Thursday, 2015-10-15

*** wwwjfy has joined #openstack-keystone		00:00
*** slberger1 has left #openstack-keystone		00:00
*** doug-fish has quit IRC		00:00
*** wwwjfy_ has quit IRC		00:00
*** jbell8 has quit IRC		00:05
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/233820	00:05
*** su_zhang has quit IRC		00:05
*** jbell8 has joined #openstack-keystone		00:07
*** jbell8 has quit IRC		00:08
*** mylu has quit IRC		00:12
*** mylu has joined #openstack-keystone		00:13
*** mylu has quit IRC		00:17
*** EinstCrazy has quit IRC		00:18
*** shadower has quit IRC		00:23
*** shadower has joined #openstack-keystone		00:23
*** su_zhang has joined #openstack-keystone		00:26
*** _cjones_ has quit IRC		00:26
ayoung	gyee thanks.	00:29
*** edmondsw has quit IRC		00:29
*** _hrou_ has quit IRC		00:31
*** mylu has joined #openstack-keystone		00:32
*** roxanaghe has quit IRC		00:38
dolphm	lbragstad: https://github.com/dolph/fernet-spec/commit/2688de4d318bda3fcfa2a4808418a06948c9039a	00:50
*** topol has joined #openstack-keystone		00:53
*** ChanServ sets mode: +v topol		00:53
*** browne has quit IRC		00:58
*** EinstCra_ has joined #openstack-keystone		01:01
*** su_zhang has quit IRC		01:04
*** roxanaghe has joined #openstack-keystone		01:10
*** hrou has joined #openstack-keystone		01:14
*** jasonsb has quit IRC		01:16
*** gildub has quit IRC		01:17
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Return None from generic plugin if failure https://review.openstack.org/235048	01:20
*** mylu has quit IRC		01:24
*** richm has quit IRC		01:35
*** spandhe has quit IRC		01:43
*** links has joined #openstack-keystone		01:46
*** wwwjfy has quit IRC		01:53
*** jbell8 has joined #openstack-keystone		01:55
*** csoukup has joined #openstack-keystone		01:56
*** gildub has joined #openstack-keystone		01:56
*** lhcheng has quit IRC		01:58
*** mylu has joined #openstack-keystone		02:00
*** roxanaghe has quit IRC		02:02
*** atiwari1 has quit IRC		02:05
*** r-daneel has quit IRC		02:08
*** boris-42 has quit IRC		02:08
*** yunpengli has joined #openstack-keystone		02:09
*** yunpengli has quit IRC		02:09
*** davechen has joined #openstack-keystone		02:09
*** lhcheng has joined #openstack-keystone		02:10
*** ChanServ sets mode: +v lhcheng		02:10
*** stevemar_jays is now known as stevemar_		02:15
stevemar_	jamielennox: is anything using ksa yet? aside from occ and thus osc?	02:17
jamielennox	stevemar_: shade via occ, but otherwise no, i've told everyone to wait until this cycle	02:17
jamielennox	stevemar_: i'm finding these bugs as a result of trying to make auth_token use it	02:18
stevemar_	jamielennox: do we have a gate job in place? a dsvm-full job?	02:18
jamielennox	stevemar_: sure - just nothing is using it yet	02:18
jamielennox	stevemar_: well osc	02:18
stevemar_	jamielennox: yeah, osc	02:18
stevemar_	which the gate uses	02:19
jamielennox	right	02:19
stevemar_	i just don't want to break things :)	02:19
stevemar_	jamielennox: oh well we have gate-tempest-dsvm-neutron-src-keystoneauth	02:19
jamielennox	stevemar_: i think these are pretty safe	02:19
jamielennox	most of them are downright bugs that it doesn't work as is	02:19
stevemar_	jamielennox: sounds good, i'll review them soon	02:21
jamielennox	stevemar_: https://review.openstack.org/#/c/235048/ as well	02:21
*** mylu has quit IRC		02:25
*** mylu has joined #openstack-keystone		02:26
*** mylu has quit IRC		02:30
*** mylu has joined #openstack-keystone		02:32
davechen	jamielennox: seem like you can remove this "from keystoneauth1 import exceptions" from the patch?	02:35
jamielennox	davechen: ah, thanks	02:35
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Return None from generic plugin if failure https://review.openstack.org/235048	02:36
jamielennox	normally the syntax checker is pretty good at that stuff	02:36
davechen	yes, jenkins did a good job.	02:37
jamielennox	davechen: i have one that integrates into the IDE that runs pep8 on the file whenever i save	02:38
jamielennox	so i get errors if i do something wrong, not sure what happened that time	02:38
davechen	which IDE you are using?	02:40
davechen	this is good option for my as well.	02:40
jamielennox	well i'm using vim and either syntastic or python-mode	02:41
jamielennox	i love it, but you've gotta be ok with vim	02:41
davechen	i love eclipse :)	02:41
*** mylu has quit IRC		02:42
jamielennox	yea, so i don't know, but i would be really surprised if there wasn't some way of integrating a pep8 checker that runs whenever you save	02:42
*** mylu has joined #openstack-keystone		02:42
davechen	jamielennox: so, keystoneauth just strip something about authentication from KSM, right?	02:43
jamielennox	davechen: i don't follow	02:43
davechen	jamielennox: I meant what keystoneauth are doing is what we have did in KSM, something about authentication?	02:45
*** mylu has quit IRC		02:45
*** mylu has joined #openstack-keystone		02:46
jamielennox	davechen: so auth_token middleware has relied on keystoneclient for a while now to do authentication, keystoneauth has extracted a lot of that out of keystoneclient so i'm just trying to make sure we have everything we need in keystoneauth	02:46
jamielennox	there are some compatibility changes that most people wont notice unless you are really closely inspecting token data - and auth_token is	02:46
davechen	i see.	02:47
davechen	thx	02:47
lhcheng	since you guys are talking about KSM, got a question about the caching	02:48
lhcheng	jamielennox: so if no memcache server is configured, the validated token will be stored in memory per process right?	02:48
lhcheng	stored -> cache	02:48
jamielennox	lhcheng: yea :(	02:50
jamielennox	lhcheng: and there's no way to disable it	02:51
jamielennox	it's the cause of a couple of bugs around revocations	02:51
*** browne has joined #openstack-keystone		02:52
lhcheng	will it keep growing or would the in-memory cache removed expired tokens at some point?	02:52
jamielennox	umm, i think it does remove expired tokens	02:53
jamielennox	otherwise it can be pretty unbound	02:54
jamielennox	i had a review to kill it, but it's a change in behaviour - even if it's dumb behaviour - so it will just take a while	02:54
jamielennox	probably something i can revive now mitaka is open	02:54
lhcheng	jamielennox: I just realized we haven't turned on memcache on KSM :( But we haven't heard any OOM issues though.	02:55
lhcheng	so maybe it does clean up expired token :P	02:55
lhcheng	jamielennox: review to kill the in-memory caching?	02:55
jamielennox	lhcheng: yes	02:56
lhcheng	ah adding the option to disable it would be a good compromise	02:56
lhcheng	keep the old behavior as default	02:56
*** wwwjfy has joined #openstack-keystone		02:57
*** boris-42 has joined #openstack-keystone		02:58
openstackgerrit	Dave Chen proposed openstack/keystone: test_backend_sql work with python34 https://review.openstack.org/205352	02:59
stevemar_	dolphm: thanks for rechecking all the things	02:59
*** roxanaghe has joined #openstack-keystone		03:00
jamielennox	lhcheng: maybe, i think if it was me though i'd just like a great big warning saying i'm doing something stupid	03:01
davechen	stevemar_: thanks for your explaination on that patch - https://review.openstack.org/#/c/214775.	03:04
openstackgerrit	Merged openstack/keystone: Fix the referred [app:app_v3] into [pipeline:api_v3] https://review.openstack.org/225160	03:05
davechen	stevemar_: I am clear after your expalination and dolphm's review comments.	03:05
*** mylu has quit IRC		03:06
davechen	stevemar_: i think i miss the points that extentsion still here but we just move them into cores?	03:06
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	03:07
davechen	stevemar_: just want to confirm with you after the abandon this wrong fixing - https://review.openstack.org/#/c/234685/	03:07
stevemar_	davechen: i think its safe to abandon	03:10
*** gildub has quit IRC		03:11
davechen	sure.	03:11
*** gildub has joined #openstack-keystone		03:11
lhcheng	jamielennox: yeah, that works too	03:11
stevemar_	davechen: is the autumn festival over? shouldn't you be off relaxing? :)	03:14
davechen	stevemar_: yes, it is a long holiday here.	03:15
davechen	stevemar_: one week combined with national day.	03:15
davechen	stevemar_: just stay in my home and watch so many cars jamed on the road. :)	03:16
stevemar_	davechen: hehe, sounds like a relaxing time if you don't go out	03:17
*** dims_ has quit IRC		03:18
*** lhcheng has quit IRC		03:19
*** topol has quit IRC		03:20
*** mylu has joined #openstack-keystone		03:22
jamielennox	required plugin CONF arguments are a pain for auth_token middleware	03:22
jamielennox	multi levels of config files, paste specified config files, paste specified arguments	03:23
*** darrenc is now known as darrenc_afk		03:24
*** topol has joined #openstack-keystone		03:31
*** ChanServ sets mode: +v topol		03:31
*** lhcheng has joined #openstack-keystone		03:32
*** ChanServ sets mode: +v lhcheng		03:32
*** _cjones_ has joined #openstack-keystone		03:33
*** topol has quit IRC		03:36
*** su_zhang has joined #openstack-keystone		03:39
*** mylu has quit IRC		04:09
openstackgerrit	Merged openstack/keystone: Refactor: Don't hard code 409 Conflict error codes https://review.openstack.org/233128	04:11
*** mylu has joined #openstack-keystone		04:11
stevemar_	so happy to see things merging again \o/	04:11
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	04:12
openstackgerrit	Merged openstack/keystone: add initiator to v2 calls for additional auditing https://review.openstack.org/231123	04:13
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	04:14
*** _cjones_ has quit IRC		04:15
*** _cjones_ has joined #openstack-keystone		04:15
openstackgerrit	Merged openstack/keystone: keystone-paste.ini docs for deployers are out of date https://review.openstack.org/234899	04:17
openstackgerrit	Merged openstack/keystone: Handle 16-char non-uuid user IDs in payload https://review.openstack.org/226121	04:18
openstackgerrit	Merged openstack/keystone: Updated from global requirements https://review.openstack.org/233820	04:18
*** dims has joined #openstack-keystone		04:18
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	04:19
*** urulama_ has quit IRC		04:20
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	04:20
*** urulama has joined #openstack-keystone		04:21
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	04:22
*** darrenc_afk is now known as darrenc		04:24
*** dims has quit IRC		04:24
*** stevema__ has joined #openstack-keystone		04:33
*** ChanServ sets mode: +o stevema__		04:33
*** stevemar_ has quit IRC		04:33
*** spandhe has joined #openstack-keystone		04:37
*** mflobo has joined #openstack-keystone		04:37
lhcheng	stevema__: can I get your autograph for this? https://developer.ibm.com/opentech/wp-content/uploads/sites/43/2015/10/KeystoneBookCover2.jpg	04:38
lhcheng	:)	04:38
stevema__	lhcheng: of course :P	04:38
lhcheng	save us a copy! :)	04:38
jamielennox	stevema__: oooo	04:39
