Thursday, 2015-02-19

jamielennox	haneef_: so all the - need to be _	00:02
jamielennox	- isn't valid in ini files i think	00:02
openstackgerrit	Merged openstack/keystone: Check for invalid filtering on v3/role_assignments https://review.openstack.org/144703	00:02
haneef_	How are the arguments passed to pluggin, we are not passing kwargs	00:03
jamielennox	also the **kwargs that is passed to load_from_conf_options allow you to override or set options from code that are not present in the conf file	00:03
jamielennox	haneef_: we are passing the CONF object and the group to read the arguments from	00:03
haneef_	ok, let me debug that and get back to you	00:05
jamielennox	haneef_: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/auth/base.py#L276 is where the work is happening	00:05
haneef_	I see that. let me verify the settings it one more time	00:06
jamielennox	haneef_: so the problem people (swift) has been having is that they expect to be able to pass all these options to the __init__ function rather than use the global conf object	00:07
gyee	jamielennox, they have to be in the global conf right?	00:07
jamielennox	because they set the options via paste.ini and not [keystone_authtoken] in service.conf	00:07
gyee	paste.ini doesn't work anymore?	00:07
jamielennox	i don't have an answer for that yet	00:07
jamielennox	gyee: not with plugins	00:07
gyee	I remember there was a patch from swift guys	00:08
jamielennox	there was something that tried to address it but it's a fair way off being a general solution	00:08
jamielennox	i think the eventual solution will be to have a series of factory functions for AuthToken depending on where you load from	00:08
jamielennox	and we instantiate AuthProtocol with like a session directly	00:09
jamielennox	i'm just not sure how to get there yet, i had an attempt and it was more difficult than expected	00:10
jamielennox	i think i'll have to extract a good subclass out of AuthProtocol that takes the options we want, and then have the AuthProtocol object be all the hacks that will make it continue to work	00:10
jamielennox	then we can deprecate peoples use of AuthProtocol for the new object	00:11
gyee	paste uses factory to instantiate AuthProtocol	00:11
jamielennox	right, the paste entry point is not AuthProtocol directly, so we can add some stuff in there for example to make that work right	00:12
jamielennox	actually it would be really cool if AuthProtocol just instantiated a ksc.adapter for all this stuff....	00:12
jamielennox	hmm	00:13
gyee	can we use inspect to figure out who's instantiating it?	00:13
gyee	then act accordingly	00:13
jamielennox	i'm not sure - but i don't know if it would buy us anything	00:14
jamielennox	the problems are the people we don't know	00:14
jamielennox	for example sahara and everyone that doesn't use paste constructs and AuthProtocol object directly	00:14
jamielennox	*an	00:14
jamielennox	if they're using the paste factory it's fairly easy	00:14
gyee	I would think those are in the minority	00:15
jamielennox	doesn't mean we can break them though	00:15
jamielennox	swift is in the absolute minority here, not using oslo.config at all	00:16
*** stevemar has quit IRC		00:16
gyee	oh	00:16
gyee	but that's a different issue right?	00:17
gyee	not using oslo.config and instantiating AuthProtocol directly	00:18
jamielennox	gyee: yes and no, if glance and swift were using oslo.config i don't know if anyone would have even noticed the difference	00:18
*** nellysmitt has joined #openstack-keystone		00:19
*** markvoelker has quit IRC		00:19
morganfainberg	jamielennox: glance doesn't use oslo.config?	00:20
gyee	k, in that case, ksc.adapter seem like way to go	00:20
jamielennox	glance does, but they don't use the global CONF	00:21
jamielennox	ahh, glance.. might be marconi i'm thinking of	00:21
jamielennox	... or whatever its new name was	00:21
jamielennox	swear i've given up tracking all the new project names	00:21
morganfainberg	Marconi. Yes.	00:21
gyee	macaroni :)	00:22
*** stevemar has joined #openstack-keystone		00:22
*** ChanServ sets mode: +v stevemar		00:22
jamielennox	it was flaper who reported the issue, so it was one of those 2	00:22
*** nellysmitt has quit IRC		00:24
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Extract test_v3_resource from test_v3_assignment https://review.openstack.org/154080	00:32
*** stevemar has quit IRC		00:32
*** david-lyle is now known as david-lyle_afk		00:41
*** gordc has quit IRC		00:42
*** markvoelker has joined #openstack-keystone		00:52
*** browne has quit IRC		00:53
*** ljfisher has quit IRC		00:53
*** bknudson has quit IRC		00:58
*** spandhe has quit IRC		00:59
*** markvoelker has quit IRC		00:59
openstackgerrit	Merged openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	01:07
openstackgerrit	Merged openstack/keystone: Consistently use oslo_config.cfg.CONF https://review.openstack.org/147367	01:07
*** vishy has quit IRC		01:07
*** vishy has joined #openstack-keystone		01:08
*** samueldmq_ has quit IRC		01:21
openstackgerrit	Raildo Mascena de Sousa Filho proposed openstack/keystone: Not allow create a project with slash in name https://review.openstack.org/157152	01:28
*** markvoelker has joined #openstack-keystone		01:29
*** ajayaa has joined #openstack-keystone		01:29
*** EmilienM is now known as EmilienM\|afk		01:36
*** stevemar has joined #openstack-keystone		01:37
*** ChanServ sets mode: +v stevemar		01:37
*** ajayaa has quit IRC		01:38
*** devlaps has quit IRC		01:55
*** eagleson has joined #openstack-keystone		02:06
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.policy instead of incubated version https://review.openstack.org/148624	02:06
*** krtaylor has joined #openstack-keystone		02:09
*** jaosorior has quit IRC		02:11
*** zzzeek has quit IRC		02:13
*** nellysmitt has joined #openstack-keystone		02:20
*** nellysmitt has quit IRC		02:24
openstackgerrit	Brant Knudson proposed openstack/keystone: Move eventlet server options to a config section https://review.openstack.org/130962	02:25
openstackgerrit	Brant Knudson proposed openstack/keystone: Regenerate sample config file https://review.openstack.org/152563	02:25
*** erkules_ has joined #openstack-keystone		02:27
*** erkules has quit IRC		02:29
*** _cjones_ has quit IRC		02:30
*** spandhe has joined #openstack-keystone		02:41
*** spandhe_ has joined #openstack-keystone		02:43
*** spandhe has quit IRC		02:46
*** spandhe_ is now known as spandhe		02:46
openstackgerrit	Lin Hua Cheng proposed openstack/keystone: Implement validation on the Identity V3 API https://review.openstack.org/132122	02:48
*** dims_ has quit IRC		02:52
*** ljfisher has joined #openstack-keystone		02:54
*** lhcheng has quit IRC		03:00
*** harlowja_ is now known as harlowja_away		03:15
*** marg7175 has quit IRC		03:21
*** eagleson has quit IRC		03:44
jamielennox	gyee: here?	03:51
*** richm has quit IRC		03:51
*** dims__ has joined #openstack-keystone		03:52
*** dims__ has quit IRC		03:57
*** henrynash has joined #openstack-keystone		04:06
*** ChanServ sets mode: +v henrynash		04:06
openstackgerrit	Abhishek Talwar proposed openstack/python-keystoneclient: User-password-update accepts blank as password https://review.openstack.org/147399	04:12
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.policy instead of incubated version https://review.openstack.org/148624	04:14
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove incubated version of oslo policy https://review.openstack.org/157158	04:17
*** tqtran has quit IRC		04:18
*** nellysmitt has joined #openstack-keystone		04:21
*** marg7175 has joined #openstack-keystone		04:22
*** marg7175 has quit IRC		04:22
*** marg7175 has joined #openstack-keystone		04:23
*** lhcheng has joined #openstack-keystone		04:24
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter and sensitivity tests in prepartion for LDAP support https://review.openstack.org/147551	04:25
*** lhcheng_ has joined #openstack-keystone		04:25
*** nellysmitt has quit IRC		04:25
openstackgerrit	Steve Martinelli proposed openstack/keystone: Provide additional detail if OAuth headers are missing https://review.openstack.org/142191	04:27
*** lhcheng has quit IRC		04:28
openstackgerrit	Steve Martinelli proposed openstack/keystone: Check consumer and project id before creating request token https://review.openstack.org/145701	04:30
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	04:30
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter and sensitivity tests in prepartion for LDAP support https://review.openstack.org/147551	04:32
openstackgerrit	henry-nash proposed openstack/keystone: Enable filtering in LDAP backend for listing entities https://review.openstack.org/147612	04:32
*** marg7175 has quit IRC		04:34
openstackgerrit	Steve Martinelli proposed openstack/keystone: Add WebSSO support for federation https://review.openstack.org/136177	04:35
