Tuesday, 2015-09-22

*** flwang has quit IRC00:03
*** mylu has quit IRC00:04
*** flwang has joined #openstack-keystone00:04
*** roxanagh_ has quit IRC00:05
*** roxanagh_ has joined #openstack-keystone00:05
*** mylu has joined #openstack-keystone00:06
*** EinstCrazy has quit IRC00:06
*** gyee has quit IRC00:10
*** ankita_wagh has joined #openstack-keystone00:10
*** wwwjfy has joined #openstack-keystone00:11
*** diazjf has joined #openstack-keystone00:14
*** su_zhang has quit IRC00:15
*** su_zhang has joined #openstack-keystone00:17
*** shadower has quit IRC00:23
*** su_zhang has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** stevemar has joined #openstack-keystone00:27
*** ChanServ sets mode: +v stevemar00:27
*** nkinder has quit IRC00:27
*** roxanagh_ has quit IRC00:29
*** _cjones_ has quit IRC00:32
*** lhcheng_ has quit IRC00:39
*** dims_ has quit IRC00:42
*** topol has joined #openstack-keystone00:42
*** ChanServ sets mode: +v topol00:42
*** maxabidi has quit IRC00:43
*** maxabidi has joined #openstack-keystone00:43
openstackgerritBrant Knudson proposed openstack/keystone: Config option for insecure responses  https://review.openstack.org/20722600:46
openstackgerritBrant Knudson proposed openstack/keystone: Log message when debug is enabled  https://review.openstack.org/22611000:46
*** mylu has quit IRC00:51
*** EinstCrazy has joined #openstack-keystone00:51
*** mylu has joined #openstack-keystone00:53
*** geoffarnold has quit IRC00:54
*** dsirrine has joined #openstack-keystone00:58
*** topol has quit IRC00:58
*** sdake_ has joined #openstack-keystone01:04
*** nkinder has joined #openstack-keystone01:05
*** sdake has quit IRC01:06
*** sdake_ has quit IRC01:07
*** sdake has joined #openstack-keystone01:07
*** ankita_wagh has quit IRC01:16
*** richm has quit IRC01:19
*** dims has joined #openstack-keystone01:26
openstackgerritEric Brown proposed openstack/keystone: Handle edge case converting a non uuid user_id  https://review.openstack.org/22612101:28
openstackgerritJoshua Harlow proposed openstack/oslo.policy: Use requests in http check instead of urllib  https://review.openstack.org/22612201:28
openstackgerritEric Brown proposed openstack/keystone: Handle edge case converting a non uuid user_id  https://review.openstack.org/22612101:29
*** browne has quit IRC01:30
*** spandhe has quit IRC01:43
openstackgerritSteve Martinelli proposed openstack/keystone: Update the examples used for the trusted_dashboard option  https://review.openstack.org/22598701:45
stevemarbknudson: ^ let me know if you want a bug, its just a help text change so /me shrugs01:45
*** stevemar has quit IRC01:46
*** zzzeek has quit IRC01:46
*** wwwjfy has quit IRC01:48
*** hrou has joined #openstack-keystone01:53
*** woodster_ has quit IRC01:59
*** davechen has joined #openstack-keystone02:00
*** dsirrine has quit IRC02:01
*** diazjf has left #openstack-keystone02:01
*** KarthikB has joined #openstack-keystone02:02
*** davechen1 has joined #openstack-keystone02:05
*** davechen has quit IRC02:08
*** browne has joined #openstack-keystone02:19
*** mylu has quit IRC02:28
*** mtreinish has quit IRC02:28
*** mylu has joined #openstack-keystone02:28
openstackgerritMerged openstack/keystone: Relax newly imposed sql driver restriction for domain config  https://review.openstack.org/19197602:29
*** mylu has quit IRC02:33
*** dims has quit IRC02:33
*** sdake has quit IRC02:39
*** david-ly_ has joined #openstack-keystone02:39
*** david-lyle has quit IRC02:40
*** dhellmann has quit IRC02:40
*** dhellmann has joined #openstack-keystone02:41
*** BAKfr has quit IRC02:44
*** BAKfr has joined #openstack-keystone02:47
*** tobe has joined #openstack-keystone02:48
*** tobe has quit IRC02:48
*** mylu has joined #openstack-keystone02:51
*** wwwjfy has joined #openstack-keystone02:53
*** stevemar has joined #openstack-keystone02:56
*** ChanServ sets mode: +v stevemar02:56
*** mtreinish has joined #openstack-keystone02:59
*** csoukup has joined #openstack-keystone03:01
*** lhcheng has joined #openstack-keystone03:03
*** ChanServ sets mode: +v lhcheng03:03
*** RA_ has joined #openstack-keystone03:04
*** topol has joined #openstack-keystone03:10
*** ChanServ sets mode: +v topol03:10
*** topol has quit IRC03:15
*** david-ly_ is now known as david-lyle03:17
*** ayoung has quit IRC03:30
*** lhcheng has quit IRC03:33
*** dims has joined #openstack-keystone03:34
*** maxabidi has quit IRC03:37
*** Ephur has quit IRC03:37
*** mylu has quit IRC03:47
*** mylu has joined #openstack-keystone03:48
*** mylu has quit IRC03:52
*** roxanagh_ has joined #openstack-keystone04:01
*** dims has quit IRC04:09
*** stevemar has quit IRC04:09
*** stevemar has joined #openstack-keystone04:10
*** ChanServ sets mode: +v stevemar04:10
*** Nirupama has joined #openstack-keystone04:12
*** darrenc is now known as darrenc_afk04:14
openstackgerritMerged openstack/keystone: Add documentation for configuring IdP WebSSO  https://review.openstack.org/21835304:15
*** mtreinish has quit IRC04:18
*** hrou has quit IRC04:23
*** roxanagh_ has quit IRC04:23
*** mtreinish has joined #openstack-keystone04:23
*** roxanagh_ has joined #openstack-keystone04:23
*** wwwjfy has quit IRC04:29
*** lhcheng has joined #openstack-keystone04:38
*** ChanServ sets mode: +v lhcheng04:38
*** ankita_wagh has joined #openstack-keystone04:42
*** csoukup has quit IRC04:47
*** KarthikB has quit IRC04:47
*** darrenc_afk is now known as darrenc05:09
*** wwwjfy has joined #openstack-keystone05:09
*** annasort has quit IRC05:20
*** urulama has quit IRC05:24
*** urulama has joined #openstack-keystone05:24
rajesht_hi cores05:47
rajesht_need one more +2 on minor nit https://review.openstack.org/#/c/210365/05:47
rajesht_thanks in advance05:47
*** henrynash has joined #openstack-keystone05:52
*** ChanServ sets mode: +v henrynash05:52
*** stevemar has quit IRC05:53
rajesht_henrynash: need one more +2 on minor nit https://review.openstack.org/#/c/210365/05:53
henrynashok will look05:54
rajesht_henrynash: thanks05:54
henrynashrajesht_: given that you have a -1 from dolph, you need to make sure he is happy before I would +2/A05:56
rajesht_henrynash: in that case, instead of removing assertIsInstance, we need to first store return value from parse method and then need to call assertIsInstance before returning it05:59
*** lhcheng has quit IRC06:03
*** roxanagh_ has quit IRC06:09
*** roxanagh_ has joined #openstack-keystone06:10
*** lhcheng has joined #openstack-keystone06:12
*** ChanServ sets mode: +v lhcheng06:12
*** roxanagh_ has quit IRC06:15
*** ParsectiX has joined #openstack-keystone06:15
*** spandhe has joined #openstack-keystone06:38
*** jaosorior has joined #openstack-keystone06:42
*** browne has quit IRC06:43
*** ankita_wagh has quit IRC06:52
*** lhcheng has quit IRC06:54
*** jaosorior has quit IRC06:56
*** david-lyle has quit IRC06:58
*** jaosorior has joined #openstack-keystone06:59
*** ParsectiX has quit IRC07:03
*** kiran-r has joined #openstack-keystone07:07
*** roxanagh_ has joined #openstack-keystone07:12
*** david-lyle has joined #openstack-keystone07:14
*** jamielennox is now known as jamielennox|away07:15
*** spandhe has quit IRC07:16
*** roxanagh_ has quit IRC07:16
*** kiran-r has quit IRC07:18
*** kiran-r has joined #openstack-keystone07:23
*** su_zhang has joined #openstack-keystone07:31
*** nzeer has quit IRC07:41
*** ramishra has quit IRC07:41
*** serverascode has quit IRC07:41
*** boris-42 has quit IRC07:41
*** ctracey has quit IRC07:41
*** zhiyan has quit IRC07:41
*** briancurtin has quit IRC07:41
*** jraim has quit IRC07:41
*** jaosorior has quit IRC07:41
*** briancurtin has joined #openstack-keystone07:43
*** jaosorior has joined #openstack-keystone07:45
*** su_zhang has quit IRC07:47
*** ramishra has joined #openstack-keystone07:49
openstackgerritMerged openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/22424207:50
*** aix has joined #openstack-keystone07:50
openstackgerritDave Chen proposed openstack/keystone-specs: Clarify documentation about scope  https://review.openstack.org/22479207:58