*** mylu has quit IRC		04:39
*** hrou has quit IRC		04:40
*** gsilvis has quit IRC		04:43
stevema__	jamielennox: all hail the giant salamander	04:43
jamielennox	i wonder if i get all 3 autographs its worth anything on ebay	04:45
stevema__	jamielennox: it's sentimental value will be huge	04:45
jamielennox	i mean i'd love to read it, i'm jsut wondering	04:45
stevema__	jamielennox: probably not :P	04:46
jamielennox	it'll always be on my bedside table then	04:49
lhcheng	lol	04:49
openstackgerrit	Eric Brown proposed openstack/keystone: Some small improvements on fernet uuid handling https://review.openstack.org/235082	04:50
*** jbell8 has quit IRC		04:51
*** jbell8 has joined #openstack-keystone		04:52
lhcheng	stevema__: quick question on federation mapping.. what if I want each of my federated user to have their own project, how would you set that up?	04:56
lhcheng	is the possible? :)	04:57
lhcheng	the -> that	04:57
stevema__	lhcheng: hmmm	05:03
stevema__	thats going to be a lot of projects	05:03
lhcheng	each of our user have their own projects, so they can have their own quotas	05:05
*** gsilvis has joined #openstack-keystone		05:05
openstackgerrit	Merged openstack/keystoneauth: Fix deprecated options in oslo_config https://review.openstack.org/234578	05:08
lhcheng	just thinking what it would take to move from sync user data to keystone, to using federation model	05:08
jamielennox	i think that was one of chadwick's things about creating projects dynamically - there's no support for it in keystone you'd have to figure out some way to make them, make a group that gave you the roles on that project	05:10
stevema__	jamielennox: lhcheng yes, auto-provisioning is what he was saying	05:11
stevema__	new feature for M? enhance mapping to specify a 'create random project and assign the user a role of member in it'?	05:11
jamielennox	yea, we would need to figure out some more enhancements, because there's no point going via groups there	05:12
lhcheng	stevema__: I think there is an ask for auto-provisioning somewhere in ops	05:12
stevema__	lhcheng: unless you already have the all projects created...	05:12
jamielennox	all sorts of issues like deleteing projects	05:12
lhcheng	I have to dig around in the ops ML/etherpad	05:13
lhcheng	jamielennox: yeah, if its 1:1 for user:projects, the group is just an overhead	05:13
openstackgerrit	Alexey Troshkov proposed openstack/python-keystoneclient: Added property 'is domain' to create a project https://review.openstack.org/235085	05:14
stevema__	jamielennox: btw, brant addressed your comment here: https://review.openstack.org/#/c/195873/	05:15
stevema__	lhcheng: ^ if you could look @ that too	05:15
stevema__	lhcheng: this one is SUPER easy https://review.openstack.org/#/c/233929/	05:17
lhcheng	auto-provisioning was mentioned in here: https://etherpad.openstack.org/p/YVR-ops-federation	05:20
lhcheng	idk if there's a follow-up though	05:20
*** dims has joined #openstack-keystone		05:21
lhcheng	stevema__: yay for removing unused code	05:21
lhcheng	is our gate back to normal?	05:22
stevema__	lhcheng: it sure is	05:23
*** dims has quit IRC		05:26
jamielennox	can i do depends-on multiple changes in the same project	05:27
jamielennox	i want to WIP upload this keystonemiddleware change, depends-on 3 commits in keysotneauth that aren't dependant on each other	05:28
jamielennox	will it sensibly cherry-pick them all on top of each other or try repeatedly check out different branches	05:28
breton	morning, keystone	05:28
jamielennox	guess i can just try it	05:28
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: Straighten up exceptions imports https://review.openstack.org/235089	05:32
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: [WIP] Use keystoneauth https://review.openstack.org/235090	05:32
jamielennox	stevema__, lhcheng: the depends-on in https://review.openstack.org/#/c/235090/ is what i would like in for a ksa release	05:34
jamielennox	oh, actually i don't need #3 but could be useful	05:34
stevema__	morning breton	05:36
*** roxanaghe has quit IRC		05:37
jamielennox	the amount of code there under represents how long that took	05:43
*** jbell8 has quit IRC		05:44
lhcheng	jamielennox: sure, will look at the dependencies	05:44
*** jbell8 has joined #openstack-keystone		06:00
stevema__	jamielennox: is the goal of switching to ksa in ksm to no longer use ksc?	06:03
jamielennox	stevema__: no, ksc will always need to hang around for the calls to keystone, CMS validation etc	06:04
jamielennox	fetching revocation lists	06:05
*** mflobo has left #openstack-keystone		06:06
stevema__	jamielennox: ah okay	06:06
*** Nirupama has joined #openstack-keystone		06:06
stevema__	jamielennox: that stinks, get it out of there :P	06:06
jamielennox	stevema__: well a keystoneclient 2 will be a lot lighter	06:07
*** lhcheng has quit IRC		06:07
stevema__	jamielennox: tru dat	06:07
stevema__	jamielennox: we need to make a game plan for that in tokyo	06:07
stevema__	i want it done in M :D	06:07
jamielennox	stevema__: it's not that hard actually not that ksa is released	06:07
jamielennox	i mean the switch over is hard, the code is easy	06:07
stevema__	jamielennox: i guess we need to get all the clients switched over to KSA?	06:08
jamielennox	stevema__: yea, and the deprecations are going to suck	06:08
jamielennox	stevema__: i was hoping to create a v2 branch, but apparently we need to get everything switched over to ksa, then create ksc2 in tree	06:08
jamielennox	which is going to break the world	06:08
stevema__	if we switch the clients to ksa then why would ksc2 break the world?	06:09
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Expose bind data via AccessInfo https://review.openstack.org/235107	06:09
jamielennox	because whilst we got part of the way switching clients to use session they still all have the old compat versions inline which rely directly on ksc	06:10
jamielennox	so we will need to cut new major versions of all those that remove the old paths	06:10
*** su_zhang has quit IRC		06:11
stevema__	jamielennox: oh you are referring to old versions of the clients	06:14
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: [WIP] Use keystoneauth https://review.openstack.org/235090	06:14
jamielennox	stevema__: i guess i just think there is no way we'll remove everyone's dependency on keystoneclient	06:15
*** spandhe has quit IRC		06:18
*** dims has joined #openstack-keystone		06:22
openstackgerrit	Jamie Lennox proposed openstack/keystoneauth: Expose bind data via AccessInfo https://review.openstack.org/235107	06:22
breton	was the gate fixed?	06:23
breton	can we recheck now?	06:23
jamielennox	i think so - i also saw they release requests 2.8.1 which should solve the problem as well	06:24
*** lhcheng has joined #openstack-keystone		06:25
*** ChanServ sets mode: +v lhcheng		06:25
*** ParsectiX has joined #openstack-keystone		06:26
*** dims has quit IRC		06:27
*** kiran-r has joined #openstack-keystone		06:30
stevema__	breton: yes, the gate is all fixed now	06:33
wwwjfy	Hi, I have a question about contrib/ec2. get_credentials method asks for all credentials of a user and tries to convert each to ec2 style. Is it by design? I think a type="ec2" filter should be applied	06:35
wwwjfy	Credentials of other types are also there, so this may return empty/useless entries	06:38
*** jamielennox is now known as jamielennox\|away		06:39
*** tyagiprince2010 has joined #openstack-keystone		06:59
tyagiprince2010	Hey I need help to change default database in keystone.	06:59
tyagiprince2010	It is using sqlite i guess. I need to use sql for the same.	07:00
tyagiprince2010	Please help	07:00
tyagiprince2010	I deployed keystone from keystone source from github.	07:00
stevema__	tyagiprince2010: install mysql, change keystone.conf to point to mysql and run keystone-manage db_sync again... what's tripping you up?	07:01
tyagiprince2010	Okay thanks for replying. The thing is I changed some things in connection string in my keystone.conf	07:03
tyagiprince2010	connection = mysql://user:prince@localhost/keystone	07:03
tyagiprince2010	and then i run the keystone-manage db_sync	07:04
tyagiprince2010	It made a file in my dir keystone.db	07:04
tyagiprince2010	I guess it is still using sqlite	07:04
stevema__	tyagiprince2010: check when the file was last modified	07:05
stevema__	check your mysql settings to see where a new db is created, i think it's under /var by default	07:05
stevema__	if your connection says mysql, then it should be using that, not sqlite	07:06
tyagiprince2010	The file is just modified.	07:06
tyagiprince2010	It says 1 min before	07:07
openstackgerrit	Merged openstack/keystoneauth: Return None from generic plugin if failure https://review.openstack.org/235048	07:07
openstackgerrit	Merged openstack/keystoneauth: Copy AccessInfo tests from keystoneclient https://review.openstack.org/234611	07:07
tyagiprince2010	https://titanpad.com/thn7osiE8S	07:07
tyagiprince2010	I pasted my code here on titanpad. Please take a look if its fine.	07:07
tyagiprince2010	do I need to define another tag [sql] here	07:09
*** belmoreira has joined #openstack-keystone		07:10
stevema__	looks fine to me, it's following the convention of sqlalchemy http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html#mysql	07:10
stevema__	did you restart the keystone service?	07:10
openstackgerrit	Merged openstack/keystone: add placeholder migrations for liberty https://review.openstack.org/233943	07:12
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	07:13
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move oauth1 sql migrations to common https://review.openstack.org/235121	07:13
*** browne has quit IRC		07:15
*** browne has joined #openstack-keystone		07:18
tyagiprince2010	It is not getting started now. I changed the admin_token to ADMIN_TOKEN. Does that make any difference	07:18
tyagiprince2010	It was running in a terminal. I stopped it using ctrl+c and then started keystone-all again	07:19
tyagiprince2010	but it is not starting again	07:19
tyagiprince2010	@stevema__	07:19
stevema__	tyagiprince2010: that's probably why it's not using mysql, what do the logs say about why it can't be started again?	07:22
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move endpoint_policy migrations into keystone core https://review.openstack.org/171916	07:23
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move federation extension into keystone core https://review.openstack.org/214775	07:23
*** browne has quit IRC		07:23
openstackgerrit	Alexey Troshkov proposed openstack/python-keystoneclient: Added unit test to create project with is_domain property https://review.openstack.org/235127	07:23
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move federation sql migrations to common https://review.openstack.org/234537	07:23
breton	2015-10-15 06:37:23.732 \| Bad md5 hash for package http://pypi.region-b.geo-1.openstack.org/packages/source/p/pysaml2/pysaml2-3.0.0.tar.gz#md5=cde880e3d3ae8c2587afbf02e1961624 (from http://pypi.region-b.geo-1.openstack.org/simple/pysaml2/)	07:25