stevemar	ahh night time, always a good time to rebase things	04:36
henrynash	stevemar: :-)	04:37
stevemar	henrynash, or early morning in your case	04:37
stevemar	i plan on reviewing your stuff before i sleep	04:37
henrynash	stevemar: indeed…actually not quite so early since I’m in Latvia (of all places) to present at a conference today	04:37
stevemar	henrynash, hope you are prepped and ready to go!	04:38
henrynash	stevemar: ahh, February on the Baltic…..	04:38
*** lhcheng_ has left #openstack-keystone		04:38
stevemar	henrynash, it's the kind of dream vacation they give away on game shows	04:38
henrynash	stevemar: not sure…didn’t sleep a wink due to noisy cr*ppy hotle room. so my fall aslpeep in PowerPoint	04:38
*** markvoelker has quit IRC		04:42
*** markvoelker has joined #openstack-keystone		04:42
*** markvoelker has quit IRC		04:46
*** henrynash has quit IRC		04:47
gyee	jamielennox, back	04:51
jamielennox	gyee: oh, not that important, can you look at https://review.openstack.org/#/c/122281/22 and the follow up	04:52
jamielennox	they're bknudson's and they've been there a while	04:52
jamielennox	i thought they merged ages ago	04:52
gyee	jamielennox, sure	04:52
jamielennox	could have got stevemar or henry to look	04:52
stevemar	jamielennox, you could have >.>	04:53
jamielennox	stevemar: i thought about it when i mentioned to gyee - then i've been heads down in stuff	04:53
jamielennox	ripping auth_token appart actually	04:54
jamielennox	i thought it would be mean to make him rebase those patches again	04:54
stevemar	jamielennox, i was going to ping you about it when you asked if gyee was around, but same, decided to rebase all my broken patches	04:54
gyee	looks fine, stevemar, mine if I pull the trigger?	04:54
stevemar	gyee, go ahead sir	04:55
stevemar	fire away!	04:55
jamielennox	gyee: do it	04:55
gyee	done	04:56
jamielennox	that one has been there since september, the follow up since june	04:56
gyee	still waiting for a decent python crypto to come along so we don't have to do this stuff	04:56
gyee	jamielennox, means I have to rebase because I have internal middleware which extends keystonemiddleware :(	04:58
jamielennox	gyee: you're going to hate what i've got coming then	04:58
gyee	that's fine	04:58
gyee	I love coding :)	04:58
*** _cjones_ has joined #openstack-keystone		04:59
gyee	stevemar, are you rebasing this one? https://review.openstack.org/#/c/153842/	05:01
gyee	would love to get that one in too	05:01
stevemar	gyee, i am, but it depends on bknudsons stuff	05:02
*** topol has joined #openstack-keystone		05:02
*** ChanServ sets mode: +v topol		05:02
gyee	oh my, here's another dependency chain	05:02
stevemar	gyee, i swear, everyone misses those :)	05:04
gyee	stevemar, can you enlighten me on what's going on with line 22 here? https://review.openstack.org/#/c/156071/2/keystone/contrib/federation/routers.py	05:10
stevemar	gyee, i would love to but... https://review.openstack.org/#/c/156071/1..2/keystone/contrib/example/routers.py	05:12
*** markvoelker has joined #openstack-keystone		05:13
*** spandhe has quit IRC		05:13
*** henrynash has joined #openstack-keystone		05:13
*** ChanServ sets mode: +v henrynash		05:13
stevemar	i think what it comes down to is, we need to at least import the module to kick off the init, thus registering a dependency, and finally we have self.xyz_api available	05:13
*** henrynash has quit IRC		05:13
stevemar	gyee, ^	05:13
gyee	I understand the import part, but I don't understand the self assignment part	05:14
*** _cjones_ has quit IRC		05:15
*** _cjones_ has joined #openstack-keystone		05:15
*** markvoelker has quit IRC		05:17
openstackgerrit	Steve Martinelli proposed openstack/keystone: Create extension provider instances once https://review.openstack.org/156071	05:18
*** henrynash has joined #openstack-keystone		05:18
*** ChanServ sets mode: +v henrynash		05:18
gyee	so the first import initializes the provider, the assign to itself to make them visible?	05:19
gyee	scope magic	05:19
openstackgerrit	Steve Martinelli proposed openstack/keystone: Avoid multiple instances for a provider https://review.openstack.org/124599	05:20
stevemar	gyee, there we go, all rebased	05:22
gyee	stevemar, k, looking	05:22
*** jimbaker has quit IRC		05:22
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	05:22
stevemar	if we can figure this out, we can get it through tonight :O	05:22
*** jimbaker has joined #openstack-keystone		05:23
*** jimbaker has quit IRC		05:23
*** jimbaker has joined #openstack-keystone		05:23
*** gyee has quit IRC		05:36
*** henrynash has quit IRC		05:38
openstackgerrit	Merged openstack/keystonemiddleware: Refactor extract class for signing directory https://review.openstack.org/122281	05:50
openstackgerrit	Merged openstack/keystone: refactor: use _get_project_endpoint_group_url() where applicable https://review.openstack.org/139080	05:50
jamielennox	stevemar: here?	05:51
*** lhcheng has joined #openstack-keystone		05:52
*** zigo has quit IRC		05:54
*** zigo has joined #openstack-keystone		05:55
stevemar	jamielennox, in a metaphysical sort of sense	05:56
jamielennox	stevemar: had assumed you'd actually gone to be	05:56
jamielennox	d	05:56
jamielennox	i thought gyee was going to do both, can you look at https://review.openstack.org/#/c/102403/	05:56
jamielennox	or leave it if you're done	05:56
stevemar	jamielennox, i'll take a look, i assumed he was going to do both as well :)	05:57
*** _cjones_ has quit IRC		06:00
openstackgerrit	Steve Martinelli proposed openstack/pycadf: Additional doc clean up https://review.openstack.org/156463	06:00
openstackgerrit	Steve Martinelli proposed openstack/keystone: Provide additional detail if OAuth headers are missing https://review.openstack.org/142191	06:03
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/157266	06:04
stevemar	jamielennox, thats a nice refactor	06:09
jamielennox	stevemar: they've both been good for ages	06:10
jamielennox	not sure why they've taken so long	06:10
stevemar	jamielennox, reviews are pretty down this release	06:11
*** markvoelker has joined #openstack-keystone		06:13
topol	wow stevemar. you went the extra mile on the pycadf format_json patch	06:18
*** markvoelker has quit IRC		06:18
stevemar	jamielennox, at any rate, if you see me on irc late at night and need a review let me know, i'd be more than happy	06:18
stevemar	topol, it was bugging me	06:18
topol	:-)	06:19
topol	stevemar, we are gonna hit like 0 degree F here day after tomorrow. I cant believe it.	06:20
topol	Im scared my pipes will burst	06:20
stevemar	topol, that is getting chilly	06:20
topol	stevemar, we dont build houses for that temp in the south	06:20
stevemar	topol, it's actually a bit warmer than usual for us tomorrow, we will actually have comparable temperates	06:21
stevemar	temperatures*	06:21
*** nellysmitt has joined #openstack-keystone		06:22
topol	stevemar, hit the beach!	06:22
stevemar	i wish	06:22
stevemar	topol, whats the things to do... run the water to prevent the pipes from freezing? could do that if you're really worried	06:24
topol	stevemar, yep, I'm dripping a faucet or two	06:25
stevemar	i haven't heard of too many cases of residential pipes freezing, happens a lot to pipes running under the streets	06:25
topol	stevemar, yeah they dont insulate the pipes down here. So better safe than sorry	06:26
*** nellysmitt has quit IRC		06:26
*** spandhe has joined #openstack-keystone		06:27
morganfainberg	topol just run your tap (drip) all night	06:37
morganfainberg	it's how we did it when it was super cold in the moutains	06:37
topol	morganfainberg, will do. BTW I just sent you an urgent email	06:37
morganfainberg	looking	06:37
morganfainberg	re that email i'm really trying to force them to involve people	06:38
morganfainberg	there is only so much i can do :(	06:38
morganfainberg	will fwd to some people	06:38
morganfainberg	indicating urgency	06:38
morganfainberg	tmmrrow	06:38
morganfainberg	ok?	06:38
morganfainberg	actually i'll make a point to call hogepodge and bug him	06:39
morganfainberg	this is not something that can linger too much	06:39
*** ljfisher has quit IRC		06:39
hogepodge	morganfainberg: pong!	06:40
morganfainberg	hogepodge, got a sec?	06:40
morganfainberg	let me call	06:40
hogepodge	topol I'm in Austin right now and will push it tomorrow (today)	06:45
topol	hogepodge. THANKS!	06:46
*** atmark has quit IRC		06:50
*** spandhe has quit IRC		06:54
stevemar	morganfainberg, btw i just +Aed this one https://review.openstack.org/#/c/125521/	06:57
stevemar	you had a -1 on it, but it was the domain FK thing	06:57
stevemar	i figured it's safe	06:58
stevemar	morganfainberg, feel free to review it saying you're cool with it, or undo the approval if you feel it's necessary	06:59
morganfainberg	stevemar sure	07:00
