Wednesday, 2017-03-15

*** gyee has joined #openstack-keystone		00:02
*** hoonetorg has quit IRC		00:22
*** MasterOfBugs has quit IRC		00:26
*** r-daneel has quit IRC		00:30
*** aasthad has quit IRC		00:32
*** catintheroof has joined #openstack-keystone		00:32
*** hoonetorg has joined #openstack-keystone		00:35
*** guoshan has joined #openstack-keystone		00:39
*** zhurong has joined #openstack-keystone		00:53
*** guoshan has quit IRC		01:00
*** agrebennikov has quit IRC		01:15
*** hoonetorg has quit IRC		01:16
*** Shunli has joined #openstack-keystone		01:21
*** edmondsw has joined #openstack-keystone		01:21
*** liujiong_lj has joined #openstack-keystone		01:23
*** catintheroof has quit IRC		01:24
*** Shunli has quit IRC		01:28
*** Shunli has joined #openstack-keystone		01:29
*** hoonetorg has joined #openstack-keystone		01:30
*** catintheroof has joined #openstack-keystone		01:30
*** catintheroof has quit IRC		01:32
*** liujiong_lj is now known as liujiong		01:35
*** guoshan has joined #openstack-keystone		01:36
*** edmondsw has quit IRC		01:36
*** namnh has joined #openstack-keystone		01:53
openstackgerrit	Merged openstack/keystonemiddleware master: Remove old comment referencing fixed bug https://review.openstack.org/443235	01:56
*** wangqun has joined #openstack-keystone		02:00
lbragstad	rderose you're doing a talk on PCI in Boston, right?	02:11
lbragstad	rderose do you know when and where it will be?	02:12
*** zsli_ has joined #openstack-keystone		02:14
rderose	lbragstad: yeah, right	02:15
rderose	lbragstad: let me see	02:15
lbragstad	rderose no rush if you can't find it right now - but i want to promote it in my presentation	02:15
lbragstad	in the event mine happens before yours	02:16
*** Shunli has quit IRC		02:16
*** zsli__ has joined #openstack-keystone		02:18
rderose	lbragstad: Thu 4:10 PM	02:18
rderose	lbragstad: doesn't say where	02:18
lbragstad	sweet	02:19
rderose	lbragstad: what is your topic on?	02:19
lbragstad	rderose it's a project update on keystone	02:20
rderose	I see	02:20
lbragstad	recapping what we've done in Ocata, what we're doing in Pike and so on	02:20
rderose	lbragstad: do you want to switch?	02:20
rderose	:)	02:20
lbragstad	lol nope :)	02:20
*** zsli_ has quit IRC		02:20
lbragstad	rderose i did throw together a slide deck if you need one	02:20
rderose	lbragstad: cool, yeah that would be great	02:21
lbragstad	rderose https://docs.google.com/presentation/d/1s9BNHI4aHs_fEcCYuekDCFwMg1VTsKCHMkSko92Gqco/edit?usp=sharing	02:21
lbragstad	rderose don't feel obligated to use it - i just figured it would be nice to work in that new mascot	02:21
rderose	lbragstad: nice	02:21
rderose	lbragstad: that's perfect	02:21
rderose	thx	02:21
lbragstad	rderose no problem	02:22
*** aasthad has joined #openstack-keystone		02:54
*** gyee has quit IRC		03:01
*** markvoelker has quit IRC		03:06
*** gyee has joined #openstack-keystone		03:17
*** browne has quit IRC		03:18
*** masterjcool has quit IRC		03:20
*** knangia has quit IRC		03:21
*** masterjcool has joined #openstack-keystone		03:32
*** nicolasbock has quit IRC		03:42
*** rderose has quit IRC		03:54
*** knangia has joined #openstack-keystone		03:55
*** links has joined #openstack-keystone		03:56
*** namnh has quit IRC		04:05
*** markvoelker has joined #openstack-keystone		04:07
*** markvoelker has quit IRC		04:13
openstackgerrit	Merged openstack/oslo.policy master: Seperate each policy rule with new line https://review.openstack.org/443332	04:18
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements https://review.openstack.org/439318	04:20
*** dikonoor has joined #openstack-keystone		04:21
openstackgerrit	OpenStack Proposal Bot proposed openstack/oslo.policy master: Updated from global requirements https://review.openstack.org/445128	04:26
*** dikonoor has quit IRC		04:28
*** zsli_ has joined #openstack-keystone		04:38
*** zsli__ has quit IRC		04:40
*** zhurong has quit IRC		05:00
*** david-lyle has quit IRC		05:04
*** wangqun_ has joined #openstack-keystone		05:07
*** wangqun has quit IRC		05:07
*** josecastroleon has quit IRC		05:07
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/445750	05:11
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements https://review.openstack.org/439318	05:11
*** wangqun has joined #openstack-keystone		05:11
*** wangqun_ has quit IRC		05:13
*** wangqun has quit IRC		05:18
*** wangqun has joined #openstack-keystone		05:18
*** dikonoor has joined #openstack-keystone		05:19
*** dikonoor has quit IRC		05:28
*** dikonoor has joined #openstack-keystone		05:28
*** zsli_ has quit IRC		05:39
*** zsli_ has joined #openstack-keystone		05:40
*** richm has quit IRC		05:43
*** dikonoor has quit IRC		05:48
*** gyee has quit IRC		05:51
*** MasterOfBugs has joined #openstack-keystone		05:58
*** adriant has quit IRC		05:59
*** zsli_ has quit IRC		06:08
*** markvoelker has joined #openstack-keystone		06:09
*** dikonoor has joined #openstack-keystone		06:11
*** markvoelker has quit IRC		06:13
*** aojea has joined #openstack-keystone		06:37
*** namnh has joined #openstack-keystone		06:48
*** jaosorior has joined #openstack-keystone		06:52
jaosorior	jamielennox: thanks for checking out the patch. still around?	06:52