*** RA_ has quit IRC08:12
*** fhubik has joined #openstack-keystone08:12
*** fhubik has quit IRC08:15
*** fhubik has joined #openstack-keystone08:15
*** jaosorior has quit IRC08:26
*** pece has joined #openstack-keystone08:28
*** fhubik has quit IRC08:29
*** fhubik has joined #openstack-keystone08:29
*** lhcheng has joined #openstack-keystone08:43
*** ChanServ sets mode: +v lhcheng08:43
*** aix has quit IRC08:46
*** lhcheng has quit IRC08:47
*** pnavarro has joined #openstack-keystone08:52
*** roxanagh_ has joined #openstack-keystone09:00
openstackgerritMerged openstack/keystone: Log message when debug is enabled  https://review.openstack.org/22611009:04
*** roxanagh_ has quit IRC09:06
*** henrynash has quit IRC09:07
*** henrynash has joined #openstack-keystone09:11
*** ChanServ sets mode: +v henrynash09:11
*** aix has joined #openstack-keystone09:16
*** boris-42 has joined #openstack-keystone09:26
*** e0ne has joined #openstack-keystone09:26
*** henrynash has quit IRC09:35
*** henrynash has joined #openstack-keystone09:38
*** ChanServ sets mode: +v henrynash09:38
*** wwwjfy has quit IRC09:39
*** wwwjfy has joined #openstack-keystone09:44
*** dims has joined #openstack-keystone09:47
*** henrynash_ has joined #openstack-keystone09:52
*** ChanServ sets mode: +v henrynash_09:52
*** henrynash has quit IRC09:52
*** henrynash_ is now known as henrynash09:52
*** fhubik is now known as fhubik_brb09:53
*** jraim has joined #openstack-keystone09:54
*** zhiyan has joined #openstack-keystone09:54
openstackgerritDave Chen proposed openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622509:55
*** ctracey has joined #openstack-keystone09:55
*** davechen1 has left #openstack-keystone09:55
*** nzeer has joined #openstack-keystone09:55
*** pece has quit IRC09:56
*** serverascode has joined #openstack-keystone09:56
*** pece has joined #openstack-keystone09:57
*** markvoelker has quit IRC09:57
*** ParsectiX has joined #openstack-keystone09:59
*** fhubik_brb is now known as fhubik10:02
*** ParsectiX has quit IRC10:03
*** ParsectiX has joined #openstack-keystone10:04
*** RA_ has joined #openstack-keystone10:08
*** ParsectiX has quit IRC10:12
*** henrynash has quit IRC10:24
*** ParsectiX has joined #openstack-keystone10:28
*** e0ne has quit IRC10:30
*** RA_ has quit IRC10:31
*** lhcheng has joined #openstack-keystone10:32
*** ChanServ sets mode: +v lhcheng10:32
*** e0ne has joined #openstack-keystone10:35
*** lhcheng has quit IRC10:37
*** lhcheng has joined #openstack-keystone10:37
*** ChanServ sets mode: +v lhcheng10:37
*** roxanagh_ has joined #openstack-keystone10:49
*** fhubik has quit IRC10:49
*** aix has quit IRC10:53
*** fhubik has joined #openstack-keystone10:54
*** roxanagh_ has quit IRC10:54
*** samueldmq has quit IRC10:58
*** amakarov_away is now known as amakarov11:00
*** samueldmq has joined #openstack-keystone11:01
*** aix has joined #openstack-keystone11:05
*** topol has joined #openstack-keystone11:08
*** ChanServ sets mode: +v topol11:08
*** doug-fish has joined #openstack-keystone11:09
*** topol has quit IRC11:13
*** _pece has joined #openstack-keystone11:13
*** pece has quit IRC11:14
*** wwwjfy has quit IRC11:22
*** akscram1 is now known as akscram11:24
openstackgerritGhe Rivero proposed openstack/keystoneauth: Fix doc session example  https://review.openstack.org/22626211:24
*** markvoelker has joined #openstack-keystone11:28
*** gordc has joined #openstack-keystone11:31
*** markvoelker has quit IRC11:33
*** fhubik is now known as fhubik_brb11:33
*** lhcheng has quit IRC11:41
*** fhubik_brb is now known as fhubik11:42
*** fhubik is now known as fhubik_brb11:43
*** roxanagh_ has joined #openstack-keystone11:51
*** roxanagh_ has quit IRC11:57
*** e0ne has quit IRC12:03
*** fhubik_brb is now known as fhubik12:04
*** markvoelker has joined #openstack-keystone12:18
*** raildo-afk is now known as raildo12:19
*** e0ne has joined #openstack-keystone12:23
*** doug-fish has quit IRC12:23
*** samueldmq has quit IRC12:25
*** doug-fish has joined #openstack-keystone12:25
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848812:26
*** dobson has quit IRC12:27
*** jaosorior has joined #openstack-keystone12:28
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation driver  https://review.openstack.org/20960012:30
*** doug-fish has quit IRC12:30
*** wwwjfy has joined #openstack-keystone12:32
*** dobson has joined #openstack-keystone12:32
*** edmondsw has joined #openstack-keystone12:33
*** nicodemos has joined #openstack-keystone12:36
*** RA_ has joined #openstack-keystone12:37
*** kiran-r has quit IRC12:45
*** doug-fish has joined #openstack-keystone12:45
*** _kiran_ has joined #openstack-keystone12:45
*** _kiran_ is now known as kiran-r12:45
*** alejandrito has joined #openstack-keystone12:47
*** samueldmq has joined #openstack-keystone12:48
*** boris-42 has quit IRC12:49
*** fhubik is now known as fhubik_brb12:51
openstackgerritMerged openstack/oslo.policy: Change ignore-errors to ignore_errors  https://review.openstack.org/22579912:57
*** fhubik_brb is now known as fhubik12:57
*** RA_ has quit IRC12:58
*** richm has joined #openstack-keystone13:03
*** jsavak has joined #openstack-keystone13:05
*** Nirupama has left #openstack-keystone13:08
openstackgerritBrant Knudson proposed openstack/keystone: Bring bandit config up-to-date  https://review.openstack.org/19441713:09
samueldmqbknudson: ping, I remember you were working in a documentation containing something like : 'what other projects need to know about keystone'13:10
bknudsonsamueldmq: https://review.openstack.org/#/c/204801/13:10
samueldmqbknudson: exactly, thanks13:11
bknudsonsamueldmq: edit https://etherpad.openstack.org/p/keystone-info and update the review.13:11
openstackgerritBrant Knudson proposed openstack/keystone: Update bandit blacklist_calls config  https://review.openstack.org/22532713:11
openstackgerritBrant Knudson proposed openstack/keystone: Update bandit blacklist_imports config  https://review.openstack.org/22534113:11
openstackgerritBrant Knudson proposed openstack/keystone: Enable Bandit 0.13.2 tests  https://review.openstack.org/22534713:11
openstackgerritBrant Knudson proposed openstack/keystone: Enable hardcoded_bind_all_interfaces Bandit test  https://review.openstack.org/22569013:11
openstackgerritBrant Knudson proposed openstack/keystone: Enable password_config_option_not_marked_secret Bandit test  https://review.openstack.org/22569113:11
openstackgerritBrant Knudson proposed openstack/keystone: Enable subprocess_without_shell_equals_true Bandit test  https://review.openstack.org/22569213:12
openstackgerritBrant Knudson proposed openstack/keystone: Enable try_except_pass Bandit test  https://review.openstack.org/22573813:12
*** fhubik_ has joined #openstack-keystone13:13
*** fhubik_ is now known as fhubik_brb13:13
samueldmqbknudson: k13:13
samueldmqbknudson: looking at dolphm's comment in the review, what if we assume 'default' in the v3clients if no domain is specified ?13:14
samueldmqcould that be a security concern?13:14
*** dims has quit IRC13:14
bknudsonsamueldmq: I can't think of a security problem that could be caused by it.13:15
*** dims has joined #openstack-keystone13:15
bknudsonsamueldmq: what v3clients? in python-keystoneclient?13:15
samueldmqbknudson: yes13:15
bknudsonalso, is 'default' the domain ID or domain name?13:15
*** fhubik has quit IRC13:16
samueldmqbknudson: I think we shoud assume the domain name, since the default_doman_id can be changed in the confi13:16
*** _kiran_ has joined #openstack-keystone13:16
bknudsonsamueldmq: I think the default name is "Default" rather than "default", but I'd have to check the code.13:17
samueldmqbknudson: although the name is 'Default' I think, instead of 'default'13:17
samueldmqbknudson: yeah, that13:17
*** kiran-r has quit IRC13:17
bknudsonthe user could create a domain and then set the default_domain_id to it, so the name isn't always going to be Default13:17
