Tuesday, 2016-03-22

« Monday, 2016-03-21 Index Wednesday, 2016-03-23 »
*** shoutm has joined #openstack-keystone00:00
*** spandhe has quit IRC00:05
*** pushkaru has joined #openstack-keystone00:06
*** spzala has quit IRC00:19
*** furface has joined #openstack-keystone00:20
*** fawadkhaliq has quit IRC00:23
*** daemontool_ has joined #openstack-keystone00:26
*** pushkaru has quit IRC00:27
*** daemontool has quit IRC00:27
*** gordc has joined #openstack-keystone00:30
*** roxanaghe has quit IRC00:34
*** aginwala has joined #openstack-keystone00:35
openstackgerritMerged openstack/keystone: Add test for domains list filtering and limiting  https://review.openstack.org/20745600:42
stevemarmfisch: yo, for requirements hop onto the -infra channel00:45
openstackgerritSteve Martinelli proposed openstack/keystone: remove fallback to default domain id  https://review.openstack.org/29482200:46
*** fawadkhaliq has joined #openstack-keystone00:47
*** tqtran has quit IRC00:51
*** dims has joined #openstack-keystone00:57
openstackgerritSteve Martinelli proposed openstack/keystone: Switch migration tests to oslo.db DbTestCase  https://review.openstack.org/29424601:02
*** fawadkhaliq has quit IRC01:05
*** fawadkhaliq has joined #openstack-keystone01:06
*** sdake has quit IRC01:06
*** sdake has joined #openstack-keystone01:08
*** sdake_ has joined #openstack-keystone01:11
*** browne has quit IRC01:12
*** lucas_ has quit IRC01:14
*** sdake has quit IRC01:14
*** sigmavirus24_awa is now known as sigmavirus2401:21
*** sigmavirus24 is now known as sigmavirus24_awa01:22
*** rderose has joined #openstack-keystone01:27
*** EinstCrazy has joined #openstack-keystone01:28
*** lucas_ has joined #openstack-keystone01:30
*** lucas_ has quit IRC01:34
*** aginwala has quit IRC01:35
*** aginwala has joined #openstack-keystone01:35
*** lucas_ has joined #openstack-keystone01:36
*** lucas_ has quit IRC01:41
*** EinstCra_ has joined #openstack-keystone01:41
*** EinstCr__ has joined #openstack-keystone01:42
*** EinstCrazy has quit IRC01:42
*** lucas_ has joined #openstack-keystone01:45
*** EinstCra_ has quit IRC01:46
*** lucas___ has joined #openstack-keystone01:46
*** dan_nguyen has quit IRC01:48
*** lucas_ has quit IRC01:48
*** lucas___ has quit IRC01:48
*** lucas_ has joined #openstack-keystone01:48
*** tqtran has joined #openstack-keystone01:49
*** tqtran has quit IRC01:53
*** lucas_ has quit IRC01:53
*** spandhe has joined #openstack-keystone01:53
*** rderose has quit IRC01:54
*** woodster_ has quit IRC01:57
*** rderose has joined #openstack-keystone02:00
*** aginwala has quit IRC02:02
*** Ephur has quit IRC02:04
*** browne has joined #openstack-keystone02:04
*** real56 has quit IRC02:06
*** real56 has joined #openstack-keystone02:07
*** jasonsb has joined #openstack-keystone02:15
*** knikolla has quit IRC02:15
*** aginwala has joined #openstack-keystone02:15
*** fawadkhaliq has quit IRC02:24
*** gordc has quit IRC02:26
*** richm has quit IRC02:27
*** dims has quit IRC02:28
*** wanghua has joined #openstack-keystone02:35
*** LZ has joined #openstack-keystone02:38
*** mylu has quit IRC02:43
*** aginwala has quit IRC02:44
*** mylu has joined #openstack-keystone02:46
*** mylu has quit IRC02:48
*** mylu has joined #openstack-keystone02:48
*** real56 has quit IRC02:52
*** lhcheng has quit IRC02:57
*** fawadkhaliq has joined #openstack-keystone03:00
*** lucas_ has joined #openstack-keystone03:01
*** lucas___ has joined #openstack-keystone03:05
*** lucas_ has quit IRC03:06
*** sdake_ is now known as sdake03:08
*** lucas___ has quit IRC03:10
*** rderose has quit IRC03:12
*** lucas_ has joined #openstack-keystone03:12
*** lhcheng has joined #openstack-keystone03:14
*** ChanServ sets mode: +v lhcheng03:14
*** lucas_ has quit IRC03:16
*** aginwala has joined #openstack-keystone03:19
*** mylu has quit IRC03:19
*** links has joined #openstack-keystone03:19
*** tellesnobrega is now known as tellesnobrega_af03:20
*** aginwala has quit IRC03:23
*** lucas_ has joined #openstack-keystone03:25
*** ayoung has quit IRC03:29
*** lucas_ has quit IRC03:30
*** roxanaghe has joined #openstack-keystone03:35
*** tellesnobrega_af is now known as tellesnobrega03:41
*** SamYaple is now known as contributed_this03:47
*** contributed_this is now known as SamYaple03:48
*** lucas_ has joined #openstack-keystone03:49
*** tqtran has joined #openstack-keystone03:50
*** roxanaghe has quit IRC03:50
*** roxanaghe has joined #openstack-keystone03:54
*** tqtran has quit IRC03:58
*** aswadr_ has joined #openstack-keystone04:01
*** jmhale has quit IRC04:11
*** chlong|wfh has quit IRC04:12
*** lucas_ has quit IRC04:15
*** jmhale has joined #openstack-keystone04:16
*** fawadkhaliq has quit IRC04:22
*** fawadkhaliq has joined #openstack-keystone04:22
*** lhcheng has quit IRC04:22
*** chlong has joined #openstack-keystone04:25
*** roxanaghe has quit IRC04:40
*** roxanaghe has joined #openstack-keystone04:42
*** GB21 has joined #openstack-keystone04:48
*** spandhe has quit IRC04:49
*** GB21 has quit IRC04:52
*** daemontool_ has quit IRC04:53
*** daemontool__ has joined #openstack-keystone04:53
*** tqtran has joined #openstack-keystone04:55
*** shoutm_ has joined #openstack-keystone04:55
*** GB21 has joined #openstack-keystone04:56
*** shoutm has quit IRC04:57
*** roxanaghe has quit IRC04:59
*** tqtran has quit IRC04:59
*** dave-mccowan has quit IRC05:03
*** roxanaghe has joined #openstack-keystone05:13
*** lhcheng has joined #openstack-keystone05:30
*** ChanServ sets mode: +v lhcheng05:30
*** lhcheng_ has joined #openstack-keystone05:31
*** lhcheng has quit IRC05:34
*** roxanaghe has quit IRC05:39
*** naresht has joined #openstack-keystone05:45
*** furface has quit IRC05:49
*** shoutm_ has quit IRC05:50
*** furface has joined #openstack-keystone05:50
*** fawadkhaliq has quit IRC05:52
*** shoutm has joined #openstack-keystone05:56
*** furface has quit IRC06:02
*** aginwala has joined #openstack-keystone06:03
*** roxanaghe has joined #openstack-keystone06:04
*** furface has joined #openstack-keystone06:05
*** roxanaghe has quit IRC06:10
*** GB21 has quit IRC06:18
*** furface has quit IRC06:27
*** furface has joined #openstack-keystone06:28
openstackgerritColleen Murphy proposed openstack/keystone: Implement HEAD method for all v3 GET actions  https://review.openstack.org/29564106:31