jamielennox	jaosorior: yea, i'mhere	06:52
*** pnavarro has joined #openstack-keystone		06:53
jaosorior	jamielennox: not sure if it's something valid to catch in tempest. or if there's ever a valid case where the hrefs returned by the discovery are expected to differ from the auth_url used.	06:54
jaosorior	jamielennox: is you mentioned we should be using keystoneauth instead. Will discovery from keystoneclient be deprecated then?	06:56
jamielennox	jaosorior: so i didn't spend a lot of time trying to understand the use case, but i don't understand why something would be valid pointing to a wrong url	06:56
*** zhurong has joined #openstack-keystone		06:57
jaosorior	jamielennox: ok, so the case is when keystone is behind a TLS proxy. It's a pretty common case that, since it's behind the proxy, one tries to access it via https, while discovery returns http	06:58
jaosorior	so, more than the whole URL, it's an issue with the scheme or protocol	06:58
jaosorior	now, while I agree this is an issue of the deployer. I wouldn't want to break users that have no control over how the openstack deployment is done.	06:59
jaosorior	so, users that upgrade clients that use keystone discovery will be broken by this, and won't have much choice but to use older clients.	07:00
jamielennox	jaosorior: whilst i agree i don't want to break users we've done a whole bunch of things to make this easy for deployers	07:03
jamielennox	keystoneauth will happily accept a relative url from discovery	07:03
jamielennox	every service now ships with proxy_to_wsgi by default	07:04
openstackgerrit	Merged openstack/oslo.policy master: Updated from global requirements https://review.openstack.org/445128	07:04
jaosorior	jamielennox: these deployers use icehouse and are in the process of migrating... but it'll be a while before they get to http_proxy_to_wsgi	07:04
jamielennox	and we very recently had keystoneauth called out on the ML for doing too much to hide the problems of deployments, meaning that too much knowledge is wrapped up in python client code that a golang or other language will have to copy because there is reduced pressure on the deploy to fix it	07:05
jamielennox	jaosorior: then i imagine a lot more stuff that TLS termination is broken	07:06
jaosorior	alright	07:06
jamielennox	also, i'm probably wrong but it's just middleware why can't you use a newer version	07:06
jamielennox	i guess the dependencies will conflict	07:06
*** henrynash has joined #openstack-keystone		07:06
jaosorior	it's not up to me dude	07:06
jaosorior	I'm just trying to be nice and not break folks	07:06
jamielennox	i mean the whole point of proxy_to_wsgi is so the service doesn't care	07:07
jaosorior	right	07:07
jamielennox	can you just backport that to the icehouse deploy and roll it?	07:07
*** josecastroleon has joined #openstack-keystone		07:08
jaosorior	jamielennox: I did mention it wasn't my deployment, right?	07:08
jamielennox	jaosorior: ok, i just figured you were involved somehow to be pushing the idea	07:09
jaosorior	jamielennox: it's not my deployment. I'm trying to move a project to use generic interfaces instead of v2 or v3 plugins specifically (to be able to use versionless endpoints) and this issue came up from a user that tried it in production.	07:10
jamielennox	jaosorior: lol, wow	07:10
jamielennox	don't suppose you can lodge a ticket? their deployment is actually broken as it is now so it's a valid request to get them to change the config to use https:// endpoints	07:10
jaosorior	yeah, I tried to point the dude on how to fix it even for that version of keystone.	07:11
jaosorior	yet, I did see several tickets for older versions of keystone on our side, and since we also had to fix it for tripleo; to figure this was a fairly common problem	07:11
jaosorior	so yeah, if I had seen this before for older versions, and he had an issue with his provider, then might as well try to fix it or work around it for folks	07:12
jamielennox	jaosorior: so the idea here is that you should be loading this sort of information from configuration anyway right?	07:12
jamielennox	so for a broken deployment instead of using auth_type=password use auth_type=v3password and point auth_url at the versioned url	07:12
jamielennox	like the projects should not be trying to figure out how a user wants to auth	07:13
jaosorior	jamielennox: or use public_endpoint and add the https there	07:13