tyagiprince2010	@stevama__ Yes it started	07:26
tyagiprince2010	But still is using sqlite instead of mysql	07:26
openstackgerrit	Merged openstack/keystone: Remove bas64utils and tests https://review.openstack.org/233929	07:27
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	07:28
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move oauth1 extension into core https://review.openstack.org/234598	07:29
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move oauth1 sql migrations to common https://review.openstack.org/235121	07:30
stevema__	tyagiprince2010: i'm heading out now, it's 0330 local time, try posting to the mailing list or googling, sounds like a configuration issue	07:32
tyagiprince2010	Thanks	07:32
*** stevema__ has quit IRC		07:32
*** stevemar_ has joined #openstack-keystone		07:33
tyagiprince2010	Hey, I want to know the configuration of keystone.conf to setup mysql database instead of sqlite	07:33
*** ChanServ sets mode: +o stevemar_		07:33
*** stevemar_ has quit IRC		07:35
*** pnavarro has joined #openstack-keystone		07:37
*** browne has joined #openstack-keystone		07:39
openstackgerrit	Alexey Troshkov proposed openstack/python-keystoneclient: Added unit test to create project with is_domain property https://review.openstack.org/235085	07:42
wwwjfy	tyagiprince2010: what happened to me was that keystone wasn't using the keystone.conf I expect it to. You may try to add "--config-file /path/to/keystone.conf" to keystone-manage to see if it works	07:43
tyagiprince2010	It gives an error saying no module named mysqldb on running keystone-manage db_sync.	07:46
tyagiprince2010	does the keystone service needs to be running while giving this command	07:47
wwwjfy	tyagiprince2010: no. It means you need to install python package	07:47
tyagiprince2010	python is already there. Its running on wsgi server.	07:47
wwwjfy	tyagiprince2010: I mean a python package. try "pip install MySQL-python"	07:49
*** tyagiprince2010 has quit IRC		07:52
*** davechen has quit IRC		07:53
*** wwwjfy has quit IRC		07:54
*** wwwjfy has joined #openstack-keystone		07:54
*** davechen has joined #openstack-keystone		07:54
*** josecastroleon has joined #openstack-keystone		07:55
*** topol has joined #openstack-keystone		07:56
*** ChanServ sets mode: +v topol		07:56
*** fhubik has joined #openstack-keystone		07:56
*** fhubik is now known as fhubik_brb		07:56
*** jaosorior has joined #openstack-keystone		07:57
*** topol has quit IRC		08:00
*** fhubik_brb is now known as fhubik		08:02
*** browne has quit IRC		08:08
*** marzif has joined #openstack-keystone		08:12
*** marzif has quit IRC		08:19
*** marzif has joined #openstack-keystone		08:20
*** _cjones_ has quit IRC		08:20
*** dims has joined #openstack-keystone		08:25
*** jistr has joined #openstack-keystone		08:30
*** dims has quit IRC		08:30
*** uiyice has quit IRC		08:33
*** aix has joined #openstack-keystone		08:35
*** EinstCra_ has quit IRC		08:36
*** EinstCrazy has joined #openstack-keystone		08:37
*** tyagiprince2010 has joined #openstack-keystone		08:44
tyagiprince2010	Hey I want the configuration for setting up keystone with mysql database	08:44
tyagiprince2010	when I am running the command keystone-manage db_sync, It gives an error msg saying No module for mysqlbd	08:45
tyagiprince2010	mysqldb*	08:45
*** lhcheng has quit IRC		08:46
*** jaosorior has quit IRC		08:48
wwwjfy	tyagiprince2010: pip install MySQL-python doesn't work?	08:52
tyagiprince2010	Now when I am running keystone-manage db_sync, It runs and creates a keystone.db file here in the directory.	08:56
tyagiprince2010	I guess It is using sqlite	08:56
wwwjfy	then it shouldn't report the mysqldb error.	08:56
*** kiranr has joined #openstack-keystone		08:57
wwwjfy	do you mean after you installed mysqldb, it uses sqlite?	08:57
wwwjfy	it doesn't make sense	08:57
*** kiran-r has quit IRC		08:57
wwwjfy	did you run the same command as the one reporting mysqldb error	08:58
*** exploreshaifali has joined #openstack-keystone		08:59
tyagiprince2010	also when I run the command keystone endpoint-list, It shows an error msg. The msg is here : https://tyagiprince.titanpad.com/1	09:01
wwwjfy	tyagiprince2010: the keystone client error doesn't tell much, you'd better check keystone server output	09:03
*** marzif_ has joined #openstack-keystone		09:04
*** marzif has quit IRC		09:04
tyagiprince2010	keystone server says No module name mysqldb	09:11
tyagiprince2010	wwwjfy	09:13
tyagiprince2010	:	09:13
wwwjfy	tyagiprince2010: have you run "pip install MySQL-python"	09:14
tyagiprince2010	this gives an error on running	09:14
wwwjfy	what's the error?	09:15
tyagiprince2010	https://tyagiprince.titanpad.com/1	09:15
tyagiprince2010	wwwjfy : look here at the link	09:15
wwwjfy	tyagiprince2010: are you running Ubuntu? if yes, install it by "sudo apt-get install libmysqlclient-dev"	09:17
tyagiprince2010	wwwjfy : Yes, okay i installed it. but still the server is giving the same error. I restarted the server already.	09:19
wwwjfy	tyagiprince2010: you installed MySQL-python?	09:19
tyagiprince2010	I am using ubuntu. so i ran your apt-get command.	09:20
tyagiprince2010	wwwjfy :	09:20
wwwjfy	tyagiprince2010: keystone depends on python package MySQL-python, which depends on ubuntu package libmysqlclient-dev, so you need to run the apt-get, and then run "pip install MySQL-python"	09:21
tyagiprince2010	wwwjfy : okay, i ran both the commands. it is giving some password mismatch error. I guess that problem is resolved. I will try resolving this one and get back to you	09:22
wwwjfy	ok	09:23
*** wwwjfy has quit IRC		09:25
*** wwwjfy has joined #openstack-keystone		09:26
*** e0ne has joined #openstack-keystone		09:26
tyagiprince2010	wwwjfy : it is giving a different error.	09:27
*** gildub has quit IRC		09:27
*** dims has joined #openstack-keystone		09:27
tyagiprince2010	here is the error	09:27
tyagiprince2010	2015-10-15 14:55:10.921 18750 ERROR keystone.common.wsgi ProgrammingError: (_mysql_exceptions.ProgrammingError) (1146, "Table 'keystone.token' doesn't exist") [SQL: u'SELECT token.id AS token_id, token.expires AS token_expires, token.extra AS token_extra, token.valid AS token_valid, token.user_id AS token_user_id, token.trust_id AS token_trust_id \nFROM token \nWHERE token.id = %s'] [parameters: ('02f45c41648bca293	09:27
wwwjfy	tyagiprince2010: you need run the db_sync command	09:27
tyagiprince2010	i already did. It makes a file keystone.db in the directory but does not populate the mysql's keystone database	09:31
tyagiprince2010	wwwjfy : so i guess it is still using sqlite	09:31
wwwjfy	tyagiprince2010: so keystone server is using mysql, but db_sync runs on a sqlite db...	09:32
*** dims has quit IRC		09:32
tyagiprince2010	wwwjfy : yeah that might be the case. Is there some configuration that i need to do to change that	09:33
wwwjfy	tyagiprince2010: try keystone-manage --config-file <the path of keystone.conf with mysql configured> db_sync	09:33
wwwjfy	I guess keystone-manage is using another keystone.conf	09:34
tyagiprince2010	wwwjfy : yes it populated the db.	09:35
tyagiprince2010	thanks wwwjfy	09:35
wwwjfy	glad I helped :)	09:35
tyagiprince2010	wwwjfy : One more query. when i run any command like keystone user-list, It says wrong credentials. I guess the file that I am sourcing is invalid.	09:39
tyagiprince2010	and i want to use pkiz for the authentication purpose. so need help to configure that as well.	09:40
*** aix has quit IRC		09:43
wwwjfy	tyagiprince2010: I guess your username/password were wrong. I'm not familiar with pkiz, so I'm sorry I cannot help.	09:46
wwwjfy	for all the environment problem, you may want to try devstack, which will give you a usable openstack env	09:46
*** links has quit IRC		09:47
tyagiprince2010	i have tried devstack. After that i moved to 3 node setup which i am configuring now. Hoping that it will work fine here on 3 node architecture.	09:47
*** exploreshaifali has quit IRC		09:48
tyagiprince2010	wwwjfy : can't i just install keystone from github and without installing any other service like glance etc, can i check if my keystone is working fine.	09:48
openstackgerrit	Boris Bobrov proposed openstack/keystone: Fix exposition of bug about limiting with ldap https://review.openstack.org/234226	09:49
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use search_ext_s instead of search_s in ldap https://review.openstack.org/232995	09:49
openstackgerrit	Boris Bobrov proposed openstack/keystone: Enable limiting in ldap for groups https://review.openstack.org/234849	09:49
openstackgerrit	Boris Bobrov proposed openstack/keystone: Make @truncated common for all backends https://review.openstack.org/233069	09:49
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use @truncated in ldap for users https://review.openstack.org/233070	09:49
*** exploreshaifali has joined #openstack-keystone		09:50
*** dims has joined #openstack-keystone		09:51
*** davechen has left #openstack-keystone		09:53
wwwjfy	tyagiprince2010: sure, it's fine. I thought you just began to use it. :)	09:55
wwwjfy	tyagiprince2010: if you lost admin password, you may use admin_token to do any operation	09:56
*** tyagiprince2010 has quit IRC		09:57
*** aix has joined #openstack-keystone		09:58
*** EinstCrazy has quit IRC		10:01
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Merge tag '8.0.0' https://review.openstack.org/235215	10:05
*** aix has quit IRC		10:26
*** wwwjfy has quit IRC		10:27
*** stevemar_ has joined #openstack-keystone		10:34
*** ChanServ sets mode: +o stevemar_		10:34
*** aix has joined #openstack-keystone		10:37
*** stevemar_ has quit IRC		10:38
*** pnavarro is now known as pnavarro\|lunch		10:45
*** weihan has joined #openstack-keystone		10:51
*** kiranr has quit IRC		10:59
*** jaosorior has joined #openstack-keystone		10:59
*** EinstCrazy has joined #openstack-keystone		11:00
*** petertr7_away has quit IRC		11:03
*** petertr7_away has joined #openstack-keystone		11:06
*** petertr7_away is now known as petertr7		11:06
*** fhubik is now known as fhubik_brb		11:08
*** fhubik_brb is now known as fhubik		11:09
*** fhubik is now known as fhubik_brb		11:10
*** tyagiprince2010 has joined #openstack-keystone		11:12
tyagiprince2010	hey i installed keystone on controller node and did some configuration changes.	11:12
tyagiprince2010	got an error msg. ImportError: No module named persistence.backends.sql	11:13
*** jaosorior has quit IRC		11:14
tyagiprince2010	removing driver from token did solve the issue. but then will keystone be using mysql?	11:15
*** davechen has joined #openstack-keystone		11:26
*** akscram has quit IRC		11:38
*** akscram has joined #openstack-keystone		11:38
*** wwwjfy has joined #openstack-keystone		11:39
*** su_zhang has joined #openstack-keystone		11:45
openstackgerrit	Alexander Makarov proposed openstack/keystone: Unified delegation model https://review.openstack.org/208488	11:47
