Tuesday, 2018-10-09

*** itlinux has joined #openstack-keystone00:23
openstackgerritMerged openstack/keystone master: Update response codes for authentication API reference  https://review.openstack.org/57336700:56
*** tristanC has quit IRC01:01
*** tristanC has joined #openstack-keystone01:01
*** Dinesh_Bhor has joined #openstack-keystone01:44
*** d0ugal has quit IRC01:48
openstackgerritwangxiyuan proposed openstack/keystone master: Enable foreign keys for unit test  https://review.openstack.org/55819301:50
*** d0ugal has joined #openstack-keystone01:51
*** Dinesh_Bhor has quit IRC01:59
*** aojea has joined #openstack-keystone02:19
*** aojea has quit IRC02:21
*** aojea_ has joined #openstack-keystone02:21
*** aojea_ has quit IRC02:22
*** aojea has joined #openstack-keystone02:22
*** aojea has quit IRC02:26
*** lbragstad has joined #openstack-keystone02:43
*** ChanServ sets mode: +o lbragstad02:43
*** Dinesh_Bhor has joined #openstack-keystone02:55
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adding 'date' for trust_flush  https://review.openstack.org/60789702:55
*** dave-mccowan has quit IRC03:02
openstackgerritNguyen Van Trung proposed openstack/keystone master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60882403:19
*** lbragstad has quit IRC03:46
*** lbragstad has joined #openstack-keystone03:48
*** ChanServ sets mode: +o lbragstad03:48
*** lbragstad has quit IRC03:58
*** Dinesh_Bhor has quit IRC04:09
*** jaosorior has joined #openstack-keystone04:28
*** pcaruana has joined #openstack-keystone04:38
*** Dinesh_Bhor has joined #openstack-keystone04:51
*** shyam89 has joined #openstack-keystone04:54
*** pooja-jadhav has joined #openstack-keystone05:03
*** pooja_jadhav has quit IRC05:04
*** pooja-jadhav is now known as pooja_jadhav05:19
*** shyam89 has quit IRC05:44
*** shyam89 has joined #openstack-keystone06:01
*** mvkr has quit IRC06:59
*** shyam89 has quit IRC07:05
*** rcernin has quit IRC07:08
*** shyam89 has joined #openstack-keystone07:08
*** Emine has joined #openstack-keystone07:22
*** belmoreira has joined #openstack-keystone07:40
*** shyam89 has quit IRC07:47
*** Dinesh_Bhor has quit IRC08:13
*** shyam89 has joined #openstack-keystone08:28
openstackgerritwangxiyuan proposed openstack/keystone master: Update log translation hacking check  https://review.openstack.org/60424508:28
*** Dinesh_Bhor has joined #openstack-keystone08:49
*** lbragstad has joined #openstack-keystone08:56
*** ChanServ sets mode: +o lbragstad08:56
*** belmoreira has quit IRC08:57
*** belmorei_ has joined #openstack-keystone08:57
vishakhalbragstad: Hi. I was  pushing a patch for scope-type for role_assignments making credential one as dependent patch.  But due to merge conflict in  credential one. I wasnt able to push the patch. Can you pl rebase the patch.09:15
vishakhalbragstad: or I can do that if  you have no issues09:15
lbragstadvishakha yeah - i was looking through those rebase issues yesterday09:16
lbragstadi was hoping to get some more feedback on https://review.openstack.org/#/c/604909/09:17
*** shyam89 has quit IRC09:17
vishakhalbragstad: : ok . Thanks09:18
lbragstadmainly because it didn't want to cause a bunch of resource churn with CI if those patches were just going to fail because lack of system-scope support in tempest09:19
lbragstadif that makes sense09:19
lbragstadi was going to ping gmann and felipe today for reviews09:20
gmannlbragstad: noted. adding in my list for tomorrow review09:21
lbragstadgmann awesome - thank you09:22
*** mvkr has joined #openstack-keystone09:22
lbragstadi'll see if i can get some feedback from felipe today and if so, i'll get that addressed prior to your working hours tomorrow09:22
lbragstadbut - that's likely the major blocker for system scope stuff in keystone at the moment, so it's up there on my priority list09:23
lbragstadcc vishakha ^09:23
vishakhalbragstad: yes I understand. Thank you09:24
gmannlbragstad: sure09:25