jamielennox	it's back to the x509 and kerberos problems - a project can't know all this information and ksa specifically tries to abstract it from them	07:14
jaosorior	I don't really think abstraction is a bad thing	07:14
jamielennox	what's the project code that is causing this problem?	07:15
*** pnavarro has quit IRC		07:16
jaosorior	jamielennox: https://review.openstack.org/#/c/443104	07:16
jamielennox	ergh, swiftclient	07:17
jaosorior	haha	07:17
jamielennox	jaosorior: so swiftclient does this horribly and we've had various talks about how we could fix it	07:18
jaosorior	jamielennox: and that one came up cause we're trynig to deploy tripleo using versionless endpoints only.	07:18
jaosorior	jamielennox: I honestly just looked for the shortest path that would work. But I could rework that.	07:19
jamielennox	jaosorior: so a little while ago i got a patch into swiftclient to accept a session	07:19
jaosorior	right	07:21
jamielennox	jaosorior: it's certainly not pretty, but it should work that if you rewrite whatever is consuming swiftclient to pass a ksa session that already has auth you should be able to bypass all the swiftclient bullshit	07:22
*** henrynash has quit IRC		07:23
jaosorior	jamielennox: I don't find that patch where you got to accept a session	07:23
jamielennox	jaosorior: hmm, i can't remember if i got it done in my name	07:24
jamielennox	https://review.openstack.org/#/c/298968/	07:25
jamielennox	it's super limited and they were desperate to avoid a hard dependency	07:25
jamielennox	but if you do Connection(session=session) you should get the auth you want	07:25
jaosorior	jamielennox: interesting, let me try that out	07:27
*** knangia has quit IRC		07:31
jaosorior	jamielennox: checking out glance_store. It seems to me that with the usage of a session, pretty much this chunk is not needed is it? https://github.com/openstack/glance_store/blob/master/glance_store/_drivers/swift/connection_manager.py#L83-L95	07:36
jaosorior	jamielennox: if we pass a session to get_store_connection which is the one that creates the instance of swiftclient's Connection	07:36
*** wxy has joined #openstack-keystone		07:36
*** maciejjozefczyk has joined #openstack-keystone		07:43
*** tesseract has joined #openstack-keystone		07:44
*** aojea has quit IRC		07:45
jaosorior	jamielennox: https://review.openstack.org/445802	07:51
jamielennox	jaosorior: yea, all that part is redundant	07:56
jamielennox	keystoneauth will handle the refresh	07:56
jamielennox	jaosorior: i'll owe you many beers if you can fix glance_store -> swiftclient stuff, that's the current thing i couldn't get past with deprecating the old keytoneclient.Client() interface	07:57
jamielennox	it's not that it's impossible but both glance and swiftclient has built up years of redundant bullshit there and there's just not an easy deprecation path	07:58
jamielennox	also because glance_store invented their own configuration file format, so we would need a new launcher type to load the auth from .ini files	07:59
*** zzzeek has quit IRC		08:00
*** zzzeek has joined #openstack-keystone		08:00
jaosorior	jamielennox: updated the patch	08:03
jamielennox	jaosorior: see my comments?	08:04
jaosorior	ah	08:04
jaosorior	now I got the email	08:04
*** pcaruana has joined #openstack-keystone		08:05
jaosorior	fixing it	08:06
jaosorior	jamielennox: ok, updated the commit, what do you think? I still gotta fix the unit tests though	08:09
*** markvoelker has joined #openstack-keystone		08:10
jamielennox	jaosorior: why the self.client.authenticate()	08:10
jamielennox	and self.client.session, where are you extracting the session from - that's a bad idea	08:10
jaosorior	jamielennox: I removed that bit	08:11
jaosorior	jamielennox: have you seen the latest commit?	08:11
jamielennox	i think so	08:11
jamielennox	yea, #3 connection_manager	08:11
jaosorior	funky	08:12
jaosorior	I removed that whole part..	08:12
jaosorior	duh	08:13
jaosorior	hadn't saved	08:13
*** markvoelker has quit IRC		08:14
jamielennox	jaosorior: so i've had attemptes at refactoring this part - there's no reason for glance_store to depend on ksc, it should only need ksa	08:14
jamielennox	but the key will be to make it configurable rather that relying on V3Password directly	08:15
jamielennox	have that whole thing loaded from config somehow	08:15
jaosorior	jamielennox: by the way, doesn't V3Password force one to use a v3 versioned endpoint? wouldn't it be better to use the generic auth plugins?	08:17
jamielennox	jaosorior: it does force you to use unversioned	08:17
jamielennox	jaosorior: what we want is for that whole bit to be configurable	08:17
jamielennox	load it the way auth_token and everything eles does	08:18
jaosorior	jamielennox: also, it seems that they use the trusts API, so, wouldn't they need the client for tat?	08:19
jaosorior	*that	08:19
