Sunday, 2015-05-31

*** markvoelker has joined #openstack-keystone		00:04
*** dimsum__ has joined #openstack-keystone		00:06
*** stevemar has quit IRC		00:08
*** markvoelker has quit IRC		00:09
*** emagana has joined #openstack-keystone		00:15
*** dimsum__ has quit IRC		00:18
*** emagana has quit IRC		00:20
*** devlaps has joined #openstack-keystone		00:23
*** devlaps has quit IRC		00:27
*** dimsum__ has joined #openstack-keystone		00:36
*** dimsum__ has quit IRC		00:37
*** dimsum__ has joined #openstack-keystone		00:37
openstackgerrit	Diane Fleming proposed openstack/keystone-specs: Add side-by-side comparison table of v2 and v3 APIs https://review.openstack.org/187027	00:47
*** topol has joined #openstack-keystone		00:58
*** ChanServ sets mode: +v topol		00:58
*** markvoelker has joined #openstack-keystone		01:05
*** emagana has joined #openstack-keystone		01:09
*** markvoelker has quit IRC		01:10
*** emagana has quit IRC		01:14
*** stevemar has joined #openstack-keystone		01:19
*** ChanServ sets mode: +v stevemar		01:19
*** dimsum__ has quit IRC		01:57
openstackgerrit	Diane Fleming proposed openstack/keystone-specs: Add side-by-side comparison table of v2 and v3 APIs https://review.openstack.org/187027	01:57
*** emagana has joined #openstack-keystone		02:03
*** emagana has quit IRC		02:08
*** markvoelker has joined #openstack-keystone		02:54
*** dimsum__ has joined #openstack-keystone		02:57
*** emagana has joined #openstack-keystone		02:57
*** markvoelker has quit IRC		02:59
*** emagana has quit IRC		03:02
topol	dstanek, re https://review.openstack.org/#/c/186994/1/keystoneclient/session.py, how did you know the json portion was no longer used?	03:03
*** dimsum__ has quit IRC		03:03
jamielennox	topol: the _ prefix of the function means it's private so it should only be called from within the same object, given that we control how it's called if we don't pass json= to it then it isn't used	03:06
topol	jamielennox. Makes sense. But any idea why it was there in the first place. Someone must have thought they may eventually use it.	03:08
* topol I think jamielennox just earned himself a jacket with his great answer to my question		03:08
jamielennox	topol: more likely that it was used at some point and then it was optimised out, all the information that was passed to it is also available on the response object so if you needed to make private part of the response (like removing the token or service catalog from logs) you wanted to override the json= value	03:09
jamielennox	i honestly don't remember why it was done that way	03:09
*** ajayaa has joined #openstack-keystone		03:09
jamielennox	:)	03:09
topol	agreed. I guess I could do git blame if it bugs me. But I buy your answer :-)	03:10
jamielennox	that was a powerful response indeed then	03:10
jamielennox	topol: this is the reason to make all these things private by default. if we don't use it we can change the signature and change it back again later if we need to	03:10
topol	jamielennox I completely agree! Nothing scary than something looking like its a public API, then folks depend on it, then we change it and say, sorry it was really private	03:11
jamielennox	topol: we have certainly fallen into that mistake a few times	03:12
topol	jamielennox. I recall them well. We had some internal IBMers that went ballistic at Brant and I when it happened a few years ago :-)	03:12
*** rlt_ has quit IRC		03:16
*** ajayaa has quit IRC		03:19
openstackgerrit	Merged openstack/keystone: Add "enabled" to create service provider example https://review.openstack.org/186402	03:30
stevemar	topol, someone went ballistic on you?! never?	03:31
topol	stevemar. Happens all the time. This mule has been whipped so many times I dont even feel it :-)	03:32
*** ajayaa has joined #openstack-keystone		03:35
stevemar	topol, unleash the wookie on them	03:41
topol	stevemar, more flies with honey... more flies with honey	03:44