openstackgerrit	Alexander Makarov proposed openstack/keystone: Unified delegation driver https://review.openstack.org/209600	11:47
openstackgerrit	Alexander Makarov proposed openstack/keystone: Unified delegation model https://review.openstack.org/208488	11:52
openstackgerrit	Alexander Makarov proposed openstack/keystone: Unified delegation driver https://review.openstack.org/209600	11:52
*** weihan_ has joined #openstack-keystone		11:55
*** weihan has quit IRC		11:56
*** marzif_ has quit IRC		11:57
*** amakarov_away is now known as amakarov		11:58
*** marzif_ has joined #openstack-keystone		11:58
*** e0ne has quit IRC		12:06
*** markvoelker has joined #openstack-keystone		12:08
tyagiprince2010	hey i installed glance and keystone. Now when i run a command glance image-list, it says wrong credentials.	12:08
*** pnavarro\|lunch is now known as pnavarro		12:09
*** thiagop has joined #openstack-keystone		12:13
*** bradjones has joined #openstack-keystone		12:16
*** bradjones has quit IRC		12:16
*** bradjones has joined #openstack-keystone		12:16
*** fhubik_brb is now known as fhubik		12:18
*** doug-fis_ has quit IRC		12:18
*** doug-fish has joined #openstack-keystone		12:18
*** raildo-afk is now known as raildo		12:21
*** su_zhang has quit IRC		12:25
*** marzif_ has quit IRC		12:28
*** marzif_ has joined #openstack-keystone		12:28
*** Nirupama has quit IRC		12:31
*** tyagiprince2010 has quit IRC		12:35
*** stevemar_ has joined #openstack-keystone		12:35
*** ChanServ sets mode: +o stevemar_		12:35
*** aix has quit IRC		12:37
*** aix has joined #openstack-keystone		12:37
*** stevemar_ has quit IRC		12:38
openstackgerrit	Boris Bobrov proposed openstack/keystone: Fix exposition of bug about limiting with ldap https://review.openstack.org/234226	12:42
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use search_ext_s instead of search_s in ldap https://review.openstack.org/232995	12:42
openstackgerrit	Boris Bobrov proposed openstack/keystone: Enable limiting in ldap for groups https://review.openstack.org/234849	12:42
openstackgerrit	Boris Bobrov proposed openstack/keystone: Make @truncated common for all backends https://review.openstack.org/233069	12:42
openstackgerrit	Boris Bobrov proposed openstack/keystone: Use @truncated in ldap for users https://review.openstack.org/233070	12:42
*** afazekas has quit IRC		12:43
*** jaosorior has joined #openstack-keystone		12:49
*** afazekas has joined #openstack-keystone		12:52
*** richm has joined #openstack-keystone		12:57
*** su_zhang has joined #openstack-keystone		12:58
*** marzif_ has quit IRC		13:02
*** marzif_ has joined #openstack-keystone		13:03
*** jaosorior has quit IRC		13:08
*** marzif_ has quit IRC		13:08
*** gordc has joined #openstack-keystone		13:10
*** ayoung has quit IRC		13:15
*** Ephur has joined #openstack-keystone		13:19
*** su_zhang has quit IRC		13:19
*** Ephur_ has joined #openstack-keystone		13:19
*** Ephur has quit IRC		13:23
*** weihan_ has quit IRC		13:23
openstackgerrit	Tony Wang proposed openstack/keystone: add `type' filter for list_credentials_for_user https://review.openstack.org/235214	13:24
*** su_zhang has joined #openstack-keystone		13:26
*** hrou has joined #openstack-keystone		13:29
*** jsavak has joined #openstack-keystone		13:34
*** davechen has left #openstack-keystone		13:39
*** csoukup has quit IRC		13:45
*** jaosorior has joined #openstack-keystone		13:50
*** jaosorior has quit IRC		13:51
*** fhubik is now known as fhubik_brb		13:51
*** ParsectiX has quit IRC		13:53
*** sigmavirus24_awa is now known as sigmavirus24		13:58
*** phalmos has joined #openstack-keystone		14:00
*** fhubik_brb is now known as fhubik		14:00
*** su_zhang has quit IRC		14:02
*** hrou has quit IRC		14:03
*** jaosorior has joined #openstack-keystone		14:05
*** r-daneel has joined #openstack-keystone		14:10
*** jaosorior has quit IRC		14:10
*** stevemar_ has joined #openstack-keystone		14:10
*** ChanServ sets mode: +o stevemar_		14:10
*** topol has joined #openstack-keystone		14:13
*** ChanServ sets mode: +v topol		14:13
*** pumaranikar has joined #openstack-keystone		14:16
*** ayoung has joined #openstack-keystone		14:18
*** ChanServ sets mode: +v ayoung		14:18
*** ankurgupta has joined #openstack-keystone		14:19
*** jaosorior has joined #openstack-keystone		14:19
*** exploreshaifali has quit IRC		14:20
*** phalmos has quit IRC		14:23
*** rdo has joined #openstack-keystone		14:31
*** jbell8 has quit IRC		14:32
*** jaosorior has quit IRC		14:32
*** pnavarro is now known as pnavarro\|off		14:33
*** slberger has joined #openstack-keystone		14:35
*** dims has quit IRC		14:41
*** su_zhang has joined #openstack-keystone		14:42
*** dims has joined #openstack-keystone		14:42
*** pumaranikar has quit IRC		14:42
*** pumaranikar has joined #openstack-keystone		14:43
openstackgerrit	Merged openstack/keystone: Updating sample configuration file https://review.openstack.org/235016	14:43
*** jacorob has quit IRC		14:44
*** Guest68187 has quit IRC		14:44
*** lbragstad has quit IRC		14:44
*** blewis has joined #openstack-keystone		14:45
*** blewis is now known as Guest72549		14:45
*** dims_ has joined #openstack-keystone		14:45
*** jacorob has joined #openstack-keystone		14:45
*** lbragstad has joined #openstack-keystone		14:46
*** diazjf has joined #openstack-keystone		14:46
*** Guest72549 has quit IRC		14:48
*** jacorob has quit IRC		14:48
*** lbragstad has quit IRC		14:48
*** dims has quit IRC		14:48
*** petertr7 is now known as petertr7_away		14:48
*** dikonoor has joined #openstack-keystone		14:49
*** csoukup has joined #openstack-keystone		14:50
*** petertr7_away is now known as petertr7		14:51
*** roxanaghe has joined #openstack-keystone		14:51
diazjf	hello everyone, does anyone know if keystoneclient.auth.identity.v3.Token authenticates against a V2 endpoint?	14:52
*** jacorob has joined #openstack-keystone		14:52
*** lbragstad has joined #openstack-keystone		14:53
*** jacorob has quit IRC		14:54
*** lbragstad has quit IRC		14:54
*** jacorob has joined #openstack-keystone		14:55
*** lbragstad has joined #openstack-keystone		14:56
*** nate_gone is now known as njohnston		14:57
*** wwwjfy has quit IRC		14:58
bknudson	#success keystone liberty release notes look good.	14:59
openstackstatus	bknudson: Added success to Success page	14:59
*** wwwjfy has joined #openstack-keystone		15:00
*** jvarlamova_ has joined #openstack-keystone		15:02
*** aix has quit IRC		15:02
*** jsavak has quit IRC		15:04
*** edmondsw has joined #openstack-keystone		15:04
lbragstad	samueldmq have i addressed your comment here - https://review.openstack.org/#/c/215715/ ?	15:05
*** geoffarnold has joined #openstack-keystone		15:06
*** agupt9_ has joined #openstack-keystone		15:06
*** agupt9_ has quit IRC		15:07
*** geoffarn_ has joined #openstack-keystone		15:07
openstackgerrit	Steve Martinelli proposed openstack/keystone: switch to oslo.cache https://review.openstack.org/195873	15:10
*** geoffarnold has quit IRC		15:10
*** thiagop is now known as thiagop-afk		15:14
samueldmq	lbragstad: hi, looking	15:17
*** jbell8 has joined #openstack-keystone		15:18
*** arunkant_ has joined #openstack-keystone		15:18
*** phalmos has joined #openstack-keystone		15:19
*** browne has joined #openstack-keystone		15:20
*** pdardeau has joined #openstack-keystone		15:23
*** jbell8 has quit IRC		15:24
*** urulama has quit IRC		15:25
*** urulama has joined #openstack-keystone		15:25
*** e0ne has joined #openstack-keystone		15:25
*** tonytan4ever has joined #openstack-keystone		15:26
*** geoffarn_ has quit IRC		15:28
*** geoffarnold has joined #openstack-keystone		15:28
*** belmoreira has quit IRC		15:28
ayoung	diazjf, yes, but only for the default domain	15:29
*** openstackgerrit has quit IRC		15:31
*** openstackgerrit has joined #openstack-keystone		15:32
*** geoffarnold is now known as geoffarnoldX		15:34
samueldmq	lbragstad: I am a bit worried about caching role assignments, but I agree that would be a great performance improvement	15:34
*** geoffarnoldX is now known as geoffarnold		15:34
samueldmq	lbragstad: we do need to ensure we are invalidating the cache in all the cases	15:34
samueldmq	lbragstad: otherwise we would be opening a security hole	15:34
samueldmq	lbragstad: you agree ?	15:34
*** jbell8 has joined #openstack-keystone		15:34
*** geoffarnold is now known as geoffarnoldX		15:35
dolphm	jvarlamova: what's up?	15:35
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move federation extension into keystone core https://review.openstack.org/214775	15:37
dolphm	jvarlamova_: ^	15:37
dstanek	samueldmq: depends on the expiry of the cache too	15:40
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/235435	15:41
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/235436	15:41
*** gordc has quit IRC		15:41
samueldmq	dstanek: what cache expiry usually looks like ?	15:41
samueldmq	dstanek: in seconds ? (I honestly have no experience on that)	15:42
openstackgerrit	Dolph Mathews proposed openstack/keystone: Correct typo in copyright https://review.openstack.org/232528	15:42
dolphm	samueldmq: look for all the .invalidate() calls in keystone	15:43
diazjf	ayoung does that mean that only the admin user will be able to access the services?	15:43
ayoung	diazjf, depends on your setup, but I think you want to move the token validation to V3	15:44
ayoung	stevemar_, so...I think federation should go under identity, shouldn't it?	15:45
* ayoung knows he's right, but also that it is too big a pain to actually implement		15:45
jvarlamova_	dolphm: Stable/kilo branch of python-keystoneclient was broken some time ago due to bug https://bugs.launchpad.net/python-keystoneclient/+bug/1480314, which is fixed now. When a release of stable/kilo branch with this bugfix is planned? I'm wondering because it affects kilo branch of manilaclient project.	15:45
openstack	Launchpad bug 1480314 in python-keystoneclient "Branch "stable/kilo" is broken" [Undecided,In progress] - Assigned to Julia Varlamova (jvarlamova)	15:45
samueldmq	dolphm: yes, that's when we invalidate the cache of GET/LIST methods .. I am just worried about we ensurign we do invalidate properly in all the cases when caching role assignments	15:45
*** blewis has joined #openstack-keystone		15:46
dstanek	samueldmq: usually seconds yes	15:46
samueldmq	dolphm: but I agree it can be a huge improvement	15:46
*** blewis is now known as Guest27799		15:46
lbragstad	samueldmq cache expiry is controlled through config	15:46
samueldmq	dolphm: otherwise we would be opening a security hole (in the case we don't invalidate properly), then dstanek said it can be not too bad depending on the cache expiry	15:47
samueldmq	dstanek: lbragstad nice	15:47
samueldmq	dstanek: why do we cache on manager vs controller ?	15:47
diazjf	ayoung I'm using https://github.com/openstack/castellan/blob/master/castellan/key_manager/barbican_key_manager.py#L134-L140 but it seems to only be able to be accessed by an admin user. How can I fix this?	15:47