jamielennox	ew, you'd have to ask glance why they use trusts there - they have a user/pass, why do they want a trust?	08:20
jaosorior	no idea	08:20
jamielennox	jaosorior: i've tried various refactors through here, i hope you have better luck	08:20
jaosorior	jamielennox: well, what do you think of the latest patch set? I think it's a good first step. Then figure out why they need trusts; come up with an alternative, and iterate from there.	08:23
jamielennox	jaosorior: seems like a good start, i dont know it well enough to say all the implications	08:26
jamielennox	like i'd like to avoid returning a client at all, but baby steps	08:26
*** guoshan_ has joined #openstack-keystone		08:27
jaosorior	jamielennox: and swiftclient should be able to use a session, and then it wouldn't try to create that keystoneclient instance, right?	08:27
*** guoshan has quit IRC		08:27
*** zhurong has quit IRC		08:28
jamielennox	yea	08:28
jamielennox	but at least in this case you're creating the session, passing it to ksc, then using the session again	08:28
*** henrynash has joined #openstack-keystone		08:29
jamielennox	things get bad when you do Client(username=x, password=y, ...) then use the session it creates internally	08:29
jaosorior	I see	08:29
*** d0ugal has joined #openstack-keystone		08:31
*** josecastroleon has quit IRC		08:33
*** Shunli has joined #openstack-keystone		08:39
*** guoshan_ has quit IRC		08:43
*** guoshan has joined #openstack-keystone		08:44
*** aasthad has quit IRC		08:52
*** Shunli has quit IRC		08:53
*** Shunli has joined #openstack-keystone		08:53
*** zsli_ has joined #openstack-keystone		09:08
*** henrynash has quit IRC		09:08
*** Shunli has quit IRC		09:11
*** henrynash has joined #openstack-keystone		09:20
*** henrynash has quit IRC		09:21
*** henrynash has joined #openstack-keystone		09:23
*** aojea has joined #openstack-keystone		09:24
*** henrynash has quit IRC		09:27
*** liujiong_lj has joined #openstack-keystone		09:27
*** liujiong has quit IRC		09:27
*** zhurong has joined #openstack-keystone		09:28
*** jaosorior is now known as jaosorior_lunch		09:28
*** zsli_ has quit IRC		09:33
*** liujiong_lj is now known as liujiong		09:36
*** zhurong has quit IRC		09:38
*** zhurong has joined #openstack-keystone		09:43
*** josecastroleon has joined #openstack-keystone		09:50
*** zhurong has quit IRC		09:53
*** dmellado has quit IRC		09:54
*** dmellado has joined #openstack-keystone		10:02
*** edmondsw has joined #openstack-keystone		10:02
*** guoshan has quit IRC		10:03
*** guoshan has joined #openstack-keystone		10:06
*** wangqun has quit IRC		10:06
*** edmondsw has quit IRC		10:06
*** aojea has quit IRC		10:08
*** markvoelker has joined #openstack-keystone		10:10
*** richm has joined #openstack-keystone		10:13
*** markvoelker has quit IRC		10:15
*** openstackgerrit has quit IRC		10:18
*** liujiong has quit IRC		10:23
*** aojea has joined #openstack-keystone		10:24
*** namnh has quit IRC		10:41
*** guoshan has quit IRC		10:41
*** henrynash has joined #openstack-keystone		10:46
*** nicolasbock has joined #openstack-keystone		10:50
*** aojea has quit IRC		10:53
*** aojea has joined #openstack-keystone		10:56
*** dikonoor has quit IRC		10:58
*** raildo has joined #openstack-keystone		11:01
*** raildo has quit IRC		11:01
*** raildo has joined #openstack-keystone		11:02
*** henrynash has quit IRC		11:35
*** aojea has quit IRC		11:39
*** mewald has joined #openstack-keystone		11:41
mewald	We have a cloud with separate networks für public API access and internal communication between services. The public one is a routed network, the internal is - well internal only. I need it to be possible to run e.g. "openstack project create" from the public network without SSHing or VPNing into the internal network. What is the best way to configure this?	11:43
*** jdennis has joined #openstack-keystone		11:51
*** jdennis1 has quit IRC		11:54
*** dikonoor has joined #openstack-keystone		12:00
breton	mewald: --interface option of `openstack` cli	12:07
breton	oh, it's --os-interface	12:09
*** markvoelker has joined #openstack-keystone		12:11
*** aojea has joined #openstack-keystone		12:11
*** guoshan has joined #openstack-keystone		12:12
*** MasterOfBugs has quit IRC		12:12
*** markvoelker has quit IRC		12:16
*** jaosorior_lunch is now known as jaosorior		12:21
mewald	breton: There is no network connectivity to the admin api endpoint	12:31
mewald	I would need the API calls to be available on the public network	12:32
*** edmondsw has joined #openstack-keystone		12:34
*** henrynash has joined #openstack-keystone		12:35
*** edmondsw has quit IRC		12:37
*** edmondsw has joined #openstack-keystone		12:37
*** markvoelker has joined #openstack-keystone		12:38
*** openstackgerrit has joined #openstack-keystone		12:43
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/445750	12:43
