Monday, 2018-10-15

*** felipemonteiro has joined #openstack-keystone		00:28
*** dave-mccowan has joined #openstack-keystone		01:03
*** Dinesh_Bhor has joined #openstack-keystone		01:21
*** aojea has joined #openstack-keystone		01:32
*** aojea has quit IRC		01:36
*** dave-mccowan has quit IRC		01:53
openstackgerrit	ayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI https://review.openstack.org/610402	02:10
openstackgerrit	ayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI https://review.openstack.org/610402	02:10
*** d0ugal has quit IRC		02:16
*** d0ugal has joined #openstack-keystone		02:20
vishakha	cmurphy, kmalloc : Updated patch according to your last comment. pl review. https://review.openstack.org/#/c/607897/	02:27
*** gagehugo has quit IRC		03:34
openstackgerrit	Merged openstack/keystone master: Use tempest-pg-full https://review.openstack.org/609951	03:35
*** gagehugo has joined #openstack-keystone		03:36
*** felipemonteiro has quit IRC		03:37
openstackgerrit	zhongshengping proposed openstack/oslo.policy master: Clean up .gitignore references to personal tools https://review.openstack.org/610414	03:55
openstackgerrit	zhongshengping proposed openstack/oslo.limit master: Clean up .gitignore references to personal tools https://review.openstack.org/610418	03:55
*** Dinesh_Bhor has quit IRC		04:25
*** hemna has quit IRC		04:49
*** hemna has joined #openstack-keystone		04:52
*** Dinesh_Bhor has joined #openstack-keystone		05:01
*** Dinesh_Bhor has quit IRC		05:11
*** hoonetorg has quit IRC		05:11
*** Dinesh_Bhor has joined #openstack-keystone		05:16
*** hoonetorg has joined #openstack-keystone		05:29
*** aojea has joined #openstack-keystone		05:52
*** aojea has quit IRC		06:12
*** aojea has joined #openstack-keystone		06:13
*** pooja_jadhav has joined #openstack-keystone		06:31
*** pcaruana has quit IRC		06:37
openstackgerrit	Jose Castro Leon proposed openstack/keystone master: Add caching on trust role validation to improve performance https://review.openstack.org/608963	07:02
*** pcaruana has joined #openstack-keystone		07:02
*** josecastroleon has joined #openstack-keystone		07:02
*** rcernin has quit IRC		07:04
*** rcernin has joined #openstack-keystone		07:07
*** josecastroleon has quit IRC		07:10
*** xek has joined #openstack-keystone		07:14
*** rcernin has quit IRC		07:21
*** rdopiera has joined #openstack-keystone		07:34
*** aojea has quit IRC		07:36
*** xek has quit IRC		08:05
*** xek has joined #openstack-keystone		08:07
*** xek has quit IRC		08:15
*** imacdonn has quit IRC		09:54
*** imacdonn has joined #openstack-keystone		09:54
*** charz has quit IRC		10:15
openstackgerrit	Vishakha Agarwal proposed openstack/keystone master: Default and resource limit should not be '-ve' https://review.openstack.org/610479	11:17
*** mvkr has quit IRC		11:35
*** Dinesh_Bhor has quit IRC		11:48
*** raildo has joined #openstack-keystone		12:06
*** mvkr has joined #openstack-keystone		12:09
*** jroll has quit IRC		12:38
*** jroll has joined #openstack-keystone		12:39
*** felipemonteiro has joined #openstack-keystone		13:03
*** mvkr has quit IRC		13:15
*** lbragstad has joined #openstack-keystone		13:20
*** ChanServ sets mode: +o lbragstad		13:20
cmurphy	kmalloc: want to register as a co-mentor with me https://www.outreachy.org/communities/cfp/openstack/project/improve-openstack-keystone-api-unit-tests/mentor/submit/	13:23
cmurphy	kmalloc: knikolla same question https://www.outreachy.org/communities/cfp/openstack/project/improve-openstack-keystone-federation-operator-exp/mentor/submit/	13:23
cmurphy	lbragstad: fyi i'm at a customer site this week so won't be around much	13:23
lbragstad	thanks for the heads up cmurphy	13:24
lbragstad	cmurphy are you able to create official bug tags?	13:25
cmurphy	lbragstad: what's an official bug tag?	13:25
cmurphy	lbragstad: I can add arbitrary tags to a bug	13:26
lbragstad	official tags are the ones on the right, here: https://bugs.launchpad.net/keystone/	13:27
lbragstad	if you look at a bug that has both, one will be a darker shade of blue than an unofficial tag	13:27
lbragstad	(which is lighter blue)	13:27
*** SteelyDan is now known as dansmith		13:28
lbragstad	i noticed last week that you put system-scope on a bunch of bugs, which i think is a good idea	13:28
cmurphy	it looks like it will let me edit official tags	13:28
*** NikitaKonovalov has quit IRC		13:28
cmurphy	lbragstad: i don't think i did that	13:28
lbragstad	ok - perfect	13:28
cmurphy	i added the ldap or federation tag to a couple	13:28
cmurphy	oh looks like i did	13:29
lbragstad	i just wanted to double check to see if you had the ability to add official tags	13:29