samueldmq	dstanek: in the controller we would cache the formatted entities, which would be still better, right ? and we would remove the complexity of store/invalidate cache from the manager	15:48
dstanek	samueldmq: i'm assuming it's on the manager?	15:48
ayoung	diazjf, give the user admin privs	15:48
*** gyee has joined #openstack-keystone		15:48
*** ChanServ sets mode: +v gyee		15:48
ayoung	diazjf, and then go beat up the barbiccan folks	15:48
samueldmq	dstanek: yes it is on hte manager, and I wonder why we don't do it in the controller level	15:48
ayoung	but it s really not their fault, its ours, becasue we can't fix policy	15:48
dolphm	samueldmq: we could cache at both, but if you're going to cache at the controller layer, i'd suggest caching externally to keystone in nginx or something instead	15:48
dstanek	samueldmq: controller should be cacheable via http	15:49
*** geoffarnoldX has quit IRC		15:49
*** spandhe has joined #openstack-keystone		15:49
*** geoffarnold has joined #openstack-keystone		15:49
diazjf	ayoung, hmm I am using a user with admin priv just on a tenant other than admin and I get back forbidden :(	15:49
dolphm	samueldmq: or in middleware	15:50
dolphm	samueldmq: if you really want to cache via python	15:50
samueldmq	dolphm: dstanek nice, but those caches would only look at expiry of the cache, right ?	15:51
dstanek	samueldmq: yes, exactly	15:51
dolphm	samueldmq: and HTTP headers, like Vary	15:51
samueldmq	and we provide cache in keystone to be more granular, because we do know exactly when it should be invalidated	15:51
dstanek	samueldmq: caching too much is an anti pattern IMO	15:52
dolphm	dstanek: cache all the things!	15:52
samueldmq	dstanek: dolphm I still think we could cache in the controller (still keystone internal) vs manager	15:53
samueldmq	would make manager code simpler, and we would cache the formatted entities, intead of formattign them all the time	15:53
dolphm	samueldmq: by "vs", do you mean "not caching in the manager?	15:53
dolphm	"	15:53
dstanek	samueldmq: i don't. it's better to cache closer to the individual data layers because there is less that would need to make invalidation calls	15:53
samueldmq	dolphm: yes, instead of caching in the manager, do the cache in the controller	15:53
lbragstad	dstanek ++	15:54
dolphm	samueldmq: no. both, sure. but no.	15:54
*** spandhe has quit IRC		15:54
dstanek	samueldmq: if you cache at the controller then the controller has to know about all the data that can change to invalidate or everyhting has to know about the controller	15:54
dstanek	either way it's a bad architecture	15:54
dstanek	samueldmq: that's part of caching too much	15:55
samueldmq	dstanek: and then that's better to cache in the manager because it takes care of the business logic ..	15:55
*** jsavak has joined #openstack-keystone		15:55
dolphm	samueldmq: i only really care about the performance of token creation & validation requests, and the handful of other requests involved in the auth flow. everything else can be slow and no one will care.	15:55
dstanek	samueldmq: i would actually prefer caching only in the backends, but i think it's too late for that	15:56
dolphm	samueldmq: try accomplishing that by caching in the controller layer	15:56
samueldmq	dolphm: I kind of agree .. since token issue/vlidation is what is more requested	15:56
dstanek	manager is a good compromise	15:56
*** fhubik has quit IRC		15:56
samueldmq	dolphm: yeah, but then the manager would need to know that, deleting a user, it would need to invalidate the user's assignments .. which seems to be some 'business logic' ? (and then the manager)	15:57
*** ankurgupta has left #openstack-keystone		15:57
*** rvba has quit IRC		15:58
samueldmq	dstanek: dolphm: lbragstad: my point was to only leave the pure business logic in the controller (where the more complicated code normally lives)	15:58
samueldmq	then put the cache in another level, I can even see another intermediate level between manager and controller just for cache ?	15:58
dolphm	samueldmq: yes, cache invalidation is hard	15:58
samueldmq	just cache -> call manager -> invalidate ?	15:58
dstanek	samueldmq: controllers shouldn't have real business logic at all; they should really just take web stuff and make calls into busiiness logic	15:58
dolphm	dstanek: ++	15:59
samueldmq	cool, I agree	15:59
samueldmq	dolphm: yes, so wouldn't it be worth it to have a level to control only the cache ? as suggested above ?	15:59
samueldmq	then we can properly test it, and code would be clearer	16:00
dolphm	samueldmq: we basically have that today, as all caching occurs around manager calls, but you could refactor it to mait it clearer	16:00
dolphm	s/mait/make/	16:00
samueldmq	and easier to test, imo .. we could simply mock the cache things and assert invalidate was called	16:00
samueldmq	dolphm: yes, and the refactor would be to crete another level between manager <-> controller, the cache level, or somethingl ike that	16:01
samueldmq	dstanek: lbragstad ^	16:01
*** _cjones_ has joined #openstack-keystone		16:01
*** _cjones_ has quit IRC		16:02
*** _cjones_ has joined #openstack-keystone		16:02
dolphm	samueldmq: you can already enable/disable all caching for testing	16:02
*** su_zhang has quit IRC		16:03
*** rderose has joined #openstack-keystone		16:03
samueldmq	dolphm: yes, but my point isn't to disable cache for thetests, it is to clearly have a separate the caching logic, both in the code and tests, invalidation is hard	16:04
dolphm	samueldmq: right, you're describing a non-functional refactor for the sake of clarity	16:05
dstanek	samueldmq: i agree because i think decorators suck and i'm not a fan of using them to cache - i've been down that road before	16:07
samueldmq	dolphm: exactly, clarity then simplicity, soundness and stability	16:07
samueldmq	dstanek: ++ nice	16:07
*** geoffarnold has quit IRC		16:10
*** geoffarnold has joined #openstack-keystone		16:10
*** jsavak has quit IRC		16:14
*** jsavak has joined #openstack-keystone		16:14
samueldmq	I am gonna see how the code would looks like	16:21
dolphm	samueldmq: you'd basically re-implement cache_on_arguments somehow in your new cache layer, maybe discard dogpile.cache, and move all the invalidate() calls into your new cache layer	16:22
samueldmq	dolphm: ++	16:23
*** urulama has quit IRC		16:27
*** urulama has joined #openstack-keystone		16:27
*** e0ne has quit IRC		16:30
*** geoffarnold has quit IRC		16:31
*** geoffarnold has joined #openstack-keystone		16:32
*** jistr has quit IRC		16:33
*** diazjf has quit IRC		16:34
*** stevemar_ has quit IRC		16:35
*** stevemar_ has joined #openstack-keystone		16:36
*** ChanServ sets mode: +o stevemar_		16:36
*** roxanaghe has quit IRC		16:36
*** diazjf has joined #openstack-keystone		16:37
*** roxanaghe has joined #openstack-keystone		16:37
openstackgerrit	Kent Wang proposed openstack/keystone: Fix Revocation_list calling isotime on str objects https://review.openstack.org/235487	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Promote an arbitrary string to be a docstring https://review.openstack.org/229916	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Add docstring validation https://review.openstack.org/229689	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D204: blank line required after class docstring (PEP257) https://review.openstack.org/229898	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D210: No whitespaces allowed surrounding docstring text (PEP257) https://review.openstack.org/229857	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D202: No blank lines after function docstring (PEP257) https://review.openstack.org/229887	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D300: Use """triple double quotes""" (PEP257) https://review.openstack.org/229853	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D208: Docstring over indented. (PEP257) https://review.openstack.org/229837	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D301: Use r”“” if any backslashes in your docstring (PEP257) https://review.openstack.org/229855	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D402: First line should not be the function's "signature" (PEP257) https://review.openstack.org/229839	16:38
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D200: 1 line docstrings should fit with quotes (PEP257) https://review.openstack.org/229865	16:38
dolphm	(sorry.)	16:38
*** petertr7 is now known as petertr7_away		16:41
*** tonytan4ever has quit IRC		16:42
*** mylu has joined #openstack-keystone		16:43
bknudson	maybe we can fix the gerrit bot to only post the first change	16:48
*** lhcheng has joined #openstack-keystone		16:49
*** ChanServ sets mode: +v lhcheng		16:49
*** uiyice has joined #openstack-keystone		16:50
*** geoffarn_ has joined #openstack-keystone		16:53
*** geoffarnold has quit IRC		16:53
*** tonytan4ever has joined #openstack-keystone		16:55
openstackgerrit	Dolph Mathews proposed openstack/keystone: Promote an arbitrary string to be a docstring https://review.openstack.org/229916	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Add docstring validation https://review.openstack.org/229689	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D204: blank line required after class docstring (PEP257) https://review.openstack.org/229898	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D210: No whitespaces allowed surrounding docstring text (PEP257) https://review.openstack.org/229857	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D202: No blank lines after function docstring (PEP257) https://review.openstack.org/229887	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D300: Use """triple double quotes""" (PEP257) https://review.openstack.org/229853	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D208: Docstring over indented. (PEP257) https://review.openstack.org/229837	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D301: Use r”“” if any backslashes in your docstring (PEP257) https://review.openstack.org/229855	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D402: First line should not be the function's "signature" (PEP257) https://review.openstack.org/229839	16:57
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D200: 1 line docstrings should fit with quotes (PEP257) https://review.openstack.org/229865	16:57
dolphm	(more sorry.)	16:57
dolphm	bknudson: i believe git-review uploads the new patchsets one at a time, so that'd be pretty hard	16:57
*** jsavak has quit IRC		16:59
dolphm	i'm going to have to upload most of them one more time, so hold off on reviews!	17:00
*** su_zhang has joined #openstack-keystone		17:00
openstackgerrit	Alexander Makarov proposed openstack/keystone: Unified delegation driver https://review.openstack.org/209600	17:02
dstanek	dolphm: does flake8_docstrings need to be in g-r?	17:02
dolphm	dstanek: yes, there's a review up	17:02
dolphm	dstanek: https://review.openstack.org/#/c/229685/	17:03
dstanek	dolphm: ah, thx.	17:03
dstanek	looks like dhellmann needs to unblock	17:04