*** jaosorior has quit IRC		12:46
*** jaosorior has joined #openstack-keystone		12:47
*** spilla has joined #openstack-keystone		12:51
breton	mewald: i am not sure why you are talking about admin api endpoint	12:52
*** erhudy has joined #openstack-keystone		12:52
mewald	breton: yeah me neither :D I thought that API calls like creating projects or domains etc can only be issued against the admin endpoint, is that not true?	12:52
breton	mewald: projects are from API v3. There is no admin api endpoint in API v3. So, you can just pass --os-interface public to openstack cli	12:52
*** guoshan has quit IRC		12:53
mewald	oh ok	12:53
mewald	let me try it then :D	12:53
breton	mewald: yep, that's not true for v3.	12:53
*** catintheroof has joined #openstack-keystone		12:59
mewald	breton: Nice, it just works :D My lucky day!	13:01
*** links has quit IRC		13:02
jaosorior	rodrigods: Hey dude, can you check this out https://review.openstack.org/#/c/445802/ ?	13:04
rodrigods	jaosorior, sure :)	13:04
rodrigods	will take a look in a few	13:05
*** aojea has quit IRC		13:15
*** bauruine has quit IRC		13:15
*** bauruine has joined #openstack-keystone		13:16
*** lucasxu has quit IRC		13:18
*** aojea has joined #openstack-keystone		13:19
*** aojea has quit IRC		13:19
*** aojea has joined #openstack-keystone		13:19
*** bauruine has quit IRC		13:20
*** bauruine has joined #openstack-keystone		13:21
*** mewald has left #openstack-keystone		13:43
*** markvoelker_ has joined #openstack-keystone		13:54
*** markvoelker has quit IRC		13:55
*** aojea has quit IRC		14:00
*** zhurong_ has joined #openstack-keystone		14:03
*** aojea_ has joined #openstack-keystone		14:04
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add reno conventions to developer documentation https://review.openstack.org/444955	14:05
*** links has joined #openstack-keystone		14:06
*** zhurong_ has quit IRC		14:06
*** knangia has joined #openstack-keystone		14:07
*** henrynash has quit IRC		14:10
*** lucasxu has joined #openstack-keystone		14:12
*** agrebennikov has joined #openstack-keystone		14:20
*** chris_hultin\|AWA is now known as chris_hultin		14:22
*** chris_hultin is now known as chris_hultin\|AWA		14:32
*** dave-mccowan has joined #openstack-keystone		14:38
*** d0ugal has quit IRC		14:42
*** dikonoor has quit IRC		14:42
*** links has quit IRC		14:42
*** d0ugal has joined #openstack-keystone		14:43
*** rderose has joined #openstack-keystone		14:47
*** aojea_ has quit IRC		14:47
lbragstad	reminder that we have the policy meeting starting in 5 minutes in #openstack-meeting-cp	14:54
lbragstad	cc antwash, raildo, ktychkova, dolphm, dstanek, rderose, htruta, atrmr, gagehugo, lamt, thinrichs, edmondsw, ruan, ayoung, ravelar, morgan, raj_singh, johnthetubaguy, knikolla ^	14:55
johnthetubaguy	lbragstad: its that UTC timing correct?	14:55
* lbragstad facepalm		14:55
lbragstad	correct - it should in an hour and 5 minutes ;)	14:56
breton	oh, it's this time of year again	14:57
johnthetubaguy	lbragstad: no worries, was just checking, I get a few weeks till I move	15:02
*** aojea has joined #openstack-keystone		15:05
knikolla	o/	15:06
*** jaugustine has joined #openstack-keystone		15:12
*** henrynash has joined #openstack-keystone		15:12
*** aojea has quit IRC		15:15
*** aojea has joined #openstack-keystone		15:15
*** lucasxu has quit IRC		15:16
*** ayoung is now known as ayoung-teeth		15:22
*** voelzmo has joined #openstack-keystone		15:29
*** lamt has joined #openstack-keystone		15:29
*** aasthad has joined #openstack-keystone		15:31
gagehugo	o/	15:34
*** oomichi has quit IRC		15:36
*** jaugustine has quit IRC		15:40
*** aojea has quit IRC		15:40
*** oomichi has joined #openstack-keystone		15:41
*** jaugustine has joined #openstack-keystone		15:42
*** aojea has joined #openstack-keystone		15:46
*** lucasxu has joined #openstack-keystone		15:51
*** david-lyle has joined #openstack-keystone		15:56
*** akrzos is now known as akrzos-spec		16:01
lbragstad	policy meeting starting now in #openstack-meeting-cp	16:01
*** jaosorior has quit IRC		16:02
*** voelzmo has quit IRC		16:09
*** aojea has quit IRC		16:26
*** clayton has quit IRC		16:28
*** clayton has joined #openstack-keystone		16:33
*** david-lyle_ has joined #openstack-keystone		16:34
*** david-lyle has quit IRC		16:34
*** ravelar has joined #openstack-keystone		16:40
lbragstad	notmorgan want to do an oslo.policy review (it's very close to approval) https://review.openstack.org/#/c/439070/	16:42
*** lucasxu has quit IRC		16:47
*** lucasxu has joined #openstack-keystone		16:48
lbragstad	antwash one comment on the commit message here - https://review.openstack.org/#/c/439070/16	16:49
*** gyee has joined #openstack-keystone		16:50
*** tesseract has quit IRC		16:53
antwash	lbragstad: awe make sense -- I'll go ahead and remove it	16:55