stevemar	morganfainberg, thx dude	07:01
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	07:02
morganfainberg	stevemar, its a bit late for me here. if the -1 is addressed feel free to override or i'll look at it first thing tomorrow	07:03
stevemar	morganfainberg, i would feel better if you took a look at it, i'll rescind my -1	07:03
morganfainberg	stevemar, the FK thing is a non issue with the sql-migration you proposed merged	07:03
stevemar	err my +A	07:03
morganfainberg	stevemar, the +A is fine	07:03
morganfainberg	my only concern was the FK	07:04
stevemar	morganfainberg, and that definitely merged, i think you +A'ed it :P	07:04
morganfainberg	yes i did	07:04
stevemar	then we are good	07:05
morganfainberg	so don't worry about overriding my -1	07:05
stevemar	it just looks weird when i +A something and the ptl has a -1 there	07:05
stevemar	:)	07:05
morganfainberg	nope you can reference this IRC meeting	07:05
morganfainberg	s/meeting/convi	07:05
morganfainberg	convo*	07:05
stevemar	good point	07:05
morganfainberg	don't worry about it who is going to complain, me?	07:05
morganfainberg	;)	07:05
*** _cjones_ has joined #openstack-keystone		07:07
*** afazekas has joined #openstack-keystone		07:08
openstackgerrit	Merged openstack/keystonemiddleware: Refactor auth_token revocation list members to new class https://review.openstack.org/102403	07:09
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Move auth_token into its own folder https://review.openstack.org/157276	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Separate exceptions into there own file https://review.openstack.org/157277	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Extract SigningDirectory into file https://review.openstack.org/157278	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Extract revocations to file https://review.openstack.org/157279	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Break default auth plugin into file https://review.openstack.org/157280	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Extract all TokenCache related classes to file https://review.openstack.org/157281	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Extract IdentityServer into file https://review.openstack.org/157282	07:10
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Move UserAuthPlugin into its own file https://review.openstack.org/157283	07:10
jamielennox	:)	07:10
*** markvoelker has joined #openstack-keystone		07:14
*** chlong has quit IRC		07:19
*** markvoelker has quit IRC		07:19
stevemar	jamielennox, what did you just do	07:20
*** jamiec has quit IRC		07:20
jamielennox	made a headache of a rebasing serious that i'm going to have to chase up for months	07:20
jamielennox	*series	07:20
*** spandhe has joined #openstack-keystone		07:21
jamielennox	stevemar: i got really sick of trying to find out where in the >2000 lines of auth_token code something was handled	07:22
stevemar	auth_token is unnecessarily large	07:23
morganfainberg	jamielennox, i'm scared	07:23
morganfainberg	jamielennox, >.>	07:23
jamielennox	morganfainberg: this is why the whole class is private :)	07:23
stevemar	morganfainberg, jamielennox i totally got the first patch of the chain	07:23
jamielennox	stevemar: :)	07:23
stevemar	mv auth_token.py to own folder, done!	07:24
stevemar	jamielennox, ah calling it __init__.py eh	07:25
jamielennox	stevemar: i was going to just combine it with the next one, but i figured it could be it's own in case someone does something really stupid in gate	07:25
*** topol has quit IRC		07:25
stevemar	jamielennox, is moving it to it's own folder going to cause issues when it's released?	07:27
jamielennox	stevemar: it really shouldn't	07:28
jamielennox	having auth_token.py or auth_token/__init__.py should be exactly the same AFAIK	07:28
stevemar	if someone was `from keystonemiddleware import auth_token`, ah it still works cause now it's in __init__	07:28
stevemar	;)	07:28
stevemar	i gotcha	07:28
jamielennox	still, i think that's my first +0/-0 patch	07:28
jamielennox	i wonder if that would get be ATC at summit?	07:29
stevemar	jamielennox, it's still a patch, so maybe	07:29
stevemar	i'd say yes	07:29
stevemar	good thing you have it too, not sure about all that other work you do	07:29
stevemar	not enough to qualify you or anything	07:29
jamielennox	lol	07:29
*** dims__ has joined #openstack-keystone		07:30
stevemar	you are just ripping out everything!	07:31
stevemar	this is lovely	07:31
*** _cjones_ has quit IRC		07:31
jamielennox	stevemar: if it passes gate it should be super simple to review	07:31
stevemar	yep	07:32
stevemar	i'm noticing that	07:32
*** jamiec has joined #openstack-keystone		07:33
*** dims__ has quit IRC		07:35
*** browne has joined #openstack-keystone		07:41
*** jamiec has quit IRC		07:46
openstackgerrit	Merged openstack/keystone: Internal notifications for cleanup domain https://review.openstack.org/125521	07:53
*** spandhe has quit IRC		08:00
*** harlowja_away has quit IRC		08:03
*** markvoelker has joined #openstack-keystone		08:15
*** markvoelker has quit IRC		08:20
*** browne has quit IRC		08:20
openstackgerrit	Merged openstack/keystone: Imported Translations from Transifex https://review.openstack.org/157266	08:21
*** stevemar has quit IRC		08:22
*** nellysmitt has joined #openstack-keystone		08:22
*** atmark1 has joined #openstack-keystone		08:23
*** nellysmitt has quit IRC		08:27
*** nellysmitt has joined #openstack-keystone		08:36
*** jistr has joined #openstack-keystone		08:42
*** zz_avozza is now known as zz_zz_avozza		08:44
*** rushiagr_away is now known as rushiagr		08:52
openstackgerrit	Abhishek Talwar proposed openstack/python-keystoneclient: User-password-update accepts blank as password https://review.openstack.org/147399	08:58
*** jamiec has joined #openstack-keystone		08:58
*** markvoelker has joined #openstack-keystone		09:16
*** markvoelker has quit IRC		09:21
*** pnavarro has joined #openstack-keystone		09:22
*** lhcheng has quit IRC		09:28
*** erkules_ is now known as erkules		09:45
*** zz_zz_avozza is now known as avozza		09:52
openstackgerrit	Marek Denis proposed openstack/keystone: Ehncance user identification in mapping engine https://review.openstack.org/154934	10:02
openstackgerrit	Marek Denis proposed openstack/keystone: Authenticate local users via federated workflow https://review.openstack.org/156308	10:02
openstackgerrit	henry-nash proposed openstack/keystone: Refactor filter and sensitivity tests in prepartion for LDAP support https://review.openstack.org/147551	10:02
*** karimb has joined #openstack-keystone		10:03
openstackgerrit	henry-nash proposed openstack/keystone: Enable filtering in LDAP backend for listing entities https://review.openstack.org/147612	10:05
*** fmarco76 has joined #openstack-keystone		10:05
*** lhcheng has joined #openstack-keystone		10:13
*** markvoelker has joined #openstack-keystone		10:17
*** markvoelker has quit IRC		10:22
*** hogepodge has quit IRC		10:22
*** hogepodge has joined #openstack-keystone		10:24
*** _cjones_ has joined #openstack-keystone		10:31
openstackgerrit	Marek Denis proposed openstack/keystone: Add ``service_providers`` in Service Catalog https://review.openstack.org/152659	10:32
*** _cjones_ has quit IRC		10:36
openstackgerrit	Marco Fargetta proposed openstack/keystone: IdP ID registration and validation https://review.openstack.org/152156	10:48
*** dims__ has joined #openstack-keystone		10:50
openstackgerrit	henry-nash proposed openstack/keystone: Add support for group membership to data driven assignment tests https://review.openstack.org/151962	10:52
openstackgerrit	henry-nash proposed openstack/keystone: Add support for group membership to data driven assignment tests https://review.openstack.org/151962	10:53
*** dims__ has quit IRC		10:54
openstackgerrit	henry-nash proposed openstack/keystone: Broaden domain-group testing of list_role_assignments https://review.openstack.org/154302	10:56
*** aix has quit IRC		11:04
*** aix has joined #openstack-keystone		11:05
*** avozza is now known as zz_avozza		11:07
openstackgerrit	Marcos Fermín Lobo proposed openstack/keystone: Implement group related methods for LDAP backend https://review.openstack.org/157327	11:11
*** zz_avozza is now known as avozza		11:16
openstackgerrit	Marco Fargetta proposed openstack/keystone: IdP ID registration and validation https://review.openstack.org/152156	11:18
*** markvoelker has joined #openstack-keystone		11:18
*** markvoelker has quit IRC		11:23
*** chlong has joined #openstack-keystone		11:41
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests https://review.openstack.org/137021	11:41
*** nicodemos has joined #openstack-keystone		11:44
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignments Filters Performance https://review.openstack.org/137202	11:53