*** lhcheng_ has quit IRC06:39
*** lhcheng has joined #openstack-keystone06:39
*** ChanServ sets mode: +v lhcheng06:39
*** nisha has joined #openstack-keystone06:54
*** lhcheng has quit IRC06:54
*** Nirupama has joined #openstack-keystone06:55
*** GB21 has joined #openstack-keystone06:56
*** shoutm_ has joined #openstack-keystone06:57
*** shoutm has quit IRC06:58
*** roxanaghe has joined #openstack-keystone07:05
*** aginwala has quit IRC07:07
*** roxanaghe has quit IRC07:10
*** tesseract has joined #openstack-keystone07:28
*** tesseract is now known as Guest9125107:28
*** sdake has quit IRC07:29
*** rcernin has joined #openstack-keystone07:39
*** daemontool__ has quit IRC07:50
*** belmoreira has joined #openstack-keystone07:56
*** GB21 has quit IRC07:57
*** browne has quit IRC07:58
*** tqtran has joined #openstack-keystone08:02
*** tqtran has quit IRC08:06
*** markvoelker has quit IRC08:16
*** roxanaghe has joined #openstack-keystone08:30
*** permalac has quit IRC08:33
*** openstackgerrit has quit IRC08:33
*** openstackgerrit has joined #openstack-keystone08:33
*** daemontool has joined #openstack-keystone08:34
*** roxanaghe has quit IRC08:34
*** pcaruana has joined #openstack-keystone08:40
*** nisha_ has joined #openstack-keystone08:45
*** nisha has quit IRC08:48
*** rk4n has joined #openstack-keystone08:51
*** nisha__ has joined #openstack-keystone08:53
*** nisha_ has quit IRC08:56
*** daemontool has quit IRC08:57
*** henrynash has quit IRC09:00
*** tqtran has joined #openstack-keystone09:03
*** doug-fish has quit IRC09:04
*** tqtran has quit IRC09:07
*** markvoelker has joined #openstack-keystone09:17
*** gangadhar has joined #openstack-keystone09:18
*** e0ne has joined #openstack-keystone09:22
*** jaosorior has joined #openstack-keystone09:23
*** rk4n has quit IRC09:25
*** rk4n has joined #openstack-keystone09:26
*** nisha_ has joined #openstack-keystone09:33
*** nisha__ has quit IRC09:33
*** rk4n has quit IRC09:39
*** rk4n has joined #openstack-keystone09:39
*** rk4n has quit IRC09:41
*** nisha_ has quit IRC09:42
*** nisha_ has joined #openstack-keystone09:42
*** nisha_ has quit IRC09:42
*** nisha_ has joined #openstack-keystone09:50
*** dims has joined #openstack-keystone09:51
*** markvoelker has quit IRC09:52
*** bjornar has joined #openstack-keystone09:53
*** EinstCr__ has quit IRC10:00
*** shoutm has joined #openstack-keystone10:02
*** shoutm_ has quit IRC10:03
*** dims has quit IRC10:04
*** dims has joined #openstack-keystone10:12
*** jaosorior has quit IRC10:15
*** jaosorior has joined #openstack-keystone10:15
*** shoutm has quit IRC10:16
*** roxanaghe has joined #openstack-keystone10:18
*** roxanaghe has quit IRC10:23
*** rk4n has joined #openstack-keystone10:41
*** akanksha_ has joined #openstack-keystone11:09
*** mvk_ has joined #openstack-keystone11:12
*** daemontool has joined #openstack-keystone11:13
*** mvk has quit IRC11:15
*** shoutm has joined #openstack-keystone11:30
*** nisha__ has joined #openstack-keystone11:32
*** henrynash has joined #openstack-keystone11:32
*** ChanServ sets mode: +v henrynash11:32
*** henrynash has quit IRC11:34
*** nisha_ has quit IRC11:34
*** gordc has joined #openstack-keystone11:37
*** doug-fish has joined #openstack-keystone11:42
*** shoutm_ has joined #openstack-keystone11:47
*** markvoelker has joined #openstack-keystone11:48
*** shoutm has quit IRC11:49
*** doug-fis_ has joined #openstack-keystone11:50
*** doug-fish has quit IRC11:52
*** EinstCrazy has joined #openstack-keystone12:03
*** trown|outtypewww is now known as trown12:05
*** roxanaghe has joined #openstack-keystone12:06
*** mvk_ has quit IRC12:07
*** roxanaghe has quit IRC12:12
*** nisha__ has quit IRC12:16
*** markvoelker has quit IRC12:21
*** dave-mccowan has joined #openstack-keystone12:22
*** chaitu has quit IRC12:27
*** raildo-afk is now known as raildo12:30
*** wanghua has quit IRC12:44
*** markvoelker has joined #openstack-keystone12:47
*** links has quit IRC13:01
*** Ephur has joined #openstack-keystone13:02
*** dims_ has joined #openstack-keystone13:02
*** dims has quit IRC13:02
*** jed56 has quit IRC13:03
*** tqtran has joined #openstack-keystone13:04
*** richm has joined #openstack-keystone13:04
*** Ephur has quit IRC13:07
*** daemontool has quit IRC13:07
*** tqtran has quit IRC13:08
*** daemontool has joined #openstack-keystone13:09
*** ninag has joined #openstack-keystone13:10
*** ayoung has joined #openstack-keystone13:11
*** ChanServ sets mode: +v ayoung13:11
*** zqfan has quit IRC13:12
*** Ephur has joined #openstack-keystone13:15
*** jed56 has joined #openstack-keystone13:17
*** knikolla has joined #openstack-keystone13:22
*** nisha_ has joined #openstack-keystone13:23
*** nisha_ has quit IRC13:24
*** mvk_ has joined #openstack-keystone13:27
openstackgerritRaildo Mascena proposed openstack/keystone: Simplify repetitive unequal checks  https://review.openstack.org/28130513:32
openstackgerritRaildo Mascena proposed openstack/keystone: Avoid name repetition in equality comparisons  https://review.openstack.org/28129613:33
*** mylu has joined #openstack-keystone13:33
*** mylu has quit IRC13:34
*** markvoelker_ has joined #openstack-keystone13:34
*** markvoelker has quit IRC13:36
*** pauloewerton has joined #openstack-keystone13:38
*** csoukup has joined #openstack-keystone13:38
*** markvoelker has joined #openstack-keystone13:38
*** real56 has joined #openstack-keystone13:40
*** markvoelker_ has quit IRC13:40
*** real56 has quit IRC13:40
*** jaugustine has joined #openstack-keystone13:40
*** real56 has joined #openstack-keystone13:41
*** mylu has joined #openstack-keystone13:43
*** ametts has joined #openstack-keystone13:44
samueldmqbknudson: dstanek: hi, python tuple vs list quesiton13:45
samueldmqin this case : https://review.openstack.org/#/c/281305/3/keystone/trust/controllers.py13:45
patchbotsamueldmq: patch 281305 - keystone - Simplify repetitive unequal checks13:45
dstaneksamueldmq: fire away13:45
samueldmqis it better to use tuple or list ?13:45
samueldmqmaybe list since types are homogeneous13:46
*** mylu has quit IRC13:46
bknudsona tuple is meant to store collections of different things whereas a list is meant to store collections of same things13:46
marekdbknudson: interesting, where does it come from?13:46
dstaneksamueldmq: i like tuple better as a style thing since there are different types13:46
samueldmqbknudson: is this argument stronger than being mutable or not right ?13:46
bknudsonmarekd: dhellmann mentioned it in a review.13:47
dstanekmarekd: that's just general algorithm usage and not enforced by python13:47
dstanekmarekd: python also hints at that with it's namedtuple type13:48
marekddstanek: is it backed in the code (perf/memory wise) or it's another python convention?13:48
*** jdennis1 has joined #openstack-keystone13:48
*** daemontool has quit IRC13:48
samueldmqdstanek: bknudson: nice so in that case (homogeneous types: IDs) it's better to keep as a list13:49
dstaneksamueldmq: no, you can still use a tuple for the same type13:49
*** jdennis has quit IRC13:50
dstaneksamueldmq: the key for me is that a tuple is ordered and immutable13:50
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic testing with different DBs  https://review.openstack.org/29583713:52
bknudsonthe migration tests fail when run on the real databases.13:53
*** daemontool has joined #openstack-keystone13:54
*** nisha_ has joined #openstack-keystone13:54
*** roxanaghe has joined #openstack-keystone13:55
*** spandhe has joined #openstack-keystone13:56
*** jdennis1 has quit IRC13:56
ayoungis something messed up with Gerrit right now or is it my system?13:56
ayoungCannot query patchset information    "ssh -xp29418 ayoung@review.openstack.org gerrit query --format=JSON --current-patch-set change:285134"13:57
*** mylu has joined #openstack-keystone13:57
bknudsonthat query worked for me13:57