*** _kiran_ is now known as kiran-r13:17
bknudsonnor is the domain_id always going to be default13:18
samueldmqbknudson: sure, but we could assume that in most cases, since that's what we provide by default, and document that13:18
bknudsonthat doesn't mean we can't set the default value to 'default' or 'Default', just that the default won't always work.13:18
samueldmqbknudson: if one has changed the domain default, it won't work anyway, and will have to provide the domain13:18
samueldmqbknudson: ++ yes, it won't always work, but I think in most of the cases yes13:19
samueldmqin any case, it wouldn't break anything for anyone, but easing for people who run on the provided default doman13:20
openstackgerritMerged openstack/pycadf: Updated from global requirements  https://review.openstack.org/22466213:20
*** hrou has joined #openstack-keystone13:23
*** diazjf has joined #openstack-keystone13:27
*** thiagop has joined #openstack-keystone13:28
*** dsirrine has joined #openstack-keystone13:28
*** jecarey has joined #openstack-keystone13:29
*** zzzeek has joined #openstack-keystone13:30
*** e0ne has quit IRC13:37
*** RA_ has joined #openstack-keystone13:39
*** e0ne has joined #openstack-keystone13:39
*** e0ne has quit IRC13:39
*** annasort has joined #openstack-keystone13:40
*** roxanagh_ has joined #openstack-keystone13:40
*** e0ne has joined #openstack-keystone13:40
*** kiran-r has quit IRC13:40
*** roxanagh_ has quit IRC13:45
*** henrynash has joined #openstack-keystone13:47
*** ChanServ sets mode: +v henrynash13:47
*** doug-fis_ has joined #openstack-keystone13:47
*** doug-fish has quit IRC13:50
*** doug-fish has joined #openstack-keystone13:51
*** doug-fis_ has quit IRC13:52
samueldmqbknudson: what if we create an option in the server for using the default domain if no domain is provided?13:55
samueldmqbknudson: it'd work even if the deployer changed the default domain13:56
*** topol has joined #openstack-keystone13:57
*** ChanServ sets mode: +v topol13:57
*** csoukup has joined #openstack-keystone14:00
*** EinstCrazy has quit IRC14:03
*** stevemar has joined #openstack-keystone14:03
*** ChanServ sets mode: +v stevemar14:03
openstackgerritMerged openstack/keystone: federation.idp use correct subprocess  https://review.openstack.org/22534014:09
*** annasort_ has joined #openstack-keystone14:10
*** annasort has quit IRC14:10
*** annasort_ is now known as annasort14:10
*** dobson has quit IRC14:10
*** browne has joined #openstack-keystone14:13
*** exploreshaifali has joined #openstack-keystone14:14
*** doug-fish has quit IRC14:14
*** doug-fish has joined #openstack-keystone14:15
*** dobson has joined #openstack-keystone14:15
*** ayoung has joined #openstack-keystone14:16
*** ChanServ sets mode: +v ayoung14:16
*** slberger has joined #openstack-keystone14:18
openstackgerritAlexander Makarov proposed openstack/keystone: Move region configuration to a critical section  https://review.openstack.org/22217314:21
*** henrynash has quit IRC14:24
*** KarthikB has joined #openstack-keystone14:24
*** boris-42 has joined #openstack-keystone14:30
*** ayoung has quit IRC14:32
morgansamueldmq: it is a bad idea in the server to assume any domain14:34
morgansamueldmq: the *only* exception is if you are using the v2 api14:35
morganSo, I am against automatically assuming "default domain id" in v3 of domain is not supplied. A 400 error is more correct14:36
morgansamueldmq: if the client is papering over the 400 error by supplying the default domain "default" magically,14:37
morganWe are doing it wrong in the client side14:37
morganCc bknudson ^ dolphm14:38
dolphmmorgan: i actually think 'default' is a reasonable default value for a domain ID on the client side, but completely agree on the service side14:39
samueldmqmorgan: even if the server option is an option switch?14:39
morgansamueldmq: yes. Do not assume a domain on the server side except via v2 api14:40
dolphmsamueldmq: the server should never assume anything, except to scope the v2 api to CONF.identity.default_domain_id14:40
morgansamueldmq: it makes the API behave differently based upon input and possibly allows mistargeting of resources if you have access to both default domain and the one you are aiming for14:41
morgandolphm: ++14:41
dolphmon the client side, having a default value for domain_id makes it easier for people to migrate to v3, and caters the user experience to single domain deployments or deployments where the users exist in the default domain14:41
morgandolphm: i think the client shouldnt assume default either. But i wont argue too strongly against it14:41
morgandolphm: server is much more important14:42
dolphmmorgan: my only argument on the client side is for user experience.... if there's a reason why that would be a misbehavior / bug, then that should win14:42
samueldmqmorgan: dolphm okay, makes sense, I think the point of mistargeting resources by name is important (like projects with same name in dfferent domains)14:42
dolphmsamueldmq: what?14:43
openstackgerritThierry Carrez proposed openstack/keystone: Open Mitaka development  https://review.openstack.org/22635614:43
*** exploreshaifali has quit IRC14:43
samueldmqdolphm: what morgan said above, if we make 'default' the domain if it isn't supplied, and one wants to use project X14:43
samueldmqdolphm: and he/she also have access to project X in another domain, it's easy to get in the wrong project/doamin because of the default14:44
morgansamueldmq: uh. That wasn't really the point14:44
dolphmsamueldmq: .... "and one wants to use project X" ? what does that mean?14:44
*** phalmos has joined #openstack-keystone14:44
samueldmqdolphm: getting a token there14:45
morgansamueldmq: or eh sure. Nvm me. Pre-coffee14:45
samueldmqmorgan: so I am misunderstanding14:45
morganAlso... New PTL next week. Last IRC meeting as PTL. Wheeeeee14:45
samueldmqmorgan: o/14:46
* morgan wonders who is going to win election14:46
samueldmqmorgan: when is the vote going to close?14:46
morganUh. Sometime this week14:46
dolphmsamueldmq: thursday14:47
dolphmif OS_USER_DOMAIN_NAME defaults to "Default", then whenever the user sets either OS_USER_DOMAIN_NAME or OS_USER_DOMAIN_ID, then it'll override the default name "Default".14:47
dolphmOS_DOMAIN_ID and OS_DOMAIN_NAME should NOT have a default, ever, ever, ever14:48
dolphmthe logic for OS_USER_DOMAIN_NAME also applies to OS_PROJECT_DOMAIN_NAME14:48
dolphmand it applies to all client interfaces that i can think of (keystoneauth / middleware / client / cli / whatever)14:49
dolphmbut again, the server should never, ever assume domain IDs anywhere for any reason outside of v2 controllers assuming CONF.identity.default_domain_id14:49
samueldmqdolphm: yes, and at worst (in the case the default project id/name is changed by the deployer) it will break and the domain will need to be supplied anyway14:49
samueldmqdolphm: makes sense, beause that looks like defaults to improve UX (like cookies in the browsers?)14:50
*** henrynash has joined #openstack-keystone14:50
*** ChanServ sets mode: +v henrynash14:50
dolphmi'd also rather flip all the logic around between DOMAIN_ID and DOMAIN_NAME in terms of what carries a default and what overrides what, but i suspect i'm alone on that because everyone seems to love (the fragility of) names14:50
morgandolphm: you're not alone, but I feel like we're def the minority14:51
*** urulama has quit IRC14:51
samueldmqdolphm: what would it looks like ? I mean, what do you propose14:51
*** urulama has joined #openstack-keystone14:52
dolphmsamueldmq: everything i said above except flip every occurrence of _ID and _DOMAIN and swap "default" for "Default"14:53
dolphmthe only weird part is that the user setting a _DOMAIN_NAME must override a _DOMAIN_ID, which means the client is opting for a slightly less efficient and less specific operation, which is icky14:54
dolphmso you'd have to (and certainly could) work around that14:54
