Wednesday, 2018-07-11

« Tuesday, 2018-07-10 Index Thursday, 2018-07-12 »
*** nicodemus_ has quit IRC00:04
*** edmondsw has joined #openstack-keystone01:05
*** edmondsw has quit IRC01:09
*** agrebennikov has joined #openstack-keystone01:19
*** yikun has joined #openstack-keystone01:52
*** felipemonteiro has joined #openstack-keystone01:55
openstackgerritwangxiyuan proposed openstack/keystone master: Expose endpoint to return enforcement model  https://review.openstack.org/56271602:14
openstackgerritwangxiyuan proposed openstack/keystone master: Filter project_id for list limits  https://review.openstack.org/58117702:14
openstackgerritwangxiyuan proposed openstack/keystone master: Strict two level limit model  https://review.openstack.org/55769602:14
openstackgerritwangxiyuan proposed openstack/keystone master: Add project_id filter for listing limit  https://review.openstack.org/57933002:14
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add show hierarchy filter  https://review.openstack.org/57933102:14
openstackgerritMerged openstack/python-keystoneclient master: Add release note link in README  https://review.openstack.org/57865202:49
*** edmondsw has joined #openstack-keystone02:53
openstackgerritVu Cong Tuan proposed openstack/python-keystoneclient master: Switch to stestr  https://review.openstack.org/58121302:57
*** edmondsw has quit IRC02:57
*** felipemonteiro has quit IRC03:04
*** felipemonteiro has joined #openstack-keystone03:14
openstackgerritMerged openstack/oslo.limit master: Implement ProjectClaim objects  https://review.openstack.org/57968603:43
openstackgerritMerged openstack/oslo.limit master: Implement basic Enforcer context manager  https://review.openstack.org/57968703:43
openstackgerritMerged openstack/oslo.limit master: Add .zuul.yaml  https://review.openstack.org/57968803:48
*** david-lyle has joined #openstack-keystone03:57
*** dklyle has quit IRC03:58
*** dklyle has joined #openstack-keystone04:00
*** david-lyle has quit IRC04:01
*** dklyle has quit IRC04:14
*** dklyle has joined #openstack-keystone04:14
*** felipemonteiro has quit IRC04:17
*** david-lyle has joined #openstack-keystone04:20
*** dklyle has quit IRC04:21
*** david-lyle has quit IRC04:23
*** dklyle has joined #openstack-keystone04:23
*** links has joined #openstack-keystone05:03
*** deepak_mourya has joined #openstack-keystone05:05
*** ianw is now known as ianw_pto06:00
*** martinus__ has joined #openstack-keystone06:36
*** ispp has joined #openstack-keystone06:39
*** agrebennikov has quit IRC06:40
*** kimamisa has joined #openstack-keystone06:46
openstackgerritSami Makki proposed openstack/keystone master: Invalidate 'computed assignments' cache when creating a project.  https://review.openstack.org/58134606:53
*** tesseract has joined #openstack-keystone07:12
*** bhagyashri_s has quit IRC07:12
*** jmlowe has quit IRC07:17
*** peereb has joined #openstack-keystone07:17
*** ispp has quit IRC07:21
*** kimamisa has quit IRC07:22
*** ispp has joined #openstack-keystone07:25
*** amoralej|off is now known as amoralej07:34
*** tosky has joined #openstack-keystone07:37
*** kimamisa has joined #openstack-keystone07:58
*** s10 has joined #openstack-keystone07:59
openstackgerritMerged openstack/keystone master: Expose endpoint to return enforcement model  https://review.openstack.org/56271608:02
*** rcernin has quit IRC08:03
*** itlinux has joined #openstack-keystone08:05
*** markvoelker has quit IRC08:07
*** belmoreira has joined #openstack-keystone08:12
*** belmoreira has quit IRC08:26
openstackgerritwangxiyuan proposed openstack/keystone master: Add project_id filter for listing limit  https://review.openstack.org/57933008:27
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP]Add show hierarchy filter  https://review.openstack.org/57933108:27
openstackgerritwangxiyuan proposed openstack/keystone master: Update project depth check  https://review.openstack.org/58025808:29
*** bhagyashris has joined #openstack-keystone08:29
openstackgerritwangxiyuan proposed openstack/keystone master: Add project hierarchical tree check when Keystone start  https://review.openstack.org/58033108:29