*** jdennis has joined #openstack-keystone13:58
bknudsontry the REST API13:58
*** mylu has quit IRC13:58
*** roxanaghe has quit IRC13:59
*** rk4n has quit IRC13:59
*** rk4n has joined #openstack-keystone14:00
*** spandhe has quit IRC14:00
*** mylu has joined #openstack-keystone14:01
*** sigmavirus24_awa is now known as sigmavirus2414:05
*** links has joined #openstack-keystone14:05
*** jaugustine has quit IRC14:05
*** jaugustine-mobil has joined #openstack-keystone14:06
*** doug-fis_ is now known as doug-fish14:11
*** jdennis has quit IRC14:12
*** pushkaru has joined #openstack-keystone14:14
*** shoutm_ has quit IRC14:14
stevemarayoung: i feel like you have an issue with gerrit or tox on a monthly basis :)14:14
ayoungstevemar, yeah, that is about right14:14
*** spzala has joined #openstack-keystone14:15
ayoungstevemar, it turns out that I need to submit a change to oslo.context to tget the is_admin_project fix enforceable14:15
stevemarayoung: sounds about right14:15
*** jdennis has joined #openstack-keystone14:18
*** Nirupama has quit IRC14:18
*** dims_ has quit IRC14:19
*** slberger has joined #openstack-keystone14:25
*** jasonsb has quit IRC14:30
*** jasonsb has joined #openstack-keystone14:31
*** openstackgerrit has quit IRC14:33
*** openstackgerrit has joined #openstack-keystone14:33
openstackgerritSteve Martinelli proposed openstack/keystone: remove fallback to default domain id  https://review.openstack.org/29482214:35
*** jsavak has joined #openstack-keystone14:36
*** rk4n has quit IRC14:36
*** jaugustine-mobil has quit IRC14:36
ayoungbknudson, stevemar so for some reason my machine is only trying to connect via the IPv6 address....14:37
*** jaugustine has joined #openstack-keystone14:38
*** berserk has joined #openstack-keystone14:39
*** berserk has left #openstack-keystone14:39
*** mylu has quit IRC14:41
*** e0ne has quit IRC14:41
*** mylu has joined #openstack-keystone14:42
*** links has quit IRC14:42
*** akanksha_ has quit IRC14:47
*** shoutm has joined #openstack-keystone14:51
*** roxanaghe has joined #openstack-keystone14:55
*** sdake has joined #openstack-keystone14:58
*** roxanaghe has quit IRC15:01
*** naresht has quit IRC15:02
*** rderose has joined #openstack-keystone15:05
*** rk4n has joined #openstack-keystone15:10
*** rk4n has quit IRC15:12
*** diazjf has joined #openstack-keystone15:13
*** browne has joined #openstack-keystone15:15
*** nisha__ has joined #openstack-keystone15:17
*** nisha_ has quit IRC15:19
*** rodrigods has quit IRC15:27
*** shoutm has quit IRC15:27
*** rodrigods has joined #openstack-keystone15:27
*** nisha__ has quit IRC15:29
*** nisha has joined #openstack-keystone15:30
*** timcline has joined #openstack-keystone15:32
*** harlowja_at_home has joined #openstack-keystone15:35
*** spzala has quit IRC15:38
*** spzala has joined #openstack-keystone15:39
*** real56 has quit IRC15:43
*** spzala has quit IRC15:43
*** real56 has joined #openstack-keystone15:44
*** spzala has joined #openstack-keystone15:44
*** dims has joined #openstack-keystone15:45
*** nisha_ has joined #openstack-keystone15:47
*** real56 has quit IRC15:48
*** real56 has joined #openstack-keystone15:48
*** nisha has quit IRC15:49
*** spzala has quit IRC15:49
*** rk4n has joined #openstack-keystone15:49
*** real56 has quit IRC15:50
*** real56 has joined #openstack-keystone15:50
*** woodster_ has joined #openstack-keystone15:51
*** roxanaghe has joined #openstack-keystone15:52
*** mylu has quit IRC15:53
*** mylu has joined #openstack-keystone15:53
*** EinstCrazy has quit IRC15:53
*** spzala has joined #openstack-keystone15:54
*** dims_ has joined #openstack-keystone15:55
*** dims has quit IRC15:55
knikollaayoung, IdentityDriverV8 defines some CRUD methods as abstract methods, which means I have to define them in the ldap3 new driver. Should I just raise a NotImplementedExeption in their definition?15:56
knikollacreate_user, update_user, etc.15:56
ayoungknikolla, yes15:56
*** roxanagh_ has joined #openstack-keystone15:56
ayoungknikolla, we are saying that the LDAP driver is read only.15:56
knikollaayoung, yes, exactly.15:56
*** browne has quit IRC15:57
bknudsonknikolla: look at what the current ldap driver does when write is disabled.15:57
*** spzala has quit IRC15:58
*** spzala has joined #openstack-keystone16:00
*** jorge_munoz has joined #openstack-keystone16:00
*** roxanagh_ has quit IRC16:01
*** jorge_munoz_ has joined #openstack-keystone16:03
*** real56 has quit IRC16:03
*** tqtran has joined #openstack-keystone16:04
*** real56 has joined #openstack-keystone16:04
*** spzala has quit IRC16:04
*** real56 has quit IRC16:05
*** real56 has joined #openstack-keystone16:05
*** jorge_munoz has quit IRC16:05
*** jorge_munoz_ is now known as jorge_munoz16:05
*** spzala has joined #openstack-keystone16:05
*** real56 has quit IRC16:06
*** real56 has joined #openstack-keystone16:06
*** aginwala has joined #openstack-keystone16:07
*** spzala has quit IRC16:10
*** lhcheng has joined #openstack-keystone16:10
*** ChanServ sets mode: +v lhcheng16:10
*** spzala has joined #openstack-keystone16:11
*** dan_nguyen has joined #openstack-keystone16:13
*** aginwala has quit IRC16:13
*** nisha_ is now known as nisha16:13
*** roxanaghe has quit IRC16:14
*** mylu has quit IRC16:16
*** spzala has quit IRC16:16
bretonsuppose i have an out-of-tree driver. Can i use it in keystone.conf by name (like `my_driver`, not `keystone_drivers.path.to.driver`) without editing setup.cfg? Is it a normal practice to edit setup.cfg for this purpose?16:17
*** spzala has joined #openstack-keystone16:17
dstanekbreton: you make you own package for it16:17
*** jaosorior has quit IRC16:18
*** aginwala has joined #openstack-keystone16:18
bretondstanek: what kind of package? Like rpm or deb?16:18
dstanekbreton: a python package where you define your own entrypoints16:19
*** mylu has joined #openstack-keystone16:19
*** mylu has quit IRC16:19
*** mylu has joined #openstack-keystone16:19
bretondstanek: what should be in the package?16:20
dstanekbreton: you driver code16:20
dstanek*your*16:20
knikollain the case for login by username/domain and password, is the get_user_by_name driver method called first to get the user_id?16:20
dstanekand then you would 'pip install my-drivers' or whatever to install the entry points16:20
*** GB21 has joined #openstack-keystone16:21
dstaneka deb/rpm/whatever can be used to deploy your python package16:21
*** e0ne has joined #openstack-keystone16:21
*** spzala has quit IRC16:22
raildoayoung: ping, can you see this trace from this error http://paste.openstack.org/show/491474/ ? this is not working properly with fernet tokens...16:22
raildoayoung: at this point https://github.com/openstack/keystone/blob/master/keystone/tests/unit/token/test_backends.py#L48316:23
bretondstanek: understood. So to be able to use `my_driver` in keystone.conf i should do something like [entry_points]keystone.role = my_driver = path.to.the.driver?16:23
*** spzala has joined #openstack-keystone16:23
*** roxanaghe has joined #openstack-keystone16:23
dstanekbreton: if you don't want to install your driver with a package you can use the full path assuming it's in the python path or if you do install your driver you can give it an entrypoint with a shorter name16:24