lbragstad	or i wonder if kmalloc did?	13:30
cmurphy	this is really strange	13:30
cmurphy	https://bugs.launchpad.net/keystone/+bug/1750660	13:30
openstack	Launchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,In progress] - Assigned to Lance Bragstad (lbragstad)	13:30
cmurphy	i am 99% sure i didn't change the status or add that tag	13:30
lbragstad	uno momento	13:30
cmurphy	oh i changed the status in april	13:31
cmurphy	i could very well have done that i guess	13:31
*** NikitaKonovalov has joined #openstack-keystone		13:31
lbragstad	http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-10-12.log.html#t2018-10-12T20:51:24	13:31
lbragstad	i wonder if kmalloc added it as an official tag on friday?	13:33
cmurphy	doesn't show up in https://bugs.launchpad.net/keystone/+manage-official-tags	13:34
lbragstad	weird. ok	13:34
*** jrist has quit IRC		13:34
lbragstad	the tags column on the right - here https://bugs.launchpad.net/keystone is sorted by frequency regardless of the tag being official then	13:35
cmurphy	yeah guess so	13:35
lbragstad	well - long story short, if you wanted to make that an official tag that'd be good	13:37
lbragstad	i was just tagging everything as "policy", which is pretty broad	13:37
*** jrist has joined #openstack-keystone		13:38
cmurphy	i must have wanted to call attention to the ones that required some consideration of what scope a thing should have and what the different actions should be depending on the scope	13:38
cmurphy	if it shows up on the list on the right i don't really care if it's official or not	13:38
lbragstad	++	13:40
*** dave-mccowan has joined #openstack-keystone		13:43
*** mvkr has joined #openstack-keystone		13:48
*** jamielennox has quit IRC		14:27
*** jamielennox has joined #openstack-keystone		14:29
openstackgerrit	Corey Bryant proposed openstack/oslo.policy master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610122	14:32
knikolla	cmurphy: sure, signing up :)	14:57
cmurphy	yay \o/	14:57
*** beekneemech is now known as bnemec		15:01
knikolla	done	15:03
knikolla	can't believe my involvement with the team is > 2 years :/ time flies	15:04
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add 3.11 summary to api-ref https://review.openstack.org/608216	15:09
cmurphy	ikr	15:09
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks https://review.openstack.org/608785	15:31
*** jmlowe has quit IRC		15:37
*** melwitt has joined #openstack-keystone		15:45
lbragstad	sweet - https://review.openstack.org/#/c/609071/ merged	15:46
lbragstad	i'm going to start working on fixing scope for ^ today then	15:46
*** openstackgerrit has quit IRC		15:47
*** openstackgerrit has joined #openstack-keystone		15:47
gagehugo	o/	15:53
kmalloc	lbragstad: i think anyone in drivers can add tags	16:03
kmalloc	official tags are persistent even if no bugs have it	16:03
kmalloc	thats really the big difference	16:03
kmalloc	cmurphy: i am unsure i'll be able to dedicate 5hrs a week right now to outreachy	16:09
kmalloc	cmurphy: however, i will happily be available to help	16:09
kmalloc	cmurphy: just can't commit to the 5-hour bit at this time (going to be doing another round of doctor appointments soon)	16:09
*** gyee has joined #openstack-keystone		16:09
kmalloc	lbragstad: https://review.openstack.org/#/c/609535/3 -> openstack.params was only consumable inside keystone	16:14
kmalloc	lbragstad: you had to be below JSON Body middleware ot use it	16:14
kmalloc	lbragstad: so only someone who had tacked code into keystone itself can consume it, it's not emitted on the wire in a meaningful way	16:15
kmalloc	lbragstad: it was legacy stuff that stopped being used when we dropped paste	16:15
*** jmlowe has joined #openstack-keystone		16:17
lbragstad	but someone tacking on to keystone could consume the request?	16:18
lbragstad	right?	16:18
kmalloc	not really in a meaningful way	16:19
kmalloc	again the only place you really see it is under our middleware	16:20
kmalloc	and like i said nothing in all of openstack uses that except keystone	16:20
kmalloc	it also is a mangled form of the data passed down the stack	16:20
kmalloc	not representative/useful from a WSGI standpoint	16:20
lbragstad	i know some people and internal teams do things with the APIs and drivers	16:21
kmalloc	all of that data is more accurately represented in plain wsgi	16:21
kmalloc	if you're down at the driver level, you also can't see it	16:21
lbragstad	right - i'm talking above that	16:21
kmalloc	if someone is tacking in their own APIs now, they're in for a bad time	16:22
kmalloc	because we dropped paste	16:22