*** samueldmq has quit IRC		03:44
topol	stevemar, I'm reviewing https://review.openstack.org/#/c/182102/7/keystone/auth/controllers.py and Brant wrote some awesomely clean code	03:45
*** emagana has joined #openstack-keystone		03:52
*** emagana has quit IRC		03:57
*** arunkant has quit IRC		04:07
*** lhcheng has quit IRC		04:13
*** arunkant has joined #openstack-keystone		04:15
*** lhcheng has joined #openstack-keystone		04:28
*** ChanServ sets mode: +v lhcheng		04:28
topol	stevemar, jamielennox After reviewing https://review.openstack.org/#/c/182102/ I am now depressed. I don't think I could ever write code as elegant as what I just reviewed. I feel like a short order cook in a world of gourmet chefs	04:30
topol	Maybe next time I should pronounce that guys name correctly on stage :-)	04:31
stevemar	nah	04:33
stevemar	screw that noise	04:33
jamielennox	topol: all that in ~80 lines :(	04:39
openstackgerrit	Merged openstack/keystone: Sync oslo-incubator cc19617 https://review.openstack.org/183153	04:41
*** markvoelker has joined #openstack-keystone		04:42
*** emagana has joined #openstack-keystone		04:46
*** markvoelker has quit IRC		04:47
*** emagana has quit IRC		04:50
*** _cjones_ has joined #openstack-keystone		05:23
*** emagana has joined #openstack-keystone		05:26
*** _cjones_ has quit IRC		05:29
*** emagana has quit IRC		05:31
*** ajayaa has quit IRC		05:42
*** stevemar has quit IRC		05:49
*** emagana has joined #openstack-keystone		05:56
*** topol has quit IRC		06:00
*** emagana has quit IRC		06:01
*** lufix_ has joined #openstack-keystone		06:04
*** henrynash_ has joined #openstack-keystone		06:06
*** ChanServ sets mode: +v henrynash_		06:06
*** henrynash has quit IRC		06:09
*** henrynash_ is now known as henrynash		06:09
*** jamielennox is now known as jamielennox\|away		06:17
*** _cjones_ has joined #openstack-keystone		06:26
*** alanf-mc has joined #openstack-keystone		06:30
*** _cjones_ has quit IRC		06:30
*** mabrams has joined #openstack-keystone		06:30
*** mabrams has left #openstack-keystone		06:30
*** mabrams has joined #openstack-keystone		06:30
*** markvoelker has joined #openstack-keystone		06:31
*** markvoelker has quit IRC		06:36
*** HT_sergio has quit IRC		06:42
*** alanf-mc has quit IRC		06:44
*** alanf-mc has joined #openstack-keystone		06:48
*** emagana has joined #openstack-keystone		06:51
*** alanf-mc has quit IRC		06:53
*** emagana has quit IRC		06:55
*** gsilvis has quit IRC		07:07
*** gsilvis has joined #openstack-keystone		07:09
*** dylan1 has joined #openstack-keystone		07:19
dylan1	Hi,all. I have a question about keystone federation. Can one keystone be configured as service provider and identity provider for another service provider?	07:21
mabrams	dylan1: in K2K (keystone to keystone) federation introduced in kilo, it is possible for one keystone to be a IDP for another keystone instance	07:33
dylan1	mabrams, does one keystone have multiple identity providers?	07:36
dylan1	for example, there are 3 keystone - A, B and C. can i configure B and C as the A's IDP at the same time?	07:37
mabrams	dylan1: that should work	07:41
dylan1	thanks,mabrams, if it's ok , what's the sequence when A receives a token request?	07:42
*** emagana has joined #openstack-keystone		07:45
mabrams	dylan1: not sure; would think it's something simple like "preferred" or conf order or something; probably not by region or TTL. let me see if i can find a diag	07:46
*** emagana has quit IRC		07:49
*** alanf-mc has joined #openstack-keystone		07:49
*** emagana has joined #openstack-keystone		07:56
*** emagana has quit IRC		08:01
dylan1	Thanks, mabrams. I think maybe it's useful in multiple in-house clouds	08:02