*** belmoreira has joined #openstack-keystone08:33
*** itlinux has quit IRC08:37
*** itlinux has joined #openstack-keystone08:55
*** s10 has quit IRC09:02
*** issp has joined #openstack-keystone09:38
*** ispp has quit IRC09:41
*** belmoreira has quit IRC09:43
*** belmoreira has joined #openstack-keystone09:48
*** jmlowe has joined #openstack-keystone09:50
*** belmoreira has quit IRC09:57
*** markvoelker has joined #openstack-keystone10:08
*** jmlowe has quit IRC10:11
*** markvoelker has quit IRC10:42
*** kimamisa_ has joined #openstack-keystone11:35
*** kimamisa has quit IRC11:35
*** EvilienM is now known as EmilienM11:36
*** aloga has quit IRC11:37
*** markvoelker has joined #openstack-keystone11:40
*** raildo has joined #openstack-keystone12:02
*** markvoelker has quit IRC12:12
*** jmlowe has joined #openstack-keystone12:16
*** amoralej is now known as amoralej|lunch12:20
*** markvoelker has joined #openstack-keystone12:22
*** edmondsw has joined #openstack-keystone12:27
knikollao/12:31
*** belmoreira has joined #openstack-keystone12:57
lamto/ knikolla : forgot to thank you for your help with the openidc configuration a few weeks back.  The proof-of-concept I was working on worked wonder.12:58
knikollalamt: awesome! glad i could help12:58
*** belmoreira has quit IRC12:59
*** openstack has joined #openstack-keystone13:02
*** ChanServ sets mode: +o openstack13:02
*** lifeless has quit IRC13:04
*** amoralej|lunch is now known as amoralej13:13
*** itlinux has quit IRC13:14
lbragstado/13:30
*** lifeless has joined #openstack-keystone13:47
*** jistr is now known as jistr|mtg13:56
lbragstadkmalloc: do you know where the _RevokeEventHandler tests are?14:04
*** felipemonteiro_ has joined #openstack-keystone14:08
*** xinran__ has joined #openstack-keystone14:08
*** ayoung has quit IRC14:11
*** vrv_ has joined #openstack-keystone14:15
*** felipemonteiro__ has joined #openstack-keystone14:16
*** felipemonteiro_ has quit IRC14:20
*** linkmark has joined #openstack-keystone14:28
kmallocUhm14:37
kmallocNope14:38
*** markvoelker has quit IRC14:44
*** markvoelker has joined #openstack-keystone14:44
*** markvoelker has quit IRC14:49
*** jistr|mtg is now known as jistr14:54
*** spilla has joined #openstack-keystone15:00
*** markvoelker has joined #openstack-keystone15:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add serialization for TokenModel object  https://review.openstack.org/57843415:15
openstackgerritLance Bragstad proposed openstack/keystone master: Simplify the token provider API  https://review.openstack.org/54545015:15
openstackgerritLance Bragstad proposed openstack/keystone master: Remove remnants of token bind  https://review.openstack.org/57843515:15
openstackgerritLance Bragstad proposed openstack/keystone master: Cleanup keystone.token.providers.common  https://review.openstack.org/57750715:15
openstackgerritLance Bragstad proposed openstack/keystone master: Remove KeystoneToken object  https://review.openstack.org/57756715:15
*** links has quit IRC15:16
openstackgerritLance Bragstad proposed openstack/keystone master: Add serialization for TokenModel object  https://review.openstack.org/57843415:27
openstackgerritLance Bragstad proposed openstack/keystone master: Simplify the token provider API  https://review.openstack.org/54545015:27
openstackgerritLance Bragstad proposed openstack/keystone master: Remove remnants of token bind  https://review.openstack.org/57843515:27
openstackgerritLance Bragstad proposed openstack/keystone master: Cleanup keystone.token.providers.common  https://review.openstack.org/57750715:27
openstackgerritLance Bragstad proposed openstack/keystone master: Remove KeystoneToken object  https://review.openstack.org/57756715:27
*** jmlowe has quit IRC15:28
*** spilla has quit IRC15:30
*** spilla has joined #openstack-keystone15:33
*** spilla has quit IRC15:34
*** felipemonteiro__ has quit IRC15:40
lbragstadkmalloc: added tests to the token handler patch15:44
*** peereb has quit IRC15:46
*** issp has quit IRC15:55
*** tesseract has quit IRC16:01
*** ayoung has joined #openstack-keystone16:11
kmallocthnx16:25
lbragstadayoung: let me know when you wanna go through the token provider api16:38
*** kimamisa_ has quit IRC16:44
*** felipemonteiro has joined #openstack-keystone16:50
lbragstadfyi https://review.openstack.org/#/c/581800/16:51
*** markvoelker has quit IRC16:52
*** amoralej is now known as amoralej|off17:05
*** xinran__ has quit IRC17:08
*** gyee has joined #openstack-keystone17:21
*** markvoelker has joined #openstack-keystone17:24
*** belmoreira has joined #openstack-keystone17:39
*** felipemonteiro has quit IRC17:42
*** kimamisa has joined #openstack-keystone17:45
*** vrv_ has quit IRC18:02
ayounglbragstad, heh. your request was timely.  Was talking with a customer about customizing policy.18:04