openstackgerrit	Anthony Washington proposed openstack/oslo.policy master: Add additional param to policy.RuleDefault https://review.openstack.org/439070	16:56
openstackgerrit	Anthony Washington proposed openstack/oslo.policy master: Add additional param to policy.RuleDefault https://review.openstack.org/439070	17:05
*** akrzos-spec is now known as akrzos		17:05
lbragstad	antwash ^ that's looking good	17:05
antwash	lbragstad : thanks lance, ready to get it merge	17:05
lbragstad	antwash you and me both	17:06
lbragstad	antwash i just reviewed the policy-in-code series, too	17:06
lbragstad	antwash had one minor comment on https://review.openstack.org/#/c/435754/8	17:06
antwash	devstack decided to stop working for me today smh, def need to create custom script with all my configs to rebuild a env	17:06
lbragstad	antwash and a naming suggestion on https://review.openstack.org/#/c/435755/9	17:06
antwash	lbragstad: I'll fix them once my env rebuilds lol	17:07
lbragstad	antwash sweet	17:07
openstackgerrit	Richard Avelar proposed openstack/keystone master: Policy in code (part 3) https://review.openstack.org/435754	17:12
*** lucasxu has quit IRC		17:12
*** lucasxu has joined #openstack-keystone		17:13
ravelar	lbragstad antwash o/ got it. Had a few min to spare on vacation.	17:13
* lbragstad holds door open for ravelar		17:14
lbragstad	ravelar go back to vacationing, sir	17:14
antwash	++ I need a vacation	17:14
* ravelar thanks lbragstad and speeds off		17:14
ravelar	antwash just get up and leave ;)	17:14
antwash	i am a good employee sir	17:15
ravelar	who has vacation days lol	17:15
*** ravelar has left #openstack-keystone		17:15
antwash	I need to use them for my next tattoo lol	17:15
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	17:17
*** erlon has joined #openstack-keystone		17:18
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	17:19
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	17:20
*** browne has joined #openstack-keystone		17:22
*** pcaruana has quit IRC		17:28
lbragstad	antwash you and me both ;)	17:35
antwash	lbragstad : you getting a new tat?	17:35
antwash	placement?	17:35
lbragstad	antwash i have to finish mine lol	17:35
antwash	lbragstad : awe, I thought it was finished lol -- whole sleeve or half?	17:36
lbragstad	antwash right now its a half	17:37
*** szaher has joined #openstack-keystone		17:39
*** henrynash has quit IRC		17:41
antwash	lbragstad: yeah I remember, when he/she be adding to make it a full or just finishing up half?	17:42
lbragstad	antwash well - i'd like to turn the half into a full - but the guy who did it is in Austin	17:43
*** MasterOfBugs has joined #openstack-keystone		17:45
*** ayoung-teeth is now known as ayoung		17:45
antwash	lbragstad : aweee now I see lol man that sucks -- I got my first one an I've been addicted every since https://www.instagram.com/p/BLABMj8AF8u/?taken-by=g_gravestattoos&hl=en	17:47
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	17:50
lbragstad	antwash nice!	17:56
lbragstad	antwash `git review -d 435754; git review -x 435755; git review` should rebase part 4 on part 3 without pushing a new version of part 3	17:57
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 3) https://review.openstack.org/435754	18:00
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	18:00
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 5) https://review.openstack.org/435757	18:00
antwash	lbragstad : awe shoot lol wish I would've read it before pushing up haha #badtiming	18:00
antwash	^ in theory it should solve all the merge conflicts	18:00
* antwash praises it does solve them		18:01
*** raildo has quit IRC		18:10
*** lucasxu has quit IRC		18:13
*** lucasxu has joined #openstack-keystone		18:16
*** gyee has quit IRC		18:18
*** pramodrj07 has joined #openstack-keystone		18:23
*** MasterOfBugs has quit IRC		18:23
*** pramodrj07 has quit IRC		18:25
*** MasterOfBugs has joined #openstack-keystone		18:25
*** MasterOfBugs has quit IRC		18:27
*** MasterOfBugs has joined #openstack-keystone		18:27
*** henrynash has joined #openstack-keystone		18:38
*** voelzmo has joined #openstack-keystone		18:39
*** henrynash has quit IRC		18:47
*** catinthe_ has joined #openstack-keystone		18:48
*** afazekas_ is now known as afazekas		18:50
*** catintheroof has quit IRC		18:51
*** voelzmo has quit IRC		18:53
*** lamt has quit IRC		19:02
*** lamt has joined #openstack-keystone		19:04
*** aasthad has quit IRC		19:12
openstackgerrit	Merged openstack/keystone master: Add reno conventions to developer documentation https://review.openstack.org/444955	19:18