*** shyam89 has joined #openstack-keystone09:26
*** imacdonn has quit IRC09:39
*** aojea_ has joined #openstack-keystone09:46
*** dave-mccowan has joined #openstack-keystone09:49
*** aojea_ has quit IRC09:50
*** imacdonn has joined #openstack-keystone09:52
*** Dinesh_Bhor has quit IRC10:06
*** lbragstad has quit IRC10:16
*** shyam89 has quit IRC10:25
*** markvoelker has joined #openstack-keystone10:25
*** mvkr has quit IRC10:44
*** Dinesh_Bhor has joined #openstack-keystone10:52
*** markvoelker has quit IRC10:58
*** shyam89 has joined #openstack-keystone10:59
*** mvkr has joined #openstack-keystone11:02
errrwhen using mod_auth_mellon and federation if my user is in multiple groups https://gist.github.com/michaelrice/35aed5fb5f0679329aebfb7132507c09 how can I map these in my mapping file? currently Im getting Group [u'fed_member_of_fishing_accounting', u'fed_member_of_all_projects'] returned by mapping okta_rules_mapping was not found in the backend.11:24
errrits like its turning the array of groups into a single group named "[u'fed_member_of_fishing_accounting', u'fed_member_of_all_projects']"11:25
cmurphyerrr: what does your mapping json look like?11:26
errrI just updated that gist with a comment that has it cmurphy11:27
*** jrist has joined #openstack-keystone11:29
cmurphyhmm looks alright to me11:29
cmurphyit's supposed to be smart enough to turn the array into separate groups11:29
errrthis is pike if that makes a difference11:30
cmurphythere might have been a bug for this for pike i can't remember11:32
* cmurphy can look in a few hours11:32
errrok thanks. I should go to bed. its 06:33 here now11:33
*** jrist has quit IRC11:36
errrcmurphy: looks like it happens even with the keystone-manage command: https://gist.github.com/michaelrice/35aed5fb5f0679329aebfb7132507c09#gistcomment-272753311:47
errrits wrapping that array in quotes11:48
*** markvoelker has joined #openstack-keystone11:51
*** shyam89 has quit IRC12:02
*** shyam89 has joined #openstack-keystone12:02
*** Dinesh_Bhor has quit IRC12:09
*** raildo has joined #openstack-keystone12:22
*** josecastroleon has joined #openstack-keystone13:01
*** xek has joined #openstack-keystone13:04
openstackgerritJose Castro Leon proposed openstack/keystone master: Add caching on trust role validation to improve performance  https://review.openstack.org/60896313:17
*** shyam89 has quit IRC13:20
*** mvkr has quit IRC13:23
*** shyam89 has joined #openstack-keystone13:24
*** shyam89 has quit IRC13:28
*** lbragstad has joined #openstack-keystone13:28
*** ChanServ sets mode: +o lbragstad13:28
*** shyam89 has joined #openstack-keystone13:28
*** shyam89 has quit IRC13:35
*** aojea has joined #openstack-keystone13:38
openstackgerritVieri proposed openstack/pycadf master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60898313:41
*** shyam89 has joined #openstack-keystone13:46
openstackgerritVieri proposed openstack/python-keystoneclient master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60899613:54
*** mchlumsky has joined #openstack-keystone13:55
*** felipemonteiro has joined #openstack-keystone13:58
*** aojea has quit IRC14:02
*** aojea has joined #openstack-keystone14:03
*** aojea has quit IRC14:05
*** aojea has joined #openstack-keystone14:05
*** raildo has quit IRC14:06
*** raildo has joined #openstack-keystone14:07
*** itlinux has quit IRC14:07
*** aojea has quit IRC14:10
*** aojea has joined #openstack-keystone14:10
*** mugsie has joined #openstack-keystone14:13
*** aojea has quit IRC14:15
lbragstadcmurphy i'm catching up on the meeting logs from last week14:15
lbragstadare you expecting to break the app creds work into different releases? or are you planning on doing it all at once despite having less resources devoted to it?14:16
cmurphylbragstad: i think we can still finish it in this release14:19
cmurphylbragstad: finish the access control work* in this release14:19
cmurphythe refreshable app creds might make sense to push to next release (cc knikolla )14:20
lbragstadby access control work you specifically mean capability lists and filtering in middleware?14:20
