged openstack/keystone-specs: IDP ID registration and validation https://review.openstack.org/148229	02:23
nkinder	morganfainberg: thanks for reviewing/approving that spec!	02:32
openstackgerrit	Brant Knudson proposed openstack/keystone: Move eventlet server options to a config section https://review.openstack.org/130962	02:32
openstackgerrit	Brant Knudson proposed openstack/keystone: Cleanup tests to not set multiple workers. https://review.openstack.org/151511	02:32
morganfainberg	jamielennox, yeah :(	02:42
morganfainberg	hrm	02:42
*** rushiagr_away is now known as rushiagr		02:43
*** rwsu is now known as rwsu-afk		02:48
*** harlowja_ is now known as harlowja_away		02:58
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	03:10
*** KanagarajM has joined #openstack-keystone		03:17
*** rushiagr is now known as rushiagr_away		03:17
*** adam_g_out is now known as adam_g		03:29
*** topol has joined #openstack-keystone		03:33
*** ChanServ sets mode: +v topol		03:33
*** topol has quit IRC		03:51
*** rushiagr_away is now known as rushiagr		03:56
*** rushiagr has quit IRC		04:00
*** rushiagr has joined #openstack-keystone		04:00
*** richm has quit IRC		04:03
*** nellysmitt has joined #openstack-keystone		04:11
*** nellysmitt has quit IRC		04:15
*** zzzeek has joined #openstack-keystone		04:37
*** ncoghlan has joined #openstack-keystone		04:54
stevemar2	anyone know why we set public=False to the notifications for region/service/endpoint/policy??	05:05
stevemar2	by doing that we only limit them to being used for callback handling	05:06
stevemar2	oh maybe it's for the endpoint policy stuff...	05:06
*** zzzeek has quit IRC		05:08
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Add a new CADF type for keystone trusts https://review.openstack.org/151536	05:16
*** haneef has joined #openstack-keystone		05:32
*** erkules_ is now known as erkules		05:32
haneef	jamielennox: question - keystoneclient.auth.identity.v3.Password.get_options -- Why don't we register project_id, project_name etc. How does does this plugin get project info?	05:40
jamielennox	haneef: we do	05:40
jamielennox	.. we pretty much have to	05:40
haneef	I done see : https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/auth/identity/v3.py#L273	05:41
jamielennox	haneef: it's in the super()	05:42
jamielennox	https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/auth/identity/v3.py#L144	05:42
haneef	ok, iI see in baseclass	05:42
*** afazekas_ has joined #openstack-keystone		05:43
haneef	Thanks	05:43
jamielennox	yep, so all v3 auth plugins are going to need that information to know what to scope against	05:43
jamielennox	haneef: np	05:43
*** jaosorior has joined #openstack-keystone		05:56
*** nellysmitt has joined #openstack-keystone		06:12
*** nellysmitt has quit IRC		06:16
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/151547	06:21
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	06:28
*** EmilienM is now known as EmilienM\|afk		06:29
*** quack_quack_ has quit IRC		06:29
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	06:31
*** ajayaa has joined #openstack-keystone		06:34
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	06:39
openstackgerrit	Steve Martinelli proposed openstack/keystone: Refactor _send_audit_notification https://review.openstack.org/151551	06:39
openstackgerrit	Steve Martinelli proposed openstack/keystone: Refactor _send_audit_notification https://review.openstack.org/151551	06:40
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	06:40
*** stevemar2 is now known as stevemar		06:41
openstackgerrit	Merged openstack/python-keystoneclient: Add validate token for v2.0 https://review.openstack.org/141944	06:48
*** afazekas_ has quit IRC		07:16
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	07:18
*** stevemar has quit IRC		07:24
*** afazekas has quit IRC		07:25
*** avozza is now known as zz_avozza		07:37
*** ncoghlan has quit IRC		07:37
*** zz_avozza is now known as avozza		07:52
*** ajayaa has quit IRC		08:01
openstackgerrit	wanghong proposed openstack/keystone: make trust manager raise formatted message exception https://review.openstack.org/149550	08:06
*** chlong has quit IRC		08:08
*** nellysmitt has joined #openstack-keystone		08:13
*** nellysmitt has quit IRC		08:14
*** nellysmitt has joined #openstack-keystone		08:14
openstackgerrit	Merged openstack/keystone: Imported Translations from Transifex https://review.openstack.org/151547	08:18
*** pnavarro has joined #openstack-keystone		08:27
*** avozza is now known as zz_avozza		08:35
*** KanagarajM has quit IRC		08:35
*** wanghong has quit IRC		08:35
*** zhiyuan has quit IRC		08:35
*** breton_ is now known as bretom		08:36
*** bretom is now known as breton		08:36
*** oomichi has quit IRC		08:39
*** zhiyuan has joined #openstack-keystone		08:41
openstackgerrit	Yuriy Taraday proposed openstack/keystone: Add a module to work with LDAP filters and DNs https://review.openstack.org/117484	08:41
*** zhiyuan has quit IRC		08:42
*** zhiyuan has joined #openstack-keystone		08:43
*** zhiyuan has quit IRC		08:45
*** zhiyuan has joined #openstack-keystone		08:46
*** bjornar has quit IRC		08:54
*** KanagarajM has joined #openstack-keystone		09:03
*** bjornar has joined #openstack-keystone		09:09
*** afazekas has joined #openstack-keystone		09:17
*** fmarco76 has joined #openstack-keystone		09:26
*** jistr has joined #openstack-keystone		09:31
openstackgerrit	Marek Denis proposed openstack/keystone: Implement Service Providers API for OS-FEDERATION https://review.openstack.org/104623	09:35
*** fmarco76 has left #openstack-keystone		09:55
*** fmarco76 has joined #openstack-keystone		09:58
*** fmarco76 has left #openstack-keystone		09:58
*** fmarco76 has joined #openstack-keystone		10:02
openstackgerrit	wanghong proposed openstack/keystone: add missing links for v3 OS-EC2 API response https://review.openstack.org/151592	10:14
*** tellesnobrega_ has quit IRC		10:16
*** tsufiev_ is now known as tsufiev		10:26
*** henrynash has joined #openstack-keystone		10:30
*** ChanServ sets mode: +v henrynash		10:30
*** tellesnobrega_ has joined #openstack-keystone		10:32
*** jamielennox is now known as jamielennox\|away		10:36
*** jacer_huawei has joined #openstack-keystone		10:37
*** chlong has joined #openstack-keystone		10:43
*** tellesnobrega_ has quit IRC		10:44
*** jamielennox\|away is now known as jamielennox		10:44
*** krykowski has joined #openstack-keystone		10:46
*** nellysmitt has quit IRC		10:50
*** breton has quit IRC		10:54
*** krykowski has quit IRC		10:55
*** henrynash has quit IRC		10:55
*** jamielennox is now known as jamielennox\|away		10:56
*** breton has joined #openstack-keystone		10:58
*** andreaf has joined #openstack-keystone		11:01
*** krykowski has joined #openstack-keystone		11:04
*** jaosorior has quit IRC		11:06
*** jaosorior has joined #openstack-keystone		11:06
*** gtt116_ has joined #openstack-keystone		11:07
*** gtt116 has quit IRC		11:11
openstackgerrit	Marek Denis proposed openstack/keystone: Service Providers API for OS-FEDERATION https://review.openstack.org/104623	11:14
