Tuesday, 2017-10-24

*** gyee has quit IRC00:06
*** wes_dillingham has quit IRC00:32
*** wes_dillingham has joined #openstack-keystone00:41
*** thorst has joined #openstack-keystone00:43
*** thorst has quit IRC00:44
*** Shunli has joined #openstack-keystone00:56
*** dave-mccowan has joined #openstack-keystone01:02
*** sbezverk has quit IRC01:06
*** sbezverk has joined #openstack-keystone01:07
*** namnh has joined #openstack-keystone01:31
*** thorst has joined #openstack-keystone01:33
*** pramodrj07 has quit IRC01:34
*** MasterOfBugs has quit IRC01:34
*** thorst has quit IRC01:39
*** markvoelker has joined #openstack-keystone01:43
*** zhangjl has joined #openstack-keystone01:56
*** wes_dillingham has quit IRC02:20
*** prashkre has joined #openstack-keystone02:24
*** wes_dillingham has joined #openstack-keystone02:30
gagehugolbragstad looks like https://review.openstack.org/#/c/485344/ is ok as long as adding tags doesn't break API interoperability02:49
*** AlexeyAbashkin has joined #openstack-keystone02:57
*** AlexeyAbashkin has quit IRC03:02
lbragstadgagehugo: yeah - it appears we don't have the api-interop tag either03:17
lbragstadgagehugo: when/if we do microversions, then we will probably have that tag, which means doing things like tags will require microversions for those types of changes03:18
openstackgerritMerged openstack/oslo.policy master: Pass creds as a dict in tests  https://review.openstack.org/51436603:20
openstackgerritprashkre proposed openstack/keystone master: Handle ldap size limit exeeded exception  https://review.openstack.org/51182203:46
*** dave-mccowan has quit IRC03:47
*** alex_xu has quit IRC03:52
*** alex_xu has joined #openstack-keystone03:54
*** rmcallis has quit IRC03:57
*** Suramya has joined #openstack-keystone04:00
*** zhangjl has left #openstack-keystone04:02
*** rmcallis has joined #openstack-keystone04:06
*** rmcallis has quit IRC04:06
*** rmcallis has joined #openstack-keystone04:10
*** prashkre_ has joined #openstack-keystone04:15
*** prashkre has quit IRC04:15
*** aselius has quit IRC04:17
openstackgerritMerged openstack/keystone master: Remove identity v2 to v3 test case  https://review.openstack.org/51360004:32
*** gvrangan has joined #openstack-keystone04:45
*** wes_dillingham has quit IRC04:46
*** prashkre_ has quit IRC05:06
*** zzzeek has quit IRC05:24
*** zzzeek has joined #openstack-keystone05:26
*** gvrangan has quit IRC05:33
*** markvoelker has quit IRC05:43
*** markvoelker has joined #openstack-keystone05:44
*** markvoelker has quit IRC05:48
*** hoonetorg has quit IRC06:02
*** hoonetorg has joined #openstack-keystone06:16
*** brad[] has quit IRC06:18
*** brad[] has joined #openstack-keystone06:19
*** spectr has quit IRC06:20
*** spectr has joined #openstack-keystone06:21
*** cfriesen has quit IRC06:21
*** gvrangan has joined #openstack-keystone06:21
*** spectr has quit IRC06:22
*** spectr has joined #openstack-keystone06:24
*** prashkre has joined #openstack-keystone06:28
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Imported Translations from Zanata  https://review.openstack.org/51452906:41
*** markvoelker has joined #openstack-keystone06:44
*** ioggstream has joined #openstack-keystone06:56
*** pcaruana has joined #openstack-keystone07:02
*** tesseract has joined #openstack-keystone07:11
*** markvoelker has quit IRC07:18
*** AlexeyAbashkin has joined #openstack-keystone07:32
*** jaosorior has quit IRC07:33
openstackgerritMateusz Kowalski proposed openstack/oslo.policy master: Avoid redundant policy syntax checks  https://review.openstack.org/51142607:35
*** spectr has quit IRC07:48
*** spectr has joined #openstack-keystone07:48
openstackgerritShan Guo proposed openstack/keystone master: Remove v2 token value model  https://review.openstack.org/51455407:56
