Monday, 2018-10-08

« Sunday, 2018-10-07 Index Tuesday, 2018-10-09 »
*** wxy-xiyuan has joined #openstack-keystone01:17
wxy-xiyuan\o I was on vacation last week. Backing now. :)01:47
openstackgerritwangxiyuan proposed openstack/keystone master: Update log translation hacking check  https://review.openstack.org/60424502:11
kmallocwxy-xiyuan: welcome back.02:56
* kmalloc afks again.02:56
wxy-xiyuankmalloc: lol03:03
kmalloccmurphy: re-iterated the -1 on https://review.openstack.org/#/c/603542/, I am a little disappointed in the committer's response to your comment =/03:05
kmalloccmurphy: let me know if you change your mind re oslo uuid generation, but I think you and I are much in the same state of mind on this one.03:05
kmallocwxy-xiyuan: if you need some brain breaking code review, there is an awful flask patch (~3500 lines) that needs core eyes. that said, afaict the gate is broken at the moment :P03:06
kmallocso... no rush until we get going03:06
wxy-xiyuankmalloc: https://review.openstack.org/#/c/603461 yeah, I'm looking it now.03:07
kmallocwxy-xiyuan: it's brutal... and in as many words: I'm sorry03:08
kmalloc;)03:08
*** ayoung has quit IRC04:00
*** pooja_jadhav has joined #openstack-keystone04:33
openstackgerritMerged openstack/keystone master: Avoid using dict.get() in assertions  https://review.openstack.org/60746304:56
*** shyamb has joined #openstack-keystone04:59
*** shyamb has quit IRC05:05
*** sheel has joined #openstack-keystone05:11
*** shyamb has joined #openstack-keystone05:20
*** aojea has joined #openstack-keystone05:37
*** aojea has quit IRC05:48
*** felipemonteiro has quit IRC05:49
*** shyamb has quit IRC06:02
*** shyamb has joined #openstack-keystone06:05
*** rcernin has quit IRC07:21
*** shyamb has quit IRC07:48
*** belmoreira has joined #openstack-keystone08:17
openstackgerritMerged openstack/keystone master: Follow Zuul job rename  https://review.openstack.org/60833708:17
openstackgerritMerged openstack/keystone master: Docs: Remove the TokenAuth middleware  https://review.openstack.org/57224808:36
*** shyamb has joined #openstack-keystone08:55
*** jrist has joined #openstack-keystone08:57
*** jrist has quit IRC09:02
*** jrist has joined #openstack-keystone09:13
openstackgerritwangxiyuan proposed openstack/keystone master: Enable foreign keys for unit test  https://review.openstack.org/55819309:28
openstackgerritwangxiyuan proposed openstack/keystone master: Add a test for idp and federated user cascade deleting  https://review.openstack.org/59194609:30
*** shyamb has quit IRC09:41
*** shyamb has joined #openstack-keystone09:43
*** jaosorior has joined #openstack-keystone10:26
*** shyamb has quit IRC10:29
*** rcernin has joined #openstack-keystone10:35
*** gvrangan has joined #openstack-keystone10:42
*** shyamb has joined #openstack-keystone11:05
*** gvrangan has quit IRC11:08
*** rcernin has quit IRC11:17
*** belmorei_ has joined #openstack-keystone11:48
*** jrist has quit IRC11:49
*** jrist has joined #openstack-keystone11:50
*** belmoreira has quit IRC11:51
*** jrist has quit IRC11:54
*** jrist has joined #openstack-keystone11:57
*** shyamb has quit IRC12:01
*** shyamb has joined #openstack-keystone12:01
*** raildo has joined #openstack-keystone12:02
*** shyam89 has joined #openstack-keystone12:50
*** shyamb has quit IRC12:51
*** lbragstad has joined #openstack-keystone12:54
*** ChanServ sets mode: +o lbragstad12:54
*** shyam89 has quit IRC13:09
*** shyam89 has joined #openstack-keystone13:11
*** lbragstad has quit IRC13:24
*** shyam89 has quit IRC13:30
*** lbragstad has joined #openstack-keystone13:32
*** ChanServ sets mode: +o lbragstad13:32
*** jaosorior has quit IRC13:39
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add guidelines for naming policies  https://review.openstack.org/60621413:47
hrybackio/13:49