*** phalmos has quit IRC		17:04
*** phalmos has joined #openstack-keystone		17:05
samueldmq	dolphm: in the case you're going to update the first in that chain.. we need to pin pep257 in keystone too	17:06
*** mylu has quit IRC		17:06
samueldmq	dolphm: just in the case you didn't see my comment in the review (I checked that with infra guys)	17:07
*** jsavak has joined #openstack-keystone		17:08
dolphm	samueldmq: define "need"	17:08
*** dikonoor has quit IRC		17:08
samueldmq	dolphm: it's the same reason as we need to pin in the g-r (https://review.openstack.org/#/c/229685/10/global-requirements.txt)	17:10
dolphm	samueldmq: no, not really. g-r affects CI. local pinning affects local devs	17:10
samueldmq	"Some requirements, like linters need to be pinned, because they have terrible backwards compatibility stories."	17:10
dolphm	samueldmq: so, when a new version of pep257 is released, local devs find out before the gate breaks	17:10
*** lbragstad_ has joined #openstack-keystone		17:11
*** spandhe has joined #openstack-keystone		17:11
samueldmq	dolphm: thought it was the opposite .. g-r can be updated, and local devs can have the fleibility to update the project's requirements later	17:12
*** jasonsb_ has joined #openstack-keystone		17:12
dolphm	samueldmq: that's true for gating, but does not restrict development workflow	17:12
samueldmq	dolphm: and I thought CI would install the requirements exactly as they're defined in our test-requirements	17:13
*** bitblt has joined #openstack-keystone		17:13
*** diazjf has quit IRC		17:13
*** gyee has quit IRC		17:14
*** geoffarnold has joined #openstack-keystone		17:14
*** wwwjfy has quit IRC		17:14
dolphm	samueldmq: your soliloquy is accurate	17:16
samueldmq	dolphm: well, I had checked with mordred on #infra and we had find out that it would need to be pinned too	17:17
*** geoffarnold is now known as geoffarnoldX		17:18
*** geoffarn_ has quit IRC		17:18
samueldmq	dolphm: those were the reasons I understood why we needed to pin it as well	17:19
samueldmq	dolphm: but maybe I am just misunderstanding the workflow/needs, I just wanted to ensure things are properly set	17:19
dolphm	samueldmq: i'll add the pin so you don't have to worry about it	17:21
openstackgerrit	Dolph Mathews proposed openstack/keystone: Add docstring validation https://review.openstack.org/229689	17:24
samueldmq	dolphm: thanks, but that's not about me, I just want to ensure we code as it should be (that's why we do code-reviews)	17:24
samueldmq	dolphm: I am happy to be wrong if it isn't needed	17:24
jvarlamova_	dolphm: could you please tell are there any plans about release of keystoneclient stable/kilo branch with fix of bug https://bugs.launchpad.net/python-keystoneclient/+bug/1480314?	17:25
openstack	Launchpad bug 1480314 in python-keystoneclient "Branch "stable/kilo" is broken" [Undecided,In progress] - Assigned to Julia Varlamova (jvarlamova)	17:25
samueldmq	dolphm: that already had my +1 anyway, thanks	17:25
dolphm	jvarlamova_: is there a review in the release repo?	17:25
jvarlamova_	dolphm: https://review.openstack.org/#/c/207906/	17:28
dolphm	jvarlamova_: the release repo: https://github.com/openstack/releases	17:29
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D208: Docstring over indented. (PEP257) https://review.openstack.org/229837	17:29
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D402: First line should not be the function's "signature" (PEP257) https://review.openstack.org/229839	17:30
*** topol has quit IRC		17:33
*** geoffarnoldX has quit IRC		17:35
*** geoffarnold has joined #openstack-keystone		17:35
openstackgerrit	Dolph Mathews proposed openstack/keystone: Promote an arbitrary string to be a docstring https://review.openstack.org/229916	17:36
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D204: blank line required after class docstring (PEP257) https://review.openstack.org/229898	17:36
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D210: No whitespaces allowed surrounding docstring text (PEP257) https://review.openstack.org/229857	17:36
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D202: No blank lines after function docstring (PEP257) https://review.openstack.org/229887	17:36
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D300: Use """triple double quotes""" (PEP257) https://review.openstack.org/229853	17:36
openstackgerrit	Dolph Mathews proposed openstack/keystone: Fix D200: 1 line docstrings should fit with quotes (PEP257) https://review.openstack.org/229865	17:36
*** jasonsb__ has joined #openstack-keystone		17:37
*** jdennis has quit IRC		17:37
*** jasonsb_ has quit IRC		17:37
jvarlamova_	dolphm: Thanks! In this case I'll propose a request for release.	17:37
*** petertr7_away is now known as petertr7		17:38
openstackgerrit	Merged openstack/keystone: Create a version package https://review.openstack.org/203262	17:39
*** pnavarro\|off has quit IRC		17:42
*** gordc has joined #openstack-keystone		17:49
*** browne has quit IRC		17:52
*** browne has joined #openstack-keystone		17:53
*** browne has quit IRC		17:54
*** geoffarnold has quit IRC		17:56
*** geoffarnold has joined #openstack-keystone		17:57
*** jvarlamova_ has quit IRC		17:57
*** lbragstad has quit IRC		18:00
*** jacorob has quit IRC		18:00
*** Guest27799 has quit IRC		18:00
*** lbragstad_ is now known as lbragstad		18:00
*** roxanaghe has quit IRC		18:01
openstackgerrit	Brant Knudson proposed openstack/keystone: Enable try_except_pass Bandit test https://review.openstack.org/225738	18:01
openstackgerrit	Brant Knudson proposed openstack/keystone: Enable subprocess_without_shell_equals_true Bandit test https://review.openstack.org/225692	18:01
*** rderose has quit IRC		18:01
*** david-lyle has quit IRC		18:01
*** david-lyle has joined #openstack-keystone		18:02
*** jdennis has joined #openstack-keystone		18:04
*** roxanaghe has joined #openstack-keystone		18:05
*** hongbin has joined #openstack-keystone		18:07
hongbin	Hi, I am from Magnum. A question here. If I get a v2 token from user, is that a way to convert it to a v3 token?	18:08
*** e0ne has joined #openstack-keystone		18:09
*** roxanaghe has quit IRC		18:13
*** exploreshaifali has joined #openstack-keystone		18:13
*** alejandrito has joined #openstack-keystone		18:14
*** bitblt has quit IRC		18:16
*** geoffarnold has quit IRC		18:17
*** geoffarnold has joined #openstack-keystone		18:18
*** roxanaghe has joined #openstack-keystone		18:21
dhellmann	stevemar_: we need to land https://review.openstack.org/#/c/235229/ to open stable/liberty for keystone but it's failing the unit tests there, can you have someone take a look?	18:22
lhcheng	hongbin: I don't think so, you have to request a new v3 token.	18:22
stevemar_	dhellmann: probably the policy tests	18:23
dolphm	bknudson: need to backport your policy test removal to stable/liberty	18:23
bknudson	dolphm: it's proposed...	18:23
stevemar_	dhellmann: https://review.openstack.org/#/c/235374/ is what shoud fix it	18:23
bknudson	I think we need to merge the 2	18:23
stevemar_	but it's currently on the floor	18:23
stevemar_	bknudson: i think you're right, the two need to go in at the same time	18:24
hongbin	lhcheng: got it. thx	18:24
bknudson	merge it with https://review.openstack.org/#/c/235229/	18:24
bknudson	want me to do that?	18:25
bknudson	should only take a min	18:25
dolphm	"with" ?	18:25
dolphm	oh, into a single patch	18:25
*** diazjf has joined #openstack-keystone		18:25
bknudson	y, should have said squash	18:25
dolphm	got it	18:25
stevemar_	bknudson: you want to do it?	18:25
stevemar_	dolphm and i can +2/+A	18:26
bknudson	working on it.	18:26
dolphm	i can click buttons	18:26
*** su_zhang has quit IRC		18:26
bknudson	I put them in here: https://review.openstack.org/#/c/235229/	18:29
bknudson	I'm going to also push a change to switch the default branch to stable/liberty before that catches me out again.	18:30
*** hongbin has left #openstack-keystone		18:30
dolphm	bknudson: that's not already in review?	18:30
bknudson	I don't see a review for it.	18:31
dolphm	weird, i don't see one either	18:31
dolphm	i thought i reviewed it, but maybe it was for a different project	18:31
*** topol has joined #openstack-keystone		18:31
*** ChanServ sets mode: +v topol		18:31
*** roxanaghe has quit IRC		18:31
*** thiagop-afk is now known as thiagop		18:33
*** lsmola_ has quit IRC		18:35
*** browne has joined #openstack-keystone		18:35
dolphm	bknudson: ./keystone/tests/unit/test_policy.py:19:1: F401 'six' imported but unused	18:35
bknudson	ah, easy fix.	18:35
*** marzif has joined #openstack-keystone		18:35
bknudson	I was in the middle of running the tests.	18:36
bknudson	pep8 worked locally for some reason	18:36
*** marzif has quit IRC		18:36
dolphm	bknudson: wait, it is used	18:36
dolphm	bknudson: L244...	18:36
*** marzif has joined #openstack-keystone		18:36
bknudson	wow...	18:37
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move endpoint_policy migrations into keystone core https://review.openstack.org/171916	18:37
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move federation extension into keystone core https://review.openstack.org/214775	18:37
bknudson	pep8==1.5.7	18:37
dolphm	bknudson: oh, your patch isn't based on master	18:37
dolphm	oh, dammit	18:38
bknudson	I just cherry-picked it.	18:38
*** roxanaghe has joined #openstack-keystone		18:39
dolphm	i think i cherry picked your patch onto an old stable/liberty, instead of just checking it out	18:39
*** geoffarnold has quit IRC		18:39
dolphm	or something	18:39
dolphm	not really sure, but i'm starting over	18:39
*** geoffarn_ has joined #openstack-keystone		18:39
dolphm	pep8 passed	18:39
bknudson	https://review.openstack.org/235542 is the .gitreview update.	18:40
stevemar_	dolphm: i'm gonna pile on: https://review.openstack.org/#/c/195873/	18:42
dolphm	stevemar_: to what?	18:42
*** woodster_ has joined #openstack-keystone		18:43
stevemar_	dolphm: pile on to your review request queue	18:43
*** dims has joined #openstack-keystone		18:43
*** roxanaghe has quit IRC		18:43
*** HT_sergio has joined #openstack-keystone		18:43
*** amakarov is now known as amakarov_away		18:44
*** dims_ has quit IRC		18:45
openstackgerrit	Dolph Mathews proposed openstack/keystone: Add docstring validation https://review.openstack.org/229689	18:46
dolphm	stevemar_: what if i told you it was already in my review queue?	18:46
openstackgerrit	Henrique Truta proposed openstack/keystone: Sub projects acting as domains https://review.openstack.org/235544	18:47
dolphm	stevemar_: along with 60+ other patches	18:47
bknudson	watch out he might start throwing things on the field. you know canadians.	18:47
*** dims has quit IRC		18:47
stevemar_	dolphm: you mean i don't get preferential treatment?	18:50
stevemar_	bknudson: we riot like a boss	18:50
*** urulama has quit IRC		18:55
*** urulama has joined #openstack-keystone		18:55
*** lastops has joined #openstack-keystone		18:57
*** lastops has quit IRC		18:57
stevemar_	osc meeting time!	18:59