*** jaosorior has joined #openstack-keystone07:57
*** markvoelker has joined #openstack-keystone08:15
*** namnh has quit IRC08:21
*** zsli_ has joined #openstack-keystone08:23
*** mvk has quit IRC08:26
*** Shunli has quit IRC08:26
*** aloga has quit IRC08:33
*** aloga has joined #openstack-keystone08:33
*** markvoelker has quit IRC08:48
*** mvk has joined #openstack-keystone08:55
*** rmcallis has quit IRC08:57
*** rmcallis has joined #openstack-keystone08:58
*** rmcallis has quit IRC09:07
*** gmann is now known as gmann_afk09:17
*** mvk has quit IRC09:30
*** zzzeek has quit IRC09:30
*** zsli_ has quit IRC09:32
*** zzzeek has joined #openstack-keystone09:32
openstackgerritShan Guo proposed openstack/keystone master: Remove v2 token value model  https://review.openstack.org/51455409:35
*** mvk has joined #openstack-keystone09:42
*** markvoelker has joined #openstack-keystone09:44
openstackgerritColleen Murphy proposed openstack/keystone master: Partially clarify federation auth plugins  https://review.openstack.org/51396009:54
*** thorst has joined #openstack-keystone09:56
*** thorst has quit IRC10:00
*** spectr has quit IRC10:10
*** spectr has joined #openstack-keystone10:10
*** markvoelker has quit IRC10:18
*** gvrangan has quit IRC11:00
*** sambetts has joined #openstack-keystone11:02
*** markvoelker has joined #openstack-keystone11:15
*** markvoelker has quit IRC11:48
*** thorst has joined #openstack-keystone12:04
*** hoonetorg has quit IRC12:06
*** wes_dillingham has joined #openstack-keystone12:06
*** hoonetorg has joined #openstack-keystone12:08
*** raildo has joined #openstack-keystone12:11
*** amrith is now known as Guest5765712:15
*** amrith has joined #openstack-keystone12:15
*** amrith_ has joined #openstack-keystone12:15
*** amrith_ is now known as Guest321112:16
*** amrith has quit IRC12:17
*** josecastroleon has joined #openstack-keystone12:28
*** dave-mccowan has joined #openstack-keystone12:30
*** wes_dillingham has quit IRC12:40
*** wes_dillingham has joined #openstack-keystone12:44
*** sbezverk has quit IRC12:45
hrybackilbragstad: apologies -- been travelling. will check the board today!12:47
*** prashkre has quit IRC12:48
*** edmondsw has joined #openstack-keystone13:04
*** belmoreira has joined #openstack-keystone13:06
*** jmlowe has quit IRC13:14
hrybackicmurphy: huge congrats :) Happy to see you up on the board13:17
cmurphyhrybacki: tyty13:19
lbragstadhrybacki: woo!13:19
*** gmann_afk is now known as gmann13:24
*** lkwan has joined #openstack-keystone13:48
*** AlexeyAbashkin has quit IRC13:48
*** AlexeyAbashkin has joined #openstack-keystone13:50
*** jmlowe has joined #openstack-keystone13:52
*** sbezverk has joined #openstack-keystone13:54
*** panbalag has joined #openstack-keystone13:54
sambettsHi keystone I'm seeing an issue running devstack on centos7 "TypeError: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object" has anyone seen this before and/or know how to fix it?13:59
*** sbezverk has quit IRC13:59
*** cfriesen has joined #openstack-keystone14:00
*** Guest99060 is now known as med_14:03
*** med_ has quit IRC14:03
*** med_ has joined #openstack-keystone14:03
*** med_ is now known as medberry14:03
*** gmann is now known as gmann_afk14:08
lbragstadsambetts: do you have a trace?14:12
lbragstador steps to reproduce?14:12
lbragstadit feels py3 related14:12
sambettslbragstad: http://paste.openstack.org/show/624485/14:13
lbragstadsambetts: is there anything unique about the values in the payload?14:14
lbragstad(e.g. user ids, project ids, etc..)14:14
*** medberry is now known as med_14:15
sambettslbragstad: nope this is master devstack, I see this in the devstack log http://paste.openstack.org/show/624486/14:16
lbragstadsambetts: hmm - i wonder if that project was even created14:18
*** dikonoor has joined #openstack-keystone14:19
*** sheel has joined #openstack-keystone14:19
sambetts:/ is there a line I can look for in the devstack log to tell me if it was created correctly??14:20
lbragstadi was thinking you could inspect the database directly if you have access to it14:20
lbragstador can you use keystone directly?14:20
sambettsI don't unfortunatly this is a CI system and the VM has already been cleaned up14:21
lbragstadwe sometimes see issues like that - but they are more related to improper web server configuration since it's the first time keystone is being used via the API14:23
sambettsI had wondered if it was an issue with the version of some of the libs, like cryptography or cffi but I checked those and they all look fine :/14:24