*** sheel has quit IRC13:50
lbragstadis r.o.o a little slow for anyone else?13:53
*** kukacz has quit IRC13:54
*** kukacz has joined #openstack-keystone13:54
cmurphywb lbragstad13:54
lbragstadthanks :)13:55
lbragstadi've barely waded through emails, but did everything go well last week?13:55
cmurphylbragstad: ya everything was fine, pretty quiet :)14:00
openstackgerritLance Bragstad proposed openstack/keystone master: Update doc string for transform_to_group_ids  https://review.openstack.org/60868114:01
openstackgerritLance Bragstad proposed openstack/keystone master: Update doc string for transform_to_group_ids  https://review.openstack.org/60868114:03
*** munimeha1 has joined #openstack-keystone14:08
*** SteelyDan is now known as dansmith14:13
kmalloclbragstad: you're back!14:21
kmalloclbragstad: don't work too hard this week ;)14:21
*** beekneemech is now known as bnemec14:22
lbragstadkmalloc good mornin'14:31
* lbragstad is in a blissful state of delirium 14:32
lbragstadhrybacki are we planning on proposing a community goal for T?14:34
hrybackilbragstad: no -- we will need to wrap up the scope bugs in keystone first14:35
hrybackithose prob, wont get resolved until T14:35
hrybackiand im one handed for six weeks14:35
gagehugoo/14:40
*** Emine has joined #openstack-keystone14:49
*** itlinux has quit IRC14:50
cmurphylbragstad: kmalloc easy stable review https://review.openstack.org/60335514:52
cmurphyi noticed gagehugo had marked like 5 bugs as duplicates of that one14:52
gagehugocmurphy it was happening nearly every week14:53
gagehugo:(14:53
mbuilhello guys, not sure if this question belongs exactly to keystone, if not please tell me. Is it expected that an admin user from project_B can remove the floating ips created (and assigned to a VM) by an admin user from project_A?15:01
*** dklyle has joined #openstack-keystone15:04
lbragstadmbuil yeah - unfortunately that's documented here https://bugs.launchpad.net/keystone/+bug/96869615:06
openstackLaunchpad bug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] - Assigned to Lance Bragstad (lbragstad)15:06
lbragstadmbuil we're working to address it, but it's an involved plan15:08
lbragstadand spans nearly every openstack project15:08
mbuillbragstad: waw!!! I see I am not exactly the first one who hit this issue :P15:08
mbuillbragstad: thanks for the pointer. What role would you recommend me to use in for my "users"?15:09
lbragstadthat is going to depend on your deployment, but there is what we're trying to do upstream15:10
lbragstadhttp://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html15:10
lbragstadand this is how we're fixing those issues in keystone specifically - https://bugs.launchpad.net/keystone/+bugs?field.tag=policy15:11
mbuillbragstad: thanks! I have a long text to read ;)15:18
lbragstadmbuil yeah - it's a lot of information15:18
lbragstadhttp://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/policy-goals.html attempts to be more concise15:19
*** Emine has quit IRC15:21
mbuillbragstad: thanks!15:23
lbragstadmbuil no problem - don't hesitate to ask questions if you have any... it's a lengthy topic15:38
openstackgerritHarry Rybacki proposed openstack/keystone master: WIP: Convert projects API to Flask  https://review.openstack.org/60345115:41
*** itlinux has joined #openstack-keystone15:43
*** jrist has quit IRC16:07
*** belmorei_ has quit IRC16:11
*** jrist has joined #openstack-keystone16:12
*** jrist has quit IRC16:17
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Repropose JWT specification for Stein  https://review.openstack.org/54190316:21
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Repropose JWT specification for Stein  https://review.openstack.org/54190316:22