*** henrynash has joined #openstack-keystone		11:17
*** ChanServ sets mode: +v henrynash		11:17
*** jacer_huawei has quit IRC		11:19
*** jacer_huawei has joined #openstack-keystone		11:20
*** krykowski has quit IRC		11:25
*** krykowski has joined #openstack-keystone		11:26
*** KanagarajM has quit IRC		11:28
openstackgerrit	Marco Fargetta proposed openstack/keystone: Multiple IDP authentication URL https://review.openstack.org/142743	11:29
*** obutenko_ has joined #openstack-keystone		11:30
*** aix has joined #openstack-keystone		11:34
*** zz_avozza is now known as avozza		11:41
openstackgerrit	Marco Fargetta proposed openstack/keystone: Multiple IDP authentication URL https://review.openstack.org/142743	11:50
*** gabriel-bezerra has joined #openstack-keystone		11:51
*** BobBall has left #openstack-keystone		11:53
*** diegows has joined #openstack-keystone		11:55
*** diegows has quit IRC		11:55
*** diegows has joined #openstack-keystone		11:56
*** fmarco76 has left #openstack-keystone		12:00
*** krykowski has quit IRC		12:08
*** nellysmitt has joined #openstack-keystone		12:10
*** jasondotstar has quit IRC		12:12
*** andreaf has quit IRC		12:13
*** andreaf has joined #openstack-keystone		12:14
*** krykowski has joined #openstack-keystone		12:14
*** aix has quit IRC		12:22
openstackgerrit	henry-nash proposed openstack/keystone: Support data-driven backend assignment testing https://review.openstack.org/149178	12:28
*** nellysmitt has quit IRC		12:31
openstackgerrit	henry-nash proposed openstack/keystone: Add support for data-driven backend assignment testing https://review.openstack.org/149178	12:38
openstackgerrit	henry-nash proposed openstack/keystone: Add support for effective & inherited mode in data driven tests https://review.openstack.org/151623	12:39
openstackgerrit	henry-nash proposed openstack/keystone: Add support for effective & inherited mode in data driven tests https://review.openstack.org/151623	12:40
*** krykowski has quit IRC		12:56
*** aix has joined #openstack-keystone		13:03
*** rushiagr is now known as rushiagr_away		13:06
*** henrynash has quit IRC		13:07
*** ljfisher has joined #openstack-keystone		13:13
*** tellesnobrega_ has joined #openstack-keystone		13:16
*** ljfisher has quit IRC		13:16
*** nellysmitt has joined #openstack-keystone		13:18
*** henrynash has joined #openstack-keystone		13:19
*** ChanServ sets mode: +v henrynash		13:19
*** bdossant has joined #openstack-keystone		13:22
*** krykowski has joined #openstack-keystone		13:23
*** tellesnobrega_ has quit IRC		13:25
*** EmilienM\|afk is now known as EmilienM		13:28
*** radez_g0n3 is now known as radez		13:28
rodrigods	henrynash, updated the reseller spec with the content of our discussion yesterday :)	13:34
henrynash	rodigods: ok…will look later	13:35
rodrigods	henrynash, thx!	13:36
raildo	henrynash, thanks :)	13:37
*** markvoelker has joined #openstack-keystone		13:37
*** henrynash has quit IRC		13:37
*** rushiagr_away is now known as rushiagr		13:48
*** markvoelker has quit IRC		13:51
*** markvoelker has joined #openstack-keystone		13:52
*** markvoelker has quit IRC		13:57
*** mflobo1 has quit IRC		13:58
*** henrynash has joined #openstack-keystone		14:02
*** ChanServ sets mode: +v henrynash		14:02
*** krykowski has quit IRC		14:08
*** mattfarina has joined #openstack-keystone		14:10
*** raildo has quit IRC		14:10
*** richm has joined #openstack-keystone		14:13
*** angelamolock has quit IRC		14:13
*** krykowski has joined #openstack-keystone		14:14
*** raildo has joined #openstack-keystone		14:15
*** jasondotstar has joined #openstack-keystone		14:15
*** openstackstatus has joined #openstack-keystone		14:20
*** ChanServ sets mode: +v openstackstatus		14:20
-openstackstatus- NOTICE: zuul isn't running jobs since ~10:30 utc, investigation underway		14:24
*** ChanServ changes topic to "zuul isn't running jobs since ~10:30 utc, investigation underway"		14:24
*** henrynash_ has joined #openstack-keystone		14:27
*** ChanServ sets mode: +v henrynash_		14:27
*** henrynash has quit IRC		14:28
*** henrynash_ is now known as henrynash		14:28
*** EmilienM is now known as EmilienM\|afl		14:35
*** EmilienM\|afl is now known as EmilienM\|afk		14:35
*** dims has joined #openstack-keystone		14:36
*** henrynash has quit IRC		14:36
*** bknudson has joined #openstack-keystone		14:38
openstackgerrit	David Stanek proposed openstack/keystone: Support for running functional federation tests https://review.openstack.org/139137	14:38
openstackgerrit	David Stanek proposed openstack/keystone: adds a devstack plugin for setting up federation https://review.openstack.org/151311	14:38
*** ChanServ sets mode: +v bknudson		14:38
*** gtt116_ has quit IRC		14:45
*** gtt116_ has joined #openstack-keystone		14:45
*** joesavak has joined #openstack-keystone		14:50
openstackgerrit	ayoung proposed openstack/keystone-specs: Merge role id and role name https://review.openstack.org/151657	14:52
*** diegows has quit IRC		14:53
*** gordc has joined #openstack-keystone		15:09
*** avozza is now known as zz_avozza		15:14
openstackgerrit	Alexander Makarov proposed openstack/keystone: Redis token backend https://review.openstack.org/150844	15:18
*** nellysmitt has quit IRC		15:18
*** r-daneel has joined #openstack-keystone		15:22
*** markvoelker has joined #openstack-keystone		15:22
*** stevemar has joined #openstack-keystone		15:24
*** ChanServ sets mode: +v stevemar		15:24
*** markvoelker has quit IRC		15:25
*** markvoelker has joined #openstack-keystone		15:25
*** zz_avozza is now known as avozza		15:29
*** timcline has joined #openstack-keystone		15:30
*** angelamolock has joined #openstack-keystone		15:32
*** packet has joined #openstack-keystone		15:33
*** dims has quit IRC		15:39
*** krykowski has quit IRC		15:41
*** topol has joined #openstack-keystone		15:42
*** ChanServ sets mode: +v topol		15:42
*** carlosmarin has joined #openstack-keystone		15:44
marekd	Hm, I just noticed mappings and protocols don't have 'enabled' attribute.	15:44
*** avozza is now known as zz_avozza		15:44
*** dims has joined #openstack-keystone		15:46
*** kfox1111 has joined #openstack-keystone		15:48
*** dims has quit IRC		15:50
*** kragniz is now known as zingark		15:53
marekd	morganfainberg: what status code should keystone response if an user tries to do the action on disabled object?	15:55
marekd	403?	15:55