lbragstadsomething here is tripping it up14:26
lbragstadERROR keystone.common.wsgi     return self.crypto.encrypt(payload).rstrip(b'=').decode('utf-8')14:26
lbragstadthere is likely a value in payload that cryptography isn't expecting14:27
lbragstadbut if this is just devstack, i can't imagine what that would be (since it would likely be breaking everything)14:27
lbragstadi spent some time yesterday revisiting a lot of the policy/rbac specs we had and i updated them based on the discussions we had in Denver14:37
lbragstadlooks like some other projects are signing off on them, too14:37
lbragstadit would be good to revisit those if needed, that way we can document where we are in the problem and what our plan is moving forward14:38
*** AlexeyAbashkin has quit IRC14:51
*** AlexeyAbashkin has joined #openstack-keystone14:59
*** spectr has quit IRC15:00
*** AlexeyAbashkin has quit IRC15:10
*** lkwan has quit IRC15:11
*** dikonoor has quit IRC15:17
*** magicboiz has quit IRC15:22
*** magicboiz has joined #openstack-keystone15:22
*** mvk has quit IRC15:29
*** magicboiz has quit IRC15:31
*** prashkre has joined #openstack-keystone15:36
*** belmoreira has quit IRC15:43
*** magicboiz has joined #openstack-keystone15:55
openstackgerritLance Bragstad proposed openstack/keystone master: Add user system grant policies  https://review.openstack.org/51447115:55
openstackgerritLance Bragstad proposed openstack/keystone master: Add group system grant policies  https://review.openstack.org/51472515:55
*** aselius has joined #openstack-keystone15:57
*** dikonoor has joined #openstack-keystone16:01
*** magicboiz has quit IRC16:02
*** magicboiz has joined #openstack-keystone16:10
*** tesseract has quit IRC16:22
*** AlexeyAbashkin has joined #openstack-keystone16:22
*** pcaruana has quit IRC16:25
*** AlexeyAbashkin has quit IRC16:26
*** AlexeyAbashkin has joined #openstack-keystone16:55
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/keystone master: Add non-voting rolling upgrade test  https://review.openstack.org/51476516:59
*** AlexeyAbashkin has quit IRC16:59
odyssey4melbragstad ^ you get to choose the name of the test... I've proposed one, but any name will do17:00
*** sambetts is now known as sambetts|afk17:00
*** itlinux has joined #openstack-keystone17:02
*** raildo has quit IRC17:17
*** phalmos has joined #openstack-keystone17:21
*** magicboiz has quit IRC17:22
*** phalmos_ has joined #openstack-keystone17:24
*** phalmos has quit IRC17:27
*** rmcallis has joined #openstack-keystone17:29
hrybackilbragstad: the trello board looks great. Mind if I change all the checklists on the epic cards to have a matching 'Definition of Done' title?17:31
*** raildo has joined #openstack-keystone17:32
*** raildo has quit IRC17:34
*** raildo has joined #openstack-keystone17:35
*** gyee has joined #openstack-keystone17:36
lbragstadhrybacki: yes - that's a good idea17:50
lbragstadhrybacki:  go for it17:50
hrybackidone. lbragstad did you change your account on Trello?17:51
*** panbalag has quit IRC17:51
lbragstadodyssey4me: perfect, one question inline17:52
lbragstadhrybacki: yeah - i had one from before but it was registered to my rackspace email address17:52
hrybackilbragstad: okay. I was like, 'man these logs look weird'17:52
lbragstadI didn't realize I duplicated my account when i signed up again17:53
lbragstadluckily I was able to merge them17:53
lbragstadbut yeah - it did result in some weird reporting in trello17:53
lbragstadpre-meeting ping: ayoung, breton, cmurphy, dstanek, edmondsw, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rderose, rodrigods, samueldmq, spilla, aselius, dpar17:54
hrybackilbragstad: we should set aside 30 mins to look at the action items from the PTG retro again17:56
lbragstadyeah - that's a good idea17:56
lbragstadbefore the end of this week?17:56
hrybackiFriday may work well for me if it does for you as well17:57
lbragstadhrybacki: yeah - my friday is wide open17:57
lbragstadfeel free to put time on my calendar17:57
hrybackilbragstad: ack17:57