*** rushiagr is now known as rushiagr_away		11:54
*** amakarov_away is now known as amakarov		11:57
*** lhcheng has quit IRC		11:58
openstackgerrit	henry-nash proposed openstack/keystone: Test list_role_assignment in standard inheritance tests https://review.openstack.org/153897	12:03
*** diegows has joined #openstack-keystone		12:08
*** markvoelker has joined #openstack-keystone		12:19
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Extract test_v3_resource from test_v3_assignment https://review.openstack.org/154080	12:22
*** markvoelker has quit IRC		12:24
*** pnavarro is now known as pnavarro\|lunch		12:35
*** htruta has joined #openstack-keystone		12:40
*** avozza is now known as zz_avozza		12:42
*** dims__ has joined #openstack-keystone		12:44
marekd	samueldmq: ^^ change the commit msg and! ;-)	12:55
marekd	s/and//	12:55
*** EmilienM\|afk is now known as EmilienM		12:58
*** lhcheng has joined #openstack-keystone		12:58
samueldmq	marekd, k thanks	13:02
samueldmq	marekd, should that include just 'bp' or 'blueprint' ? I see on gerrit doc that it should be 'blueprint', at least for 'Implements: blueprint BLUEPRINT'	13:02
*** markvoelker has joined #openstack-keystone		13:02
*** lhcheng has quit IRC		13:03
marekd	bp is fine	13:03
marekd	blueprint as well	13:04
samueldmq	marekd, k, regarding restructuration ... well, looks to be a french word	13:06
samueldmq	marekd, but describes well what we want ... and it's not worth it to change the bp name/link, once it has been approved :)	13:06
samueldmq	marekd, but nice catch	13:06
marekd	je suis d'accrord avec mot francais.	13:07
samueldmq	pas mal! :p	13:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Extract test_v3_resource from test_v3_assignment https://review.openstack.org/154080	13:08
samueldmq	marekd, ^	13:08
marekd	samueldmq: thanks :-)	13:09
openstackgerrit	henry-nash proposed openstack/keystone: Add support for data-driven backend assignment testing https://review.openstack.org/149178	13:09
openstackgerrit	Merged openstack/keystone: remove the Conf.signing.token_format option support https://review.openstack.org/144250	13:10
*** zz_avozza is now known as avozza		13:10
openstackgerrit	henry-nash proposed openstack/keystone: Add support for effective & inherited mode in data driven tests https://review.openstack.org/151623	13:12
*** henrynash has joined #openstack-keystone		13:12
*** ChanServ sets mode: +v henrynash		13:12
openstackgerrit	henry-nash proposed openstack/keystone: Add support for group membership to data driven assignment tests https://review.openstack.org/151962	13:15
openstackgerrit	henry-nash proposed openstack/keystone: Broaden domain-group testing of list_role_assignments https://review.openstack.org/154302	13:16
openstackgerrit	henry-nash proposed openstack/keystone: Test list_role_assignment in standard inheritance tests https://review.openstack.org/153897	13:18
amakarov	henrynash, good day to you! Quick question: how our new assignment service will scale?	13:19
henrynash	amakarov: whcih new assignment service?!?	13:20
openstackgerrit	henry-nash proposed openstack/keystone: Test list_role_assignment in standard inheritance tests https://review.openstack.org/153897	13:21
amakarov	henrynash, afaik assignment will be separated from identity, LDAP assignment backend deprecated - how shall we handle multi-cloud installation with AD as identity provider?	13:22
amakarov	henrynash, how shall we scale assignment storage?	13:22
henrynash	amakarov: so assignment is already separated from identity (that happens a few releases ago)	13:23
henrynash	amakarov: so LDAP backend will stay around for at least two releases	13:24
henrynash	amakarov: meanwhile we are discussing with clients best practices for assignment scaleability	13:24
openstackgerrit	henry-nash proposed openstack/keystone: Support project hierarchies in data driver tests https://review.openstack.org/154485	13:25
amakarov	henrynash, oh, I see. I have such discussions with Mirantis deployment teams too and just hoped there is a solution in the community.	13:27
openstackgerrit	henry-nash proposed openstack/keystone: Remove manager-driver assignment metadata construct https://review.openstack.org/148995	13:27
amakarov	henrynash, is there any blueprint/spec about it?	13:28
*** aix has quit IRC		13:29
henrynash	amakarov: not for the user of SQL for scaleable assignments, no….want to start one?	13:31
amakarov	henrynash, I think I'll have to	13:32
amakarov	anyway	13:32
*** nicodemos has quit IRC		13:34
*** jistr_ has joined #openstack-keystone		13:37
*** gordc has joined #openstack-keystone		13:37
henrynash	amakaraov: be happy to work with you on it	13:37
samueldmq	lbragstad, replied your comments on list role assignments tests, thanks	13:37
henrynash	amakarov: (sorry, at a conference, so slow to respond)	13:38
amakarov	henrynash, that's inspiring :)	13:38
*** jistr has quit IRC		13:39
*** markvoelker_ has joined #openstack-keystone		13:42
*** markvoelker has quit IRC		13:42
samueldmq	henrynash, replied your comments on list assignments ... thanks !	13:43
samueldmq	henrynash, will revisit data-driven tests still today	13:43
henrynash	samueldmq: thx	13:43
henrynash	samueldmq: I fixed up those comments in the data driven stuff	13:44
*** pnavarro\|lunch is now known as pnavarro		13:45
lbragstad	samueldmq: cool, I'll give them a look	13:46
*** hogepodge has quit IRC		13:47
*** jistr_ is now known as jistr		13:48
*** hogepodge has joined #openstack-keystone		13:49
samueldmq	henrynash, yes I saw you sent new patch sets :) I will revisit them today for sure	13:50
samueldmq	henrynash, thanks for +2 +1 on those ! :D	13:57
henrynash	samueldmq: :-)	13:58
*** aix has joined #openstack-keystone		14:01
*** henrynash has quit IRC		14:07
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Not allow create a project with slash in name https://review.openstack.org/157152	14:10
*** richm has joined #openstack-keystone		14:10
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Not allow create a project with slash in name https://review.openstack.org/157152	14:11
*** henrynash has joined #openstack-keystone		14:17
*** ChanServ sets mode: +v henrynash		14:17
henrynash	nathan: thanks or the review of the LDAP filtering - have fixed them both up with your comments	14:20
openstackgerrit	Marcos Fermín Lobo proposed openstack/keystone: Implement group related methods for LDAP backend https://review.openstack.org/157327	14:24
*** browne has joined #openstack-keystone		14:27
henrynash	nkinder: thanks or the review of the LDAP filtering - have fixed them both up with your comments	14:27
*** karimb has quit IRC		14:32
*** EmilienM is now known as EmilienM\|afk		14:32
openstackgerrit	Marco Fargetta proposed openstack/keystone: IdP ID registration and validation https://review.openstack.org/152156	14:34
*** henrynash has quit IRC		14:35
*** hogepodge has quit IRC		14:36
*** markvoelker_ has quit IRC		14:38
*** hogepodge has joined #openstack-keystone		14:39
*** markvoelker has joined #openstack-keystone		14:39
openstackgerrit	Henrique Truta proposed openstack/python-keystoneclient: Creating parameter to list inherited role assignments https://review.openstack.org/117300	14:44
*** krykowski has joined #openstack-keystone		14:54
*** browne has quit IRC		14:56
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/156739	15:05
*** henrynash has joined #openstack-keystone		15:14
*** ChanServ sets mode: +v henrynash		15:14
*** topol has joined #openstack-keystone		15:16
*** ChanServ sets mode: +v topol		15:16
*** dims__ has quit IRC		15:17
*** dims__ has joined #openstack-keystone		15:18
lbragstad	dstanek: quick mock unit testing question for you. I've been grepping all over but wondering if you know of a place where we mock out calls to an API that is pulled in via dependency.requires, like dependency.requires('trust_api')?	15:18
dstanek	lbragstad: you mean to provide a fake API to use?	15:19
lbragstad	right, I have a part in the token provider that calls to the trust api.	15:19
lbragstad	self.trust_api.get_trust(), and when I run the unit tests, it's saying that 'TrustTokenFormatter' object has no attribute 'trust_api'. Which makes sense. But I can't seem to mock it out using mock.patch.object or mock.patch	15:20
dstanek	lbragstad: i don't know off hand, but you should just be able to replace the trust_api with your own and restore the original when you are done	15:20
lbragstad	ok, I figured I could but wasn't sure if there was something obvious I was missing	15:21
dstanek	no, that should be it	15:21
dstanek	did a real quick grep and didn't find an example either	15:22
lbragstad	I saw on example (kind of) in keystone/tests/unit/identity/test_core.py	15:22
lbragstad	but not sure if that's what I'm looking for	15:22
lbragstad	let me see if I can clean up a diff	15:22