*** alanf-mc has quit IRC		08:08
*** markvoelker has joined #openstack-keystone		08:20
*** dimsum__ has joined #openstack-keystone		08:24
*** markvoelker has quit IRC		08:25
*** _cjones_ has joined #openstack-keystone		08:27
*** alanf-mc has joined #openstack-keystone		08:27
*** dimsum__ has quit IRC		08:29
*** bradjones has quit IRC		08:29
*** bradjones has joined #openstack-keystone		08:31
*** _cjones_ has quit IRC		08:31
*** emagana has joined #openstack-keystone		08:50
*** emagana_ has joined #openstack-keystone		08:52
*** emagana has quit IRC		08:55
*** emagana_ has quit IRC		08:57
*** alanf-mc has quit IRC		09:09
*** _cjones_ has joined #openstack-keystone		09:28
*** _cjones_ has quit IRC		09:34
*** dylan1 has quit IRC		09:37
*** emagana has joined #openstack-keystone		09:46
*** emagana has quit IRC		09:51
ekarlso	ls	09:54
*** markvoelker has joined #openstack-keystone		10:09
*** nlevinki has joined #openstack-keystone		10:12
*** markvoelker has quit IRC		10:14
*** emagana has joined #openstack-keystone		10:40
*** emagana has quit IRC		10:45
openstackgerrit	henry-nash proposed openstack/keystone-specs: Enable listing of role assignments in a project hierarchy https://review.openstack.org/187045	11:10
*** henrynash has quit IRC		11:33
*** emagana has joined #openstack-keystone		11:34
*** emagana has quit IRC		11:39
*** markvoelker has joined #openstack-keystone		11:40
*** dimsum__ has joined #openstack-keystone		11:43
*** markvoelker has quit IRC		11:44
*** dimsum__ has quit IRC		11:55
*** dimsum__ has joined #openstack-keystone		11:55
*** dimsum__ has quit IRC		12:01
*** dimsum__ has joined #openstack-keystone		12:07
*** samueldmq has joined #openstack-keystone		12:18
*** emagana has joined #openstack-keystone		12:29
*** lhcheng has quit IRC		12:32
*** emagana has quit IRC		12:33
*** markvoelker has joined #openstack-keystone		12:40
*** jamielennox\|away is now known as jamielennox		12:40
*** markvoelker has quit IRC		12:45
*** henrynash has joined #openstack-keystone		12:46
*** ChanServ sets mode: +v henrynash		12:46
*** boris-42 has quit IRC		12:48
*** jamielennox is now known as jamielennox\|away		13:19
*** emagana has joined #openstack-keystone		13:23
*** emagana has quit IRC		13:27
*** topol has joined #openstack-keystone		13:43
*** ChanServ sets mode: +v topol		13:43
*** dimsum__ has quit IRC		13:46
*** henrynash has quit IRC		13:49
*** emagana has joined #openstack-keystone		14:17
*** emagana has quit IRC		14:21
*** markvoelker has joined #openstack-keystone		14:26
*** markvoelker has quit IRC		14:30
*** markvoelker has joined #openstack-keystone		14:33
*** samueldmq has quit IRC		14:37
*** nlevinki has quit IRC		14:42
*** archers has joined #openstack-keystone		14:44
*** dimsum__ has joined #openstack-keystone		14:50
openstackgerrit	Brant Knudson proposed openstack/keystone: Refactor extract function load_auth_method https://review.openstack.org/187004	14:53
openstackgerrit	Brant Knudson proposed openstack/keystone: Use stevedore for auth drivers https://review.openstack.org/182102	14:53
*** dimsum__ has quit IRC		14:56
*** mabrams has quit IRC		15:00
openstackgerrit	Brant Knudson proposed openstack/keystone: Fix sending invalid query parameters to database https://review.openstack.org/163949	15:02
*** topol has quit IRC		15:09
*** emagana has joined #openstack-keystone		15:11
*** emagana has quit IRC		15:16
*** dimsum__ has joined #openstack-keystone		15:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Cleanup fixture imports https://review.openstack.org/187060	15:28
*** emagana has joined #openstack-keystone		16:05
*** emagana has quit IRC		16:10
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct oauth1 driver help text https://review.openstack.org/187061	16:16
openstackgerrit	Brant Knudson proposed openstack/keystone: Update sample config file https://review.openstack.org/187062	16:16
*** archers has quit IRC		16:28
openstackgerrit	Brant Knudson proposed openstack/keystone: Update functional tox env requirements https://review.openstack.org/187063	16:28
*** markvoelker has quit IRC		16:34
*** dimsum__ has quit IRC		16:35
*** pnavarro has joined #openstack-keystone		16:37
openstackgerrit	Brant Knudson proposed openstack/keystone: Correct enabled emulation query to request no attributes https://review.openstack.org/187065	16:49