*** ayoung has joined #openstack-keystone14:55
*** ChanServ sets mode: +v ayoung14:55
stevemardolphm: file a bug?15:01
*** itlinux has joined #openstack-keystone15:01
samueldmqstevemar: ++, would be a good idea, to keep track of it/make people aware15:01
*** fhubik_brb is now known as fhubik_15:01
*** doug-fish has quit IRC15:03
*** doug-fish has joined #openstack-keystone15:03
*** doug-fish has quit IRC15:04
*** doug-fish has joined #openstack-keystone15:05
*** doug-fish has quit IRC15:06
samueldmqstevemar: keystoneauth is the one for auth15:06
*** doug-fish has joined #openstack-keystone15:06
samueldmqstevemar: are we deprecating auth in ksclient ? and letting it only for accessing the apis ?15:07
samueldmqstevemar: like, ksclient would use keystoneauth15:07
samueldmqis that the idea?15:07
stevemarsamueldmq: that is the idea, yes15:07
samueldmqdolphm: so all those changes would be in ksauth15:07
samueldmqstevemar: kk got it sir :)15:07
stevemarsamueldmq: we will rip out auth plugins, session, middleware and CLI from ksc15:07
*** roxanagh_ has joined #openstack-keystone15:07
stevemarsamueldmq: jamie has a patch for it15:08
stevemarsamueldmq: https://review.openstack.org/#/c/221596/15:08
samueldmqstevemar: nice, thanks15:08
*** lhcheng has joined #openstack-keystone15:11
*** ChanServ sets mode: +v lhcheng15:11
*** kiran-r has joined #openstack-keystone15:12
*** EinstCrazy has joined #openstack-keystone15:14
*** lhcheng has quit IRC15:16
stevemardstanek: why would you rather the error codes stay explicitly?15:16
dstanekstevemar: so i don't have to remember what they are or look them up every time :-)15:17
stevemardstanek: i actually told davechen to remove the explicitness in an earlier patch15:17
morganKeystoneclient session is frozen now unless you have a security bug15:17
morganAll work should be focused on keystoneauth15:18
bknudsonif you want it to be explicit then change the API so that it has to be.15:18
morganAnd a drive towards fixing keystoneclient to use ksa is a next major hurdle.15:18
dstanekbknudson: ++15:19
samueldmqmorgan: before LIberty final release?15:19
morganKsc has been branched i think15:19
*** itlinux has quit IRC15:19
*** Ephur has joined #openstack-keystone15:19
morgansamueldmq: yes stable/liberty branch exists for ksc now15:20
samueldmqmorgan: kk15:20
morganAnd by tomorrow rc1 of keystone should happen15:20
*** dims has quit IRC15:20
morganWe have one outstanding rc bug and if it isnt gating today- it is punted out to mitaka eith potential backport15:21
*** btully has quit IRC15:21
stevemarbknudson: dstanek but our APIs do state that, like the case of a PUT call for role assignments results in 204, or a delete15:21
samueldmqmorgan: which one ?15:21
* samueldmq would like to help with what is missing in priority reviews, etc15:22
*** btully has joined #openstack-keystone15:22
dstanekstevemar: i think bknudson was directing that at me. saying that i should make the interface require it to be passed in15:22
bknudsonstevemar: I actually like the defaults and implicit since then it's clear when we're doing something out of the ordinary.15:22
stevemarbknudson: yeah, thats what i like about it too :)15:23
morgansamueldmq: https://review.openstack.org/#/c/167675/2915:23
morgansamueldmq: and with the -1 i am tempted to punt to mitaka15:24
stevemarbknudson: its your favorite type of change, fixing docstrings! https://review.openstack.org/#/c/226225/115:24
bknudsone.g., in https://review.openstack.org/#/c/224545/5/keystone/tests/unit/test_v3_assignment.py at line 366 -- why do we have to override?15:24
morgandstanek: ^ your thoughts on likelihood that review will be ready for gating today?15:25
bknudsonI like docstring fixes but they should actually be changing to use valid rst.15:25
morgandstanek: the catalog one. And also how important is it for liberty?15:26
dstanekmorgan: i can make the change i suggested. was thinking that David was going to address it.15:26
morgandstanek: well it is the last thing holding up RC115:26
*** fhubik_ is now known as fhubik_brb15:26
morganAnd david and gyee are not here atm15:27
* morgan needs to have a chat with people about irc bouncers15:27
dstanekmorgan: not important at all as far as i am concerned because it's just fixing a bug where the service name isn't in the filtered service catalog15:27
*** roxanagh_ has quit IRC15:27
morganOk punting it and we can backport15:27
dstanekmorgan: the change is a bit bigger because it was requested that he move the filtering logic into core15:28
bknudsonI got a softlayer account so I can run znc15:28
*** e0ne has quit IRC15:28
*** dims has joined #openstack-keystone15:28
dstanekmorgan: yep, punt it and i'll just upload my latest fix15:28
bknudsonI don't think moving code is a bug.15:28
dstanekbknudson: it is when it creates two!15:29
*** e0ne has joined #openstack-keystone15:30
samueldmqmorgan: kk thanks for the link15:30
dstanekbknudson, stevemar: i'm OK with removing my -1 if you guys things defaults are find, but i this we are bad people http://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/unit/test_v3.py#n46215:30
dstanekwhat is the default?15:30
bknudsondstanek: 20415:31
* morgan just punted catalog and approved the open mitaka review15:31
morganPlease say something NOW if you want me to hold off15:31
bknudsondstanek: I don't think using defaults makes us bad people15:32
dstanekbknudson: sure, but it's not actually declare as a default15:32
bknudsondstanek: We're not ISIS.15:32
-morgan- Mitaka Development Opening Review is about to gate. Please say something *now* if you want this to be held.15:32
bknudsonoh, you'd rather see expected_status=204 in the method?15:32
dstanekbknudson: it's not that we are using defaults it's that we are declaring them in the body as opposed to where you would normally find them15:32
bknudsonThat would be smarter.15:32
*** roxanagh_ has joined #openstack-keystone15:34
stevemardstanek: okay, i'll meet you there, that should be in the method signature, not in the body15:35
dstanekstevemar: i'm going to write up a quick patch while i'm thinking about it15:36
stevemardstanek: sure15:36
stevemarit should be a pretty straightforward patch, .... trying to think of any implications from it, but it seems safe15:37
stevemari'd be curious to see what the fall out is :)15:37
morganWe have about 1hr before mitaka development will be open.15:38
*** roxanag__ has joined #openstack-keystone15:38
openstackgerritDavid Stanek proposed openstack/keystone: Move endpoint catalog filtering to default driver  https://review.openstack.org/16767515:39
dolphmstevemar: you're welcome https://bugs.launchpad.net/keystone/+bug/149855615:39
openstackLaunchpad bug 1498556 in python-keystoneclient "Reasonable assumptions concerning domain references" [Medium,Triaged]15:39
*** geoffarnold has joined #openstack-keystone15:39
*** roxanagh_ has quit IRC15:40
*** BAKfr has quit IRC15:41
*** e0ne has quit IRC15:41
*** itlinux has joined #openstack-keystone15:42
henrynashmorgan: fine by me15:43
bknudsonlbragstad: dolphm: with mitaka open in 53 mins do we need https://review.openstack.org/#/c/221786/ ?15:43
lbragstadbknudson: it would be nice, I would think we'd need it15:44
bknudsonlbragstad: the commit message makes it sound like it's not needed in M15:44
bknudsonfix the commit message if that's not the case15:44
*** fhubik_brb is now known as fhubik_15:45
*** phalmos has quit IRC15:45
*** hrou has quit IRC15:46
*** hrou has joined #openstack-keystone15:46
dolphmbknudson: yes, it'll avoid a bunch of 401's after upgrading from kilo -> liberty in deployments using fernet15:47
dolphmbknudson: it is not needed in M, it is needed in liberty15:47
bknudsonI think this can just be proposed to stable, then.15:47
lbragstadbknudson: it's for upgrades15:47
dolphmbknudson: unless you want to upgrade from kilo -> mitaka, actually15:48
stevemarbknudson: can you take a quick look at https://review.openstack.org/#/c/225987/15:48