cmurphylbragstad: ya14:21
lbragstadok - cool14:21
*** shyam89 has quit IRC14:29
*** shyam89 has joined #openstack-keystone14:29
kmalloccmurphy: about 70% through users port to flask, (down to 50 failing tests)14:35
cmurphykmalloc: <314:36
kmallocFound another bad json home case.14:36
kmallocApplication credentials has a bad entry, it'll be fixed in the patch.14:37
cmurphyi'm still curious if anyone uses that or considers it a stable api14:37
kmalloc... as much as I don't want to break contracts... At this point, I'd like to just delete it.14:37
kmallocI don't think it is usable in all reality.14:38
*** shyam89 has quit IRC14:44
*** munimeha1 has joined #openstack-keystone14:56
*** itlinux has joined #openstack-keystone15:08
cmurphyerrr: i found your issue15:25
cmurphygroup is incorrect, it needs to be "groups" and it needs to look like this https://review.openstack.org/#/c/237479/1/doc/source/mapping_combinations.rst15:25
*** wxy| has joined #openstack-keystone15:26
cmurphyerrr: the second example here should be correct https://docs.openstack.org/keystone/latest/advanced-topics/federation/mapping_combinations.html#other-conditions15:26
knikollacmurphy: i'm ok with pushing refreshable app creds for next release.15:41
cmurphyknikolla: up to you15:42
*** munimeha1 has quit IRC15:43
knikollaFYI: I'll be missing the meeting again today. However after that I'm back to regular working hours (after my fragmented vacation and visiting parents).15:43
knikollacmurphy: what would be the advantage of pushing it for the next release?15:44
cmurphyknikolla: just bandwidth for coding+reviews15:47
knikollacmurphy: i see. in that case i can give a hand with capability lists if you need one.15:48
knikollaand if we finish ahead (probably never going to happen) we can refocus efforts15:48
lbragstadwe agreed that working capability lists and federation API fixes was something we could do in parallel at the PTG, i think?15:57
lbragstadi don't recall there being a technical dependency between the two15:57
lbragstad(so pushing refreshable app creds to T should be fine as far as our keystone-as-an-idp-proxy plan goes?)15:58
cmurphyya i think so15:59
*** belmorei_ has quit IRC16:03
*** belmoreira has joined #openstack-keystone16:10
kmallocit should be fine, but if we can do the work for refreshable app creds this cycle it would be good.16:18
kmalloci get if we need to push it out16:18
*** felipemonteiro has quit IRC16:19
*** aojea has joined #openstack-keystone16:30
*** tellesnobrega has joined #openstack-keystone16:33
tellesnobregahey folks16:33
tellesnobregaI'm trying to deploy a devstack and I'm hitting this issue16:34
tellesnobregainstall: cannot stat ‘/opt/stack/keystone/etc/keystone.conf.sample’: No such file or directory16:34
tellesnobregado you have any suggestions on how to get over that?16:34
cmurphytellesnobrega: it seems like your devstack is out of date, it shouldn't be looking for keystone.conf.sample https://review.openstack.org/56200716:37
tellesnobregacmurphy, thanks, I did git pull, for some reason it didn't work16:39
tellesnobregait should now16:39
*** gyee has joined #openstack-keystone16:43
*** aojea has quit IRC16:46
*** wxy| has quit IRC16:49
lbragstadtellesnobrega keystone hasn't had a sample configuration file for a while, instead we generate it on the fly using `oslo-config-generator --namespace keystone`16:51
lbragstadtaking a quick grep through devstack, it looks like it relies on iniset to populate config values16:53
* lbragstad grabs lunch quick 16:54
cmurphykmalloc: are you still able to write up outreachy proposals? https://etherpad.openstack.org/p/keystone-outreachy-proposals17:00
cmurphykmalloc: or do you want me to?17:00
kmalloccmurphy: it's on my list to do today17:01
kmallocwhere do I need to submit it?17:01
kmallocbut i'm trying to balance all the stuff going on17:01
cmurphykmalloc: https://www.outreachy.org/communities/cfp/openstack/17:02
cmurphykmalloc: i can also do it if you want to give me a couple sentences i can turn into a proposal17:02