*** belmoreira has quit IRC16:25
*** sdake has quit IRC16:25
bretondstanek: using full path is deprecated, isn't it?16:25
bretonDirect import of driver %(name)r is deprecated as of Liberty16:26
*** mylu has quit IRC16:26
bretonthat's why i'm asking about short names16:26
dstanekbreton: if so we may want to thing about only deprecating for keystone drivers and not all drivers16:26
*** dancn has quit IRC16:27
bretondstanek: sounds like a bugreport is needed for discussion16:27
dstanekbreton: seems silly for force everyone to make their own package, but on the other hand it's so trivial that i don't see why you wouldn't16:27
*** dancn has joined #openstack-keystone16:27
*** spzala has quit IRC16:28
bretondstanek: so am i right about the thing with "[entry_points]keystone.role = my_driver = path.to.the.driver" in my package's setup.cfg?16:28
*** real56 has quit IRC16:28
*** bjornar has quit IRC16:28
*** sdake has joined #openstack-keystone16:29
dstanekbreton: yes16:29
*** spzala has joined #openstack-keystone16:29
bretondstanek: awesome, thank you!16:29
*** aginwala has quit IRC16:29
*** jorge_munoz has quit IRC16:30
*** spzala_ has joined #openstack-keystone16:31
dstanekbreton: np16:31
*** aginwala has joined #openstack-keystone16:31
*** mylu has joined #openstack-keystone16:32
*** spzala has quit IRC16:33
*** mylu has quit IRC16:35
*** spzala_ has quit IRC16:40
*** jyoti_ has joined #openstack-keystone16:42
*** jbell8 has joined #openstack-keystone16:44
*** spandhe has joined #openstack-keystone16:46
*** dims_ has quit IRC16:46
*** spzala has joined #openstack-keystone16:47
*** jasonsb has quit IRC16:48
*** timcline has quit IRC16:48
*** timcline has joined #openstack-keystone16:49
*** tqtran has quit IRC16:52
*** pcaruana has quit IRC16:52
*** spzala has quit IRC16:52
*** timcline has quit IRC16:53
*** spzala has joined #openstack-keystone16:58
*** trown is now known as trown|lunch17:01
*** Guest91251 has quit IRC17:02
*** dims has joined #openstack-keystone17:02
*** nisha_ has joined #openstack-keystone17:03
*** spzala has quit IRC17:03
*** spzala has joined #openstack-keystone17:04
*** nisha has quit IRC17:05
ayoungraildo, looking17:05
raildoayoung: thanks17:06
ayoungraildo, ok, so I am going to make a guess17:06
ayounglook at the test, and see how it references the project17:06
ayoungmaybe instead of it being persisteedn in the resource back end, it is expected to be in a response or something17:07
ayoungin PKI, it could have been in the token body, in UUID, maybe stored in the backend.17:07
ayoungand now we repopulate the data from the signed portion of the token id17:07
raildoayoung: hum, got it, I'll take a look into this part17:08
ayoungraildo, one thing you can do is to run the test in the version prior (which I assume passes) and see.  But My guess is this code path is different enough that it won't give much info17:08
*** spzala has quit IRC17:08
raildoayoung: ok, thanks :)17:10
*** spzala has joined #openstack-keystone17:10
ayoungraildo, you could probably force the test to pass by specifically creating the project used.17:11
openstackgerritColleen Murphy proposed openstack/keystone: Implement HEAD method for all v3 GET actions  https://review.openstack.org/29564117:11
raildoayoung: but the project was already created: https://github.com/openstack/keystone/blob/master/keystone/tests/unit/token/test_backends.py#L46617:11
rderosedolphm: quick question?17:13
*** dims has quit IRC17:13
ayoungraildo, you sure it is the same project?17:13
ayoungkeystone.exception.ProjectNotFound: Could not find project: e6b839fa84e64d558be5e463426a712a17:14
stevemarrderose: write out the question anyway, dolphm may not be around :O17:14
*** diazjf has quit IRC17:14
ayoungraildo,  unit.new_project_ref  does not create it in the backedn17:14
*** spzala has quit IRC17:14
ayoungI be you need to do a resource_api.create_project( unit.new_project_ref ) call after that17:14
stevemarreminder to all to put items on the meeting agenda17:15
raildoayoung: yes, yo'ure right...17:15
ayoungraildo, so, we create a bunch of project data in fixtures.  Would be better to reuse one of those17:15
raildoayoung: makes sense17:16
*** sdake_ has joined #openstack-keystone17:16
ayoungraildo, thanks for taking this and making it happen.  Very important17:16
*** sdake has quit IRC17:16
*** nisha__ has joined #openstack-keystone17:16
*** spzala has joined #openstack-keystone17:16
raildoayoung: np :)17:16
rderoseRegarding dropping EMPHEMERAL user type for FEDERATED, Dolph is suggesting that we drop the user type entirely:17:16
rderosehttps://review.openstack.org/#/c/293071/17:16
patchbotrderose: patch 293071 - keystone - Change EMPHEMERAL user type to FEDERATED17:16
*** aginwala has quit IRC17:17
rderoseI see his point.  The patch was intended to be a first step into doing that refactoring, however I always sort of thought that we still needed to know if the user was federated or not.17:18
rderosestevemar: don't we?17:18
*** bjornar has joined #openstack-keystone17:18
*** aginwala has joined #openstack-keystone17:18
*** nisha_ has quit IRC17:19
*** spzala has quit IRC17:20
samueldmqdstanek: bknudson: in a test .. do you prefer addCleanup(..) immediatly after creating the resource or at the ending of the testcase?17:20
*** aginwala has quit IRC17:20
bknudsonit needs to go immediately after the resource otherwise it might not get cleaned up17:21
bknudsonbetter would be to create a fixture to encapsulate creation and cleanup together17:21
*** nisha has joined #openstack-keystone17:21
samueldmqbknudson: ++17:21
*** spzala has joined #openstack-keystone17:22
samueldmqbknudson: as it is very simple now, maybe it's okay to keep inside the method17:22
samueldmqbknudson: a fixture would be with setUp() and tearDown() ?17:22
*** daemontool has quit IRC17:22
bknudsonfixtures support setUp and addCleanup17:23
samueldmqbknudson: hmm, fixtures is a separate package17:23
samueldmqbknudson: I will look at it17:23
*** tqtran has joined #openstack-keystone17:24
*** timcline has joined #openstack-keystone17:25
*** nisha__ has quit IRC17:25
*** spzala has quit IRC17:26
*** spzala has joined #openstack-keystone17:28
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Add users functional tests  https://review.openstack.org/28930617:31
samueldmqbknudson: for now using addCleanup from unittest (only 3 calls in the entire file) ^17:32
*** jyoti_ has quit IRC17:32
*** roxanaghe has quit IRC17:32
*** jaugustine has quit IRC17:32
*** gangadhar has quit IRC17:32
*** gpaz has quit IRC17:32
bknudsona fixture would make it a lot nicer.17:33
*** spzala has quit IRC17:33
*** spzala has joined #openstack-keystone17:34
bknudsonI think the way these are being developed is going to lead to a lot of duplication with unit tests.17:36
*** jaugustine has joined #openstack-keystone17:36
samueldmqbknudson: duplication in creation that can be avoided with fixtures ?17:36
dstanekbknudson: ++ it should be a fixture17:36