*** devlaps has joined #openstack-keystone		16:53
*** emagana has joined #openstack-keystone		16:59
*** emagana has quit IRC		17:04
*** devlaps has quit IRC		17:09
*** pnavarro has quit IRC		17:14
*** woodster_ has joined #openstack-keystone		17:16
*** emagana has joined #openstack-keystone		17:17
*** emagana has quit IRC		17:21
*** markvoelker has joined #openstack-keystone		17:35
*** markvoelker has quit IRC		17:39
*** dimsum__ has joined #openstack-keystone		17:51
*** dimsum__ has quit IRC		17:56
*** stevemar has joined #openstack-keystone		18:03
*** ChanServ sets mode: +v stevemar		18:03
*** gokrokve_ has joined #openstack-keystone		18:08
*** emagana has joined #openstack-keystone		18:11
*** gokrokve has quit IRC		18:11
*** stevemar has quit IRC		18:14
*** emagana has quit IRC		18:16
*** lhcheng has joined #openstack-keystone		18:37
*** ChanServ sets mode: +v lhcheng		18:37
openstackgerrit	Merged openstack/keystone: Correct oauth1 driver help text https://review.openstack.org/187061	18:52
*** gokrokve has joined #openstack-keystone		18:53
*** gokrokve_ has quit IRC		18:56
*** gokrokve has quit IRC		18:58
*** boris-42 has joined #openstack-keystone		18:58
*** belmoreira has joined #openstack-keystone		19:03
*** gokrokve has joined #openstack-keystone		19:04
*** gokrokve has quit IRC		19:05
*** emagana has joined #openstack-keystone		19:05
*** belmoreira has quit IRC		19:09
*** emagana has quit IRC		19:10
openstackgerrit	Merged openstack/keystone: Update sample config file https://review.openstack.org/187062	19:16
*** markvoelker has joined #openstack-keystone		19:24
*** markvoelker has quit IRC		19:28
*** woodster_ has quit IRC		19:30
openstackgerrit	Merged openstack/keystone: Update functional tox env requirements https://review.openstack.org/187063	19:33
*** emagana has joined #openstack-keystone		20:00
*** emagana has quit IRC		20:04
*** belmoreira has joined #openstack-keystone		20:04
openstackgerrit	Diane Fleming proposed openstack/keystone-specs: Add side-by-side comparison table of v2 and v3 APIs https://review.openstack.org/187027	20:08
*** gokrokve has joined #openstack-keystone		20:09
*** gokrokve has quit IRC		20:16
*** emagana has joined #openstack-keystone		20:54
openstackgerrit	Morgan Fainberg proposed openstack/keystonemiddleware: Ensure cache keys are a known/fixed length https://review.openstack.org/186971	20:56
*** emagana has quit IRC		20:59
*** dimsum__ has joined #openstack-keystone		21:02
openstackgerrit	Diane Fleming proposed openstack/keystone-specs: Add side-by-side comparison table of v2 and v3 APIs https://review.openstack.org/187027	21:05
*** stevemar has joined #openstack-keystone		21:09
*** ChanServ sets mode: +v stevemar		21:09
*** markvoelker has joined #openstack-keystone		21:13
openstackgerrit	Diane Fleming proposed openstack/keystone-specs: Add side-by-side comparison table of v2 and v3 APIs https://review.openstack.org/187027	21:14
*** lufix_ has quit IRC		21:16
*** markvoelker has quit IRC		21:17
openstackgerrit	Morgan Fainberg proposed openstack/keystoneauth: Remove i18n stub https://review.openstack.org/186748	21:21
openstackgerrit	Morgan Fainberg proposed openstack/keystoneauth: Cleanup needless variable binding https://review.openstack.org/187080	21:21
morganfainberg	jamielennox\|away: we need to figure out the auth plugins for KSA when we move to keystoneauth1	21:23
morganfainberg	i think we just move the namespace to being keystoneauth1 for them	21:23
morganfainberg	so loading from keystoneauth1 works as you'd expect	21:23
*** belmoreira has quit IRC		21:36
*** woodster_ has joined #openstack-keystone		21:42
mordred	morganfainberg: you could also have ksa do a scan for ksc plugin namespace during a transition period	21:43
mordred	there is nothing special about the namespaces, they're just strings	21:43