kmallocsure. the idea is to convert a chunk of the keystone tests from the self.post/self.get and self.admin_request parts to using the "with self.test_client() as c:" mechanism in flask17:04
kmallocan example of the new mechanism is https://github.com/openstack/keystone/blob/c837d95ed5b3a59e054807f41d40f2c96b6c3a94/keystone/tests/unit/test_v3_auth.py#L231317:05
kmalloc(not that loadapp is needed everywhere)17:05
kmallocbuit it shows how test client works17:05
kmallocit involves chasing down the automatic "get a token" and such that self.get() dpes17:06
kmallocit could focus on one set of tests or be as wide spread as desired17:06
kmallocthese tests are almost 100% the restful Test Cases17:06
kmalloccmurphy: does that help? or do you need something more expansive?17:07
cmurphykmalloc: yep, thanks :)17:09
* cmurphy adds to tomorrow's todo list17:09
tellesnobregalbragstad, thanks17:15
kmallocphew, 8 more tests to debug...17:17
*** aojea has joined #openstack-keystone17:22
lbragstadtellesnobrega no problem17:38
*** mchlumsky has quit IRC17:40
kmallocand down to 5. unfortunately, they're somewhat icky 5 tests.17:47
kmallocannnnd running tests locally, but users should be published here shortly17:54
kmallochrybacki: you know it's nice being able to run pep8,py27,py35 all in <10m locally now17:56
*** aojea has quit IRC17:56
kmallocnever realized how much an underpowered laptop was slowing me down17:56
kmalloc(the docker containers help too)17:56
hrybackikmalloc: howd you speed it up?17:58
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert /v3/users to flask native dispatching  https://review.openstack.org/60907118:00
kmallochrybacki: 32 core desktop18:00
kmallochrybacki: rather than a 4 core, under powered, laptop chip ;)18:00
kmallocand 128 GB ram.18:00
kmalloc(on raid 1 NVME)18:00
kmalloccmurphy, wxy-xiyuan, lbragstad: ^ conversion of users to flask18:01
kmallochrybacki: ThreadRipper FTW.18:01
kmallochrybacki: next build, i'll go with an EPYC and 256-512GB ram, 64 cores.18:01
kmallocor dual socket epyc18:01
openstackgerritLance Bragstad proposed openstack/keystone master: Don't mock internal implementation details of oslo  https://review.openstack.org/60907218:01
*** tellesnobrega has left #openstack-keystone18:02
lbragstad^ so - that doesn't necessarily fix consuming oslo.messaging version 9.0.018:02
lbragstadwe're still broken because we're not consuming https://review.openstack.org/#/c/608196/18:03
kmallochrybacki: hows the project work going?18:03
lbragstadjust like glance18:03
kmallochrybacki: should i rebase/take up the standard and push it through?18:03
lbragstadbut - it does modify the mock to use a public facing API, instead of a private method18:03
kmallochrybacki: i ask because i'm down to very very few things that need to be converted to flask.18:03
hrybackikmalloc: i just rebased but am typing with opne hand18:03
kmallochrybacki: what did you do to your hand?18:04
hrybackikmalloc: wannas take the next PS and I'll take the following18:04
hrybackior we could pair18:04
hrybackii broke it18:04
kmallocdude! heal up!18:04
hrybacki5-6 week and itll be brand new18:04
kmalloci can carry the project stuff forward18:04
hrybackinew baby smell and everything18:05
kmallocit looks like you did most of the hard work :)18:05
lbragstadi always knew you type too ahrd18:05
hrybackiwell by m,y cvount there are 10 paths left18:05
* kmalloc thinks of a scene in Deadpool...18:05
hrybackilol lbragstad18:05
kmalloci'll get those done for ya here in the next hour then.18:05
kmallocand i'll get the rest of the compat code ripped out for conversion to flask.18:06
kmallocbecause i think i just have ec2token auth to conver then18:06
kmallocand we're clear of webob stuff outside of our middleware.18:06
kmallochrybacki: i'll ask you to review auth, auth-followup, and users conversioin18:06
hrybackikmalloc: anything need review eyes atm?18:06
kmallochrybacki: get some serious coffee... you'll need it.18:06