*** timcline has joined #openstack-keystone		15:24
*** avozza is now known as zz_avozza		15:36
*** EmilienM\|afk is now known as EmilienM		15:41
*** MasterPiece has joined #openstack-keystone		15:41
*** abhirc has joined #openstack-keystone		15:44
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Do not allow create a project with slash in name https://review.openstack.org/157152	15:44
*** ljfisher has joined #openstack-keystone		15:52
amakarov	dstanek, godd day! Addressed you comment here https://review.openstack.org/#/c/153307/ Would you please review it again?	15:55
amakarov	s/godd/good/	15:56
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	15:57
*** nellysmitt has quit IRC		15:58
*** spandhe has joined #openstack-keystone		15:59
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	16:01
*** diegows has quit IRC		16:01
rodrigods	henrynash, first patches from reseller on their way ^ :)	16:02
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	16:03
*** david-lyle_afk is now known as david-lyle		16:04
*** afazekas has quit IRC		16:05
*** joesavak has joined #openstack-keystone		16:07
*** topol has quit IRC		16:11
*** nellysmitt has joined #openstack-keystone		16:11
*** ljfisher has quit IRC		16:11
*** zzzeek has joined #openstack-keystone		16:13
*** stevemar has joined #openstack-keystone		16:14
*** ChanServ sets mode: +v stevemar		16:14
*** joesavak has quit IRC		16:14
*** jsavak has joined #openstack-keystone		16:19
lbragstad	dstanek: said paste from earlier http://pasteraw.com/8orhhmtaezwenul75qy61wu5mo94ers	16:20
lbragstad	^ that is what I'm attempting to test	16:20
lbragstad	and this is the test class http://pasteraw.com/ngcwpdzwrwosggbkzn0luamgimgddmh	16:20
lbragstad	where i played around with different mock types	16:20
*** zz_avozza is now known as avozza		16:23
*** krtaylor has quit IRC		16:25
*** henrynash has quit IRC		16:26
*** jsavak has quit IRC		16:29
*** esp has joined #openstack-keystone		16:32
*** nellysmitt has quit IRC		16:33
*** nellysmitt has joined #openstack-keystone		16:35
*** openstackgerrit has quit IRC		16:36
*** openstackgerrit has joined #openstack-keystone		16:36
*** pnavarro has quit IRC		16:39
samueldmq	marekd, ping - could you take a look at this one ? https://review.openstack.org/#/c/146264/	16:41
samueldmq	marekd, I think there is nothing blocking this to workflow+1	16:42
samueldmq	marekd, and can be your first workflow+1 if you didnt so far :D	16:42
samueldmq	marekd, nah, you already have 5	16:43
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Do not allow create a project with slash in name https://review.openstack.org/157152	16:45
*** nellysmitt has quit IRC		16:45
openstackgerrit	Henrique Truta proposed openstack/python-keystoneclient: Inherited role domain calls on keystoneclient v3 https://review.openstack.org/116081	16:46
*** spandhe has quit IRC		16:46
*** krtaylor has joined #openstack-keystone		16:47
*** topol has joined #openstack-keystone		16:49
*** ChanServ sets mode: +v topol		16:49
*** ljfisher has joined #openstack-keystone		16:49
*** krykowski has quit IRC		16:51
stevemar	samueldmq, it's been a week, marekd is a pro now :P +A'ing and -2'ing	16:57
*** henrynash has joined #openstack-keystone		17:11
*** ChanServ sets mode: +v henrynash		17:11
*** _cjones_ has joined #openstack-keystone		17:13
*** afazekas has joined #openstack-keystone		17:13
henrynash	ayoung: hopefully easy one to approve if you are up for it: https://review.openstack.org/#/c/147551/	17:15
*** lhcheng has joined #openstack-keystone		17:18
*** nellysmitt has joined #openstack-keystone		17:21
*** browne has joined #openstack-keystone		17:21
*** lhcheng has quit IRC		17:22
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	17:23
*** lhcheng has joined #openstack-keystone		17:24
morganfainberg	dolphm, talking with some folks here about socializing your gist thing and/or wrapping the capabilities into things like gertty	17:26
*** bknudson has joined #openstack-keystone		17:26
*** ChanServ sets mode: +v bknudson		17:26
*** jistr has quit IRC		17:28
*** fmarco76 has left #openstack-keystone		17:29
dstanek	i feel like i'm falling down the rabbit hole...	17:29
samueldmq	stevemar, haha yep :D he's a pro	17:29
samueldmq	stevemar, could you take a look at that one if you ahve time ? https://review.openstack.org/#/c/146264/	17:31
samueldmq	stevemar, already has 2 +2 :-)	17:31
*** lhcheng_ has joined #openstack-keystone		17:33
*** arunkant has quit IRC		17:34
*** lhcheng has quit IRC		17:35
openstackgerrit	Lance Bragstad proposed openstack/keystone: Keystone Lightweight Tokens (KLWT) https://review.openstack.org/145317	17:36
*** arunkant has joined #openstack-keystone		17:41
*** spandhe has joined #openstack-keystone		17:42
dolphm	morganfainberg: i'd like to do that	17:43
dolphm	morganfainberg: do it for every project, show number of stars per review, etc	17:44
morganfainberg	dolphm, yeah. i figured you would :) reviewday, gerrt, etc	17:44
morganfainberg	gertty	17:44
morganfainberg	*	17:44
*** timcline has quit IRC		17:44
*** timcline has joined #openstack-keystone		17:45
*** tqtran has joined #openstack-keystone		17:48
stevemar	samueldmq, done	17:49
dolphm	morganfainberg: i was thinking about building a free-standing non-interactive website and exposing all the data in an api	17:49
*** timcline has quit IRC		17:50
morganfainberg	dolphm, sure.	17:50
samueldmq	stevemar, thanks :)	17:56
*** timcline has joined #openstack-keystone		18:07
*** aix has quit IRC		18:07
*** avozza is now known as zz_avozza		18:09
*** henrynash has quit IRC		18:09
*** harlowja has joined #openstack-keystone		18:10
*** lhcheng_ is now known as lhcheng		18:19
amakarov	morganfainberg, dolphm hi! We have a bug with undecided importance: https://bugs.launchpad.net/keystone/+bug/1420788 can you please look at it?	18:23
openstack	Launchpad bug 1420788 in Keystone "Logging blocks on race condition under eventlet" [Undecided,In progress] - Assigned to Alexander Makarov (amakarov)	18:23
amakarov	high availability suffers	18:23
dolphm	amakarov: does that affect master?	18:24
amakarov	dolphm, yes	18:24
dolphm	amakarov: oh, i've reviewed the patch	18:24
amakarov	there are fixes for master and juno both	18:24
dolphm	amakarov: there's no patch for master in the bug?	18:25
amakarov	couldn't cherry-pick due to heavy refactoring in the master branch	18:25
dolphm	amakarov: also, does it affect icehouse?	18:25
dolphm	amakarov: if it's high/critical, we'll want to fix it there still	18:25
amakarov	I have a fix	18:26
amakarov	https://review.openstack.org/#/c/154915/	18:26
dolphm	amakarov: why is the stable/juno fix Partial-Bug?	18:26
amakarov	dolphm, I asked Boris Bobrov (breton) to repeat the fix for juno - we need to ask him :)	18:27
dolphm	amakarov: how do you reproduce it?	18:29
*** andreaf_ has joined #openstack-keystone		18:29
*** htruta has quit IRC		18:29
amakarov	the bug hangs our scale-testing 100 nodes env 100% guarantee	18:30
dolphm	amakarov: how do other people reproduce the issue?	18:30
*** henrynash has joined #openstack-keystone		18:30
*** ChanServ sets mode: +v henrynash		18:30
dstanek	amakarov: oh, i didn't see that you added more detail to that	18:31
amakarov	dolphm, run keystone in 1 thread with eventlet enabled and spam it with auth/other token requests	18:32
dstanek	amakarov: this isn't a # of nodes problem right? it's a large number or greenlets	18:32
*** diegows has joined #openstack-keystone		18:33
dolphm	amakarov: i don't even bother to run eventlet in my load tests, i guess i'll have to try that	18:33
amakarov	dstanek, it's a wrong monkey-patching and >1 greenlets :)	18:33
*** htruta has joined #openstack-keystone		18:34
dolphm	amakarov: if i can reproduce it easily, i'd consider it to be critical	18:34
* morganfainberg looks at the bug		18:34
amakarov	dolphm, dstanek: I can paste a 4-string script there showing that logging system uses vanilla locks in eventlets	18:35
dolphm	amakarov: that'd be great (include it in the bug)	18:35
raildo	vim	18:35
morganfainberg	can we just remove eventlet >.>	18:35
morganfainberg	instead :P	18:35
dolphm	raildo: vi	18:35
dolphm	morganfainberg: +A	18:35
raildo	dolphm, ops... wrong window =P	18:36
morganfainberg	emacs? >.>	18:36
dstanek	amakarov: ++; i'm not sure that we can test for this, which is unfortunate	18:36
morganfainberg	dstanek, no it's not something we can directly test for. but it's an ordering thing we should never monkeypatch after initialing anything we can avoid	18:37
morganfainberg	e.g. initializing config is about all we can do prior to patching	18:37
dolphm	dstanek: we perform great under apache :P	18:38
morganfainberg	my guess is other projects suffer from this too	18:38
dolphm	morganfainberg: that's probably true	18:38
morganfainberg	but in short - lets kill eventlet with fire	18:38