*** geoffarn_ has quit IRC		19:00
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: auto-generate release history https://review.openstack.org/227655	19:00
*** geoffarnold has joined #openstack-keystone		19:01
*** pnavarro\|off has joined #openstack-keystone		19:03
*** jsavak has quit IRC		19:03
*** csoukup has quit IRC		19:03
*** jsavak has joined #openstack-keystone		19:04
*** diazjf has quit IRC		19:05
*** diazjf has joined #openstack-keystone		19:06
*** HT_sergio has quit IRC		19:07
*** uiyice has left #openstack-keystone		19:09
*** dims has joined #openstack-keystone		19:11
breton	liberty released!	19:16
*** diazjf has quit IRC		19:18
*** rvba has joined #openstack-keystone		19:19
*** rvba has quit IRC		19:19
*** rvba has joined #openstack-keystone		19:19
*** ayoung has quit IRC		19:19
*** geoffarnold has quit IRC		19:21
*** geoffarnold has joined #openstack-keystone		19:22
dolphm	\o/	19:23
*** e0ne has quit IRC		19:25
*** jdennis has quit IRC		19:27
breton	tomorrow is bug fixing day	19:30
*** dims has quit IRC		19:30
breton	https://etherpad.openstack.org/p/keystone-office-hours	19:31
*** rderose has joined #openstack-keystone		19:37
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move federation sql migrations to common https://review.openstack.org/234537	19:37
stevemar_	breton: damn straight	19:38
openstackgerrit	Henrique Truta proposed openstack/keystone: Create tests for set_default_is_domain in LDAP https://review.openstack.org/229536	19:39
*** geoffarnold is now known as geoffarnoldX		19:39
*** geoffarnoldX has quit IRC		19:42
*** geoffarnold has joined #openstack-keystone		19:43
*** diazjf has joined #openstack-keystone		19:46
*** su_zhang has joined #openstack-keystone		19:46
*** marzif has quit IRC		19:50
*** jdennis has joined #openstack-keystone		19:51
*** mestery_ has joined #openstack-keystone		19:53
*** gordc has quit IRC		20:03
*** geoffarn_ has joined #openstack-keystone		20:04
*** geoffarnold has quit IRC		20:05
*** rderose has quit IRC		20:05
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move oauth1 extension into core https://review.openstack.org/234598	20:06
openstackgerrit	Steve Martinelli proposed openstack/keystone: Move oauth1 sql migrations to common https://review.openstack.org/235121	20:06
*** rdo has quit IRC		20:07
*** ayoung has joined #openstack-keystone		20:08
*** ChanServ sets mode: +v ayoung		20:08
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for projects acting as domains https://review.openstack.org/211219	20:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Manager support for projects acting as domains https://review.openstack.org/213448	20:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	20:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Removes project.domain_id FK https://review.openstack.org/233274	20:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Change project name constraints https://review.openstack.org/158372	20:13
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	20:13
htruta	hey ayoung, could you mark this patch https://review.openstack.org/#/c/143763/81 as abandoned?	20:13
htruta	it was split in a 3 or 4, the core of it is in this one: https://review.openstack.org/#/c/231289/ which you're co-author	20:13
*** mylu has joined #openstack-keystone		20:17
ayoung	htruta, cool. Will do	20:18
htruta	ayoung: thanks	20:18
*** boris-42 has quit IRC		20:18
ayoung	htruta, excellent	20:19
*** mestery_ has quit IRC		20:19
*** geoffarn_ has quit IRC		20:25
*** geoffarnold has joined #openstack-keystone		20:26
*** mylu has quit IRC		20:29
openstackgerrit	Steve Martinelli proposed openstack/keystone: Remove example extension https://review.openstack.org/235574	20:29
*** mylu has joined #openstack-keystone		20:29
*** mylu_ has joined #openstack-keystone		20:31
*** mylu has quit IRC		20:31
*** mestery_ has joined #openstack-keystone		20:32
*** mestery_ has quit IRC		20:32
*** Guest71541 has joined #openstack-keystone		20:32
*** lifeless has quit IRC		20:34
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Fix docstring https://review.openstack.org/234881	20:35
stevemar_	ayoung: is the revoke extension database migrated automatically?	20:37
ayoung	stevemar_, I could say yes, but you know that I lie	20:37
stevemar_	dang	20:37
ayoung	I make things up	20:37
stevemar_	hehe	20:37
ayoung	stevemar_, I think it is easy to check...one sec	20:38
stevemar_	what's your gut reaction say? :P	20:38
ayoung	stevemar_, http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/sql/migration_helpers.py#n37	20:39
ayoung	stevemar_, http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/sql/migration_helpers.py#n198	20:39
stevemar_	ayoung: hmm	20:40
stevemar_	and it's always run right, no opt-in?	20:40
stevemar_	i mean, for the entire revoke extension right?	20:40
ayoung	stevemar_, if you don't specify an extension, the core repo and default extensions are upgraded	20:40
*** drjones has joined #openstack-keystone		20:41
*** pnavarro\|off has quit IRC		20:42
*** _cjones_ has quit IRC		20:42
stevemar_	ayoung: nah, i meant the routes/paths, they are always enabled right? there's nothing in keystone.conf to disable revoke?	20:44
openstackgerrit	Henrique Truta proposed openstack/keystone: Sub projects acting as domains https://review.openstack.org/235544	20:44
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for subprojects acting as domains https://review.openstack.org/234907	20:44
*** drjones has quit IRC		20:45
*** mylu_ has quit IRC		20:45
*** _cjones_ has joined #openstack-keystone		20:45
*** mylu has joined #openstack-keystone		20:45
*** Guest71541 is now known as dims_		20:46
*** geoffarnold has quit IRC		20:46
*** geoffarnold has joined #openstack-keystone		20:47
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Fix docstring https://review.openstack.org/234881	20:47
openstackgerrit	Brant Knudson proposed openstack/keystone: Common arguments for fernet payloads assembly https://review.openstack.org/230165	20:47
openstackgerrit	Brant Knudson proposed openstack/keystone: Normalize fernet payload disassembly https://review.openstack.org/230181	20:47
openstackgerrit	Brant Knudson proposed openstack/keystone: De-duplicate fernet payload tests https://review.openstack.org/230193	20:47
openstackgerrit	Julien Danjou proposed openstack/keystone: wsgi: fix base_url finding https://review.openstack.org/226464	20:48
*** mylu has quit IRC		20:49
*** mylu_ has joined #openstack-keystone		20:49
*** rderose has joined #openstack-keystone		20:52
*** petertr7 is now known as petertr7_away		20:53
bknudson	recheck	20:55
stevemar_	bknudson: no rechecking here	20:56
openstackgerrit	Steve Martinelli proposed openstack/python-keystoneclient: Fix typo that says V3 token only works for v2 https://review.openstack.org/235581	21:00
*** mylu_ has quit IRC		21:01
*** mylu has joined #openstack-keystone		21:02
*** jsavak has quit IRC		21:02
*** jsavak has joined #openstack-keystone		21:03
morgan	bknudson: reverify	21:03
openstackgerrit	Brant Knudson proposed openstack/oslo.policy: Use JSON generator https://review.openstack.org/234421	21:04
*** mylu has quit IRC		21:05
*** mylu has joined #openstack-keystone		21:06
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for projects acting as domains https://review.openstack.org/211219	21:06
openstackgerrit	Henrique Truta proposed openstack/keystone: Bye Bye Domain Table https://review.openstack.org/161854	21:06
openstackgerrit	Henrique Truta proposed openstack/keystone: Remove domain table references https://review.openstack.org/165936	21:06
openstackgerrit	Henrique Truta proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	21:06
openstackgerrit	Henrique Truta proposed openstack/keystone: Removes project.domain_id FK https://review.openstack.org/233274	21:06
*** geoffarnold has quit IRC		21:08
*** mylu has quit IRC		21:08
*** geoffarnold has joined #openstack-keystone		21:08
*** mylu has joined #openstack-keystone		21:08
*** mylu has quit IRC		21:11
*** mylu has joined #openstack-keystone		21:11
*** wwwjfy has joined #openstack-keystone		21:12
*** mylu has quit IRC		21:13
*** mylu has joined #openstack-keystone		21:13
*** wwwjfy has quit IRC		21:13
*** raildo is now known as raildo-afk		21:14
*** jsavak has quit IRC		21:15
*** mylu has quit IRC		21:15
*** cburgess_ is now known as cburgess		21:16
*** su_zhang has quit IRC		21:19
*** mylu has joined #openstack-keystone		21:21
*** mylu has quit IRC		21:24
*** mylu has joined #openstack-keystone		21:24
openstackgerrit	Dolph Mathews proposed openstack/keystone: Test revocation race conditions https://review.openstack.org/227995	21:25
*** mylu has quit IRC		21:29
*** geoffarnold has quit IRC		21:29
*** geoffarnold has joined #openstack-keystone		21:30
*** diazjf has quit IRC		21:34
*** mylu has joined #openstack-keystone		21:36
stevemar_	morgan: ayoung: can we kill the kvs backend for revoke?	21:36
ayoung	stevemar_, lets just kill revoke altogether	21:36
morgan	stevemar_: I thought we already did	21:36
stevemar_	morgan: looks alive to me: https://github.com/openstack/keystone/blob/master/keystone/contrib/revoke/backends/kvs.py	21:37
stevemar_	it was deprecated in Juno for 1 cycle :)	21:37
stevemar_	i think i put in a change a while ago to remove it, but looks like it never happened for $reasons	21:38
stevemar_	ayoung: i don't think we can kill it just yet	21:38
ayoung	I can dream	21:38
stevemar_	plus, why? it's needed	21:39
ayoung	stevemar_, mostly no	21:39
stevemar_	fernet will make it not so needed	21:39
ayoung	revocations...probably only the "changed password" case is still valid	21:39
ayoung	all the rest were designed with remote tokens in mind	21:39
stevemar_	yep	21:39
stevemar_	but uuids are still used	21:39
ayoung	now that we rebuild the token, most of those go away	21:39
stevemar_	so not yet :)	21:39
ayoung	even with uuid, if we rebuild the tokens, the needs for revocations go way	21:40
ayoung	unless the password changed	21:40
ayoung	all other cases are bascially "give me the current state for this user"	21:40
ayoung	so if the user lost a role on a project, the token validation would just not have that role	21:40
ayoung	same with disabled projects and domains	21:40
*** mylu has quit IRC		21:41
ayoung	unless a token was revoked by ID for some specific reason, such as log out, or password change, most of the revocation events are superfluous	21:41
bknudson	revoke by ID should turn into revoke by audit_id now	21:42
ayoung	that too	21:42
bknudson	I mean the event should be audit_id	21:42
ayoung	bknudson, or we just drop the whole thing	21:42
ayoung	authenticate to Nova and pass project ID in as a param	21:42
ayoung	tokens are dumb	21:42
*** aix has joined #openstack-keystone		21:42
openstackgerrit	Brant Knudson proposed openstack/keystone: Update test modules passing on py34 https://review.openstack.org/231635	21:46
openstackgerrit	Brant Knudson proposed openstack/keystone: Handle fernet payload timestamp differences https://review.openstack.org/232711	21:46