*** abhirc has joined #openstack-keystone		15:55
*** timcline has quit IRC		15:56
*** timcline has joined #openstack-keystone		15:57
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Add validate token for v3 https://review.openstack.org/142147	15:58
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Tests use keep_blank_values when parse_qs https://review.openstack.org/151471	15:58
*** zz_avozza is now known as avozza		16:05
openstackgerrit	Marek Denis proposed openstack/keystone: During authentication validate if IdP is enabled https://review.openstack.org/151683	16:06
*** EmilienM\|afk is now known as EmilienM		16:07
ayoung	dstanek, how do I trigger -f (fail fast) option with tox for -ep27?	16:08
dstanek	ayoung: i think it's 'tox -e py27 -- --failfast'	16:09
ayoung	dstanek, nope	16:09
dstanek	ayoung: what happens when you do that?	16:09
ayoung	dstanek, the -- -failfast gets passed to setup.py	16:10
ayoung	dstanek, http://paste.fedoraproject.org/178444/22634244/	16:10
ayoung	maybe -- -- ?	16:11
dstanek	ayoung: hmm...let me look. that looks like it gets passed to testr OK, but it doesn't know what it is	16:11
ayoung	dstanek, and doing tox -e py27 -- -- --failfast	16:12
ayoung	just gets ignored an all the tests run	16:12
*** ChanServ changes topic to "Release Blockers: https://gist.github.com/dolph/651c6a1748f69637abd0 << please review for client release on Feb 1st \| http://opensax.com/ \| Reviews Guarantee Citizenship </starship troopers>"		16:12
-openstackstatus- NOTICE: zuul is running again and changes have been reenqueud. seehttp://status.openstack.org/zuul/ before rechecking if in doubt		16:12
ayoung	dstanek, I'm doing this on python-keystoneclient btw	16:12
*** bjornar has quit IRC		16:18
dstanek	ayoung: i got the command to work by using 'tox -e py27 -- " -- --failfast"'	16:18
ayoung	joy	16:18
dstanek	ayoung: but it doesn't seem to actually stop - it just doesn't complain about the args	16:18
ayoung	dstanek, that still seems to run multiple tests	16:19
dstanek	testr is so much more painful than just running nose	16:19
ayoung	maybe due to parallelization?	16:19
*** david-lyle_afk is now known as david-lyle		16:19
dstanek	ayoung: yep that was it	16:20
dstanek	TEST_RUN_CONCURRENCY=1 tox -e py27 -- " -- --failfast"	16:20
dstanek	and that's my final answer!	16:20
ayoung	dstanek, nope	16:20
dstanek	add -- that actually works for me	16:21
ayoung	$ TEST_RUN_CONCURRENCY=1 tox -e py27 -- " -- --failfast" 2>&1 \| fpaste	16:21
ayoung	Uploading (10.0KiB)...	16:21
ayoung	http://ur1.ca/jlafn -> http://paste.fedoraproject.org/178453/14226348	16:21
dstanek	s/add/odd/	16:21
dstanek	i wonder why you env isn't picking up the env variable	16:22
dstanek	that variable is used in .testr.conf	16:22
ayoung	dstanek, too many layers of cruft here.	16:23
dstanek	ayoung: yes, the openstack way!	16:24
ayoung	dstanek, its not my way	16:24
ayoung	my way is to hide behind a boulder and hit him in the head with a rock	16:24
ayoung	my way's not very sportsmanlike	16:24
dstanek	this is why i still use nose to run tests	16:24
*** nellysmitt has joined #openstack-keystone		16:25
ayoung	dstanek, yeah, but that means we are not communicating with the community about how best to do things	16:25
ayoung	run_test.sh still exsits, but we all now use tox for the venv...	16:25
ayoung	I work with this crap all day and I still get hung, imagine the casual developers plight	16:26
dstanek	testr actually makes me angry :-(	16:26
dstanek	we use tox to run a command under different versions of Python	16:27
dstanek	in tox the command we run is testr	16:27
dstanek	testr is really just a wrapper about subunit - it first call a list command and feeds the results in the a run command	16:27
dstanek	testr is configured in .testr.conf	16:28
dstanek	all of this means that command line args are carried through the various commands in an insane and hard to follow way	16:28
ayoung	dstanek, so what should we be doing?	16:29
*** avozza is now known as zz_avozza		16:30
*** abhirc has quit IRC		16:30
*** dims has joined #openstack-keystone		16:31
*** dims has quit IRC		16:31
*** dims has joined #openstack-keystone		16:32
*** zz_avozza is now known as avozza		16:32
*** zzzeek has joined #openstack-keystone		16:33
*** dims is now known as dimsum__		16:33
dstanek	ayoung: i'd rather be on on nose, but i don't think openstack will ever go back	16:34
ayoung	dstanek, what, specifically, would nose replace? all of testr, or just the subcommand part?	16:34
dstanek	all of testr	16:35
dstanek	so far it has no provided any value to me ... only pain	16:35
ayoung	dstanek, it is all pain to me	16:36
*** jasondotstar has quit IRC		16:36
dstanek	we use nose for python3 tests now because testr must crawl and parse the entire code tree even if you only want to run a single test	16:36
ayoung	could we at least have alternate tox rules to run nose?	16:36
dstanek	i do that now for myself - otherwise i'd be going nuts	16:37
*** andreaf has quit IRC		16:37
dstanek	i also use nose directly in my vim config to run tests, which i can't do with testr	16:37
*** andreaf has joined #openstack-keystone		16:38
ayoung	dstanek, I'm just realizing how dreadful out sample data was in the client tests	16:39
ayoung	latest one seems to be endpoints-without-ids	16:39
dstanek	marekd: what kind of operation?	16:40
raildo	ayoung, ping, we updated the reseller spec with what we discuss yesterday, if you have some time to take a look, i appreciate :) https://review.openstack.org/#/c/139824/25/specs/kilo/reseller.rst	16:41
ayoung	raildo, at some point...but I have more basic errors to fix first	16:41
raildo	ayoung, ok	16:42
*** rwsu-afk is now known as rwsu		16:49
openstackgerrit	Brant Knudson proposed openstack/keystone: Change oslo.utils to oslo_utils https://review.openstack.org/148019	16:49
openstackgerrit	Brant Knudson proposed openstack/keystone: Change oslo.serialization to oslo_serialization https://review.openstack.org/148025	16:49
openstackgerrit	Brant Knudson proposed openstack/keystone: Change oslo.config to oslo_config https://review.openstack.org/145250	16:49
openstackgerrit	Brant Knudson proposed openstack/keystone: Change oslo.db to oslo_db https://review.openstack.org/148029	16:49
openstackgerrit	Brant Knudson proposed openstack/keystone: Change oslo.messaging to oslo_messaging https://review.openstack.org/148028	16:49
* stevemar patiently waits for someone to review his notification work whistles		16:54
*** packet has quit IRC		16:54
*** packet has joined #openstack-keystone		16:56
*** KanagarajM2 has joined #openstack-keystone		16:59
*** bdossant has quit IRC		17:00
*** angelamo_ has joined #openstack-keystone		17:00
*** angelamolock has quit IRC		17:04
dstanek	are we still keeping catalog KVS around?	17:05