morganfainberg	mordred: oh i was just thinking strictly in KSA	21:43
morganfainberg	not even ksc	21:43
morganfainberg	the ksc -> ksa transition yes	21:43
mordred	yah	21:43
morganfainberg	that makes sense	21:43
morganfainberg	but ksa right now owns the namespace keystoneauth.auth.plugin	21:43
morganfainberg	and i was thinking we need to make that keystoneauth1.auth.plugin	21:44
mordred	btw - there is an amazing thunderstorm going on in NYC right now ...	21:44
mordred	morganfainberg: ah - I grok what you're saying	21:44
morganfainberg	i'm jealous. i'm stuck in hot weather + lots of stupid on bikes (yay shutdown major roads for cycling, but ugh.. it makes the city bad to et in/out of today)	21:45
morganfainberg	but awesome thunderstorm is always cool	21:45
openstackgerrit	Merged openstack/python-keystoneclient-kerberos: Updated from global requirements https://review.openstack.org/181235	21:46
morganfainberg	ugh: +3963 lines	21:47
morganfainberg	yeah not even going to try and review that	21:47
*** emagana has joined #openstack-keystone		21:48
openstackgerrit	Merged openstack/python-keystoneclient-saml2: Updated from global requirements https://review.openstack.org/161588	21:48
*** henrynash has joined #openstack-keystone		21:48
*** ChanServ sets mode: +v henrynash		21:48
morganfainberg	mordred: totally getting into the gertty workflow now	21:50
morganfainberg	henrynash: ping	21:50
henrynash	morganfainberg: pong	21:51
morganfainberg	henrynash: https://bugs.launchpad.net/keystone/+bug/1450344	21:51
openstack	Launchpad bug 1450344 in Keystone "Invalid SQL Identity Assertion - Load Config from Database" [Undecided,New] - Assigned to Henry Nash (henry-nash)	21:51
morganfainberg	henrynash: looks like we broke people	21:51
morganfainberg	henrynash: can't restrict per-domain to SQL only	21:51
morganfainberg	erm	21:51
morganfainberg	LDAP only	21:51
morganfainberg	need to re-enable that usecase	21:51
henrynash	morganfainberg: yep, if you rememember I was concerned about his	21:51
morganfainberg	henrynash: well we have a clear and direct bug	21:52
morganfainberg	going to hit that with a high prio stick	21:52
morganfainberg	i've assigned it to you, i think you are the best person to quickly turn it around. let me know if you need me to jump on it instead	21:52
*** emagana has quit IRC		21:52
henrynash	morganfainberg: so we can easily remove taht restriction…just need to decide how (if) we protect the race condition	21:53
mordred	morganfainberg: it's pretty badass isn't it?	21:53
morganfainberg	mordred: yep. totally.	21:53
henrynash	morganfainberg: I’ll get in it straight away	21:53
morganfainberg	henrynash: yeah. and protect the race as best you can/at least well enough to prevent people from horking themselves permanently	21:53
morganfainberg	henrynash: maybe the fix is any/all SQL backed domains get wired to the same backend until we get per-domain sql connection strings	21:54
henrynash	morganfainberg: one fix would be to use SQL to store whether there was a domin using the SQL drver or not	21:54
morganfainberg	henrynash: but that wouldn't be backport worthy-future looking.	21:54
morganfainberg	henrynash: yeah.	21:54
morganfainberg	henrynash: might be the best choice	21:54
morganfainberg	but i don't like the black-magic feel of it	21:54
morganfainberg	it's not intuitive	21:55
morganfainberg	henrynash: but regardless we need to fix it, so lets figure out the best way forward for the moment	21:55
morganfainberg	mordred: also not needing to run VMs is super duper nice for testing things	21:55
henrynash	morganfainberg: as a seperate task, I want to investigate what it woyld take to remove the restriction of one SQL backend anyway…..but that’s on a longer track	21:55
morganfainberg	henrynash: i think that is an oslo.db needs to grow smarter issue	21:56
henrynash	morganfainberg: yep, probably true	21:56