stevemaractually morgan ^ let me know if you want that in L or not15:48
dolphmstevemar: docs can be trivially backported15:49
bknudsonstevemar: first patch!15:49
stevemardolphm: morgan it would mean that keystone.conf needs to be re-generated too15:49
bknudsondoes the config generator work on stable/?15:49
*** roxanag__ has quit IRC15:50
morganIt should?15:50
morganWe can do a one off run if needed.15:50
stevemarmorgan: ++15:50
stevemarbut i think it works on stable15:50
morganI'm sure we will need an rc215:50
morganWe always do.15:50
*** phalmos has joined #openstack-keystone15:51
bknudsonwe never did get any translations15:52
*** f13o has joined #openstack-keystone15:55
morganbknudson: =/15:55
morganI checked w/ relmanagement before approving. They said go ahead15:55
*** woodster_ has joined #openstack-keystone15:56
*** BAKfr has joined #openstack-keystone15:56
*** RA_ has quit IRC15:57
*** petertr7_away has quit IRC15:58
*** RA_ has joined #openstack-keystone15:58
morganI think translations are going to be in rc215:59
morganBased on ML traffic15:59
bknudsonthey make rc2 from stable/ ?15:59
dstanekjust about lunch time!16:00
*** petertr7_away has joined #openstack-keystone16:00
*** petertr7_away is now known as petertr716:00
bknudsondstanek must have something really good lined up for lunch16:00
dstanekso if we add V3 endpoints to the V2 list we have to choose only one ID to return. what do we do it someone does a GET for that ID under V2?16:00
*** itlinux_ has joined #openstack-keystone16:01
dstanekbknudson: nope, just doing out with the wife and son. the food is just an added benefit16:01
bknudsonreturn the public one?16:01
*** itlinux has quit IRC16:02
*** henrynash has quit IRC16:02
dstanekbknudson: does that break the contract since we are not returning all of the interfaces?16:03
*** RA_ has quit IRC16:04
bknudsonoh, look up the service for the public one and return all the interfaces.16:08
*** fhubik_ has quit IRC16:08
*** fhubik_ has joined #openstack-keystone16:09
dstanekbknudson: yeah, that's what i was thinking here: https://review.openstack.org/#/c/215870/16:10
edmondswdstanek, answered your comments in https://review.openstack.org/#/c/217373/16:11
*** gyee has joined #openstack-keystone16:11
*** ChanServ sets mode: +v gyee16:11
*** exploreshaifali has joined #openstack-keystone16:12
*** tonytan4ever has joined #openstack-keystone16:14
*** zzzeek has quit IRC16:14
wwwjfydstanek: I didn't check thoroughly, but since Endpoint class doesn't have a GET interface via a single endpoint id, I assume it's safe to return any id as the v2 endpoint's id16:14
*** fhubik_ is now known as fhubik_brb16:14
wwwjfyjust to be consistent, I decided to return public interface's id16:14
*** fhubik_brb is now known as fhubik_16:15
*** EinstCrazy has quit IRC16:19
*** fhubik_ has quit IRC16:20
*** zzzeek has joined #openstack-keystone16:23
*** lhcheng has joined #openstack-keystone16:29
*** ChanServ sets mode: +v lhcheng16:29
*** lhcheng_ has joined #openstack-keystone16:30
*** lhcheng has quit IRC16:30
*** kiran-r is now known as _kiran_16:35
*** itlinux_ has quit IRC16:39
*** _kiran_ has quit IRC16:40
*** kiran-r has joined #openstack-keystone16:40
*** kiran-r has quit IRC16:40
*** kiranr_ has joined #openstack-keystone16:40
*** kiranr_ has quit IRC16:40
*** phalmos has quit IRC16:41
*** itlinux has joined #openstack-keystone16:41
*** mylu has joined #openstack-keystone16:45
*** david-lyle has quit IRC16:46
*** _cjones_ has joined #openstack-keystone16:55
*** tsymancz1k has quit IRC16:56
*** tsymancz3k has quit IRC16:56
*** spandhe has joined #openstack-keystone16:59
*** spandhe_ has joined #openstack-keystone17:02
*** pauloewerton has joined #openstack-keystone17:03
*** spandhe has quit IRC17:03
*** spandhe_ is now known as spandhe17:03
*** pnavarro has quit IRC17:04
*** su_zhang has joined #openstack-keystone17:06
*** ankita_wagh has joined #openstack-keystone17:06
*** tsymancz1k has joined #openstack-keystone17:07
*** tsymancz1k is now known as tsymanczyk17:07
*** su_zhang has quit IRC17:08
*** su_zhang has joined #openstack-keystone17:08
*** tsymancz1k has joined #openstack-keystone17:12
*** amakarov is now known as amakarov_away17:13
openstackgerritMerged openstack/keystone: Clean up bandit profiles  https://review.openstack.org/22530417:25
*** diazjf has quit IRC17:25
*** mylu has quit IRC17:30
*** dims has quit IRC17:31
*** dims has joined #openstack-keystone17:32
*** kiran-r has joined #openstack-keystone17:32
openstackgerritMerged openstack/keystone: Bring bandit config up-to-date  https://review.openstack.org/19441717:34
*** kiranr has joined #openstack-keystone17:36
*** mylu has joined #openstack-keystone17:39
*** mylu has quit IRC17:39
*** shaleh has joined #openstack-keystone17:44
*** itlinux has quit IRC17:47
*** henrynash has joined #openstack-keystone17:57
*** ChanServ sets mode: +v henrynash17:57
*** exploreshaifali has quit IRC17:57
morganalmost that time17:58
openstackgerritJulien Danjou proposed openstack/keystone: wsgi: fix base_url finding  https://review.openstack.org/22646417:58
stevemarmorgan: feeling bitter sweet yet?17:59
*** _cjones_ has quit IRC18:01
*** _cjones_ has joined #openstack-keystone18:02
*** samleon has joined #openstack-keystone18:05
*** diazjf has joined #openstack-keystone18:06
*** samleon has quit IRC18:08
gyeeayoung, thanks!18:09
dolphmand to whoever wins the election ayoung, dstanek, stevemar: know that you'll be able to refer to either morgan or myself for help / direction / advice / etc - the job isn't exactly well documented! but you're keeping the hat, either way, i don't think either of us want it back.18:09
stevemardolphm: lol thanks good to know18:10
*** phalmos has joined #openstack-keystone18:10
morgandolphm: +∞18:10
dstanekdolphm: i heard you were a write in candidate18:10
ayoungdolphm, I was scared to run for it, to be honest.  But...you have to be willing to put your neck on the line if you complain as much as I do.18:11
ayoungWe'll see how it goes; might suggest we take up the heat approach of having a rotating PTL, one release per...18:12
dstanekayoung: the other option is to stop complaining :-)18:12
ayoungdstanek, this is me we are talking about.  That is not an option.18:12
stevemardstanek: lbragstad bknudson what were you guys referring to when talking about hackathon? you mean the mid-cycle one?18:12
ayoungwhen I was a new Platoon Leader, an NCO explained this to me:18:12
morganayoung: even 2 cycles isn't bad18:13
ayoungdon't worry about your Soldiers' complain18:13
morganbut it's draining18:13
ayoungworry when they stop.18:13
bknudsonstevemar: I was hoping to put together some time to work on test refactoring so that they would run faster. (as in, not do full REST calls)18:13
* raildo thinking that we should have a debate between the candidates :P18:13
lbragstadstevemar: a while back, bknudson had a bunch of stuff wrt testing that he wanted to get done, and he mentioned an "off-line" hackathon18:13
dstanekstevemar: i'd like to do virtual ones18:13
lbragstaddstanek: ++18:13
lbragstadyes, we have the tools18:13
lbragstadand it if makes working on things easier, like improving test times, I think we should be using them18:14
bknudsonthis is as far as I got: https://etherpad.openstack.org/p/keystone-testing18:14
*** Alexander has joined #openstack-keystone18:14
*** Alexander is now known as amakarov18:14
bknudsonI think maybe dstanek had written up some ideas for how he'd like the tests to be structured, too.18:15
dstanekbknudson: yeah, looking for the link now18:15
dstanekbknudson: i only got part way through my list18:15
bknudsondstanek: we should have a hackathon or something18:15
morganstevemar: https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting#Main_Agenda :P18:16
dstaneki'd also be willing to have a standing hackathon meeting that i'll be at each week in hopes to have other join and get some reviews/bug done18:16