*** zingark is now known as krangiz		17:07
*** krangiz is now known as kragniz		17:07
*** chuckcarmack has joined #openstack-keystone		17:08
stevemar	dstanek, i think so, isn't it needed for templated?	17:11
*** gyee has joined #openstack-keystone		17:11
*** ChanServ sets mode: +v gyee		17:11
openstackgerrit	Brant Knudson proposed openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	17:12
dstanek	stevemar: it does use it now, but there is no reason that it can't be collapsed	17:13
stevemar	dstanek, kill it with fire?	17:13
stevemar	the catalog backend is a mess	17:13
*** obutenko_ has quit IRC		17:16
*** afazekas has quit IRC		17:23
*** lhcheng has joined #openstack-keystone		17:24
openstackgerrit	Merged openstack/python-keystoneclient: Tests use keep_blank_values when parse_qs https://review.openstack.org/151471	17:30
dstanek	stevemar: yeah, looking into some weird test behavior now	17:30
stevemar	dstanek, currently the templated catalog doesn't return IDs for endpoints	17:35
*** nellysmitt has quit IRC		17:35
stevemar	dstanek, and doesn't enforce it either	17:35
stevemar	refer to bugs here: https://review.openstack.org/#/c/131663/	17:35
stevemar	so consumers (like pycadf, and even ksc/ksm) make assumptions about what's returned, and left throwing exceptions	17:36
stevemar	or weird round-about code	17:36
*** _cjones_ has joined #openstack-keystone		17:39
*** dimsum__ has quit IRC		17:40
*** harlowja_away is now known as harlowja_		17:50
*** kfox1111 has quit IRC		17:52
*** alex_xu has quit IRC		17:52
*** alex_xu has joined #openstack-keystone		17:55
*** abhirc has joined #openstack-keystone		17:55
morganfainberg	marekd, i think we 404 on disabled	17:56
morganfainberg	marekd, but i'd look at other APIs to be sure	17:56
raildo	morganfainberg, ping, do you have some time to review the reseller spec? we updated with what we discuss yesterday :D https://review.openstack.org/#/c/139824/25/specs/kilo/reseller.rst	17:56
morganfainberg	marekd, i'll see what i can dig up, but it also depends on the operation	17:56
morganfainberg	raildo, i am just getting going today but yes.	17:56
dstanek	morganfainberg: what's the final word on the kvs backend for catalogs? should be removed right?	17:56
raildo	morganfainberg, ok, thanks :)	17:57
morganfainberg	dstanek, if we can	17:57
morganfainberg	dstanek, it's a mes.	17:57
morganfainberg	mess*	17:57
dstanek	morganfainberg: but templated stays?	17:57
morganfainberg	dstanek, yes, it's actually used by a number of deployers	17:57
morganfainberg	CMS vs API configuration	17:57
morganfainberg	i don't like it, but i can't justify removing it	17:57
*** kfox1111 has joined #openstack-keystone		17:58
dstanek	morganfainberg: what's awesome is that since the base class is deprecated both kvs and templated catalogs log deprecation warnings	17:58
morganfainberg	dstanek, yeah we need to fix that	17:58
dstanek	morganfainberg: i started working on a patch earlier that i can finish up today	17:59
morganfainberg	cool	17:59
*** harlowja_ has quit IRC		18:04
*** _cjones_ has quit IRC		18:04
*** TempLPBugBot has quit IRC		18:06
*** TempLPBugBot has joined #openstack-keystone		18:06
*** _cjones_ has joined #openstack-keystone		18:07
*** charz has quit IRC		18:07
*** harlowja has joined #openstack-keystone		18:07
*** dobson has quit IRC		18:07
*** dimsum__ has joined #openstack-keystone		18:07
*** mkoderer has quit IRC		18:07
morganfainberg	raildo, reviewed - minor comments that should be easy to address before this goes in	18:08
*** samueldmq has quit IRC		18:08
*** amakarov has quit IRC		18:08
raildo	morganfainberg, thanks! I'll fix and send a new patch now :)	18:08
morganfainberg	raildo, added 1 more comment	18:09
morganfainberg	re: marking the new API calls experimental	18:09
*** Qlawy has quit IRC		18:09
raildo	morganfainberg, ok, I will do that.	18:09
*** alex_xu has quit IRC		18:09
*** radez is now known as radez_g0n3		18:10
*** Qlawy has joined #openstack-keystone		18:10
*** alex_xu has joined #openstack-keystone		18:11
*** radez_g0n3 is now known as radez		18:12
*** mkoderer has joined #openstack-keystone		18:13
*** charz has joined #openstack-keystone		18:14
morganfainberg	stevemar, is there anything besides the pycadf lib we need to document taxonomy?	18:16
morganfainberg	stevemar, re: https://review.openstack.org/#/c/151536/1	18:16
*** dobson has joined #openstack-keystone		18:19
*** amakarov has joined #openstack-keystone		18:20
*** samueldmq has joined #openstack-keystone		18:22
openstackgerrit	Merged openstack/oslo.policy: Explicit configuration object https://review.openstack.org/150969	18:23
*** markvoelker has quit IRC		18:25
openstackgerrit	Merged openstack/oslo.policy: Improve policy documentation https://review.openstack.org/150953	18:27
*** KanagarajM2 has quit IRC		18:37
*** rushiagr is now known as rushiagr_away		18:37
*** spandhe has joined #openstack-keystone		18:40
-openstackstatus- NOTICE: Gerrit and Zuul will be offline from 1900 to 1930 UTC for project renames		18:42
*** angelamo_ has quit IRC		18:47
*** angelamolock has joined #openstack-keystone		18:51
*** henrynash has joined #openstack-keystone		18:53
*** ChanServ sets mode: +v henrynash		18:53
*** angelamolock has quit IRC		18:53
*** angelamolock has joined #openstack-keystone		18:54
openstackgerrit	Marco Fargetta proposed openstack/keystone: Multiple IDP authentication URL https://review.openstack.org/142743	18:59
*** jaosorior has quit IRC		19:06
-openstackstatus- NOTICE: Gerrit and Zuul are offline until 1930 UTC for project renames		19:07
*** ChanServ changes topic to "Gerrit and Zuul are offline until 1930 UTC for project renames"		19:07
*** jistr has quit IRC		19:08
*** jasondotstar has joined #openstack-keystone		19:10
*** bknudson has quit IRC		19:14
*** tqtran_afk has joined #openstack-keystone		19:17
*** tqtran_afk is now known as tqtran		19:18
*** tqtran is now known as tqtran_afk		19:20
*** henrynash has quit IRC		19:22
*** ChanServ changes topic to "Release Blockers: https://gist.github.com/dolph/651c6a1748f69637abd0 << please review for client release on Feb 1st \| http://opensax.com/ \| Reviews Guarantee Citizenship </starship troopers>"		19:30
-openstackstatus- NOTICE: Gerrit is back online		19:30
*** vhoward has left #openstack-keystone		19:30
*** zzzeek has quit IRC		19:34
*** nellysmitt has joined #openstack-keystone		19:35
*** nellysmitt has quit IRC		19:40
raildo	morganfainberg, just one doubt about the henrynash question in the reseller spec (line 311), what do you think? maybe we need use the domain id instead the domain name?	19:43
raildo	https://review.openstack.org/#/c/139824/25/specs/kilo/reseller.rst	19:43
*** zzzeek has joined #openstack-keystone		19:44
morganfainberg	It's a real issue.	19:45