samueldmqbknudson: or are you also seeing another kid of duplication ?17:36
bknudsoncan the tests be shared -- for unit tests mock out the response and for functional tests use a real connection?17:37
samueldmqbknudson: that's a good question17:37
*** shaleh has joined #openstack-keystone17:37
samueldmqbknudson: would be great to make it this way17:37
*** rderose has quit IRC17:37
samueldmqdstanek: bknudson: I will adapt that to use fixtures17:38
*** shaleh_ has joined #openstack-keystone17:38
samueldmqand look at re-using same tests for functional and unit later17:38
*** spzala has quit IRC17:39
bknudsonusing fixtures for the users is unrelated to sharing the tests between functional and unit17:39
bknudsonI just felt like I was looking at tests that should already exist.17:39
samueldmqbknudson: exactly, I will finish the tests first, and look at that other point later17:39
*** spzala has joined #openstack-keystone17:40
*** jorge_munoz has joined #openstack-keystone17:40
samueldmqbknudson: hmm, so reusing hte existing ones rather than rewritting17:40
bknudsonit might be easier to start over anyways, and remove the existing tests where there's overlap17:41
dstaneksamueldmq: if you can do that it would be cool.17:41
*** rderose has joined #openstack-keystone17:41
*** daemontool has joined #openstack-keystone17:42
samueldmqbknudson: dstanek: nice, I will take a look at it; and figure out what approach requires less effort17:42
samueldmqit was a good conversation, thanks17:42
dstaneksamueldmq: bknudson: back in the day i had a test suite that would either use the real DB for functional tests or a mock db for unit tests. this is before the fixtures library, but we did setup in a similar way17:43
samueldmqdstanek: cool!17:43
*** krotscheck has quit IRC17:43
samueldmqdstanek: that's a very nice way to write them; avoiding duplication17:44
*** jaugustine-mobil has joined #openstack-keystone17:44
*** spzala has quit IRC17:44
*** pcaruana has joined #openstack-keystone17:44
*** EinstCrazy has joined #openstack-keystone17:44
bknudsonyou can see how oslo.db test_base uses different fixtures: http://git.openstack.org/cgit/openstack/oslo.db/tree/oslo_db/sqlalchemy/test_base.py#n21217:45
bknudsonby default it uses sqlite which is almost a mock.17:45
dstaneksamueldmq: yeah, it mostly worked. as we adopted TDD with the team the "unit" tests turned into integration tests and we developed real unit tests17:45
*** jaugustine has quit IRC17:45
bknudsonthe issue I have with mock database , keystone , etc., is you have to somehow fake out the behavior17:45
*** spzala has joined #openstack-keystone17:45
bknudsonof, e.g., insert a row and then select, etc.17:45
bknudsonnot sure how you mock out keystone for a single test.17:46
*** EinstCrazy has quit IRC17:46
bknudsonyou mock gets to be pretty complicated17:46
*** EinstCrazy has joined #openstack-keystone17:46
bknudsonrather than just simply mocking out the calls under test17:46
bknudsonI guess the unit test subclass could override all the tests to mock out the expected responses17:47
*** EinstCrazy has quit IRC17:47
*** pnavarro has joined #openstack-keystone17:47
*** EinstCrazy has joined #openstack-keystone17:48
*** roxanaghe has joined #openstack-keystone17:49
*** spzala has quit IRC17:50
*** EinstCrazy has quit IRC17:50
*** EinstCrazy has joined #openstack-keystone17:50
dstanekbknudson: the proper way to do it would be to mock out a connection object and check calls17:51
dstanekbknudson: we unfortunately use a magic global connection object right now17:51
dstanekalmost that time of the week17:52
dstaneki need to go an make some coffee17:53
morgandstanek: you running the show today?17:53
*** akanksha_ has joined #openstack-keystone17:53
morganor just annoucing the need for caffination?17:53
bknudsonyou won't need coffee to stay awake17:53
morgandstanek: ;)17:53
*** EinstCrazy has quit IRC17:53
dstanekmorgan: no running anything for me17:53
morganbknudson: i need coffee to stay awake in the irc meetings :P17:53
dstanekmorgan: just be glad that i'm not announcing bathroom breaks17:53
*** ebalduf_ has joined #openstack-keystone17:53
dstaneki save those for facebook17:53
*** EinstCrazy has joined #openstack-keystone17:53
morganbknudson: but i need coffee to stay awake when an irc meeting isn't happening17:53
*** trown|lunch is now known as trown17:54
morgandstanek: do you use foursquare and check into your bathroom when you go too? (or is swarm app the new thing)?17:54
*** nisha_ has joined #openstack-keystone17:54
*** EinstCrazy has quit IRC17:54
morgandstanek: also, i thought twitter was for annoucing that stuff, fb was for posting pictures of that stuff.17:54
*** EinstCrazy has joined #openstack-keystone17:55
*** browne has joined #openstack-keystone17:55
*** jorge_munoz has quit IRC17:55
dstanekmorgan: if i used 4square i'd definitely be checking into my backroom17:55
morganlol17:56
dstanekmorgan: it would probably show up in my 'most visited places' list17:56
stevemarmorgan: don't forget to tumblr it17:56
morganstevemar: ++17:56
*** timcline has quit IRC17:56
*** GB21 has quit IRC17:56
*** nisha has quit IRC17:56
*** real56 has joined #openstack-keystone17:57
*** timcline has joined #openstack-keystone17:57
dstanektumble it, tweet it, pin it and then flush it17:57
*** spzala has joined #openstack-keystone17:57
*** d0ugal has quit IRC17:58
stevemardstanek: i can add it as a skill to your linkedin17:58
*** jaugustine-mobil has quit IRC17:58
*** d0ugal has joined #openstack-keystone17:59
stevemarrrrrready?17:59
stevemarmeeting time go!17:59
bknudsonready to rumble!17:59
stevemarmeeting ping for ajayaa, amakarov, ayoung, breton, browne, claudiub, davechen, david8hu, dolphm, dstanek, edmondsw, gyee, henrynash, hogepodge, htruta, jamielennox, joesavak, jorge_munoz, lbragstad, lhcheng, marekd, MaxPC, morganfainberg, nkinder, raildo, rodrigods, rderose, roxanaghe, samleon, samueldmq, shaleh, stevemar, tjcocozz, tsymanczyk, topol, vivekd, wanghong, xek17:59
*** jaugustine has joined #openstack-keystone18:00
*** gagehugo has joined #openstack-keystone18:01
*** timcline has quit IRC18:01
*** spzala has quit IRC18:02
*** dan_nguyen has quit IRC18:02
*** spzala has joined #openstack-keystone18:03
*** jsavak has quit IRC18:04
*** jsavak has joined #openstack-keystone18:04
*** pushkaru has quit IRC18:05
*** spzala has quit IRC18:07
*** rk4n has quit IRC18:07
*** d0ugal has quit IRC18:09
*** EinstCrazy has quit IRC18:10
*** EinstCrazy has joined #openstack-keystone18:10
*** lhcheng has quit IRC18:11
*** aginwala has joined #openstack-keystone18:11
*** spzala has joined #openstack-keystone18:14
*** aginwala has quit IRC18:15
*** EinstCrazy has quit IRC18:15
*** EinstCrazy has joined #openstack-keystone18:16
*** aginwala has joined #openstack-keystone18:18
*** nisha_ is now known as nisha18:19
*** EinstCrazy has quit IRC18:19
*** boris-42 has joined #openstack-keystone18:21
*** gagehugo has left #openstack-keystone18:22
*** pushkaru has joined #openstack-keystone18:22
ayoungshaleh, https://www.openstack.org/summit/openstack-summit-atlanta-2014/session-videos/presentation/integrating-openstack-with-active-directory-because-ad-ldap18:24