bknudsonI like that idea... might be able to get something done.18:17
morganthat isn't a  bad idea18:17
morganpick a day, carve out a chunk of time (I recommend against tuesdays)18:17
stevemarsounds like a fun18:17
morganunless a bunch of meetings all change timeslots18:17
morgan(like TC, etc)18:18
dstanekbknudson: https://etherpad.openstack.org/p/keystone-test-restructuring18:18
stevemarwe could have a hangout that repeats, i think the URL stays the same18:18
dstaneki was thinking Friday i'd just hang out in a Hangout18:18
bknudsondstanek: we've made some progress on your list.18:19
dstanekyes, been getting there18:19
dstaneki should start adding more!18:19
openstackgerritMerged openstack/keystone: Update the examples used for the trusted_dashboard option  https://review.openstack.org/22598718:19
bknudsonI wanted to focus the hackathon on unit testing vs scenario testing (or whatever we should call the test_v3_*)18:20
stevemardstanek: it sounds like we have some immediately goals we want to cross off the list first, lets keep the invite list to the hackathon small for the first few times18:21
stevemarit'll help to iron out any kinks18:21
stevemarthen we can open it up18:21
openstackgerritMerged openstack/keystone: Open Mitaka development  https://review.openstack.org/22635618:21
dstanekstevemar: i'll create a hangout for friday and just invite a handful of people18:21
dstanekif that day doesn't work we can change it18:22
*** shaleh has quit IRC18:22
*** morgan changes topic to "Mitaka Development Cycle open for Keystone! Good Job Everyone! | Expect -2 holds to be lifted in the next couple days."18:22
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/22648318:23
stevemarthats a good little robot18:23
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/22648318:24
henrynashthat’s a repeating little robot18:25
bknudsonrobot's having a tough time telling when the file hasn't changed18:25
morgangoing to need to backport that to stable18:25
stevemarhenrynash: bad robot http://www.thewrap.com/wp-content/uploads/2015/04/Bad-Robot.jpg18:25
henrynashbuild by robots: https://www.youtube.com/watch?v=FU-tuY0Z7nQ18:27
slbergerDoes anyone know any good ways for debugging latency in keystone?18:27
morganslberger: what kind of latency18:27
morganslberger: you need to be a bit more specific18:28
morganI'll go through and un -2 lots of things in the next couple days18:28
morganso by thursday evening everything should be clear.18:28
slbergermorgan, when making keystone requests18:28
morganslberger: what kinds of keystone requests? Authentication? Token Validation? Crud Actions?18:29
*** amakarov has quit IRC18:29
morganslberger: and some actions are much more punitive than others.18:29
*** kiran-r has quit IRC18:29
slbergermorgan, all requests for the most part, the most significant increase in latency that we are seeing is from creation of projects18:30
morganslberger: and the other question I have is what is a "significant increase in latency" you're noticing?18:30
slbergermorgan, ~70% increase18:31
morganslberger: also what version of Keystone are you running?18:31
slbergermorgan, v218:31
morganslberger: kilo? Juno? Icehouse?18:31
slbergermorgan, ohh sorry kilo18:32
morganslberger: I can see a couple places to look: 1) If you are using UUID tokens and the SQL token backend, make sure you've flushed the token table.18:32
slbergermorgan, we have moved to fernet tokens18:32
morganApache or Eventlet based keystone?18:33
slbergermorgan, apache18:33
dolphmslberger: how many items are in your service catalog?18:33
morgandolphm: ah good question18:33
slbergermorgan, I will need to check that real quick18:34
dolphmslberger: we've noticed a performance *drop* on operations that require validating fernet tokens that was introduced sometime between late kilo-2 and stable/kilo18:34
*** itlinux has joined #openstack-keystone18:34
dolphmslberger: lbragstad has a couple patches working to improve performance in that regard ( lbragstad: links? )18:34
*** _cjones_ has quit IRC18:36
*** jsavak has quit IRC18:36
*** itlinux has quit IRC18:38
*** jsavak has joined #openstack-keystone18:38
*** ayoung has quit IRC18:39
slbergerdolphm, morgan, there are 11 items in the service catalog, barbican, ceilometer, cinder, cinderv2, glance, heat, heat-cfn, keystone, neutron, nova, swift18:40
stevemarslberger: not exactly an insane amount of things18:42
dolphmslberger: single region?18:43
slbergerdolphm, the original increase was found before it became multi region, but the environment is currently multi region18:44
lbragstaddolphm: for the caching stuff? one sec18:45
dstanekwhat about the crypt_strength?18:45
dolphmslberger: how many regions appear in the service catalog now?18:46
dolphmlbragstad: i haven't looked at those in a while. what's the next step for those patches?18:46
lbragstaddolphm: they were passing jenkins not long ago, I need to investigate18:47
dstanekdolphm: we need to address the invalidation concerns18:47
lbragstadah, yes18:47
dstanekslberger: did you set a custom crypt_strength?18:47
lbragstadthat was something henrynash and david8hu mentioned18:48
slbergerdolphm, we don't have regions in the service catalog, we have 2 regions worth of endpoints18:48
slbergerdstanek, is that a keystone config setting?18:49
*** aix has quit IRC18:49
dstanekslberger: yes, for a while our default was way too high18:49
slbergerdstanek, I don't think we set anything for that18:50
slbergerdstanek, what does that option do exactly18:51
*** _cjones_ has joined #openstack-keystone18:51
dstanekslberger: it sets the number of times the crypto hashing happens (or how much CPU you want to use up :)18:52
dolphmslberger: specifically the number of times passwords are iteratively hashed before being stored in SQL18:52
dstanekslberger: if you don't set it and your config says the default is 1000, then you're fine18:52
dolphmslberger: it's explicitly designed to make it more expensive (in terms of time) to brute force a password if the user table is compromised18:53
dstanekoops...default is 10000 - left off a 018:53
*** su_zhang has quit IRC18:53
dolphmdstanek: but in this case, performance degredation is on all calls to keystone, not just auth18:53
dolphmslberger: you might want to tweak your performance vs security on that one, but i'll only effect authentication calls to keystone that contain passwords18:54
*** ayoung has joined #openstack-keystone18:54
*** ChanServ sets mode: +v ayoung18:54
tjcocozzI'm sorry i was searching for something18:54
*** tsymanczyk has quit IRC18:58
*** tsymancz1k has quit IRC18:59
*** lhcheng_ has quit IRC19:00
*** ankita_wagh has quit IRC19:00
*** ankita_wagh has joined #openstack-keystone19:00
bknudsonwe can remove eventlet support19:01
dolphmbknudson: like, now?19:01
bknudsonshould be able to, with mitaka open19:01
dolphmbknudson: that should be a mailing list announcement19:01
bknudsonRunning keystone via eventlet is deprecated as of Kilo in favor of running in a WSGI server (e.g. mod_wsgi). Support for keystone under eventlet will be removed in the "M"-Release.19:05
bknudsonso it was deprecated all of L19:05
slbergerdolphm, dstanek, thanks for the info it gives me something to look into19:06
dolphmbknudson: was? we just cut L19:07
bknudsonright, so master is M and we can remove it19:08
dolphmbknudson: oh i just meant it's worthy of some cross project celebration19:08
*** tsymanczyk has joined #openstack-keystone19:08
bknudsonI'll put it on my list, but maybe someone will get to it before me.19:08
*** tsymanczyk is now known as Guest6185819:08
*** annasort has quit IRC19:10
*** e0ne has joined #openstack-keystone19:10
*** mmo has joined #openstack-keystone19:11
*** mmo has quit IRC19:11
*** Mmo has joined #openstack-keystone19:12
*** exploreshaifali has joined #openstack-keystone19:14
MmoHi. Is there any python api to get list of all group users? I know that i can get list of a group users by api.keystone.users.list(group_id). But i want all goups users. Is there any python api to do that?19:15