*** edtubill has joined #openstack-keystone		19:34
*** aasthad has joined #openstack-keystone		19:42
*** voelzmo has joined #openstack-keystone		19:42
*** antwash has quit IRC		19:45
*** raj_singh has quit IRC		19:45
*** jascott1 has quit IRC		19:45
*** jlopezgu has quit IRC		19:45
*** iurygregory has quit IRC		19:47
*** henrynash has joined #openstack-keystone		19:50
*** iurygregory has joined #openstack-keystone		19:50
*** iurygregory has quit IRC		19:56
*** david-lyle_ is now known as david-lyle		19:57
openstackgerrit	Merged openstack/keystone master: Updated from global requirements https://review.openstack.org/445750	19:58
*** lamt has quit IRC		19:58
*** iurygregory has joined #openstack-keystone		20:00
*** voelzmo has quit IRC		20:03
*** richm has quit IRC		20:05
*** gus has quit IRC		20:07
*** rdo has quit IRC		20:09
*** gus has joined #openstack-keystone		20:09
*** rdo has joined #openstack-keystone		20:11
notmorgan	lbragstad: reviewed the oslo.policy patch	20:12
notmorgan	+1, jonhthetubaguy had a concern, and if his -1 is answered, i'll +2.	20:12
*** henrynash has quit IRC		20:12
lbragstad	notmorgan checking	20:14
*** henrynash has joined #openstack-keystone		20:14
EmilienM	lbragstad: if we want to move forward with https://review.openstack.org/#/c/445592/ - should we propose a spec in Keystone instead?	20:15
lbragstad	johnthetubaguy notmorgan the new class was added based on a comment edmondsw had	20:16
EmilienM	if we can 1. support key/value store backend for token storage and 2. perform rotations in a periodic task within Keystone, that's a problem solved for all deployments in OpenStack	20:16
notmorgan	right	20:16
EmilienM	I would be happy to abandon my spec in TripleO and help to solve it in Keystone	20:16
notmorgan	it's specific to description to "desc" in the new class	20:16
notmorgan	nothing else seems to be holding it up	20:16
notmorgan	it was odd to rename "description" to "Desc"	20:16
notmorgan	then store it on the new class	20:17
edmondsw	notmorgan yeah, that was a bit odd, but since it's no longer a kwarg I didn't know that that would matter	20:18
notmorgan	i would pass description through and make description an @property on the new class	20:18
notmorgan	would be caught in the superclass set in __init__	20:18
notmorgan	but thats just my $0.002	20:18
notmorgan	it's not a deal breaker	20:18
notmorgan	it's just a "hey i'd like a clear answer and i'll +2/+A"	20:18
notmorgan	since it was brought up as odd	20:19
EmilienM	can someone from keystone core can re-explain why we abandon https://review.openstack.org/#/c/439194 ?	20:19
notmorgan	EmilienM: simply put 2 things, 1) the proposers were not continuing work on it/no one doing work for it	20:22
EmilienM	iiuc, nobody has time to do it	20:22
EmilienM	ok it confirms what I read in the keystone meeting	20:22
lbragstad	notmorgan i think the reason why it wasn't passed up was because we're being more strict with the validation	20:22
EmilienM	it's sad to see OSA, Kolla, Helm (and tripleo soon) doing their own things	20:22
lbragstad	if people use DocumentedRuleDefault, they must provide a description	20:22
notmorgan	EmilienM: and 2) all uses of fernet needs to have the same pluggable system	20:22
lbragstad	if they are using RuleDefault, they don't	20:22
EmilienM	notmorgan: we could make it optional	20:23
EmilienM	notmorgan: provide a way to use File or a key/value store backend	20:23
lbragstad	so if we start requiring descriptions and roll a new version of oslo.policy, we might break people if they are using RuleDefault without providing descriptions	20:23
notmorgan	lbragstad: right, so on the new class.. make it mandatory	20:23
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 3) https://review.openstack.org/435754	20:23
notmorgan	i just didn't see why we needed to make it a new name for the arg, not pass it through	20:24
notmorgan	you could make .description on the new class an @property that does what .desc does	20:24
notmorgan	this is all still stuff located in the new class :)	20:24
notmorgan	the new class is 100% the right direction	20:24
lbragstad	well - it is mandatory	20:24
notmorgan	doesn't matter	20:24
lbragstad	the new class does require it	20:25
notmorgan	right	20:25
notmorgan	sooooo the question was...	20:25
lbragstad	looks like antwash is also doing some additonal validation when setting it though	20:25
lbragstad	see line 873	20:25
notmorgan	why not still keep it "description" in __init__ and then do:	20:25
notmorgan	https://www.irccloud.com/pastebin/dplUGx7H/	20:26
notmorgan	it would work with the super() call and where super sets .description	20:26
notmorgan	since the @settr catches it	20:26
notmorgan	is this all because we made it mandatory?	20:26
notmorgan	thats was the whole reason for the changE?	20:26
lbragstad	notmorgan so - that should catch it i DocumentedRuleDefault before calling setter of RuleDefault?	20:26
lbragstad	s/i/in/	20:27
notmorgan	RuleDefault doesn't have a settr on description	20:27
notmorgan	it is just an instance attribute	20:27