rodrigodsshaleh_, example of implementation related bug https://bugs.launchpad.net/keystone/+bug/151530218:24
openstackLaunchpad bug 1515302 in OpenStack Identity (keystone) "Group membership attribute is hard-coded when using 'user_enable_emulation'" [High,Fix released] - Assigned to Nathan Kinder (nkinder)18:24
*** daemontool has quit IRC18:25
*** sdake_ is now known as sdake18:25
*** lhcheng has joined #openstack-keystone18:28
*** ChanServ sets mode: +v lhcheng18:28
*** sigmavirus24 is now known as sigmavirus24_awa18:33
*** jed56 has quit IRC18:33
*** spzala has quit IRC18:34
openstackgerritChristopher J Schaefer proposed openstack/python-keystoneclient: Removing bandit.yaml in favor of defaults  https://review.openstack.org/29459718:34
*** fawadkhaliq has joined #openstack-keystone18:36
*** real56 has quit IRC18:40
*** tellesnobrega is now known as tellesnobrega_af18:41
*** real56 has joined #openstack-keystone18:41
*** tellesnobrega_af is now known as tellesnobrega18:42
*** aginwala has quit IRC18:43
*** diazjf has joined #openstack-keystone18:43
openstackgerritChristopher J Schaefer proposed openstack/python-keystoneclient: Removing bandit.yaml in favor of defaults  https://review.openstack.org/29459718:44
*** vint_bra has quit IRC18:45
rodrigodsstevemar, can you trigger a decision regarding no spec for the tests?18:46
*** real56 has quit IRC18:47
*** real56 has joined #openstack-keystone18:48
stevemarrodrigods: no spec needed18:54
*** aginwala has joined #openstack-keystone18:55
*** aginwala has quit IRC18:57
*** real56 has quit IRC18:57
*** timcline has joined #openstack-keystone18:57
*** aginwala has joined #openstack-keystone18:58
*** mylu has joined #openstack-keystone18:58
*** real56 has joined #openstack-keystone18:59
*** shaleh_ has left #openstack-keystone19:00
*** jaugustine has quit IRC19:00
*** shaleh is now known as shaleh|away19:00
*** timcline has quit IRC19:02
stevemarback in a bit19:04
*** jsavak has quit IRC19:06
*** jsavak has joined #openstack-keystone19:07
*** mylu has quit IRC19:07
*** mylu has joined #openstack-keystone19:07
*** aswadr_ has quit IRC19:10
*** nisha has quit IRC19:15
*** nisha has joined #openstack-keystone19:16
*** real56 has quit IRC19:16
*** ametts has quit IRC19:17
*** mylu has quit IRC19:27
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic testing with different DBs  https://review.openstack.org/29583719:29
openstackgerritBrant Knudson proposed openstack/keystone: Fix test_add_int_pkey_to_revocation_event_table for MySQL  https://review.openstack.org/29601619:29
openstackgerritBrant Knudson proposed openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601719:29
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601819:29
bknudsonstevemar: ^ shows some of the issues running migrations against live dbs19:29
*** fawadkhaliq has quit IRC19:30
*** rderose has quit IRC19:30
*** rcrit_ has joined #openstack-keystone19:30
rcrit_bknudson, ping19:30
*** rderose has joined #openstack-keystone19:30
rcrit_bknudson, ping re ayoung asked me to follow up with you about something19:30
*** mylu has joined #openstack-keystone19:30
bknudsonrcrit_: hi -- wanted to get some more info on the tls proxy in devstack19:30
*** fawadkhaliq has joined #openstack-keystone19:30
rcrit_sure, what do you want to know?19:30
bknudsonso, we've been planning to get rid of eventlet19:30
bknudsonand have devstack run with keystone under httpd all the time19:31
bknudsonin which case, seems like no tls proxy by apache is reqd, since keystone is already running under httpd19:31
rcrit_ok19:31
bknudsonso just configure httpd to do tls19:31
rcrit_that may be possible19:31
bknudsonI think it would be a lot simpler19:32
rcrit_it was because of eventlet I went with a stud proxy, that and the fact that someone already had keystone configurable behind it19:32
rcrit_it'd be easy, I don't know about easier19:33
rcrit_the code to create a proxy is shared between all the projects, this would be a one-off for now19:33
rcrit_but not a big deal19:33
bknudsonoh, I didn't know it was stud proxy...19:33
rcrit_One of the the openstack security guide recommendations is to use a TLS proxy between the services to gain SSL/TLS19:33
rcrit_it's stud only because it was highly available19:33
rcrit_it isn't meant to be the "one true" proxy by any means19:34
bknudsonis stud proxy much better than httpd directly?19:34
*** mylu has quit IRC19:34
rcrit_so httpd messes up the story a bit :-)19:34
bknudsonstud proxy is better than eventlet TLS, but I don't think it's better than apache.19:34
rcrit_the story had always been eventlet sucks with TLS because of the giant python lock, so put a TLS proxy in front19:34
rcrit_we are in violent agreement19:34
rcrit_it would probably be fairly trivial to tweak ssl.conf to use a given cert/key19:35
rcrit_and use that instead of stud for keystone19:35
bknudsonI'd prefer that.19:35
rcrit_I've been working on enabling TLS in devstack for going on two years now19:35
rcrit_so my only hesitation is blowing up this delicate process :-)19:36
rcrit_but yeah, it makes sense and probably more closely models what would happen in the real world19:36
bknudsony, and now that I know it's stud and not apache I'm thinking maybe it's worth it to keep things as they are.19:36
rcrit_eventually if/when we get the tests pushed down to the project level it is probably the time to directly enable TLS in keystone19:37
bknudsonone thing I'd like to make sure of is that https://review.openstack.org/#/c/293090/ is running with keystone in apache and not eventlet19:37
patchbotbknudson: patch 293090 - openstack-infra/project-config - Add experimental job to test TLS proxy in devstack19:37
rcrit_I started with devstack because it's the consumer of all this stuff19:37
*** harlowja_at_home has quit IRC19:37
bknudsonbecause if it's using eventlet it's going to break when we get rid of eventlet.19:38
rcrit_been a while since I looked but I don't do anything overly clever19:38
rcrit_if devstack normally configures httpd then it still does, and I think it's true19:38
bknudsonhttp://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/keystone#n283 -- the job should set KEYSTONE_DEPLOY=mod_wsgi when running19:40
rcrit_I can look. Is that the default for keystone these days?19:41
bknudsonI've tried not to break the tls-proxy stuff as I've been making changes to keystone deploy in devstack and hopefully it still works.19:41
rcrit_my job is super simple, just adding the tlsproxy service19:41
rcrit_I appreciate that19:41
bknudsonrcrit_: I believe the default for keystone is eventlet if you don't set anything.19:41
bknudsonwe're going to have to figure that out when we remove eventlet support19:42
*** mylu has joined #openstack-keystone19:42
rcrit_ah ok19:42
bknudsonbut the normal gate jobs are running with keystone in httpd19:42
bknudsonwe've got a couple of keystone jobs -- one runs eventlet and one runs uwsgi19:42
rcrit_what's the diff between uwsgi and mod_wsgi?19:43