henrynash	morganfainberg: seperate point….which days of the week of July 13th is the midcyle….just reserving my hotl eroom!	21:57
morganfainberg	henrynash: it's on the sprint wiki	21:57
morganfainberg	but i think it's wed, thur, fri	21:57
henrynash	that’s what I thought…ok!	21:58
* morganfainberg needs to figure out that travel stuff		21:58
rodrigods	not sure, but I guess mid cycle is off the table for us :(	21:59
morganfainberg	rodrigods: aww =/	21:59
morganfainberg	i know it's hard for international travel	21:59
rodrigods	yeah =/	21:59
morganfainberg	rodrigods: it's why i don't expect jamielennox\|away to be there. if you can make it great, if not, it's why we're trying to de-emphasize the "must be there" aspect	22:00
rodrigods	last one I knew that we could send one person	22:00
rodrigods	this one I'm not sure	22:00
rodrigods	morganfainberg, yeah, I know	22:00
morganfainberg	mordred: oddly, I noticed the CF chassis doesn't get as hot as the AL chassis of the MBPr. Interesting considering the chips are comparable	22:01
morganfainberg	mordred: is there a gertty way to get the link for the current review in gerrit?	22:02
morganfainberg	i don't seem to be able to copy that info out of gertty	22:02
mordred	hrm. I'm not sure anyone's ever asked for that	22:03
morganfainberg	useful for saying "hey X look at review" on irc	22:03
* morganfainberg might have a feature add for gertty		22:03
mordred	ah - we've all taken to just pasting numbers	22:03
mordred	assuming that everyone else has gertty and can do C-o	22:03
morganfainberg	right and numbers are good...	22:03
morganfainberg	but dropping a link in is nice too.	22:03
mordred	yah	22:03
morganfainberg	should be silly easy to add that in	22:04
* morganfainberg will look at doing that		22:04
*** belmoreira has joined #openstack-keystone		22:08
morganfainberg	ooh. this may not be easy	22:09
morganfainberg	or stupid easy: https://github.com/asweigart/pyperclip	22:12
*** henrynash has quit IRC		22:12
*** jamielennox\|away is now known as jamielennox		22:17
*** stevemar has quit IRC		22:21
openstackgerrit	Merged openstack/keystonemiddleware: Ignore cover directory https://review.openstack.org/178707	22:22
*** belmoreira has quit IRC		22:26
*** emagana has joined #openstack-keystone		22:42
*** markvoelker has joined #openstack-keystone		22:43
*** emagana has quit IRC		22:47
*** markvoelker has quit IRC		22:48
openstackgerrit	Merged openstack/keystoneauth: Remove i18n stub https://review.openstack.org/186748	22:50
jamielennox	does anyone know how ec2 credentials work with the v3 api?	23:15
*** markvoelker has joined #openstack-keystone		23:18
morganfainberg	jamielennox: we do something silly	23:32
morganfainberg	jamielennox: we just re-use the same pipeline iirc	23:32
morganfainberg	jamielennox: very silly	23:32
jamielennox	ec2 is available in v3 api?	23:32
morganfainberg	should be.	23:32
morganfainberg	jamielennox: https://github.com/openstack/keystone/blob/master/etc/keystone-paste.ini#L30-L31	23:33
jamielennox	ergh	23:34
morganfainberg	jamielennox: https://github.com/openstack/keystone/blob/master/keystone/contrib/ec2/controllers.py#L364	23:34
jamielennox	well i'm looking to create credential and and least it's better than working with the credentials api	23:34
jamielennox	come on v4!	23:36
*** emagana has joined #openstack-keystone		23:36
jamielennox	i don't know if i want to support ec2 crud for keystoneclient v3 :(	23:39
*** emagana has quit IRC		23:41
*** chlong has joined #openstack-keystone		23:44
morganfainberg	jamielennox: uhmmmm break auth from CRUD for me	23:50
jamielennox	this is still a crud issue	23:50
morganfainberg	jamielennox: then v4 is something we can talk about once people are on v3	23:50
jamielennox	morganfainberg: so this is all in aid of moving devstack completely off v2	23:51
jamielennox	and it has some ec2 credential stuff	23:51
jamielennox	which i didn't realize we even supported in v3	23:52

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!