morganfainberg	We will need to solve that in either case (domain name)	19:45
morganfainberg	And how to reference the hierarchy.	19:45
*** vhoward has joined #openstack-keystone		19:45
morganfainberg	ayoung: ^ thoughts?	19:46
*** EmilienM is now known as EmilienM\|afk		19:47
ayoung	morganfainberg, so domain_id is globally unique. domain name is unique in the namespace...what is the issue?	19:47
morganfainberg	Referencing a hierarchy.	19:47
ayoung	I don't think we "turn projects into domains"	19:47
morganfainberg	By name.	19:47
morganfainberg	Delimiter? Since we have no reserved characters atm.	19:48
*** dimsum__ has quit IRC		19:48
ayoung	the name of a domain will be an URL	19:48
ayoung	the delimiter will be the /	19:48
ayoung	(fragemtn of an url really)	19:49
morganfainberg	ayoung: I think you can use that today though in a domain name	19:49
morganfainberg	Meaning we just broke potential users doing that.	19:49
morganfainberg	This is a hard compatibility issue.	19:49
ayoung	I would think that roles are not inherited across domain boundaries by default	19:49
* morganfainberg checks schema for domains.		19:49
ayoung	morganfainberg, ?	19:49
ayoung	doimain names can't have / in them today	19:50
ayoung	can they?	19:50
morganfainberg	You sure?	19:50
morganfainberg	I think they can. Checking the json schema.	19:50
ayoung	do we use them in URLs anywhere?	19:50
morganfainberg	Don't think so	19:51
morganfainberg	And schema says "string". So if string includes '/'....	19:51
ayoung	so lets not allow nested domains under the existing API.	19:52
ayoung	if we can't do it cleanly, we need to provide a better mech	19:52
morganfainberg	ayoung: so only new domains can be in a hierarchy?	19:52
*** thedodd has joined #openstack-keystone		19:53
ayoung	if names cannot be URL safe due to backwards compat reasons, we need a differnt name mechanism. Names become an array or something	19:53
morganfainberg	I wonder if we can special-case existing domains with a / in them.	19:53
rodrigods	why we don't allow request a token using the entity name for not roots?	19:53
rodrigods	bad english ^	19:53
ayoung	No. Let's explicitly not allow domains with / in it to start	19:54
morganfainberg	rodrigods: I think that is a worse solution.	19:54
ayoung	give people a chance to migrate	19:54
ayoung	and then do them as URLs	19:54
morganfainberg	ayoung: my point was no one can make new domains with / and old domains can't participate in a hierarchy of they have a /	19:54
morganfainberg	That kind of special case.	19:54
ayoung	the alternative is doman : name : ['a','b','c']	19:55
morganfainberg	ayoung: gross. :P this isn't c :P	19:55
ayoung	morganfainberg, no, this is JSON	19:55
rodrigods	I liked ayoung's idea	19:55
morganfainberg	No this is Sparta	19:55
raildo	haha	19:56
rodrigods	lol	19:56
*** angelamolock has quit IRC		19:56
ayoung	the alternative is doman : { name : ['a','b','c'] } instead of domain: { name : 'a/b/c' }	19:56
rodrigods	if we could use lists in the field name, they could represent hierarchies	19:56
raildo	sounds good to me	19:56
morganfainberg	ayoung: that will definitely break current api.	19:56
rodrigods	as ayoung is proposing	19:56
ayoung	I know	19:56
rodrigods	morganfainberg, true :(	19:56
morganfainberg	ayoung: the answer is Id rather exempt / as a delimiter.	19:57
ayoung	fine by me	19:57
morganfainberg	And domains with / in the name can't be in a hierarchy (but can be renamed).	19:57
raildo	morganfainberg, ok, I'll put this in the spec	19:57
ayoung	we need to start using URLs as the primary way we refer to objects. Our current approach is too custom	19:57
morganfainberg	ayoung: until now we've used ids due to a lack of hierarchy to solve that issue (or dodge it more appropriately)	19:58
ayoung	morganfainberg, if there is a / in the name at all it will probably make parsing ... bad	19:58
morganfainberg	Same will need to apply to projects.	19:58
morganfainberg	Oh boy, not going to be fun :(	19:59
*** aix has quit IRC		19:59
morganfainberg	ayoung: alternative. Is a mid ground	19:59
morganfainberg	Specifying the hierarchy is an array.	20:00
rodrigods	morganfainberg, thx for the review in the parent_as_ids patch, ayoung lost the opportunity to review it	20:00
morganfainberg	Name is never used as the flat string in the hierarchy.	20:00
morganfainberg	But that becomes weird	20:00
morganfainberg	Bah.	20:00
ayoung	morganfainberg, flat string is the degenerate case, and is treated the same as a singe element array ["doma"]	20:06
*** openstackgerrit has quit IRC		20:06
*** openstackgerrit has joined #openstack-keystone		20:06
morganfainberg	ayoung the issue is what our API returns to the client	20:07
ayoung	but dropping "/" as a valid char in a domain name is a better approach	20:07
morganfainberg	that would be the breaking part.	20:07
ayoung	in the token?	20:07
morganfainberg	anywhere	20:07
morganfainberg	if you need to reference the hierarchy	20:08
morganfainberg	anyway	20:08
morganfainberg	making '/' a reserrved seems much better	20:08
ayoung	yes	20:08
ayoung	lets proposed for it everywhere, and then people will object to the real cases they have	20:08
morganfainberg	ayoung, x-project spec?	20:11
ayoung	huh?	20:12
morganfainberg	"propose everywhere"	20:12
morganfainberg	or just everywehre in keystone?	20:12
stevemar	morganfainberg, hey, question about notifications.... according to http://docs.openstack.org/developer/keystone/event_notifications.html we emit notifications for region/endpoint/service/policy, but those are actually not emitted publicly	20:13
morganfainberg	stevemar, sounds like we should be emitting them	20:13
morganfainberg	then	20:13
stevemar	i think those 4 are only used for callback handling	20:13
morganfainberg	here is the deal	20:14
morganfainberg	would you want to audit on an action happening to a region, endpoint, service, or policy?	20:14
morganfainberg	if the answer is yes - [or take an action based on that event]	20:14
morganfainberg	it should emit	20:14
stevemar	let me think about it	20:14
stevemar	topol, do you have an opinion on that ^	20:15
topol	stevemar, on what?	20:15
stevemar	topol, so according to http://docs.openstack.org/developer/keystone/event_notifications.html we emit notifications on region/endpoint/service CRUD - but we actually don't, we just use them for internal callbacks.	20:16
stevemar	topol, so do you think a region/endpoint/service CRUD event is audit-worthy?	20:17
stevemar	those are typically admin only events	20:17
topol	stevemar onesec	20:17
*** david-lyle has quit IRC		20:25
*** harlowja is now known as harlowja_away		20:29
*** tqtran_afk is now known as tqtran		20:29
openstackgerrit	ayoung proposed openstack/python-keystoneclient: Access Info https://review.openstack.org/138519	20:30