bknudsonuwsgi runs keystone under python uwsgi -- so it's a lot like running keystone-all (eventlet)19:44
*** mylu has quit IRC19:44
bknudsonmod_wsgi runs keystone in apache using mod_wsgi19:44
rcrit_it looks like I just need to add to my test: export DEVSTACK_LOCAL_CONFIG="KEYSTONE_DEPLOY=mod_wsgi"19:44
*** sigmavirus24_awa is now known as sigmavirus2419:44
bknudsonrcrit_: yep, I was looking for an example19:44
rcrit_ok, I've never heard of uwsgi, learned something!19:45
bknudsonthere's a few containers for wsgi apps, uwsgi and gunicorn are a couple of other ones19:45
rcrit_ok will do. You wanna ding me in the review? I can just add this and re-submit otherwise.19:45
bknudsonI thought uwsgi would be ok for http but turned out it was pretty crappy19:45
rcrit_heh19:45
bknudsonIt seems to be pretty good running the "uwsgi" protocol and then apache proxies with mod_proxy_uwsgi19:47
*** mylu has joined #openstack-keystone19:47
bknudsonrcrit_: ^ one of the reasons I'd like to not have the tls-proxy is because I'd like to switch keystone to use mod_proxy_uwsgi by default and then we're starting to have lots of proxies...19:47
bknudson(the old version of mod_proxy_uwsgi that we've got on the test systems doesn't support unix socket so we're using lots of ports)19:48
rcrit_sure, I'm flexible. But getting it this far has been like herding cats because the projects move at such a quick pace.19:49
rcrit_I think it would just be a conditional to configure specially for keystone19:49
rcrit_keystone is typically the leader when it comes to this kind of thing. I expect some other projects to follow eventually19:50
bknudsonI hope so. It's kind of ridiculous to use all these ports. and eventlet is a turd.19:50
rcrit_agreed19:50
rcrit_alright, I'll resubmit the job with this new exported variable.19:51
bknudsonthanks!19:51
*** mylu has quit IRC19:52
bknudsonrcrit_: how does this sound -- get what you've got working and gating, and then rework the keystone part to not use the stud proxy but apache tls?19:53
rcrit_sounds great to me19:54
bknudsonok, put me on the reviews if you think it will help for me to +1 it.19:54
bknudsonI don't have much influence in devstack19:54
rcrit_heh, ok. Adam just cc'd a whole whackload of people, I think you're already on the list.19:55
rcrit_he must have cc'd all the keystone team, I see a lot of familiar names19:55
rcrit_bknudson, oh you mean on replacing stud with apache directly. Sure thing once I get that done19:56
bknudsonrcrit_: right, thanks19:56
*** david-lyle_ has joined #openstack-keystone19:56
bknudsonI see devstack has `if is_ssl_enabled_service "key"; then"` -- so I wonder how that works with tls-proxy?19:57
*** david-lyle has quit IRC19:57
rcrit_yeah, it might blow up19:58
*** clenimar has quit IRC19:58
*** ekarlso- has quit IRC19:58
rcrit_so the way the proxy works is the given service lists on port+1 and stud listens on port19:58
rcrit_but stud assumes it can talk http to the service port +119:58
*** timcline has joined #openstack-keystone19:58
*** jlvillal has quit IRC19:58
rcrit_bknudson, ah I think I know. So one can use either proxy or pure SSL/TLS19:59
bknudsonso they're exclusive options?19:59
rcrit_right19:59
rcrit_or the third option is no TLS at all19:59
bknudsonI assume there's no gate for ssl20:00
rcrit_that's what I'm working on20:00
bknudsona gate for eventlet ssl would be stupid anyways20:00
rcrit_yeah, I wasn't going to test that mode20:00
rcrit_sorry, I'm being confusing20:00
rcrit_so yeah, gate only for tlsproxy mode20:01
rcrit_I did the pure SSL stufff I think at the request of someone in devstack20:01
rcrit_mostly I want to test the interaction between the services, not that any given service can do SSL/TLS20:01
*** mylu has joined #openstack-keystone20:01
*** david-lyle_ is now known as david-lyle20:02
*** timcline has quit IRC20:02
*** jlvillal has joined #openstack-keystone20:03
*** diazjf has quit IRC20:05
*** diazjf has joined #openstack-keystone20:08
*** jaugustine-mobil has joined #openstack-keystone20:09
*** diazjf has quit IRC20:10
*** clenimar has joined #openstack-keystone20:10
*** ekarlso- has joined #openstack-keystone20:11
*** aginwala has quit IRC20:13
*** aginwala has joined #openstack-keystone20:18
*** mvk_ has quit IRC20:18
*** nisha has quit IRC20:21
*** shaleh|away is now known as shaleh20:22
*** mylu has quit IRC20:25
tjcocozzbknudson, Python2.6 added compatability with bytes ... Ref: https://docs.python.org/2/whatsnew/2.6.html#pep-3112-byte-literals20:27
*** mylu has joined #openstack-keystone20:30
*** fawadkhaliq has quit IRC20:30
*** fawadkhaliq has joined #openstack-keystone20:30
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic testing with different DBs  https://review.openstack.org/29583720:31
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604120:31
*** jbell8 has quit IRC20:32
*** jorge_munoz has joined #openstack-keystone20:34
openstackgerritBrant Knudson proposed openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601720:37
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601820:37
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604120:37
openstackgerritBrant Knudson proposed openstack/keystone: WIP - Opportunistic testing with different DBs  https://review.openstack.org/29583720:37
*** aginwala has quit IRC20:38
*** arunkant has quit IRC20:39
*** fawadkhaliq has quit IRC20:40
*** mylu has quit IRC20:40
*** fawadkhaliq has joined #openstack-keystone20:40
*** aginwala has joined #openstack-keystone20:41
*** mylu has joined #openstack-keystone20:46
*** rderose has quit IRC20:47
*** tellesnobrega is now known as tellesnobrega_af20:47
*** fawadkhaliq has quit IRC20:50
*** fawadkhaliq has joined #openstack-keystone20:51
*** e0ne has quit IRC20:53
*** timcline has joined #openstack-keystone20:54
*** spandhe has quit IRC20:54
*** timcline has quit IRC20:58
*** raildo is now known as raildo-afk20:58
*** jbell8 has joined #openstack-keystone21:01
*** jaugustine-mobil has quit IRC21:02
*** ninag has quit IRC21:04
*** mylu has quit IRC21:05
openstackgerritBrant Knudson proposed openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601721:05
openstackgerritBrant Knudson proposed openstack/keystone: Fix test_add_int_pkey_to_revocation_event_table for MySQL  https://review.openstack.org/29601621:05
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601821:05
openstackgerritBrant Knudson proposed openstack/keystone: Switch migration tests to oslo.db DbTestCase  https://review.openstack.org/29424621:05
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604121:05
openstackgerritBrant Knudson proposed openstack/keystone: Opportunistic testing with different DBs  https://review.openstack.org/29583721:05
*** mylu has joined #openstack-keystone21:06
*** trown is now known as trown|outtypewww21:10
*** dims has joined #openstack-keystone21:11
*** rk4n has joined #openstack-keystone21:18
*** pauloewerton has quit IRC21:19
*** jorge_munoz has quit IRC21:19
*** rk4n has quit IRC21:23
*** spandhe has joined #openstack-keystone21:29
*** mylu has quit IRC21:32
*** ngupta has quit IRC21:33
*** jsavak has quit IRC21:36
*** rk4n has joined #openstack-keystone21:36
*** CaioBrentano has quit IRC21:39
*** daemontool has joined #openstack-keystone21:41
*** aginwala has quit IRC21:42
*** pushkaru has quit IRC21:45
ayoungwhere were the numbers for how many code reviews each person had done?21:47