* morganfainberg wonders who would scream if we deprecated eventlet deployment this cycle		18:38
morganfainberg	for keystone that is.	18:38
amakarov	morganfainberg, ++. I saw a recommendations on using monkeypatching somewhere in oslo wiki - they say "do it ASAP"	18:39
morganfainberg	amakarov, we usually do a pretty good job on it	18:39
*** EmilienM is now known as EmilienM\|afk		18:40
morganfainberg	so, the fix is just don't log in the eventlet environment	18:40
morganfainberg	if we don't log there, keystone-all should be doing the right thing	18:40
morganfainberg	and it's a log.debug	18:40
dstanek	amakarov: so why isn't the fix to move monkey patching into keystone-all?	18:41
morganfainberg	it's configure_once decorator	18:41
morganfainberg	dstanek, the fix is don't log here: https://github.com/openstack/keystone/blob/master/keystone/common/environment/__init__.py afaict	18:41
morganfainberg	it really is a log.debug only	18:42
dstanek	morganfainberg: if we leave the monkey patching where it is we may end up having this conversation again as import are moved around	18:43
morganfainberg	dstanek, i think we move it to https://github.com/openstack/keystone/blob/master/keystone/server/eventlet.py	18:43
morganfainberg	dstanek, i want to make the stuff in /bin/ become built like nova's console scripts	18:43
dstanek	i think we are firmly is the doing it wrong realm now - all monkey patching example usually do the patching in the first few lines so that this can't happen	18:44
morganfainberg	dstanek, i actually am thinking we should just deprecate eventlet	18:44
morganfainberg	and seriously say "don't run this we've left it here so we don't just break you"	18:44
dstanek	even if we do that we still need to fix this issue and prevent it from coming back	18:45
morganfainberg	dstanek, so i am agreeing with you, if we keep this, we move it to the top of what the console scripts use. i don't want it in the actual console script we have because we should make that go away	18:45
morganfainberg	dstanek, and the only reason i dont want it in bin/keystone-all itself is because i want that to go away.	18:46
dstanek	getting rid of eventlet will be nice because if would actually allow us to play with asyncio	18:46
morganfainberg	dstanek, the console scripts should just be entry points in setup.cfg like nova has, so we don't need to look outside the code tree if we need to muck with things	18:47
dstanek	morganfainberg: i just don't want to have an import happen before keystone.server.eventlet and then do this all over again	18:47
morganfainberg	we're close to it because bknudson kicked ass and did a lot of the work.	18:47
morganfainberg	dstanek, the requirement is we don't put things in keystone.__init__	18:48
bknudson	here's an early stab at it: https://review.openstack.org/#/c/131435/	18:48
morganfainberg	bknudson, ++	18:48
dstanek	and you have to be careful if you are adding any imports for keystone-bin	18:48
bknudson	that was pre-moving code out of keystone-all	18:48
bknudson	so needs to be reimplemented with that change... should be easier.	18:49
morganfainberg	bknudson, yeah	18:49
morganfainberg	dstanek, so we put a massive comment in saying "DO NOT PUT ANY IMPORTS OVER THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING"	18:49
morganfainberg	dstanek, and we special case handling the patching :)	18:49
morganfainberg	i'll bug monty and some folks here and see how much screaming will happen if we deprecate eventlet	18:50
morganfainberg	in kilo for keystone	18:50
morganfainberg	i think most people will be ok with it	18:51
dstanek	amakarov: does the juno patch fix the issue? i would have expected that one of the imported modules import logging and creates the lock	18:53
amakarov	dstanek, yes	18:53
morganfainberg	dstanek, amakarov, this is an issue with logging.getLogger() right?	18:54
morganfainberg	prior to monkeypatching	18:54
amakarov	dstanek, we actually debugged juno	18:54
morganfainberg	vs https://github.com/openstack/nova/blob/master/nova/cmd/api.py#L42-L43	18:54
amakarov	morganfainberg, ++	18:54
dstanek	morganfainberg: not sure what the issue is yet :-)	18:54
dstanek	import logging uses an Rlock which should be wrong if the monkeys haven't patched yet	18:55
morganfainberg	dstanek, right	18:55
morganfainberg	dstanek, thats what i was thinking	18:55
dstanek	morganfainberg: that's why i thought that the juno issue wouldn't have been completely solved, but who knows	18:56
morganfainberg	yeah	18:56
amakarov	dstanek, it worked for me	18:57
dstanek	amakarov: it looks like the things that lock locks are unlikely to happen concurrently unlike logging	18:58
*** dims_ has joined #openstack-keystone		18:59
*** dims__ has quit IRC		19:02
amakarov	dstanek, it happens only when logging handler enters it's critical section twice	19:02
morganfainberg	dstanek, i'm going to post a deprecate eventlet this cycle - lets see how much whining happens when we do it	19:02
morganfainberg	cc dolphm, bknudson, henrynash, jamielennox, ayoung, topol, stevemar, marekd	19:03
morganfainberg	^	19:03
amakarov	morganfainberg, I'll be the first one to whine ))	19:03
morganfainberg	amakarov, why are you deploying in eventlet?	19:03
morganfainberg	it excludes you from using a lot of the identity stuff we're driving towards	19:04
morganfainberg	and has a lot of performance issues.	19:04
amakarov	morganfainberg, I think it's some sort of tradition :) I have no other explanation	19:04
morganfainberg	it also excludes us from using asyncio explicitly.	19:04
bknudson	I'm pretty sure our product deploys to eventlet by default, but we should be able to switch.	19:04
morganfainberg	bknudson, deprecation in kilo, dropped support in M is my thought	19:04
morganfainberg	i'd love to drop it in L, but...	19:05
morganfainberg	that would probably make people cry	19:05
bknudson	we've got other groups that deploy using httpd so shouldn't be a big deal for us.	19:05
morganfainberg	bknudson, ++ ok i'll post the review, send message to ML linking to the review	19:05
openstackgerrit	Merged openstack/keystone: Removes unnecessary checks when cleaning a domain https://review.openstack.org/146264	19:05
bknudson	the only real complaint is if someone could never deploy using httpd for some reason.	19:05
morganfainberg	i'll slate that we should merge it post K3 if there isn't too much whining	19:05
bknudson	or some other better container.	19:06
morganfainberg	bknudson, i can't think of a real reason that would be impossible. i'd also like to support uwsgi and unicorns long term as well, but that would be a container validation in say functional testing	19:06
morganfainberg	scenarios	19:06
bknudson	y, use one of those if you don't like apache. we don't need to maintain a crappy container.	19:07
morganfainberg	++	19:08
amakarov	morganfainberg, to be serious, I'd like to remove eventlet - it would be easier to push initiative with keystone behind Apache here	19:09
morganfainberg	++	19:09
morganfainberg	amakarov, ack, thanks for the confirmation :)	19:09
*** r-daneel has joined #openstack-keystone		19:10
topol	morganfainberg, if you deprecate eventlet what will be the default on how Keystone will be setup to run?	19:12
morganfainberg	topol, mod_wsgi	19:12
morganfainberg	the current default in devstack	19:12
morganfainberg	and in gate	19:12
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Do not allow create a project with slash in name https://review.openstack.org/157152	19:12
marekd	morganfainberg: so, apache only or no eventloop in Keystone?	19:12
morganfainberg	we have a one-off job that tests eventlet does things	19:12
marekd	s/or/and/	19:12
morganfainberg	marekd, no eventlet in keystone.	19:13
stevemar	marekd, topol we'll have eventlet around for 2 releases	19:13
morganfainberg	marekd, apache or other mod_wsgi container	19:13
morganfainberg	but eventlet wont go away until M cycle	19:13
marekd	morganfainberg: understand.	19:13
stevemar	i would hope people are off of eventlet by then	19:13
topol	morganfainberg so in the future you want it setup so that keystone looks like it should when in production. That is running as part of apache	19:14
morganfainberg	yep or another wsgi container (uwsgi, unicorn, etc)	19:14
morganfainberg	and it means we aren't supporting a container that cant do federated identity	19:15
morganfainberg	etc	19:15
morganfainberg	other containers are wrapped with webservers that can do it.	19:15
topol	morganfainberg, because when running with eventlet it is nice but naive, correct	19:15
*** henrynash has quit IRC		19:15
topol	morganfainberg. SOLD. You have me on board :-)	19:15
morganfainberg	:)	19:15
marekd	morganfainberg: have you considered bringing threads in Keystone code? ;-)	19:15
morganfainberg	marekd, not opposed to using native threads, or asyncio	19:16
morganfainberg	but i don't want any of that code in places that could screw up eventlet	19:16