*** gyee has quit IRC18:07
*** sheel has quit IRC18:08
*** dikonoor has quit IRC18:08
*** rderose has joined #openstack-keystone18:13
*** rderose has quit IRC18:30
*** ioggstream has quit IRC18:34
*** AlexeyAbashkin has joined #openstack-keystone18:55
*** phalmos_ has quit IRC18:57
*** AlexeyAbashkin has quit IRC19:00
lbragstad#startmeeting keystone-office-hours19:01
openstackMeeting started Tue Oct 24 19:01:10 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"19:01
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"19:01
openstackThe meeting name has been set to 'keystone_office_hours'19:01
lbragstadalright - what are folks itching to work on?19:05
lbragstadbug reviews are pretty low19:05
lbragstadso we could dedicate time towards picking up fixes or proposing new ones.19:06
cmurphykeystone is bug free19:06
cmurphygood job team19:06
* lbragstad slowly starts to cry because he knows it isn't true19:06
lbragstadwe could also clean up/merge specs19:07
*** gyee has joined #openstack-keystone19:07
lbragstadcmurphy: fyi - thanks for reviews on https://review.openstack.org/#/c/511822/419:08
lbragstadwe also got some feedback on https://review.openstack.org/#/c/460344/19:08
*** gyee has quit IRC19:12
cmurphyI reported a bug this morning if anyone is interested in taking a look https://bugs.launchpad.net/keystone/+bug/172673619:17
openstackLaunchpad bug 1726736 in OpenStack Identity (keystone) ""no auth token" debug logs are confusing" [Wishlist,New]19:17
cmurphypeople ask me about this all the time and i don't know what to tell them except "don't worry about it"19:17
lbragstadcmurphy: oh - yes!19:20
lbragstadcmurphy: that one is confusing19:20
lbragstadseems like it existed when keystone/middleware/auth.py was created19:25
cmurphyhmm originally added here i think https://review.openstack.org/#/c/156870/19:28
*** jmlowe has quit IRC19:33
lbragstadcmurphy: yeah - that seems like the current version19:33
lbragstadbut it looks like there was a previous version of that same vague message @ line 19919:34
cmurphyoh hmm19:34
cmurphythe plot thickens19:34
lbragstadwhich appears to be around since 2015 versioning?!19:35
cmurphyokay i guess the original version just meant X-Auth-Token wasn't in the request headers which just means it's a regular token request19:36
lbragstadand 2014.2 http://git.openstack.org/cgit/openstack/keystone/tree/keystone/middleware/core.py?h=2014.2#n27019:36
lbragstadcmurphy: that should just mean it's not a "validate this token" call, yeah?19:37
lbragstadwait - nevermind19:37
cmurphylbragstad: you're thinking X-Subject-Token19:37
lbragstadso - there isn't a whole lot you can do if X-Auth-Token isn't in the headers (except APIs that are "unprotected" like authenticate)19:39
*** panbalag has joined #openstack-keystone19:41
cmurphythat's true, but I'm not sure there's that much value in logging that for every POST /auth/tokens19:44
*** phalmos has joined #openstack-keystone19:45
lbragstadyeah.. me either19:46
lbragstaddoes it generate more value than confusion?19:46
lbragstadalso - that message never actually makes it back to the user who it hitting POST /auth/tokens unless they are an operator and tailing the logs at the same time19:48
lbragstadit also contains no information about the user making the request - so the usability from an operator perspective is slim19:48
cmurphybut if you do try to hit /projects with no X-Auth-Token the logs have a warning with "Authorization failed. auth_context did not decode anything useful"19:49
cmurphyso i'm not sure there's ever a case where x-auth-token is unset and that message is useful19:49
lbragstadcmurphy: right - in those cases the API requires a token and if it doesn't get it, it should provide some useful info to the user19:50
cmurphywell it just provides a 401 but that's about as useful as you're going to get without giving too much away19:50
lbragstadunless we're going to start including entity information in the message, i'm in favor of removing it or replacing it with an inline comment19:51
lbragstads/message/log message/19:52
*** wes_dillingham has quit IRC19:54
openstackgerritColleen Murphy proposed openstack/keystone master: Remove "no auth token" debug log  https://review.openstack.org/51481019:57
cmurphylbragstad: done ^19:57