openstackgerrit	Brant Knudson proposed openstack/keystone: Fix fernet key writing for python 3 https://review.openstack.org/231710	21:46
openstackgerrit	Brant Knudson proposed openstack/keystone: Fix fernet padding for python 3 https://review.openstack.org/231711	21:46
*** su_zhang has joined #openstack-keystone		21:46
*** mylu has joined #openstack-keystone		21:48
*** topol has quit IRC		21:49
*** gyee has joined #openstack-keystone		21:49
*** ChanServ sets mode: +v gyee		21:49
*** rderose has quit IRC		21:49
*** geoffarnold has quit IRC		21:50
*** geoffarnold has joined #openstack-keystone		21:51
*** mylu has quit IRC		21:52
stevemar_	ayoung: meh, i'll move the revoke stuff out of contrib anyway	21:52
stevemar_	i want all migations out of there	21:53
stevemar_	endpoint filter and that should be it	21:53
stevemar_	morgan: what should we do about the ec2 and s3 and user_crud stuff in contrib?	21:53
stevemar_	brb, going to bank to get yen	21:53
stevemar_	thats such a cool thing to say	21:53
morgan	stevemar_: those are v2 right?	21:53
stevemar_	i believe so	21:54
morgan	stevemar_: again I think the only real answer here is to merge things down into a single entry in the paste pipeline	21:54
morgan	stevemar_: then all the old locations can be "stubs"	21:54
morgan	then this moving isn't going to run afoul of anything reall	21:54
morgan	y	21:54
*** su_zhang has quit IRC		21:54
morgan	[we can repurpose "identity" or something into the "holder" until people upgrade to the single entry]	21:54
*** geoffarnold has quit IRC		22:01
breton	what's the difference between uuid and fernet that makes revocations not needed?	22:06
*** geoffarnold has joined #openstack-keystone		22:06
*** sigmavirus24 is now known as sigmavirus24_awa		22:08
breton	oh, right, we didn't check roles and stuff for uuid	22:08
*** pdardeau has quit IRC		22:16
*** jamielennox\|away is now known as jamielennox		22:16
*** pdardeau has joined #openstack-keystone		22:16
*** topol has joined #openstack-keystone		22:23
*** ChanServ sets mode: +v topol		22:23
*** su_zhang has joined #openstack-keystone		22:25
openstackgerrit	Stanislaw Pitucha proposed openstack/pycadf: Add authenticate and evaluate actions https://review.openstack.org/235601	22:27
*** su_zhang has quit IRC		22:30
*** pdardeau has left #openstack-keystone		22:35
*** jbell8 has quit IRC		22:37
*** su_zhang has joined #openstack-keystone		22:39
*** pumaranikar has quit IRC		22:48
openstackgerrit	Jamie Lennox proposed openstack/keystonemiddleware: [WIP] Use keystoneauth https://review.openstack.org/235090	22:48
*** exploreshaifali has quit IRC		22:49
*** topol has quit IRC		22:49
*** su_zhang has quit IRC		22:49
openstackgerrit	Merged openstack/keystone: Updated from global requirements https://review.openstack.org/235435	22:53
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235608	22:57
*** thiagop has quit IRC		23:02
*** tonytan4ever has quit IRC		23:03
*** jbell8 has joined #openstack-keystone		23:03
*** r-daneel has quit IRC		23:03
*** geoffarnold is now known as geoffarnoldX		23:04
*** gildub has joined #openstack-keystone		23:04
*** jbell8 has quit IRC		23:05
*** tsymanczyk has quit IRC		23:06
*** jbell8 has joined #openstack-keystone		23:07
*** tsymancz2k has quit IRC		23:07
*** david-lyle has quit IRC		23:09
*** david-lyle has joined #openstack-keystone		23:09
*** geoffarnoldX is now known as geoffarnold		23:10
*** geoffarnold has quit IRC		23:11
*** tsymanczyk has joined #openstack-keystone		23:12
*** tsymanczyk is now known as Guest47201		23:13
*** wwwjfy has joined #openstack-keystone		23:13
*** arunkant_ has quit IRC		23:13
*** wwwjfy has quit IRC		23:15
*** chlong has quit IRC		23:16
jamielennox	so depends-on doesn't work for libraries :(	23:16
*** tsymancz3k has joined #openstack-keystone		23:17
openstackgerrit	Merged openstack/keystone: More info in RequestContext https://review.openstack.org/213595	23:20
*** darrenc is now known as darrenc_afk		23:20
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file https://review.openstack.org/235608	23:22
*** darrenc has joined #openstack-keystone		23:28
*** cburgess has quit IRC		23:30
*** Guest47201 has quit IRC		23:30
*** darrenc_afk has quit IRC		23:30
*** tsymancz1k has joined #openstack-keystone		23:30
*** cburgess has joined #openstack-keystone		23:30
*** miguelgrinberg has quit IRC		23:31
*** miguelgrinberg has joined #openstack-keystone		23:31
*** SpamapS has quit IRC		23:31
*** Ephur_ has quit IRC		23:32
*** david8hu has quit IRC		23:32
*** david8hu has joined #openstack-keystone		23:32
*** _cjones_ has quit IRC		23:34
*** hogepodge has quit IRC		23:34
*** jbonjean has quit IRC		23:34
*** baffle has quit IRC		23:34
*** bapalm has quit IRC		23:34
*** mtreinish has quit IRC		23:34
*** SpamapS has joined #openstack-keystone		23:35
*** tsymancz3k has quit IRC		23:36
*** tsymancz1k has quit IRC		23:36
*** _cjones_ has joined #openstack-keystone		23:39
*** jbell8 has quit IRC		23:39
*** mtreinish has joined #openstack-keystone		23:39
*** bapalm has joined #openstack-keystone		23:39
*** baffle has joined #openstack-keystone		23:43
*** dstanek has quit IRC		23:54
*** tsufiev has quit IRC		23:54
*** baffle has quit IRC		23:54
*** aix has quit IRC		23:54
*** bradjones has quit IRC		23:54
*** evrardjp has quit IRC		23:54
*** martinus__ has quit IRC		23:54
*** jmccrory has quit IRC		23:54
*** iurygregory has quit IRC		23:54
*** BAKfr has quit IRC		23:54
*** brad[] has quit IRC		23:54
*** mancdaz has quit IRC		23:54
*** arif-ali has quit IRC		23:54
*** johnthetubaguy has quit IRC		23:54
*** marekd has quit IRC		23:54
*** SpamapS has quit IRC		23:54
*** cburgess has quit IRC		23:54
*** darrenc has quit IRC		23:54
*** dims_ has quit IRC		23:54
*** ayoung has quit IRC		23:54
*** lhcheng has quit IRC		23:54
*** SamYaple has quit IRC		23:54
*** serverascode has quit IRC		23:54
*** jamielennox has quit IRC		23:54
*** boltR has quit IRC		23:54
*** mitz_ has quit IRC		23:54
*** mfisch has quit IRC		23:54
*** zigo has quit IRC		23:54
*** tonyb has quit IRC		23:54
*** krotscheck has quit IRC		23:54
*** rharwood has quit IRC		23:54
*** gus has quit IRC		23:54
*** sigmavirus24_awa has quit IRC		23:54
*** eglute has quit IRC		23:54
*** d34dh0r53 has quit IRC		23:54
*** cloudnull has quit IRC		23:54
*** dolphm has quit IRC		23:54
*** comstud has quit IRC		23:54
*** hockeynut has quit IRC		23:54
*** dtroyer has quit IRC		23:54
*** sudorandom has quit IRC		23:54
*** mgagne has quit IRC		23:54
*** ChanServ has quit IRC		23:54
*** gyee has quit IRC		23:54
*** rvba has quit IRC		23:54
*** josecastroleon has quit IRC		23:54
*** briancurtin has quit IRC		23:54
*** chmouel has quit IRC		23:54
*** crinkle has quit IRC		23:54
*** jrist has quit IRC		23:54
*** ramishra has quit IRC		23:54
*** phalmos has quit IRC		23:54
*** doug-fish has quit IRC		23:54
*** EinstCrazy has quit IRC		23:54
*** svasheka has quit IRC		23:54
*** nkinder has quit IRC		23:54
*** Daviey has quit IRC		23:54
*** esp has quit IRC		23:54
*** sirushti has quit IRC		23:54
*** zzzeek_ has quit IRC		23:54
*** tjcocozz has quit IRC		23:54
*** rm_work has quit IRC		23:54
*** mjb has quit IRC		23:54
*** errr has quit IRC		23:54
*** Nakato has quit IRC		23:54
*** odyssey4me has quit IRC		23:54
*** mhu has quit IRC		23:54
*** BrAsS_mO- has quit IRC		23:54
*** timburke has quit IRC		23:54
*** bapalm has quit IRC		23:54
*** petertr7_away has quit IRC		23:54
*** j_king has quit IRC		23:54
*** jimbaker has quit IRC		23:54
*** bknudson has quit IRC		23:54
*** tristanC has quit IRC		23:55
*** hughsaunders has quit IRC		23:55
*** jlvillal has quit IRC		23:55
*** jlk has quit IRC		23:55
*** anteaya has quit IRC		23:55
*** david-lyle has quit IRC		23:55
*** gildub has quit IRC		23:55
*** lbragstad has quit IRC		23:55
*** edmondsw has quit IRC		23:55
*** wasmum- has quit IRC		23:55
*** btully has quit IRC		23:55
*** zhiyan has quit IRC		23:55
*** jraim has quit IRC		23:55
*** nzeer has quit IRC		23:55
*** morgan has quit IRC		23:55
*** dgonzalez has quit IRC		23:55
*** _cjones_ has quit IRC		23:55
*** alejandrito has quit IRC		23:55
*** openstackgerrit has quit IRC		23:55
*** samueldmq has quit IRC		23:55
*** rha has quit IRC		23:55
*** rodrigods has quit IRC		23:55
*** ctracey has quit IRC		23:55
*** amit213 has quit IRC		23:55
*** ericksonsantos has quit IRC		23:55
*** dhellmann has quit IRC		23:55
*** gerhardqux has quit IRC		23:55
*** EmilienM has quit IRC		23:55
*** notmyname has quit IRC		23:55
*** mtreinish has quit IRC		23:55
*** shadower has quit IRC		23:55
*** toddnni has quit IRC		23:55
*** daemontool_ has quit IRC		23:55
*** pkarikh has quit IRC		23:55
*** blogan has quit IRC		23:55
*** HenryG has quit IRC		23:55
*** d0ugal has quit IRC		23:55
*** charz has quit IRC		23:55
*** zz_john5223 has quit IRC		23:55
*** lars1 has quit IRC		23:55
*** Madkiss has quit IRC		23:55
*** nonameentername has quit IRC		23:55
*** urulama has quit IRC		23:55
*** browne has quit IRC		23:55
*** richm has quit IRC		23:55
*** agireud has quit IRC		23:55
*** kfjohnson_ has quit IRC		23:55
*** bigjools has quit IRC		23:55
*** rbowen has quit IRC		23:55
*** alex_xu has quit IRC		23:55
*** amakarov_away has quit IRC		23:55
*** andreaf has quit IRC		23:55
*** raildo-afk has quit IRC		23:55
*** grantbow has quit IRC		23:55
*** htruta has quit IRC		23:55
*** hugokuo has quit IRC		23:55
*** david8hu has quit IRC		23:55
*** miguelgrinberg has quit IRC		23:55
*** woodster_ has quit IRC		23:55
*** akscram has quit IRC		23:55
*** gsilvis has quit IRC		23:55
*** sileht has quit IRC		23:55
*** wolsen has quit IRC		23:55
*** hideme_ has quit IRC		23:55
*** telemonster has quit IRC		23:55
*** breton has quit IRC		23:55
*** flaper87 has quit IRC		23:55
*** kragniz has quit IRC		23:55
*** freerunner has quit IRC		23:55
*** _fortis has quit IRC		23:55
*** opilotte has quit IRC		23:55
*** pc-pothole has quit IRC		23:55
*** florianf\|away has quit IRC		23:55
*** mkoderer has quit IRC		23:55
*** jdennis has quit IRC		23:55
*** jasonsb__ has quit IRC		23:55
*** slberger has quit IRC		23:55
*** jasondotstar has quit IRC		23:55
*** njohnston has quit IRC		23:55
*** haneef__ has quit IRC		23:55
*** x58 has quit IRC		23:55
*** clayton has quit IRC		23:55
*** med_ has quit IRC		23:55
*** goodygum has quit IRC		23:55
*** stevemar_ has quit IRC		23:55
*** afazekas has quit IRC		23:55
*** pgbridge has quit IRC		23:55
*** harlowja has quit IRC		23:55
*** arunkant has quit IRC		23:55
*** andreykurilin has quit IRC		23:55
*** mordred has quit IRC		23:55
*** trey has quit IRC		23:55
*** ekarlso has quit IRC		23:55
*** redrobot has quit IRC		23:55
*** zeus has quit IRC		23:55
*** Dave has quit IRC		23:55
*** tellesnobrega has quit IRC		23:55
*** jgriffith has quit IRC		23:55
*** rmstar has quit IRC		23:55
*** raginbajin has quit IRC		23:55
*** dobson has quit IRC		23:55
*** jamiec has quit IRC		23:55
*** jvarlamova has quit IRC		23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!