morganfainberg	if it's a supported deploymode	19:16
* topol I remember years ago being the keystone newbie and then learning the eventlet model was this big scam		19:16
topol	:-)	19:16
marekd	Python is somehow screwed with native threads. Asyncio isn't another eventlet?	19:17
morganfainberg	it is eventlet, but with explicit callbacks / programming	19:17
morganfainberg	not "oh it magically just works"	19:17
*** henrynash has joined #openstack-keystone		19:17
*** ChanServ sets mode: +v henrynash		19:17
marekd	and wsgi container + asyncio would work?	19:17
morganfainberg	potentially	19:18
marekd	i guess it would, as long as coroutines would.	19:18
morganfainberg	but... mod_Wsgi solves the same issue as coroutines mostly do	19:18
*** r-daneel has quit IRC		19:19
marekd	uhm.	19:19
morganfainberg	for keystone workloads	19:20
openstackgerrit	Morgan Fainberg proposed openstack/keystone: Deprecate Eventlet Deployment in favor of wsgi containers https://review.openstack.org/157495	19:20
*** dims_ has quit IRC		19:26
*** nellysmitt has quit IRC		19:26
amakarov	marekd, iirc gunicorn has gevent support out of the box	19:27
*** ljfisher has quit IRC		19:28
dstanek	gevent is essentially eventlet (same model)	19:28
marekd	amakarov: libev is the same family? In general i like event loop programming.	19:29
marekd	as long as impl is not screwed.	19:29
amakarov	marekd, ++	19:29
dstanek	marekd: i'm the opposite - so far i've not have love for it because it's usually harder to test	19:30
*** abhirc has quit IRC		19:31
marekd	thank threads?!	19:32
marekd	than	19:32
morganfainberg	dstanek, i'd be ok with keeping a "Dev-only" worker to support debugging but clearly limit it/mark it as development debug only if needed	19:33
morganfainberg	dstanek, email sent to ML and review posted	19:33
*** ljfisher has joined #openstack-keystone		19:34
stevemar	morganfainberg, sounds like time for a survey	19:34
morganfainberg	stevemar, nope. no survey this time ;)	19:34
morganfainberg	>.>	19:34
morganfainberg	trying the "go comment on review and/or via the ML"	19:34
morganfainberg	the surveys have been tragically low response rates	19:34
openstackgerrit	Rodrigo Duarte proposed openstack/keystone-specs: Recursive deletion and project disabling https://review.openstack.org/148730	19:36
*** krtaylor has quit IRC		19:38
bknudson	has anyone tried keystone in uwsgi?	19:43
morganfainberg	bknudson, i have not yet	19:43
morganfainberg	bknudson it has been on my todo list for a while	19:43
morganfainberg	it should work afaict	19:43
morganfainberg	maybe minor changes to get there	19:44
bknudson	should be like "uwsgi --http :9090 --wsgi-file keystone.py"	19:44
morganfainberg	yeah	19:44
*** nkinder is now known as nkinder_away		19:46
amakarov	dolphm, please see example script in last comment https://bugs.launchpad.net/keystone/+bug/1420788	19:46
openstack	Launchpad bug 1420788 in Keystone juno "Logging blocks on race condition under eventlet" [Undecided,In progress] - Assigned to Alexander Makarov (amakarov)	19:46
amakarov	morganfainberg, so what shall we do with a drunken sailor?.. with the bug :)	19:48
*** nellysmitt has joined #openstack-keystone		19:54
morganfainberg	amakarov, uhmmmm. :P	19:55
amakarov	morganfainberg, :b	19:56
morganfainberg	in juno it should be easy to just move the patch up some.	19:56
morganfainberg	same in icehouse	19:56
morganfainberg	in kilo, uhhhh	19:56
amakarov	morganfainberg, I hope we won't just leave it like that with deployers cursing keystone team? :)	19:58
morganfainberg	amakarov, ehhhhhhhh >.>	19:59
dolphm	bknudson: i believe dstanek has	20:01
*** dims__ has joined #openstack-keystone		20:01
dstanek	dolphm, bknudson: i have some sample code for that here somewhere - i also rewrote at gevent so that i could properly test gunicorn	20:02
dolphm	dstanek: "rewrote at gevent" ?	20:03
dstanek	gunicorn was all kinds of fail for keystone	20:03
dolphm	dstanek: how long ago?	20:03
dstanek	s/as/at/	20:03
dstanek	maybe a year ago	20:03
dstanek	i think is was around the time of the Atlanta summit because were were talking asyncio there	20:05
*** dims__ has quit IRC		20:05
openstackgerrit	David Stanek proposed openstack/keystone: Support for running functional federation tests https://review.openstack.org/139137	20:06
openstackgerrit	David Stanek proposed openstack/keystone: enables bashate checking on upcoming dsvm code https://review.openstack.org/151309	20:06
openstackgerrit	David Stanek proposed openstack/keystone: adds a devstack plugin for running a pysaml2 IdP https://review.openstack.org/151310	20:06
openstackgerrit	David Stanek proposed openstack/keystone: adds a devstack plugin for setting up federation https://review.openstack.org/151311	20:06
openstackgerrit	David Stanek proposed openstack/keystone: adds a tox target for functional tests https://review.openstack.org/150528	20:06
*** amakarov is now known as amakarov_away		20:06
openstackgerrit	Steve Martinelli proposed openstack/keystone: Avoid multiple instances for a provider https://review.openstack.org/124599	20:12
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	20:13
bknudson	dstanek: I tried tox -e functional and it didn't work...	20:13
bknudson	netifaces.c:1:20: fatal error: Python.h: No such file or directory	20:13
*** g2` has quit IRC		20:13
dstanek	bknudson: hmmm..did you get any errors when it built the venv for you?	20:14
bknudson	dstanek: that is building the venv	20:14
dstanek	bknudson: ah you probably don't have the python3.4 dev package installed	20:14
bknudson	I think it's python3.4-dev	20:14
dstanek	oops in all this rebasing i seem to have lost my dummy test	20:15
*** krtaylor has joined #openstack-keystone		20:16
bknudson	ImportError: Start directory is not importable: './keystone/tests/functional'	20:17
*** diegows has quit IRC		20:19
dstanek	bknudson: yes, i somehow lost my sample test during rebasing - getting another one together now	20:20
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	20:21
*** zzzeek has quit IRC		20:23
*** abhirc has joined #openstack-keystone		20:25
dstanek	bknudson: ah, nope i took if out of the chain since i wasn't happy with it yet - i'll add an empty directory structure to the tox commit	20:26
bknudson	dstanek: either way works for me.	20:26
openstackgerrit	David Stanek proposed openstack/keystone: Support for running functional federation tests https://review.openstack.org/139137	20:28
openstackgerrit	David Stanek proposed openstack/keystone: enables bashate checking on upcoming dsvm code https://review.openstack.org/151309	20:28
openstackgerrit	David Stanek proposed openstack/keystone: adds a devstack plugin for running a pysaml2 IdP https://review.openstack.org/151310	20:28
openstackgerrit	David Stanek proposed openstack/keystone: adds a devstack plugin for setting up federation https://review.openstack.org/151311	20:28
openstackgerrit	David Stanek proposed openstack/keystone: adds a tox target for functional tests https://review.openstack.org/150528	20:28
*** g2` has joined #openstack-keystone		20:28
raildo	In the reseller implementation, I need to change this UniqueConstraint https://github.com/openstack/keystone/blob/master/keystone/common/sql/migrate_repo/versions/034_havana.py#L224 to reference to the parent_id and name. Someone know how can I remove a UniqueConstraint(and add a new) in a migrate script?	20:30
raildo	I'm trying to use the migration_helpers but its not help me a lot =P	20:31
mfisch	morganfainberg: puppet still defaults to eventlet, so I opened a bug: https://bugs.launchpad.net/puppet-keystone/+bug/1423685	20:35
openstack	Launchpad bug 1423685 in puppet-keystone "default service should be run under apache, eventlets will deprecated in M " [Undecided,New]	20:35
mfisch	morganfainberg: and ignore my stupid question..	20:39
openstackgerrit	Tom Cameron proposed openstack/keystone: Add docstrings to remaining functions https://review.openstack.org/147313	20:39
openstackgerrit	Tom Cameron proposed openstack/keystone: Add docstrings to remaining functions https://review.openstack.org/147313	20:41
*** atiwari has quit IRC		20:48
*** arosen has quit IRC		20:50
openstackgerrit	Tom Cameron proposed openstack/keystone: Add docstrings to remaining functions https://review.openstack.org/147313	20:51
*** gyee has joined #openstack-keystone		20:53
*** ChanServ sets mode: +v gyee		20:53
*** jamiec has quit IRC		20:56
*** henrynash has quit IRC		20:59
*** henrynash has joined #openstack-keystone		20:59
*** ChanServ sets mode: +v henrynash		20:59
*** nellysmitt has quit IRC		21:01
*** jamiec has joined #openstack-keystone		21:02
*** spandhe has quit IRC		21:10
*** abhirc has quit IRC		21:13
*** csoukup has joined #openstack-keystone		21:15
*** abhirc has joined #openstack-keystone		21:17
*** spandhe has joined #openstack-keystone		21:17
openstackgerrit	Steve Martinelli proposed openstack/keystone: Avoid multiple instances for a provider https://review.openstack.org/124599	21:21