kmalloc	it was one of those lines we drew, no external APIs (out of tree), no configurable (disableable APIs, policy not counted), and no external/non-whitelisted middleware below the edge of the application	16:23
lbragstad	i'm not arguing the fact that we have a line to draw	16:23
kmalloc	so this is someone adding code to keystone and consuming internal-black-box data	16:23
lbragstad	or that we drew it	16:23
kmalloc	so i'm arguing a release note for all of flask - sure. for this thing. nope	16:23
kmalloc	openstack.params is not consumable outside of keystone in rocky	16:24
kmalloc	and if someone was consuming it before, as of rocky they don't have a good way to do so	16:24
* kmalloc has to go for a bit.		16:24
kmalloc	but i wanted to comment.	16:24
kmalloc	need to take care of dogs	16:24
kmalloc	be back in a bit	16:24
openstackgerrit	Corey Bryant proposed openstack/oslo.limit master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610641	16:26
*** ayoung has joined #openstack-keystone		16:45
*** mvkr has quit IRC		17:04
*** itlinux has joined #openstack-keystone		17:12
lbragstad	https://review.openstack.org/#/c/595371/6 up to https://review.openstack.org/#/c/594547/15 is ready for review	17:17
*** Emine has joined #openstack-keystone		17:19
*** rdopiera has quit IRC		17:24
kmalloc	lbragstad: +2/+A up to https://review.openstack.org/#/c/597186/5	17:39
lbragstad	thanks - respinning the credentials patch	17:39
kmalloc	https://review.openstack.org/#/c/594547/15 I'd like to hold that one until EC2 flask lands	17:39
kmalloc	just because i think i can rebase yours more easily (and i'd be happy to rebase it)	17:40
kmalloc	EC2 flask was icky to chase all the bits.	17:40
kmalloc	lbragstad: i'm spinning a release note for all of the flask stuff	17:40
lbragstad	sounds good	17:40
kmalloc	which will cover openstack.params but just letting you know i disagree that openstack.params is usable	17:40
kmalloc	or has been used since like essex	17:41
kmalloc	lbragstad: i think we can get the rest of flask landed here soon and then be free and clear of old wsgi stuff	17:43
kmalloc	and i do think i'll have by the end of stien a patch for KSM that makes it so we can drop webob from keystone	17:43
lbragstad	ok - cool	17:44
*** mvkr has joined #openstack-keystone		17:47
*** felipemonteiro has quit IRC		17:51
kmalloc	lbragstad: running releasenotes locally and will push up the change	17:53
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code https://review.openstack.org/609839	17:55
kmalloc	^ release note added to the final patch	17:55
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code https://review.openstack.org/609839	17:56
kmalloc	there we go	17:56
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Remove paste-ini https://review.openstack.org/609841	17:58
cmurphy	kmalloc: as a co-mentor i think the time could be split	17:59
kmalloc	cmurphy: ok i can totally sign up, just didn't want to agree if it was expected to be 5hrs a week fully my time	18:00
kmalloc	cmurphy: if that makes sense :)	18:00
*** coreycb has joined #openstack-keystone		18:00
kmalloc	i would feel bad saying i would be available AND not being available	18:00
* kmalloc has to go get food.		18:00
kmalloc	i'll sign up once i'm back from that.	18:00
kmalloc	:)	18:00
kmalloc	cmurphy: THNX! :)	18:01
coreycb	lbragstad: hi, i'm starting to propose keystone patches to enable py37 unit tests and disable py35 unit tests. just wanted to give you a heads up to ensure it's not a surprise.	18:01
openstackgerrit	Corey Bryant proposed openstack/python-keystoneclient master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610679	18:02
lbragstad	coreycb i've been seeing those roll through, thanks for the help :)	18:02
coreycb	lbragstad: great, thanks. hopefully there won't be too may issues.	18:02
lbragstad	does that relate to the python3 first goal?	18:02
coreycb	lbragstad: it's not specifically part of that goal but i'd consider it closely related	18:03
lbragstad	ok	18:03
openstackgerrit	Corey Bryant proposed openstack/pycadf master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610680	18:04
openstackgerrit	Corey Bryant proposed openstack/ldappool master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610681	18:04
openstackgerrit	Corey Bryant proposed openstack/keystone-specs master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610683	18:04
openstackgerrit	Corey Bryant proposed openstack/keystonemiddleware master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610684	18:04
openstackgerrit	Corey Bryant proposed openstack/keystoneauth master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610685	18:05
*** dmellado has quit IRC		18:05
*** dmellado has joined #openstack-keystone		18:05
cmurphy	thank you kmalloc	18:07