notmorgan	@settr is handled at the class level (think metaclass things) and is part of the class definition	20:28
notmorgan	it's not instance-specific	20:28
notmorgan	except that it references self	20:28
lbragstad	ok	20:28
notmorgan	but	20:28
notmorgan	i don't care that much	20:28
notmorgan	i just want to have a clear "why did we change it"	20:28
notmorgan	to answer johnthetubaguy's comment	20:29
lbragstad	agreed	20:29
notmorgan	or we can change it like i described	20:29
lbragstad	notmorgan that'd be the best solution	20:29
*** dave-mccowan has quit IRC		20:29
notmorgan	but it's fine either way (not trying to bike shed and hold it up here)	20:29
notmorgan	but i want to make sure john's comment is responded to before we merge	20:29
notmorgan	and if we want to fix it, slate a fix here or in a followup	20:29
lbragstad	notmorgan right - that's fine, we have several things we need to do in oslo.policy before we can do a new release	20:30
lbragstad	but as far as documenting the need for a new class, do you think the answer that I left is sufficient?	20:30
notmorgan	let me check	20:30
notmorgan	like i said, i think that doesn't answer john's comment	20:31
notmorgan	he's asking why it's not being passed to super()	20:31
notmorgan	and why the arg was renamed to desc	20:31
notmorgan	not why a new class	20:31
notmorgan	i think he gets the reason for the new class.	20:31
*** lamt has joined #openstack-keystone		20:32
notmorgan	lbragstad: so.. let me respond to your comment.	20:32
*** lamt has quit IRC		20:33
lbragstad	notmorgan just republished some comments	20:33
*** henrynash has quit IRC		20:33
notmorgan	cool	20:34
notmorgan	i responded to your question	20:34
notmorgan	as well	20:34
*** lamt has joined #openstack-keystone		20:35
notmorgan	i wouldn't hold this up over that change (desc->description), just as long as it was clear why it was renamed as a response to john i'd +2/+A it, we can cleanup make it "description" again in a rollowup before release if that is the direction we go	20:35
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 4) https://review.openstack.org/435755	20:36
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 5) https://review.openstack.org/435757	20:37
*** lamt has quit IRC		20:39
*** gus has quit IRC		20:40
*** gus has joined #openstack-keystone		20:42
lbragstad	notmorgan ok - http://cdn.pasteraw.com/46uqzw1u9j8ubsf12i48053oq4yvcxn should fix it	20:45
notmorgan	looks right to me	20:46
notmorgan	obv. need to test it.	20:46
lbragstad	tests pass for me locally	20:47
notmorgan	cool	20:48
*** voelzmo has joined #openstack-keystone		20:51
*** voelzmo has quit IRC		20:52
*** johndperkins has quit IRC		21:09
openstackgerrit	Anthony Washington proposed openstack/oslo.policy master: Add additional param to policy.RuleDefault https://review.openstack.org/439070	21:09
*** lucasxu has quit IRC		21:12
*** lucasxu has joined #openstack-keystone		21:12
*** lucasxu has quit IRC		21:12
*** dave-mccowan has joined #openstack-keystone		21:14
*** rmascena has joined #openstack-keystone		21:14
*** dave-mcc_ has joined #openstack-keystone		21:18
*** dave-mccowan has quit IRC		21:19
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 5) https://review.openstack.org/435757	21:22
*** browne has quit IRC		21:25
*** henrynash has joined #openstack-keystone		21:34
*** edmondsw has quit IRC		21:36
*** edmondsw has joined #openstack-keystone		21:37
*** edmondsw has quit IRC		21:41
openstackgerrit	Anthony Washington proposed openstack/keystone master: Policy in code (part 5) https://review.openstack.org/435757	21:41
*** rderose_ has joined #openstack-keystone		21:42
*** rderose has quit IRC		21:44
*** henrynash has quit IRC		21:45
*** lamt has joined #openstack-keystone		21:46
*** antwash has joined #openstack-keystone		21:49
*** edtubill has quit IRC		21:52
*** erlon has quit IRC		21:55
*** jamielennox has quit IRC		21:55
*** lamt has quit IRC		21:56
*** lamt has joined #openstack-keystone		22:09
*** edtubill has joined #openstack-keystone		22:09
*** adriant has joined #openstack-keystone		22:14
*** browne has joined #openstack-keystone		22:15
*** jamielennox has joined #openstack-keystone		22:15
*** aojea has joined #openstack-keystone		22:20
*** lamt has quit IRC		22:35
*** browne has quit IRC		22:49
*** gyee has joined #openstack-keystone		22:52
*** lamt has joined #openstack-keystone		22:57
*** lamt has quit IRC		23:02
*** catinthe_ has quit IRC		23:02
*** spilla has quit IRC		23:05
*** MasterOfBugs has quit IRC		23:08
*** jaugustine has quit IRC		23:11
*** aojea has quit IRC		23:14
*** aojea has joined #openstack-keystone		23:14
*** aojea has quit IRC		23:18
*** rmascena has quit IRC		23:36
*** agrebennikov has quit IRC		23:41
*** jplopezgu_ has joined #openstack-keystone		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!