openstackgerrit	ayoung proposed openstack/python-keystoneclient: add issued_at and id values to sample data https://review.openstack.org/151761	20:30
*** harlowja_away is now known as harlowja		20:34
openstackgerrit	Raildo Mascena de Sousa Filho proposed openstack/keystone-specs: Reseller https://review.openstack.org/139824	20:34
topol	stevemar, so two options. My gut says I think region,endpoint, service is all audit worthy. In an audit those are things you would want to know	20:36
*** avozza is now known as zz_avozza		20:36
topol	stevemar, but at the same time its okay to be stakeholder driven. So if needed you can defer it if we don't have a stakeholder asking for it yet	20:37
topol	stevemar, but I think eventually someone will want audit records for that	20:37
topol	stevemar, make sense?	20:38
*** richm has quit IRC		20:40
*** dimsum__ has joined #openstack-keystone		20:41
stevemar	topol, yep, makes sense... i'm asking our stakeholder now	20:46
morganfainberg	topol is a steak holder?	20:46
topol	great minds think alike	20:46
stevemar	topol, I am just wondering why they were not displayed publicly in the first place	20:46
morganfainberg	stevemar, doc shuffling?	20:46
stevemar	morganfainberg, no, i don't think so, my gut says it was something to do with the endpoint policy extension work	20:47
*** bknudson has joined #openstack-keystone		20:47
*** ChanServ sets mode: +v bknudson		20:47
morganfainberg	topol, watch out the vampires will be scared of you with all those steaks you're holding	20:47
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notifications for most resources https://review.openstack.org/151137	20:47
morganfainberg	oh.. not that kind of steak?	20:47
morganfainberg	prime cuts?	20:47
morganfainberg	choice?	20:48
morganfainberg	>.>	20:48
stevemar	har-dee-har-har	20:48
*** g2` is now known as [OO]		20:48
morganfainberg	stevemar, ಠ_ಠ	20:48
stevemar	oh damn, henrys stuff is going through!	20:49
stevemar	HENRYS STUFF IS GOING THROUGH!	20:49
*** [OO] is now known as g2`		20:49
morganfainberg	stevemar, SHHH!	20:49
*** spandhe has quit IRC		20:50
*** pnavarro has quit IRC		20:51
*** radez is now known as radez_g0n3		20:51
rodrigods	morganfainberg, stevemar omg where is he?	20:51
rodrigods	we have a party in UK today	20:51
morganfainberg	rodrigods, in the UK >.>	20:51
openstackgerrit	Raildo Mascena de Sousa Filho proposed openstack/keystone-specs: Reseller https://review.openstack.org/139824	20:52
rodrigods	morganfainberg, ^	20:53
rodrigods	:)	20:53
stevemar	https://github.com/openstack/keystone/commit/8612a54f91a6d5e4afe1fe2dc484c3fe063bbe58	20:53
stevemar	interesting	20:53
* morganfainberg needs to find someone with a OnePlus invite		20:53
* morganfainberg is getting tired of ios8 bugs.		20:54
* morganfainberg is REALLY tired of Yosemite sucking as an OS		20:54
raildo	morganfainberg, come to android world :D	20:54
morganfainberg	see my first coment	20:54
rodrigods	is morganfainberg an apple fan?	20:54
morganfainberg	need a oneplus invite	20:54
*** richm has joined #openstack-keystone		20:55
morganfainberg	i am very anti-carrier phone	20:55
stevemar	morganfainberg, i think i can get one for you	20:55
morganfainberg	iphone, oneplus, and nexus 6 are the best options to be anti-carrier	20:55
morganfainberg	especially if you hate.. i mean i wont ever own a phone based on it hate... touchwiz	20:55
morganfainberg	it's an absolutely bloody awful android skin	20:56
*** abhirc has quit IRC		20:56
rodrigods	OnePlus fame hasn't arrived in south america yet	20:56
stevemar	morganfainberg, touchwiz really is awful	20:56
morganfainberg	stevemar, i'd place my order today with an invite for OnePlus	20:56
rodrigods	morganfainberg, stevemar ++	20:56
rodrigods	I once had a nexus 4	20:56
rodrigods	had a tragic death :(	20:56
morganfainberg	and frankly nexus 6 is too pricy for what it is.	20:56
stevemar	morganfainberg, i have a buddy that received his a week ago, i think he has an invite, bugging him now - no reply yet	20:57
morganfainberg	been hoping mordred gets his invites soon	20:57
morganfainberg	but he doens't have invite(s) yet iirc	20:57
*** zz_avozza is now known as avozza		20:57
*** spandhe has joined #openstack-keystone		20:59
*** andreaf has quit IRC		21:02
openstackgerrit	Steve Martinelli proposed openstack/keystone: Publicize region/endpoint/policy/service events https://review.openstack.org/151774	21:04
stevemar	morganfainberg, topol ^	21:05
morganfainberg	stevemar, -4	21:05
morganfainberg	stevemar, i mean >.>	21:05
stevemar	:O	21:05
morganfainberg	stevemar, easy review: https://review.openstack.org/#/c/151381/	21:08
*** abhirc has joined #openstack-keystone		21:08
*** david-lyle has joined #openstack-keystone		21:08
morganfainberg	small code review, but not easy: https://review.openstack.org/#/c/148354/	21:08
*** chuckcarmack has left #openstack-keystone		21:10
morganfainberg	rodrigods, this https://review.openstack.org/#/c/148567/ is going to merge conflict	21:11
morganfainberg	but henry's wont	21:12
morganfainberg	so. -- yeah i know headache	21:12
morganfainberg	so basically not really fixable until henry's assignment patch merges	21:12
*** dimsum__ has quit IRC		21:15
gyee	morganfainberg, true or fase? keystone CLI has been deprecated?	21:21
morganfainberg	gyee, keystoneclient CLI is frozen.	21:21
topol	stevemar, that notifications decorator you are using sure looks really handy!	21:21
morganfainberg	gyee, it is not deprecated because $badexperienceforusersonolddeployments$	21:22
gyee	morganfainberg, thank you sir, I'll convey the message	21:24
morganfainberg	gyee, in short a security fix could go into keystoneclient cli. no new functionality. use OSC for $new hotness$	21:24
morganfainberg	(not to be confused with old busted hotness /MiB reference)	21:24
gyee	heh	21:25
topol	morganfainberg, QQ We have an awesome video in chinese that covers how to contribute to OpenStack. It is Film Studio production quality. Would it be approrpiate for me to advertise it on the OpenStack dev mailing list? http://www.kaikeba.com/courses/274	21:25
topol	gyee ^^^^	21:25
morganfainberg	topol, QQ means something very different for a former game-system-dev :P	21:25
gyee	nice	21:25
morganfainberg	topol, >.>	21:25
morganfainberg	topol, i uh.. dunno	21:25
morganfainberg	topol, i think i'm the wrong person to ask.	21:26
topol	morganfainberg. No worries, I sent it to Stefano	21:26
topol	the graphics are really good!	21:26
morganfainberg	topol, to a former blizz or lol dev QQ would be:	21:27
morganfainberg	QQ is an acronym often used in online communication to signify two crying eyes. It is usually used in the pejorative such as "QQ more nub" meaning "Cry more, newbie." "QQ" has become a popular term, and can also be used to reply to a poster that the person thinks is whining.	21:27