openstackgerrit	Steve Martinelli proposed openstack/keystone: Enable endpoint_policy, endpoint_filter and oauth by default https://review.openstack.org/153842	21:21
*** timcline has quit IRC		21:21
morganfainberg	mfisch thnx	21:27
*** darrenc is now known as darrenc_afk		21:28
morganfainberg	mfisch, updated the title of the bug: https://bugs.launchpad.net/puppet-keystone/+bug/1423685	21:29
openstack	Launchpad bug 1423685 in puppet-keystone "default service should be run under apache, eventlet will deprecated in K, Removed in M" [Undecided,New]	21:29
*** dims__ has joined #openstack-keystone		21:29
*** samueldmq_ has joined #openstack-keystone		21:32
*** morganfainberg is now known as needscoffee		21:32
*** samueldmq_ has quit IRC		21:48
*** MasterPiece has quit IRC		21:56
jamielennox	nice, bye bye eventlet	22:01
stevemar	needscoffee, so by including the service providers in the catalog, we run the risk of breaking horizon :D	22:02
needscoffee	stevemar, how so?	22:03
*** darrenc_afk is now known as darrenc		22:03
stevemar	needscoffee, https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/user.py#L305-L312	22:03
needscoffee	it's not an endpoint	22:03
needscoffee	should be excluded	22:04
jamielennox	gyee: neutronclient and novaclient released overnight	22:04
needscoffee	from that for-loop	22:04
jamielennox	my overnight - during the day	22:04
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Enforce that some plugin options are required https://review.openstack.org/148784	22:04
openstackgerrit	Ian Cordasco proposed openstack/oslo.policy: Add Rules.from_dict classmethod https://review.openstack.org/157548	22:05
needscoffee	stevemar, it would be under: "service_providers": [ not "endpoints": [	22:06
needscoffee	stevemar, so no risk in breaking horizon, django wont look in the catalog for that stuff	22:06
jamielennox	yea - don't mix those two	22:07
openstackgerrit	Jamie Lennox proposed openstack/python-keystoneclient: Provide a means to get all installed plugins https://review.openstack.org/156466	22:09
jamielennox	bknudson: so not pushing for a review yet, just so you know i took your splitting up auth_token functionality into pieces to extremes: https://review.openstack.org/#/c/157276/	22:11
bknudson	jamielennox: I saw it and I like the change in principal.	22:11
bknudson	not sure I like using "there" where "their" should be used, though.	22:12
jamielennox	damn - i caught myself with that mistake once or twice	22:14
*** openstackstatus has joined #openstack-keystone		22:15
*** ChanServ sets mode: +v openstackstatus		22:15
jamielennox	i didn't copy & paste the commit messages, it's interesting the way they changed over the ~8 patches	22:15
*** dims__ has quit IRC		22:15
*** henrynash has quit IRC		22:17
*** henrynash has joined #openstack-keystone		22:18
*** ChanServ sets mode: +v henrynash		22:18
*** diegows has joined #openstack-keystone		22:21
*** _cjones_ has quit IRC		22:24
*** henrynash has quit IRC		22:24
*** henrynash has joined #openstack-keystone		22:25
*** ChanServ sets mode: +v henrynash		22:25
*** _cjones_ has joined #openstack-keystone		22:28
*** henrynash_ has joined #openstack-keystone		22:37
*** ChanServ sets mode: +v henrynash_		22:37
*** henrynash has quit IRC		22:38
*** henrynash_ is now known as henrynash		22:38
openstackgerrit	Tom Cameron proposed openstack/keystone: Add docstrings to remaining functions https://review.openstack.org/147313	22:44
*** henrynash_ has joined #openstack-keystone		22:45
*** ChanServ sets mode: +v henrynash_		22:45
*** henrynash has quit IRC		22:47
*** henrynash_ is now known as henrynash		22:47
*** topol has quit IRC		22:56
openstackgerrit	Ian Cordasco proposed openstack/oslo.policy: Fix the order of args to assertEqual in tests https://review.openstack.org/157572	22:59
*** andreaf_ has quit IRC		23:00
*** nellysmitt has joined #openstack-keystone		23:02
*** abhirc has quit IRC		23:04
*** nellysmitt has quit IRC		23:07
openstackgerrit	Ian Cordasco proposed openstack/oslo.policy: Fix the order of args to assertEqual in tests https://review.openstack.org/157572	23:09
stevemar	any oslo.policy guys want to take a crack at that one ^^	23:10
needscoffee	that one is a bit rought	23:10
needscoffee	rough*	23:10
stevemar	needscoffee, oh yeah, a real doozie	23:10
needscoffee	but yesh	23:10
openstackgerrit	Ian Cordasco proposed openstack/oslo.policy: Use assertTrue or assertFalse where appropriate https://review.openstack.org/157583	23:17
openstackgerrit	Steve Martinelli proposed openstack/keystone: Use oslo.policy instead of incubated version https://review.openstack.org/148624	23:18
*** henrynash has quit IRC		23:24
*** joesavak has joined #openstack-keystone		23:29
*** jsavak has joined #openstack-keystone		23:31
*** joesavak has quit IRC		23:34
openstackgerrit	Priti Desai proposed openstack/keystone: Fix for listing role assignments by project admin https://review.openstack.org/153723	23:37
*** samueldmq_ has joined #openstack-keystone		23:42
needscoffee	jamielennox, i think something is wonky with the pypi project for python-keystoneclient-kerberos	23:43
needscoffee	jamielennox, what did you do to create it?	23:44
lbragstad	needscoffee: updated with the current state of klw/ae tokens https://review.openstack.org/#/c/145317/	23:44
needscoffee	lbragstad, thanks.	23:44
openstackgerrit	Priti Desai proposed openstack/keystone: Fix for listing role assignments by project admin https://review.openstack.org/153723	23:44
lbragstad	needscoffee: np, marked WIP just because it's not passing right now due to Keyczar	23:44
samueldmq_	gyee, ping - replied your comments on list role assignments performance	23:45
needscoffee	jamielennox, i think i see the issue	23:45
lhcheng	bknudson, stevemar: do you guys still recall the next step for this patch: https://review.openstack.org/#/c/93982/ ?	23:45
lhcheng	bknudson, stevemar: should we add back the validation of user_id/group_id during role assignment?	23:45
samueldmq_	gyee, both the tests and the refactoring have +2 from henrynash (refactoring +1 because he's co-authoring) :-)	23:45
needscoffee	jamielennox, i need you to make openstackCI the maintainer not just owner.	23:46
needscoffee	jamielennox, i think that is preventing CI from publishing the tags	23:46
needscoffee	as a package	23:46
jamielennox	needscoffee: i have no idea, i made like 3 repos that time	23:46
needscoffee	jamielennox, yeah make openstackCI the maintainer not just owner	23:46
jamielennox	needscoffee: if that's the issue i'd check -federation as well	23:46
needscoffee	yep	23:46
needscoffee	both need it	23:46
needscoffee	can you change that?	23:46
marekd	I will leave you off with a request to take a look at patch https://review.openstack.org/#/c/156509/ , especially whether we go with what's is being proposed in the patch or what gyee suggests. Sadly, I don't have very strong oppinions on that so I need your help.	23:47
*** csoukup has quit IRC		23:47
jamielennox	yep, i did the same process for requests-mock, not sure why that's different	23:47
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Do not allow the use of slash in the project name https://review.openstack.org/157152	23:47
jamielennox	needscoffee: should i remove owner?	23:47
needscoffee	nah owner is fin	23:48
needscoffee	fine*	23:48
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Do not allow the use of slash in the project name https://review.openstack.org/157152	23:48
needscoffee	but maintainer is important	23:48
jamielennox	so openstackci has owner on requests-mock and it's published releases before	23:48
jamielennox	i'm just going to give up on correct spelling and punctuation i think	23:48
needscoffee	hm	23:49
*** markvoelker has quit IRC		23:49
needscoffee	ok	23:49
needscoffee	so python-keystoneclient-kerberos is broken	23:49
needscoffee	somehow	23:49
needscoffee	and i can't seem to chase down the log(s)	23:49
*** browne has quit IRC		23:52
jamielennox	needscoffee: aparently client is in trouble for something in -infra as well	23:52
*** ljfisher has quit IRC		23:52
needscoffee	not directly	23:53
jamielennox	but my IRC is lighting up in 3 or 4 different channels so i haven't followed that one at all yet	23:53
needscoffee	this is the pin vs cap vs things and neutronclient released	23:53
*** bknudson has quit IRC		23:53
jamielennox	apparently us jumping to 1.0 was more of an issue than we though	23:54
jamielennox	t	23:54
needscoffee	yep. not like this is easy to undo now	23:54
needscoffee	i actually specifically asked a bunch of people on that front before we did it	23:55
needscoffee	so, unforseen consequences :(	23:55
*** abhirc has joined #openstack-keystone		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!