*** aojea has joined #openstack-keystone16:38
*** aojea has quit IRC16:42
*** gyee has joined #openstack-keystone16:48
prometheanfirenew oslo-messaging seems to be breaking things http://logs.openstack.org/21/607521/2/check/cross-keystone-py35/908a1c2/testr_results.html.gz16:50
lbragstadprometheanfire looks like keystone attempts to mock an internal method of oslo.messaging :(17:03
lbragstadhttps://github.com/openstack/keystone/blob/baa3d9967c18ed53c14a6535e6757fb14006b9d6/keystone/tests/unit/common/test_notifications.py#L1343-L134417:05
kmalloclbragstad: yeah, it was (a while ago) a requirement.17:06
lbragstadthe mock you mean?17:06
kmallocyeah17:06
kmallocwith flask i am fairly certain I can undo that ick17:06
kmallocoh nope, different one17:07
kmallocthat test should really be removed17:07
kmallocwe don't need to test oslo_messaging/cadf17:07
kmallocthose libraries test themselves.17:08
kmallocwe control "send_audit_notifications and should test/instrument in that17:08
kmalloc*eyeroll*17:08
kmallocand this was probably my fault17:08
kmallocanyway. i vote for "rm -rf" that test for now17:09
kmalloclbragstad: unrelated - https://review.openstack.org/#/c/601882/ should be a quick promote from +1 to +2/+a with your comment addressed17:10
lbragstadack17:13
lbragstadbah17:17
kmalloc?17:18
lbragstadhttp://logs.openstack.org/21/607521/2/check/cross-keystone-py35/908a1c2/testr_results.html.gz shows that what we're trying to mock is False17:18
lbragstadand because we rely on diaper defense with a except Exception17:18
kmallocyeah, just remove the test17:18
kmallocI'll spin up a new test that doesn't suck quickly before I handle the comments on Auth patch17:18
kmalloccmurphy, wxy-xiyuan: Users patch proposal, hopefully wont block auth landing. Users is going to take some time.17:19
lbragstadAttributeError: 'NoneType' object has no attribute 'split'17:19
lbragstadfails to init a Notifier because of that^17:19
kmalloccmurphy, wxy-xiyuan: re the temporary split of authentication/_authentication in identity_api.17:19
lbragstadthanks kmalloc17:20
kmallocthe cleanup requires 100% of /users to be ported.17:20
kmalloclbragstad: so, propose a quick comment out or @skip test17:20
kmallocand i'll push that through17:20
kmallocthen we can play cleanup on the test/code here soon17:20
lbragstadactually - https://github.com/openstack/oslo.messaging/commit/172cfb33f3ee207531a9e82fbc8293d24009a256 might fix it?17:21
kmallocmebbe17:23
kmallocbut i would just self.skipTest() then work on fixing.17:23
lbragstadyeah...17:23
kmallocbecause the fix really should be "don't test oslo.messaging"17:23
lbragstadthe fix for using rabbit:// isn't released yet17:24
kmallocit's like testing "does python work", we rely on oslo.messaging, we should test our interface to it, not the lib itself.17:24
lbragstadagreed17:24
kmallocor we should simply not trust it :P17:24
lbragstadwe rely on that specific method mock to verify functionality we've written into keystone17:28
kmallocright, so we should abstract out that mechanism to ensure we're not doing something stupid when we pass into CADF.17:28
kmallocOR we wait for rabbit://17:28
kmallocs/CADF/oslo.messaging17:29
*** aojea has joined #openstack-keystone17:29
lbragstadprometheanfire actually - installing oslo.messaging with https://github.com/openstack/oslo.messaging/commit/172cfb33f3ee207531a9e82fbc8293d24009a256 locally passes keystone tests locally17:38
prometheanfirelbragstad: :D17:42
lbragstadso - we can either skip those tests for the time being, remove them, or blacklist version 9.0.017:42
lbragstadi'd be inclined to do the third option since skipping the tests will mean skipping them all regardless of the version of oslo.messaging installed17:43
lbragstadif we blacklist 9.0.0 until version 9.1.0 or 9.0.1 is released, then we at least keep the test coverage (which could still undergo some investigation per kmalloc's point)17:44