lbragstadnice18:04
lbragstadi'm around to walk through that chain if you're still interested18:06
*** edmondsw has quit IRC18:07
*** edmondsw has joined #openstack-keystone18:07
ayounglbragstad, yeah, lets do it18:11
*** spilla has joined #openstack-keystone18:11
ayounglbragstad, what review should I start with?18:12
lbragstadthis is the first review in the chain18:12
lbragstadhttps://review.openstack.org/#/c/559129/1718:12
lbragstadthe series is linear18:12
lbragstadall i'm doing there is adding the underlying token model code so that we can work it into the token provider API in subsequent patches18:13
lbragstadthe only thing relying on the TokenModel object in that patch is the tests18:14
lbragstadthe big thing to notice IMO is that we're not build token reference on __init__(), instead we're using composition18:19
lbragstadwe're also not using reflection based on a dictionary18:19
lbragstadand attributes used within the model are loaded on demand18:19
openstackgerritMerged openstack/keystone master: Filter project_id for list limits  https://review.openstack.org/58117718:20
ayounglbragstad, so, I had this idea of a builder+immutable model18:27
ayoungif you look way back at my code (which I think merged? Maybe)18:27
lbragstadkmalloc: and i had the idea of making models immutable once they are minted18:27
ayoungthe idea was the builder was mutable, and you called things like add_trust etc.  When you were done, you called build and got an immutable model object...what I htinnk you are calling minting18:27
ayoungbuilder design patter, gang of 418:28
ayoungso, I thin we are on the same philosophical bent here18:28
lbragstadyeah18:28
lbragstadmy big thing is that i want the object to contain parts of the business logic currently found in keystone/token/providers/common.py18:28
ayoungI think you've merged the builder and the immutable into a single object.  Probably fine.18:29
*** felipemonteiro has joined #openstack-keystone18:29
lbragstadlater in the series i work the model object in to token provider API business logic18:29
ayoungso...I would caution this:18:30
ayoungthe model should be able to support changs of the business rules18:30
ayoungthe rules depend on the model, not the other way around, and not co-mingled18:30
ayoungthe model SHOULD enforce invariants, though18:30
ayoungi.e. a Trust must have a trustor and A Trustee18:31
ayoungand so on18:31
ayoungso, business logic and invariants are two distinct things, which I think you get intuitively, but I figure should be stated explicitly18:31
lbragstadok18:33
ayounglbragstad, also...we should not be calling these tokens18:33
ayoungthis is really  auth_data in our literature18:33
ayoungthe token is the think that points to the auth data18:34
ayoungI think I was guilty of perpetuating that mistake18:34
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/models/token_model.py  was mine (pretty sure)18:34
lbragstadtraditionally - i think it's easy to refer to it as a token since the current approach is dealing with a token "reference" or response18:34
lbragstadwhich might have led to the all the token, token_data, token_ref terminology we have18:35
ayoungmaybe.  Chew it over for a day or two, to see if you see the value in keeping the two concepts separate18:36
ayoungheh18:36
ayoungthe _ref thing was from termie18:36
ayoungIt made sense at one point, but was everywhere: user_ref, etc18:36
lbragstadyeah18:36
lbragstadspecifically in the token provider API we overloaded it18:36
lbragstadespecially in the transition from persistent formats to non-persistent formats18:37
ayoungwe all used the short auth_ to avoid saying authencitcation vs authorization18:38
ayoungI called mine KeystoneToken which was even more of a sin18:38
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/models/token_model.py#n3418:38
lbragstadi'm not a huge fan of auth_ because it leaves out precisely that information (n vs z)18:38
ayoungI'm ok with calling it authz data18:39
ayoungfor unscoped tokens and federation, it really is just authn, but that is a minor quibble18:39
*** felipemonteiro_ has joined #openstack-keystone18:39
ayounglbragstad, so the idea is to reimplement at the bottom of the file, then go back later and delete KeystoneToken?18:39
lbragstadyes18:39
ayoungWFM18:40
lbragstadbuild the new model, covert the existing logic to use it, redefine the interfaces, then delete the old model18:40