morganfainberg	so i always have to go "wait what" when someone says QQ	21:27
morganfainberg	:P	21:27
stevemar	morganfainberg, i knew what you were talking about :)	21:27
gyee	translation: if you use openstack, you are in bad with a lot of people	21:27
gyee	:)	21:27
topol	morganfainberg, wow I learned something new.	21:27
morganfainberg	stevemar, i figured you did, but i didn't expect topol to know :P he doesn't seem like a StarCraft or WoW type person	21:27
morganfainberg	or LoL	21:28
gyee	actually, he say "you are not along"	21:28
gyee	my bad	21:28
topol	morganfainberg, stevemar my comment on Henry's megapatch: In addition to opensax.com I think we need to start biggestkeystonepatch.com And we can list this patch as the one to beat. /me BRAD DUCKS!!!! :-)	21:29
morganfainberg	topol, so, i think my response to the LDAP Assignment driver is going to be "i'd rather this be out of tree unless we have a documented series of users "not 'i can't tell you but i swear we use it'" and a serious maintainer"	21:29
morganfainberg	topol, mostly for the same reason(s) EC2 API is likely going to end up on stackforge	21:30
topol	morganfainberg +1000	21:30
topol	makes a lot of sense	21:30
morganfainberg	and i'm all for helping them split that driver out to stackforge	21:30
stevemar	topol, now do the dependent patches for the notifications changes :P	21:30
morganfainberg	as in, making it easier to load a driver for assignment backend	21:30
topol	morganfainberg I love it!	21:30
*** radez_g0n3 is now known as radez		21:34
*** nellysmitt has joined #openstack-keystone		21:36
*** david-lyle_ has joined #openstack-keystone		21:37
*** david-lyle has quit IRC		21:37
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add CADF notification handling for policy/region/service/endpoint https://review.openstack.org/151786	21:40
openstackgerrit	Merged openstack/oslo.policy: Add API documentation https://review.openstack.org/150956	21:41
*** nellysmitt has quit IRC		21:41
openstackgerrit	Merged openstack/oslo.policy: Fix project metadata https://review.openstack.org/150957	21:44
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add a test for create_domain in notifications https://review.openstack.org/151791	21:46
*** david-lyle_ has quit IRC		21:51
morganfainberg	topol, there is my response	21:51
morganfainberg	i might have been pretty harse	21:51
morganfainberg	harsh	21:51
morganfainberg	but it really feels as if it was "oh yeah we use that OMG YOU MAINTAIN IT BUT WE DONT WANT TO COMMIT ANYTHING TO IT"	21:52
stevemar	how does one recheck xenserver	21:53
morganfainberg	recheck xen?	21:53
morganfainberg	i dunno	21:53
openstackgerrit	Merged openstack/python-keystoneclient: Add validate token for v3 https://review.openstack.org/142147	21:55
*** jasondotstar has quit IRC		21:56
openstackgerrit	George Peristerakis proposed openstack/python-keystoneclient: Removed deprecated oslo modules. https://review.openstack.org/151794	21:58
*** packet has quit IRC		21:58
morganfainberg	i just realized i change the end of my emails depending on how i feel about the topic	22:01
morganfainberg	"cheers" = normal	22:01
morganfainberg	"regards" = yeah not happy about this	22:01
morganfainberg	"sincerely" = corporate / scary / politically charged email.	22:01
morganfainberg	:P	22:01
topol	morganfainberg. Dont play poker. you clealry have a tell :-)	22:01
openstackgerrit	Merged openstack/keystone: Move projects and domains to their own backend https://review.openstack.org/144824	22:01
morganfainberg	topol, knowing your tell is important	22:02
morganfainberg	cause you can abuse that other people think you don't know it	22:02
morganfainberg	>.>	22:02
topol	so true	22:02
openstackgerrit	Merged openstack/keystone: Remove unused pointer to assignment in identity driver https://review.openstack.org/145022	22:03
openstackgerrit	Merged openstack/keystone: Make controllers and managers reference new resource manager https://review.openstack.org/133525	22:03
morganfainberg	topol, so checked. we even got a response from mirantis that they don't use LDAP Assignment.	22:03
openstackgerrit	Merged openstack/keystone: Make unit tests call the new resource manager https://review.openstack.org/130954	22:03
*** abhirc has quit IRC		22:03
morganfainberg	topol, made that email even more fun to write.	22:03
topol	morganfainberg WTF???	22:03
morganfainberg	or at least someone in mirantis said that on the survey	22:03
morganfainberg	yeah	22:03
topol	thats insane	22:04
morganfainberg	i think my response was very realistic in what it would take for us to keep it in tree	22:04
morganfainberg	i am lookingforward to the patch that removed LDAP assignment	22:07
morganfainberg	that will be a lot less code to maintain	22:07
gyee	morganfainberg, for LDAP, look for an email from me today	22:08
morganfainberg	LDAP assignment?	22:08
gyee	LDAP assignment	22:08
gyee	I just got fart in the face by a customer	22:08
gyee	there are two serious bugs we need to fix	22:08
morganfainberg	security?	22:09
gyee	sorry LDAP identity	22:09
gyee	no, performance	22:09
morganfainberg	ok	22:09
morganfainberg	yep no issue there we should fix ldap identity	22:09
morganfainberg	totally fix it :)	22:09
gyee	k, I am typing up an email	22:09
*** abhirc has joined #openstack-keystone		22:09
*** mattfarina has quit IRC		22:11
*** topol has quit IRC		22:11
*** spandhe has quit IRC		22:11
kfox1111	what kind of support does keystone have for maping users assigned to a group to roles in a tenant?	22:13
*** joesavak has quit IRC		22:13
kfox1111	specifically in juno or kilo?	22:13
morganfainberg	kfox1111, you mean group assignments?	22:13
*** gordc has quit IRC		22:14
morganfainberg	kfox1111, you apply the assignments to the group	22:14
morganfainberg	kfox1111, any users in that group get those assignments [has been the case for a while]	22:14
morganfainberg	predating juno	22:14
kfox1111	how do you do that?	22:15
kfox1111	there is no keystone group-list, etc.	22:15
morganfainberg	instead of assigning the role on a tenant to a user, you do assign it to the group.	22:15
morganfainberg	don't use keystoneclient	22:15
morganfainberg	use openstackclient for anything v3 related	22:16
kfox1111	is it all just api?	22:16
kfox1111	OH. its a v3 thing...	22:16
morganfainberg	keystoneclient doesn't support v3	22:16
*** stevemar has quit IRC		22:16
kfox1111	ah.	22:16
morganfainberg	form a cli	22:16
morganfainberg	as a python lib it does very well w/ v3 support ;)	22:16
kfox1111	cool. I'll see what I can figure out. thanks for the tip.	22:17