kmallocit's ~4700 lines of code between those three patches18:07
hrybackii started on auth but had to stop when my eyes fell out18:07
kmallochonestly, auth can probably be +1'd now.18:07
kmalloci'm hoping we land that one soon because i don't know if i can carry ugly rebases on that one18:07
kmallocit's just too much code :(18:07
hrybackiill start looking again18:08
lbragstadwhat in the world...18:20
lbragstadaren't we suppose to render oslo configuarion options in keystone sample config file?18:21
lbragstador am in stuck in left field?18:21
lbragstadam I*18:21
lbragstadbah - nevermind...18:36
kmalloclbragstad: lol18:46
kmalloclbragstad: stuck in the past ;)18:46
kmalloclbragstad: go get some more sleep man :P or drink coffee.18:46
*** aojea has joined #openstack-keystone18:49
lbragstadso... it got to the point on Thursday that I had a Monster18:51
lbragstadit's been **years** since I've had a Monster18:51
kmalloclet me give you an extra hint18:52
kmalloc(you can amazon it)18:52
* lbragstad places order18:52
kmalloclbragstad: the main deathwish coffee is good, valhalla java is smoother and really tasty18:53
*** aojea has quit IRC18:53
kmallocif you like pumpkin spice, but not the sugar, get their cauldron roasted pumpkin coffee18:53
kmallocit's outstanding18:53
kmallockeep in mind this stuff has a TON of caffeine in it18:53
*** aojea has joined #openstack-keystone18:53
kmallocit's my goto coffee now.18:54
*** aojea has quit IRC18:54
kmalloci might have a recurring delivery for 2lbs every 2 months, and buy 1-2 bags of Valhalla in the same window18:54
*** aojea has joined #openstack-keystone18:54
kmallocand i bought 11 bags of the pumpkin coffee (so i could get my fix and share with friends for holiday presents)18:55
kmalloclbragstad: i also recommend checking out their mugs18:55
kmalloclbragstad: https://www.deathwishcoffee.com/products/grind-it-out-ceramic-mug are awesome (we have a set)18:56
kmalloci might have a deathwish coffee mug problem... i think we have 14 of thier different mugs18:56
kmallocand i keep buying them as they are released18:57
openstackgerritMerged openstack/keystone master: Update log translation hacking check  https://review.openstack.org/60424519:00
lbragstadthat's a lot of mugs19:02
kmalloclbragstad: yeaaah. Brie and I need to downsize our non-deathwish mugs soon19:07
kmallocbecause... uh...19:07
kmallocthe deathwish ones are so good.19:07
kmallocthe next one(s) I'll be getting:19:08
*** markvoelker has quit IRC19:09
kmallocsome of the mugs are huge, i think one of them holds 24oz19:09
*** markvoelker has joined #openstack-keystone19:09
kmallocah 20oz19:09
kmallocthat one is one of my favs.19:09
*** markvoelker has quit IRC19:15
*** markvoelker has joined #openstack-keystone19:17
errrcmurphy: thanks! That worked19:26
openstackgerritLance Bragstad proposed openstack/keystone master: Update notification tests to work with o-m 9.0.0  https://review.openstack.org/60910619:31
kmallochrybacki: should have projects posted in the next 1hr19:40
*** mvkr has joined #openstack-keystone19:44
*** dmellado has quit IRC19:58
*** pcaruana has quit IRC20:37
*** dmellado has joined #openstack-keystone20:53
openstackgerrit98k proposed openstack/ldappool master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60913521:04
*** jrist has joined #openstack-keystone21:14
*** Emine has quit IRC21:17
*** raildo has quit IRC21:18
*** aojea has quit IRC21:21
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert projects API to Flask  https://review.openstack.org/60345121:36
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove skip for test_locked_out_user_sends_notification  https://review.openstack.org/60915921:37
*** rcernin has joined #openstack-keystone22:42
*** lbragstad has quit IRC23:01
kmallocoooh. so close to being done with the flask port!23:04
*** itlinux has quit IRC23:14
openstackgerritMerged openstack/pycadf master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60898323:28

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!