*** ankita_w_ has joined #openstack-keystone19:19
*** ankita_wagh has quit IRC19:19
*** su_zhang has joined #openstack-keystone19:19
*** ankita_w_ has quit IRC19:20
*** gyee has quit IRC19:20
*** ankita_wagh has joined #openstack-keystone19:20
*** Mmo has quit IRC19:22
stevemarlooks like mmo left before i could ask for clarification19:23
stevemaroh sounds like he wants all the users in all the groups?19:24
stevemarcall list all gorups? then list users for every group?19:24
*** su_zhang has quit IRC19:29
*** jsavak has quit IRC19:36
*** jsavak has joined #openstack-keystone19:37
*** tsymancz3k has joined #openstack-keystone19:38
*** su_zhang has joined #openstack-keystone19:38
*** annasort has joined #openstack-keystone19:40
*** urulama has quit IRC19:43
*** urulama has joined #openstack-keystone19:44
*** jsavak has quit IRC19:44
*** jsavak has joined #openstack-keystone19:44
*** bradjones has joined #openstack-keystone19:46
*** bradjones has quit IRC19:46
*** bradjones has joined #openstack-keystone19:46
*** _pece has quit IRC19:48
openstackgerritHenrique Truta proposed openstack/keystone: Restricting domain_id update  https://review.openstack.org/20721819:54
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/22648319:55
*** tsymancz3k is now known as tsymanczyk19:56
*** jamielennox|away is now known as jamielennox20:03
*** lhcheng has joined #openstack-keystone20:04
*** ChanServ sets mode: +v lhcheng20:04
*** csoukup has quit IRC20:07
*** jecarey has left #openstack-keystone20:09
openstackgerritJoshua Harlow proposed openstack/oslo.policy: Use requests in http check instead of urllib  https://review.openstack.org/22612220:10
*** nicodemos has quit IRC20:15
*** gordc has quit IRC20:17
*** jaosorior has quit IRC20:18
stevemarbknudson: poke20:25
bknudsonstevemar: what's up?20:25
stevemarbknudson: wanted to bounce an idea off of you20:25
bknudsonstevemar: shoot!20:26
stevemarthe notifications that are generated by keystone, mfisch was saying he wishes he could opt out of some20:26
stevemari'm thinking that's easy enough to do via a config file change, but enumerating all of them seems tedious20:26
bknudsonthen don't listen for them20:26
stevemarhe doesn't even want the traffic20:27
bknudsonput it in oslo.messaging20:27
stevemarbknudson: hmm, put what in oslo.messaging?20:27
bknudsonsome kind of filtering20:27
bknudsonmfish can fork keystone and comment out the lines he doesn't like20:28
stevemarbknudson: i don't think he wants to do that :)20:29
*** su_zhang has quit IRC20:30
*** kiranr has quit IRC20:32
*** jaosorior has joined #openstack-keystone20:32
stevemari dont think *we* wnat him doing that either20:32
openstackgerritJulien Danjou proposed openstack/keystone: wsgi: fix base_url finding  https://review.openstack.org/22646420:34
tjcocozzI was wondering, if this page not generating the table of contents correctly, part of a keystone problem or doc-tools? http://docs.openstack.org/developer/python-keystoneclient/api/keystoneclient.v3.contrib.federation.html#module-keystoneclient.v3.contrib.federation.base20:38
*** doug-fish has quit IRC20:39
*** gyee has joined #openstack-keystone20:39
*** ChanServ sets mode: +v gyee20:39
stevemartjcocozz: i'd say the theme we use20:39
stevemaroslosphinx theme20:39
*** su_zhang has joined #openstack-keystone20:40
*** tonytan4ever has quit IRC20:40
stevemartjcocozz: if you're brave enough and know enough css: https://github.com/openstack/oslosphinx20:40
tjcocozzI will take a look :p20:40
tjcocozzthank you20:40
stevemartjcocozz: https://github.com/openstack/oslosphinx/blob/af39c45cca2a77a78c062f9865f23a987e3613f7/oslosphinx/theme/openstack/layout.html#L1720:43
tjcocozzI don't know django20:46
stevemardstanek: dolphm lbragstad gyee henrynash morgan ayoung lhcheng bknudson jamielennox topol samueldmq it's release note time - https://wiki.openstack.org/wiki/ReleaseNotes/Liberty#OpenStack_Identity_.28Keystone.2920:48
samueldmqstevemar: ++20:48
lbragstadoooooo shiny20:48
dolphmstevemar: so, we need to start by making a list of every blueprint and wishlist bug that merged in liberty20:48
samueldmqstevemar: are we going to work in an etherpad ? and then c&p there, as dolphm and me did last cycle20:49
stevemardolphm: yep20:49
gyeestevemar, yes indeed, thanks for the reminder20:49
dolphmstevemar: and any critical / high bugs that were fixed but reported in a previous release20:49
dolphmstevemar: and then start replacing that list of blueprint links with tl;dr's20:49
stevemardolphm: yeah, just getting the ball rolling20:49
stevemarlbragstad: thx!20:49
stevemareveryone can now use: https://etherpad.openstack.org/p/keystone-liberty-release-notes20:50
lbragstadstevemar: np20:50
*** e0ne has quit IRC20:51
samueldmqstevemar: where can we look at blueprints/bugs that merged this cycle?20:52
stevemarsamueldmq: i go to: https://launchpad.net/keystone/+milestone/liberty-3 https://launchpad.net/keystone/+milestone/liberty-2 https://launchpad.net/keystone/+milestone/liberty-120:53
dolphmwhoever is adding subjects to the release notes, can you start with links instead?20:53
dolphmit makes it easier to see what needs to be written still20:53
*** diazjf has left #openstack-keystone20:54
gyeedolphm, you want the spec link right?20:54
dolphmgyee: it's easier to start with links to blueprints, since blueprints link to everything, including the release milestones etc20:54
gyeedolphm, sure20:55
samueldmqdolphm: so we need to make the release notes by L1/l2/l3?20:55
*** dsirrine has quit IRC20:56
dolphmsamueldmq: no, but the milestone summaries are where you get links to Implemented blueprints from :)20:57
dolphmsamueldmq: release notes are ultimately sorted by impact, but that's basically the last step20:58
stevemarsamueldmq: yeah, impact, not so much the order20:58
stevemardolphm: why you delete my deprecation section :(20:58
bknudsonwe should change the name of keystone to bedrock20:59
dolphmstevemar: because it's on the wiki?20:59
lbragstaddolphm: stevemar do you want the fernet links in there?20:59
samueldmqdolphm: stevemar yeah, Keystone now does this and that!21:00
bknudsoncan we sneak that in to rc2?21:00
dolphmlbragstad: what fernet links?21:00
lbragstaddolphm: https://goo.gl/YOJfv9 all of those that were "fix committed" in liberty.21:00
dolphmlbragstad: unless there's a significant bug fixed in liberty that cannot be backported to previous stable branches, it doesn't need to be in the release notes21:01
dolphmbasically only need to document the reasons why (or why not) people should upgrade, and any relevant notes that are helpful along the way21:02
*** lhcheng has quit IRC21:02
*** lhcheng has joined #openstack-keystone21:02
*** ChanServ sets mode: +v lhcheng21:02
stevemardolphm: replied via etherpad21:04
*** lhcheng has quit IRC21:04
*** lhcheng has joined #openstack-keystone21:04
*** ChanServ sets mode: +v lhcheng21:04
*** su_zhang has quit IRC21:05
stevemari'm glad we don't have this problem: https://review.openstack.org/#/c/198732/21:06
samueldmqdolphm: basically we describe things that were exclusively introduced/fixed in this cycle21:06
dolphmsamueldmq: yep21:06
dolphmsamueldmq: that's generally just features. we only have a *very* short list of true bug fixes that are featured in release notes. usually those are fixed as the result of blueprint implementations, anyway.21:07
*** jaosorior has quit IRC21:07
dolphmthis is also the point at which it bites us if absolutely every bug hasn't already been properly triaged21:08
samueldmqdolphm: ++ I remember we discussed once that bugs should only be for something significant that could be in the release notes21:08
samueldmqdolphm: internal fixes shoudln't need to link to bugs, like doc fixes, etc21:09
dolphmsamueldmq: right21:09
*** ayoung has quit IRC21:09
dolphmotherwise, those bugs become a big distraction later (i.e. now)21:09
dolphmtracking things that need not be tracked21:09