*** thedodd has quit IRC		22:17
*** morganfainberg is now known as NotLurkingHere		22:17
kfox1111	does the client drop options? I see no group stuff in there either. maybe my api endpoint is wrong..	22:18
NotLurkingHere	kfox1111, hm let me summon the expert	22:18
kfox1111	yeah. its a v2 url.	22:18
NotLurkingHere	oh darn it stevemar isn't here.	22:18
NotLurkingHere	ah yeah you can't do v3 operations on a v2 url	22:18
kfox1111	I just change v2.0 to v3?	22:19
*** NotLurkingHere is now known as morganfainberg		22:19
kfox1111	openstack --help \| grep group still only shows sever groups and security groups. nothing else.	22:19
kfox1111	is there another term for it?	22:19
morganfainberg	i think there is	22:19
morganfainberg	maybe	22:20
morganfainberg	we might have a gap in OSC here	22:20
kfox1111	hmm.... wait. this particular box is icehouse. let me try on a juno box.	22:20
nkinder	kfox1111, morganfainberg: you can do group based role assignment in OSC	22:21
nkinder	...but you have to connect via v3 for the commands to show up	22:21
morganfainberg	nkinder, thanks.	22:21
morganfainberg	kfox1111, yeah it's there: https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v3/group.py lots of group stuff	22:21
nkinder	kfox1111, morganfainberg: here's an example - https://github.com/nkinder/rdo-vm-factory/blob/master/rdo-federation-setup/vm-post-cloud-init-rdo.sh#L146	22:22
nkinder	that has group creation and role assignment	22:22
kfox1111	ah. perfect thanks. :)	22:24
nkinder	kfox1111: the "--os-identity-api-version 3" is key, though you can set that via environment variable instead	22:24
nkinder	kfox1111: you also need the v3 URL of course	22:24
*** abhirc has quit IRC		22:25
kfox1111	hmm... changing http://172.20.96.65:5000/v2.0 to http://172.20.96.65:5000/v3 doesn't work.	22:25
kfox1111	or --os-identity-api-version 3 with either of those two exports.	22:26
nkinder	kfox1111: what OS_* environment variables do you have set?	22:26
kfox1111	username, tenant name, auth_url, region and pw.	22:27
kfox1111	do I have to specify a domain with v3?	22:27
nkinder	ok, some of that stuff is v2 specific (like tenant_name)	22:27
nkinder	and yes, you need a domain	22:27
kfox1111	k	22:28
nkinder	kfox1111: those commands I linked to assume no OS_* stuff is set	22:28
kfox1111	ok. I'll unset everything then try the commands.	22:28
nkinder	kfox1111: a v3 style keystonerc is here - https://github.com/nkinder/rdo-vm-factory/blob/master/rdo-federation-setup/vm-post-cloud-init-rdo.sh#L215	22:28
nkinder	...but you need a domain scoped token to create groups (and that keystonerc is for project scoped tokens)	22:29
kfox1111	yup. that did the trick.	22:30
kfox1111	so I probably need to update all my openstackrc files to be v3.	22:30
kfox1111	bummer.... unfortunatly the dashboard still generates a v2 one. :/	22:31
*** dimsum__ has joined #openstack-keystone		22:32
*** dimsum__ has quit IRC		22:33
*** dimsum__ has joined #openstack-keystone		22:33
*** jacer_huawei has quit IRC		22:35
*** jacer_huawei has joined #openstack-keystone		22:36
*** jacer_huawei has quit IRC		22:36
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements parents_as_ids query param https://review.openstack.org/148567	22:37
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Implements subtree_as_ids query param https://review.openstack.org/148618	22:37
nkinder	kfox1111: I usually create multiple rc files	22:37
nkinder	kfox1111: at least for admin users, you will sometimes need domain scoped tokens, and sometimes project scoped	22:37
rodrigods	morganfainberg, https://review.openstack.org/#/c/148567/ needed a rebase	22:37
*** jacer_huawei has joined #openstack-keystone		22:38
*** jacer_huawei has quit IRC		22:40
*** jacer_huawei has joined #openstack-keystone		22:41
*** jacer_huawei has quit IRC		22:42
*** jacer_huawei has joined #openstack-keystone		22:44
*** jacer_huawei has quit IRC		22:44
*** jacer_huawei has joined #openstack-keystone		22:45
*** morganfainberg is now known as outforteaorcoffe		22:47
openstackgerrit	Brant Knudson proposed openstack/keystone: Internal notifications for cleanup domain https://review.openstack.org/125521	22:47
*** zzzeek has quit IRC		22:49
*** tellesnobrega_ has joined #openstack-keystone		22:51
openstackgerrit	Nathan Kinder proposed openstack/oslo.policy: Correct docstring references https://review.openstack.org/151813	22:57
*** htruta has quit IRC		23:02
*** samueldmq has quit IRC		23:02
*** raildo has quit IRC		23:02
*** tellesnobrega has quit IRC		23:03
*** harlowja is now known as harlowja_away		23:05
*** jasondotstar has joined #openstack-keystone		23:05
*** jasondotstar has quit IRC		23:05
*** abhirc has joined #openstack-keystone		23:08
*** carlosmarin has quit IRC		23:12
bknudson	nkinder: u around? re https://review.openstack.org/#/c/151813/	23:14
bknudson	I figured out why no docs for some of the classes -- there's no docstring.	23:14
bknudson	adding the docstring makes the links work so I'm fine with https://review.openstack.org/#/c/151813/ as-is.	23:17
*** zzzeek has joined #openstack-keystone		23:17
*** _cjones_ has quit IRC		23:18
*** timcline has quit IRC		23:23
*** timcline has joined #openstack-keystone		23:23
*** _cjones_ has joined #openstack-keystone		23:25
*** harlowja_away is now known as harlowja		23:27
*** timcline has quit IRC		23:28
*** tellesnobrega_ has quit IRC		23:28
nkinder	bknudson: ok, so want me to just wait until this merges and add the docstrings in another commit?	23:29
*** henrynash has joined #openstack-keystone		23:29
*** ChanServ sets mode: +v henrynash		23:29
*** harlowja has quit IRC		23:29
*** harlowja has joined #openstack-keystone		23:29
*** tellesnobrega has joined #openstack-keystone		23:34
*** tellesnobrega has quit IRC		23:34
*** nellysmitt has joined #openstack-keystone		23:37
*** nellysmitt has quit IRC		23:42
nkinder	bknudson: what do you think about simply moving the __call__ docstrings from those classes to be class docstrings instead?	23:42
nkinder	bknudson: I'm not really sure that they are needed on the __call__ methods	23:43
*** timcline has joined #openstack-keystone		23:44
*** timcline_ has joined #openstack-keystone		23:46
*** timcline has quit IRC		23:49
*** timcline_ has quit IRC		23:51
bknudson	nkinder: adding the docstrings doesn't need to wait at all, can be an unrelated commit... there wouldn't be a conflict	23:52
nkinder	yeah, preparing it now (was just building docs)	23:52
bknudson	moving the __call__ docstring makes sense.	23:52
nkinder	that's what I think too	23:52
*** timcline has joined #openstack-keystone		23:54
openstackgerrit	Nathan Kinder proposed openstack/oslo.policy: Add docstrings for check classes https://review.openstack.org/151822	23:56
*** timcline has quit IRC		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!