ayoungah right...I was doing alll that introspection stuff to keep from explicitly duplicating every property18:41
ayoungI've battled that pattern in every language I've worked in18:41
ayoungI really want immutable structures.18:41
ayoungOK...I see where you are headed.  I can track along with it.18:42
*** felipemonteiro has quit IRC18:42
lbragstaddo you have any more questions on the model specifically?18:43
ayoungI'll let you chew on the authz_model versus token_model naming18:43
ayoungNah, I think you are following the same path I did, but then abandonded.  I get it18:43
lbragstadwell \18:43
ayoungand I had forgotten the actual checked in state of my code, vs what I wanted it to be end state18:43
lbragstadto be fair.. it's a lot easier to do now18:43
ayoungI really wanted the model to be in keystone client, and be a Data Transfer object, but Jamie wanted that to be oslo-context18:44
ayoungI was looking for Don't Repeat Yourself in the code.18:44
lbragstadmmm18:44
lbragstadthe next patch in the series is pretty trivial https://review.openstack.org/#/c/578434/518:45
lbragstadit's just making it so that we can cache the model because we're not dealing with dictionaries anymore18:46
lbragstad(e.g. serializing python objects)18:46
ayounglbragstad, so, one thing I like about that is we should be able to use what Flask gets us for serializing to Json18:48
ayoungmake sure it does not change from what we produce now18:48
ayoungand we should be able to getsomething to serialize to any other format we want to support in the future18:49
*** itlinux has joined #openstack-keystone18:49
lbragstadi think that makes sense - but that's at the API layer?18:49
lbragstadthis bit is specific to the token manager and the cache backend18:50
ayoungYeah, but we should be serializing this model at the API layer, or its not a useful abstraction18:50
ayoungshould be common to both18:50
lbragstadoh - sure18:50
lbragstadit's technically passed up to the controllers and serialized to json18:50
ayoungchew on whehter you really want 2 distinct models to keep in sync, and I think you'll find this is the better approach18:51
lbragstader - represented as a python dictionary then serialized to json18:51
ayoungyep18:51
ayoungand the model to dict should be consistent18:51
lbragstadi think it makes sense at least for now18:51
lbragstadthe dict is a representation of the v3 api contract18:51
ayoungit looks right18:51
ayoungI'll dig in deeper shortly...need to run now18:51
lbragstadok18:52
*** harlowja has joined #openstack-keystone19:00
*** itlinux has quit IRC19:02
*** ayoung has quit IRC19:03
*** belmoreira has quit IRC19:21
*** spilla has quit IRC19:23
*** spilla has joined #openstack-keystone19:27
*** jmlowe has joined #openstack-keystone19:30
*** edmondsw has quit IRC19:42
*** edmondsw has joined #openstack-keystone19:43
*** raildo has quit IRC19:51
*** itlinux has joined #openstack-keystone19:55
*** itlinux has quit IRC19:57
*** ayoung has joined #openstack-keystone20:25
*** itlinux has joined #openstack-keystone20:38
*** itlinux has quit IRC20:50
*** spilla has quit IRC20:52
*** jmlowe has quit IRC21:29
*** martinus__ has quit IRC21:29
*** spilla has joined #openstack-keystone21:30
*** raildo has joined #openstack-keystone21:31
*** felipemonteiro_ has quit IRC21:38
*** jmlowe has joined #openstack-keystone21:45
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: alternative implementation for strict-two-level  https://review.openstack.org/58189421:54
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: alternative implementation for strict-two-level  https://review.openstack.org/58189421:58
*** mchlumsky has quit IRC22:00
lbragstadcc wxy - i took a shot at trying to address my comment from yesterday ^22:04
*** kimamisa has quit IRC22:07
*** rcernin has joined #openstack-keystone22:15
*** rmascena has joined #openstack-keystone22:20
*** raildo has quit IRC22:21
*** felipemonteiro_ has joined #openstack-keystone22:32
*** felipemonteiro__ has joined #openstack-keystone22:34
*** felipemonteiro_ has quit IRC22:37
*** harlowja has quit IRC23:05
*** felipemonteiro__ has quit IRC23:08
*** edmondsw has quit IRC23:12
*** edmondsw has joined #openstack-keystone23:13
*** edmondsw has quit IRC23:17
*** spilla has quit IRC23:28
*** rmascena has quit IRC23:33
*** tosky has quit IRC23:35
*** gyee has quit IRC23:48
« Tuesday, 2018-07-10 Index Thursday, 2018-07-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!