lbragstadwhen authenticating with x509 and the certificate is invalid, you'd expect to get a 401 back just like you would for an invalid password, right?19:59
*** jmlowe has joined #openstack-keystone20:00
cmurphyI think so, I've never played with it though20:01
lbragstadeither way, the usefulness is in the response and not vague logs20:02
knikollacmurphy: quick-approved :) nice to see that message go away20:02
*** ayoung has quit IRC20:02
*** McClymontS has joined #openstack-keystone20:03
*** McClymontS has quit IRC20:04
*** gyee has joined #openstack-keystone20:08
lbragstad#link https://review.openstack.org/#/c/460344/ and https://review.openstack.org/#/c/462733/12 are ready to go20:11
*** gyee has quit IRC20:13
openstackgerritGage Hugo proposed openstack/keystone master: Consolidate V2Controller functionality  https://review.openstack.org/51481420:19
*** itlinux has quit IRC20:22
*** raildo has quit IRC20:25
*** raildo has joined #openstack-keystone20:25
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Specification for system roles  https://review.openstack.org/46476320:28
*** Suramya has quit IRC20:29
*** raildo has quit IRC20:29
*** itlinux has joined #openstack-keystone20:30
lbragstadhas anyone been able to recreate the functional v2.0 test failures in ksc20:30
* cmurphy hadn't tried20:34
*** mvk has joined #openstack-keystone20:34
cmurphyis it something more than just devstack not having v2 anymore?20:34
lbragstadlooking at a failed test run20:38
lbragstadand the python-keystoneclient functional suite20:38
lbragstadhttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/tests/functional/test_base.py#L24-L28 is the only thing that failed20:38
*** jmlowe has quit IRC20:39
lbragstadhttps://github.com/openstack/python-keystoneclient/tree/master/keystoneclient/tests/functional/v2_0 doesn't have much in it either20:44
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Remove v2.0 functional tests  https://review.openstack.org/51482320:46
lbragstadwe'll see if ^ passes20:46
*** phalmos has quit IRC20:56
*** thorst has quit IRC21:06
*** thorst has joined #openstack-keystone21:07
*** jmlowe has joined #openstack-keystone21:08
*** thorst has quit IRC21:12
*** jmlowe has quit IRC21:18
*** itlinux has quit IRC21:18
*** prashkre has quit IRC21:21
*** itlinux has joined #openstack-keystone21:26
*** thorst has joined #openstack-keystone21:32
*** ayoung has joined #openstack-keystone21:34
*** thorst has quit IRC21:36
*** thorst has joined #openstack-keystone21:38
lbragstadwhew - the assignment api is complex21:39
*** thorst has quit IRC21:43
*** wes_dillingham has joined #openstack-keystone21:44
*** AlexeyAbashkin has joined #openstack-keystone21:56
*** openstack changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"22:00
openstackMeeting ended Tue Oct 24 22:00:12 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-10-24-19.01.html22:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-10-24-19.01.txt22:00
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-10-24-19.01.log.html22:00
*** AlexeyAbashkin has quit IRC22:01
*** mvk has quit IRC22:12
*** mvk has joined #openstack-keystone22:12
*** edmondsw has quit IRC22:29
*** edmondsw has joined #openstack-keystone22:29
*** edmondsw has quit IRC22:34
*** jmlowe has joined #openstack-keystone22:34
*** thorst has joined #openstack-keystone22:43
*** wes_dillingham has quit IRC22:44
*** mvk has quit IRC22:47
*** thorst has quit IRC22:49
*** wes_dillingham has joined #openstack-keystone22:50
*** itlinux has quit IRC22:59
*** mvk has joined #openstack-keystone23:02
*** wes_dillingham has quit IRC23:08
*** wes_dillingham has joined #openstack-keystone23:10
*** wes_dillingham has quit IRC23:11
*** jmlowe has quit IRC23:12
openstackgerritMerged openstack/keystone master: Handle ldap size limit exeeded exception  https://review.openstack.org/51182223:23
*** gmann_afk is now known as gmann23:25
openstackgerritMerged openstack/keystone master: Remove "no auth token" debug log  https://review.openstack.org/51481023:27
*** gyee has joined #openstack-keystone23:28
*** jmlowe has joined #openstack-keystone23:52
*** edmondsw has joined #openstack-keystone23:55
*** edmondsw has quit IRC23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!