prometheanfirelbragstad: ya, if it's a bug in oslo-messaging then blacklisting makes sense17:44
kmallocbut black listing the release because we mocked an internal method?17:44
kmalloci'm inclined to say skip because any mock of internal stuff that is in an external library is subject to "oh, we broke you... sorry not sorry"17:46
lbragstadi'm not saying we shouldn't revisit those tests, most oslo interfaces are pretty solid, so if we're mocking an internal thing of oslo then we probably need to revisit how those tests are written17:46
openstackgerritayoung proposed openstack/keystone master: Add federated support for get user  https://review.openstack.org/44873017:55
openstackgerritMerged openstack/oslo.policy master: sphinxext: Start parsing 'DocumentedRuleDefault.description' as rST  https://review.openstack.org/59422218:00
kmallocexactly18:17
*** imacdonn has quit IRC18:23
*** imacdonn has joined #openstack-keystone18:23
hrybackikmalloc: do we have grants documented outside of the api ref?18:29
kmallochrybacki: probably not18:30
hrybackiack18:30
cmurphykmalloc: i don't think it's appropriate to leave notifications broken for an indefinite amount of time, so no i would prefer not to land the auth patch until there's at least a rough proposal up to unbreak it18:43
kmallocit's going to be the entire user -> flask patch18:51
kmalloci only ask because i don't think i can maintain that patch through any real level of rebasing.18:51
kmalloci don't expect it to take long, but honestly, it took 10 days of work to chase the auth stuff.18:52
kmallocit's a single notification on password change.18:52
kmallocself-service password change*18:52
kmalloceverything else has the normal notifications.18:53
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert auth to flask native dispatching  https://review.openstack.org/60346119:31
openstackgerritMorgan Fainberg proposed openstack/keystone master: Auth flask conversion cleanup  https://review.openstack.org/60875619:31
lbragstadknikolla kmalloc does https://review.openstack.org/#/c/373983/ have any intersection with what we talked about at the PTG?19:57
lbragstadspecifically with the keystone as an idp proxy?19:57
*** lbragstad has quit IRC20:37
*** lbragstad has joined #openstack-keystone20:37
*** ChanServ sets mode: +o lbragstad20:37
*** pcaruana has quit IRC20:49
*** raildo has quit IRC20:57
kmalloclbragstad: will need to look in a bit20:59
*** prometheanfire has left #openstack-keystone20:59
lbragstadkmalloc ack - wanted to ping in case you haven't seen it yet21:00
*** itlinux has quit IRC21:08
openstackgerritMorgan Fainberg proposed openstack/keystone master: Auth flask conversion cleanup  https://review.openstack.org/60875621:43
*** aojea has quit IRC21:44
*** aojea has joined #openstack-keystone21:45
*** aojea has quit IRC21:49
openstackgerritMerged openstack/keystone master: Add release names to api-ref  https://review.openstack.org/60821222:00
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks  https://review.openstack.org/60878522:26
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks  https://review.openstack.org/60878522:31
*** munimeha1 has quit IRC22:50
*** rcernin has joined #openstack-keystone22:50
*** dave-mccowan has joined #openstack-keystone22:51
kmalloccmurphy, ayoung: I don't think i can move render_token into api, it becomes hell for circular references, unfortunately rbac enforcer must rely on it23:07
kmallocso, going to roll that part back and leave it in common.23:07
openstackgerritMorgan Fainberg proposed openstack/keystone master: Auth flask conversion cleanup  https://review.openstack.org/60875623:14
*** lbragstad has quit IRC23:16
*** gyee has quit IRC23:57
« Sunday, 2018-10-07 Index Tuesday, 2018-10-09 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!