samueldmqdolphm: cool, proper triage would make the work of creating release notes much easier21:10
samueldmqdolphm: ++21:10
* dolphm is thinking we should automate the first draft of the release notes for all projects21:10
samueldmqyes, we definitely can do that21:11
*** raildo is now known as raildo-afk21:12
lifelessdolphm: you thinking something different to reno ?21:15
openstackgerritBrant Knudson proposed openstack/keystone: Add user domain info to federated fernet tokens  https://review.openstack.org/21374221:17
openstackgerritBrant Knudson proposed openstack/keystone: Add unit tests for token_to_auth_context  https://review.openstack.org/21379721:17
openstackgerritBrant Knudson proposed openstack/keystone: Unit tests for fernet test_validate_v3_token  https://review.openstack.org/22655721:17
dolphmlifeless: reno?21:18
dolphmlbragstad: etherpad doesn't know to ignore the parens you're putting on all the bug links, so i dropped all the parens21:20
dolphmlbragstad: the bug links themselves should be dropped by the time we're done, anyway21:20
*** tsymanczyk has quit IRC21:20
lbragstaddolphm: ok, I don't think I added anything to it yet21:20
*** Guest61858 has quit IRC21:21
*** thiagop has quit IRC21:21
*** ayoung has joined #openstack-keystone21:22
*** ChanServ sets mode: +v ayoung21:22
*** jsavak has quit IRC21:24
lifelessdolphm: the in-tree release notes thing we've (mainly dhellmann) put together21:25
*** IBMDavid has joined #openstack-keystone21:26
dolphmlifeless: i haven't seen this project before, but i'm also not really clear on how it's supposed to be used. it looks to entirely replace the wiki-based release notes?21:28
dolphmlifeless: i was referring to automating the creation of a first draft for our wiki-based release notes by scraping launchpad blueprints & wishlist bugs to produce a list of things to summarize as action items for release note authors21:28
dolphmlifeless: also, please tell me you have an IRC alert set on "automate" ;)21:29
*** ayoung has quit IRC21:29
*** pauloewerton has quit IRC21:30
lifelessdolphm: I don't, but perhaps I should :)21:31
lifelessdolphm: yes, it replaces the wiki thing21:31
lifelessdolphm: federates it out to each project, and lets them be built up over the cycle21:31
dolphmlifeless: cool, that's a much better process overall, then21:32
*** alejandrito has quit IRC21:32
lifelessdolphm: we think so :)21:32
dolphmlifeless: and renders launchpad a touch more useless overall!21:32
lifelessdolphm: ouch :(21:33
*** alejandrito has joined #openstack-keystone21:33
samueldmqdolphm: stevemar k, just finished putting the bug description + my view on whether getting them in release notes in all the wishlisted bugs21:34
dolphmsamueldmq: i'm looking through your removal proposals now -- and probably re-triaging those bugs as Low21:35
samueldmqdolphm: ++21:36
samueldmqdolphm: do things removed as of Liberty need to be listed ?21:37
dolphmsamueldmq: there's a section on the wiki, yes21:37
dolphmsamueldmq: there's only a couple items listed, you can just edit it there21:37
dolphmsamueldmq: deprecated in liberty + removed as of liberty21:38
samueldmqdolphm: okay, so in the Deprecations seciton21:38
samueldmqdolphm: kk21:38
dolphmsamueldmq: i think so. they're definitely not "key new features," but i suppose they could also fit in as upgrade notes? "this thing is no longer available"21:38
dolphmsamueldmq: i think i just convinced myself they belong in upgrade notes21:39
samueldmqdolphm: makes sense to me21:39
*** phalmos has quit IRC21:42
*** topol has quit IRC21:44
*** tsymancz1k has joined #openstack-keystone21:45
*** su_zhang has joined #openstack-keystone21:46
samueldmqdolphm: brb21:52
lbragstadhas anyone hit this on devstack recently? http://cdn.pasteraw.com/3287rkhxwi654d7qxv11vwprsv6o31621:54
*** hrou has quit IRC21:54
dolphmlbragstad: what's /home/vagrant/projects/devstack/lib/keystone ?21:58
dolphmlbragstad: is that in the gate??21:58
*** su_zhang has quit IRC21:58
lbragstaddolphm: that's where devstack's repo is22:00
lbragstadso - https://github.com/openstack-dev/devstack/blob/master/lib/keystone22:01
lbragstadit's failing on the entry point22:01
lbragstadbecause /usr/local/bin/keystone-manage doesn't exist.22:01
*** lhcheng has quit IRC22:02
*** lhcheng has joined #openstack-keystone22:03
*** ChanServ sets mode: +v lhcheng22:03
stevemarlbragstad: thats a change for the release notes22:03
lbragstadstevemar: yeah I suppose it probably is22:03
*** mylu has joined #openstack-keystone22:05
*** timburke has quit IRC22:06
stevemarlbragstad: i made a quick note under the stevedore blueprint22:07
*** btully has quit IRC22:07
*** timburke has joined #openstack-keystone22:07
*** jerrygb has joined #openstack-keystone22:08
*** btully has joined #openstack-keystone22:08
*** edmondsw has quit IRC22:10
*** Guest61243 is now known as mfisch22:11
*** mfisch is now known as Guest5071522:12
*** gus has quit IRC22:12
*** Guest50715 is now known as mfisch22:13
*** mfisch has quit IRC22:13
*** mfisch has joined #openstack-keystone22:13
*** gus has joined #openstack-keystone22:14
*** tsymancz4k has joined #openstack-keystone22:15
*** csoukup has joined #openstack-keystone22:19
*** boris-42 has quit IRC22:22
dolphmlbragstad: which build are you seeing that in?22:23
*** boris-42 has joined #openstack-keystone22:24
*** briancurtin has quit IRC22:26
*** darrenc has quit IRC22:27
*** mylu has quit IRC22:28
*** mylu has joined #openstack-keystone22:28
*** briancurtin has joined #openstack-keystone22:28
*** csoukup has quit IRC22:29
*** mylu has quit IRC22:29
*** mylu has joined #openstack-keystone22:30
*** darrenc has joined #openstack-keystone22:30
*** dsirrine has joined #openstack-keystone22:32
*** mylu has quit IRC22:33
*** mylu has joined #openstack-keystone22:33
*** lhcheng_ has joined #openstack-keystone22:36
*** lhcheng has quit IRC22:36
*** IBMDavid has quit IRC22:37
*** mylu has quit IRC22:38
*** KarthikB has quit IRC22:40
*** ayoung has joined #openstack-keystone22:44
*** ChanServ sets mode: +v ayoung22:44
*** topol has joined #openstack-keystone22:45
*** ChanServ sets mode: +v topol22:45
*** ankita_w_ has joined #openstack-keystone22:49
*** topol has quit IRC22:49
*** su_zhang has joined #openstack-keystone22:51
*** tsymancz4k has quit IRC22:51
*** tsymancz1k has quit IRC22:52
*** ankita_wagh has quit IRC22:52
*** ankita_wagh has joined #openstack-keystone22:53
*** alejandrito has quit IRC22:55
*** annasort has quit IRC22:56
*** topol has joined #openstack-keystone22:56
*** ChanServ sets mode: +v topol22:56
*** ankita_w_ has quit IRC22:56
dstanekdo we automate the release notes at all?23:05
*** zzzeek has quit IRC23:08
*** tsymancz2k has joined #openstack-keystone23:14
*** ankita_w_ has joined #openstack-keystone23:15
*** ankita_wagh has quit IRC23:15
*** dims has quit IRC23:18
*** tsymancz3k has joined #openstack-keystone23:19
*** slberger has left #openstack-keystone23:20
*** ankita_wagh has joined #openstack-keystone23:20
*** ankita_w_ has quit IRC23:20
*** hrou has joined #openstack-keystone23:21
dolphmdstanek: no, but it's coming and not wiki-based github.com/openstack/reno23:22
*** zzzeek has joined #openstack-keystone23:22
*** stevemar has quit IRC23:23
*** darrenc is now known as darrenc_afk23:30
openstackgerritJoshua Harlow proposed openstack/oslo.policy: Use requests in http check instead of urllib  https://review.openstack.org/22612223:32
*** stevemar has joined #openstack-keystone23:32
*** ChanServ sets mode: +v stevemar23:32
*** stevemar has quit IRC23:36
*** markvoelker has quit IRC23:40
*** su_zhang has quit IRC23:43
*** darrenc_afk is now known as darrenc23:46
*** dims has joined #openstack-keystone23:54
*** dims has quit IRC23:55
*** Guest18166 has joined #openstack-keystone23:55
openstackgerritMerged openstack/keystone: Updating sample configuration file  https://review.openstack.org/22648323:57
*** tonytan4ever has joined #openstack-keystone23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!