*** slberger has left #openstack-keystone21:47
*** ebalduf_ has quit IRC21:48
*** openstackgerrit has quit IRC21:48
*** openstackgerrit has joined #openstack-keystone21:48
knikollaayoung, http://stackalytics.com/?module=keystone21:50
*** e0ne has joined #openstack-keystone21:50
ayoungknikolla, thanks...just found it meself21:50
*** mylu has joined #openstack-keystone21:53
*** arunkant has joined #openstack-keystone21:54
*** timcline has joined #openstack-keystone21:55
*** timcline has quit IRC21:59
*** aginwala has joined #openstack-keystone22:00
*** sigmavirus24 is now known as sigmavirus24_awa22:02
*** jbell8 has quit IRC22:02
*** harlowja_at_home has joined #openstack-keystone22:08
*** mylu has quit IRC22:09
*** hogepodge has quit IRC22:12
*** mylu has joined #openstack-keystone22:14
*** darrenc is now known as darrenc_afk22:14
ayoungstevemar, on https://review.openstack.org/#/c/295049/ (Policy Merge) what if instead I proposed it as a command line tool/library, that we could then later add to the policy API if desired?22:18
patchbotayoung: patch 295049 - keystone-specs - Policy Merge22:18
*** rk4n has quit IRC22:20
*** e0ne has quit IRC22:21
*** rk4n has joined #openstack-keystone22:22
*** rk4n has quit IRC22:22
*** mylu has quit IRC22:23
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609022:28
knikollaayoung, I wanted to push something so I can receive comments ^22:30
ayoungknikolla, awesome.22:30
ayoungLooking now22:30
knikollaI hardcoded some values in init, it helps when running python on the shell.22:31
knikollabut they'll come from the actual config file.22:32
*** gordc has quit IRC22:32
ayoungknikolla, yeah, I can see that22:32
*** mylu has joined #openstack-keystone22:33
morganknikolla: suggest naming it something other than "ldap3" "ldap3_identity" so you can avoid absolute_import needs22:34
ayoung++22:34
ayoungldap3driver22:35
*** darrenc_afk is now known as darrenc22:35
morganknikolla: also, see my comment on the copyright attribution22:35
knikollamorgan, yeah, i had that doubt earlier, one of the reasons why i pushed the change.22:35
*** tellesnobrega_af is now known as tellesnobrega22:35
morganknikolla: but otherwise good start22:35
ayoungmorgan, I'm still leery about the pure python nature of this driver.  I wonder how well it does all the SASL stuff.  Should hand off to native libraries for that, but maybe it does, and just the LDAP stuff itslef is in python?22:36
ayoungdon't want to do crypto in python22:36
knikollaayoung, http://ldap3.readthedocs.org/ssltls.html22:37
ayoungknikolla, its a great start22:37
morganknikolla: also NotImplementedError for the write methods should be an explicit 403 Forbidden - from a REST API standpoint, the caller has no permission to write, so always a 403 not a 500 error.22:38
morganknikolla: NotImplementedError is python-specific and would result in a 500 (commented on the review to this nature too).22:38
ayoungknikolla, yeah, but I wonder howthey call the GSSAPI code.22:38
morganknikolla: def. a nice start.22:38
ayoungthat is a native library.22:39
*** hogepodge has joined #openstack-keystone22:39
morganayoung: it might need a wrapper for a GSSAPI aware thing.22:39
morganayoung: *shrug*22:39
knikollamorgan, what would be the correct exception?22:39
ayoungmorgan, yeah, I just don't want to pull in the dependency by accident22:39
morganayoung: a wrapper would be totally fine to call into a C-Binding Module22:39
morganknikolla: Forbidden22:39
ayoungOK, I need to head home.  knikolla listen to morgan as he is thinking much more clearly than I am right now.  Actually, the "right now" in that statement might be superfluous.22:41
morganknikolla: either https://github.com/openstack/keystone/blob/master/keystone/exception.py#L143 or https://github.com/openstack/keystone/blob/master/keystone/exception.py#L23122:41
morganayoung: lies, i'm 2 pints in for the afternoon (ok ok one pint and it was at lunch w/ a burger)22:41
ayoungknikolla, I'd start a functional test somehow, probably in keystone/tests/functional/test_ldap322:41
ayoungand make sure you can drive the code from that22:42
dstanekayoung: ++22:42
ayoungknikolla, make no assumptions about what data is in the dirsrc before hand, but use ldap3 calls to populate users by autogenerating uuids for everything22:42
morganknikolla: or https://github.com/openstack/keystone/blob/master/keystone/exception.py#L238 might be the right exception22:42
morgandstanek: oooh rain! :P22:42
ayoungand clean up at the end of each run.22:43
morgandstanek: oh wait... i ive in the pacific northwest.22:43
morgandstanek: :P22:43
ayoungmorgan, we had snow22:43
ayoungit is, technically, spring right now22:43
ayoungand I was shovelling yesterda22:43
ayoungy22:43
ayoungok.. home22:43
ayoungbye22:43
*** ayoung has quit IRC22:43
knikollaunderstood. thanks for the feedback/22:44
knikollai'm heading home too for now.22:44
knikollabye22:44
morganknikolla: cheers22:44
morganknikolla: have a good evening22:44
knikollamorgan: thanks morgan, you too.22:44
knikollamorgan, btw i stumbled upon your keystone talk at pycon on youtube yesterday22:44
*** csoukup has quit IRC22:46
morganknikolla: haha22:47
morganknikolla: oy. that wasn't the best talk i've ever given =/22:47
*** aginwala has quit IRC22:48
*** knikolla has quit IRC22:49
*** aginwala has joined #openstack-keystone23:01
*** henrynash has joined #openstack-keystone23:02
*** ChanServ sets mode: +v henrynash23:02
*** akanksha_ has quit IRC23:07
*** henrynash has quit IRC23:08
*** dims_ has joined #openstack-keystone23:12
*** dims has quit IRC23:15
*** dims has joined #openstack-keystone23:15
*** dims_ has quit IRC23:18
*** dan_nguyen has joined #openstack-keystone23:18
*** dims_ has joined #openstack-keystone23:19
*** dims has quit IRC23:22
*** dims has joined #openstack-keystone23:23
*** mylu has quit IRC23:24
*** dims_ has quit IRC23:25
*** mylu has joined #openstack-keystone23:26
openstackgerritColleen Murphy proposed openstack/keystone: Fix keystone-manage config file path  https://review.openstack.org/29611023:27
*** mylu has quit IRC23:28
*** lhcheng has quit IRC23:31
*** lhcheng has joined #openstack-keystone23:32
*** ChanServ sets mode: +v lhcheng23:32
*** lhcheng has quit IRC23:32
*** lhcheng has joined #openstack-keystone23:33
*** ChanServ sets mode: +v lhcheng23:33
*** mylu has joined #openstack-keystone23:35
*** knikolla has joined #openstack-keystone23:39
*** mylu has quit IRC23:40
*** mylu has joined #openstack-keystone23:41
*** markvoelker has quit IRC23:44
*** markvoelker has joined #openstack-keystone23:47
*** fawadkhaliq has quit IRC23:48
*** fawadkhaliq has joined #openstack-keystone23:49
*** tqtran has quit IRC23:52
*** shoutm has joined #openstack-keystone23:54
« Monday, 2016-03-21 Index Wednesday, 2016-03-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!