openstackgerrit	Corey Bryant proposed openstack/keystone master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610687	18:07
cmurphy	kmalloc: the main reason i asked is that since i submitted two projects they reached out and said in the event both of them are selected that would be 10hr/week commitment and they might have to deny the projects because of that	18:11
kmalloc	right	18:11
lbragstad	coreycb are you available in tc?	18:25
coreycb	lbragstad: let me join	18:26
*** jmlowe has quit IRC		18:44
ayoung	lbragstad, https://review.openstack.org/#/c/607346/3 IS jamies SPec. Hence "Resurrect"	18:45
lbragstad	ayoung https://git.openstack.org/cgit/openstack/keystone-specs/tree/superseded/unscoped-catalog.rst is jamielennox's spec	19:00
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials https://review.openstack.org/594547	19:04
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove obsolete credential policies https://review.openstack.org/597187	19:04
ildikov	lbragstad: knikolla: kmalloc: cmurphy: I finally moved over James's notes on Keystone federation for edge to a wiki here: https://wiki.openstack.org/wiki/Keystone_edge_architectures#Identity_Provider_.28IdP.29_Master_with_shadow_users	19:15
lbragstad	awesome	19:15
ildikov	lbragstad: I couldn't get there to follow things in Keystone since the PTG, do you have anything related to this moving already?	19:16
*** jmlowe has joined #openstack-keystone		19:19
ildikov	lbragstad: knikolla: kmalloc: cmurphy: if either of you is available tomorrow as 1400 UTC we could discuss it in bit more details and check on how doable it is and what's missing, etc on the Edge weekly call	19:22
ildikov	would you be up for that?	19:22
lbragstad	I can add it to my calendar	19:24
lbragstad	i think that would be 9:00 AM my time	19:24
ildikov	lbragstad: are you in US Central?	19:25
lbragstad	yes	19:25
ildikov	then yes, it should be 9am	19:25
*** sapd1_ has joined #openstack-keystone		19:27
*** sapd1 has quit IRC		19:31
knikolla	I can't make it, have another meeting at that time.	19:33
lbragstad	ildikov do you have a meeting link?	19:33
lbragstad	also -i'm a bit rusty on that stuff since the PTG	19:33
lbragstad	i wasn't in the room when penick was going through all the stuff	19:34
ildikov	lbragstad: the best I have: https://wiki.openstack.org/wiki/Edge_Computing_Group#Meetings	19:35
lbragstad	perfect, that'll do	19:35
ildikov	lbragstad: I will try to ping him now to see if he can make that slot by any chance	19:35
lbragstad	i want to say he's west cost	19:36
lbragstad	coast*	19:36
ildikov	hmm, that certainly doesn't help :/	19:41
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement https://review.openstack.org/605539	19:51
cmurphy	ildikov: i'm not available this week, sorry :(	19:58
ildikov	cmurphy: it's ok, we will need a few iterations on this I'm sure	19:59
openstackgerrit	Merged openstack/keystone master: Move loadapp to a generic place https://review.openstack.org/595371	20:16
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Update version tests to pass with v3.11 https://review.openstack.org/610721	20:18
openstackgerrit	Merged openstack/keystone master: Add test case for expanding implied roles in system tokens https://review.openstack.org/596356	20:34
openstackgerrit	Merged openstack/keystone master: Expand implied roles in system-scoped tokens https://review.openstack.org/596357	20:34
kmalloc	ildikov: uhm.. let me see what the time conversion is to pacific	20:43
kmalloc	but i think it's way too early for me.	20:43
ildikov	7am	20:43
ildikov	timezones are awful...	20:43
kmalloc	hm.. i might be able to but that time of the morning is hard	20:43
ildikov	I will not hold it against you if you cannot make it :)	20:44
kmalloc	yeah, doggos, plus need to drop my brother off at the airport	20:46
kmalloc	and my phone broke so no remote IRC meetings atm	20:46
*** raildo has quit IRC		20:52
openstackgerrit	ayoung proposed openstack/keystone-specs master: Resurrect the unscoped token catalog specification https://review.openstack.org/607346	20:55
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Update API version to 3.11 https://review.openstack.org/608216	21:01
*** Emine has quit IRC		21:43
lbragstad	hrybacki looks like your talk is schedule at the same time as the project update	21:47
lbragstad	https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22728/keystone-project-updates	21:47
lbragstad	https://www.openstack.org/summit/berlin-2018/summit-schedule/events/21977/openstack-policy-101	21:47
lbragstad	cc ayoung ^	21:48
kmalloc	FYI it is touch and go if i'll be in Berlin	21:51
kmalloc	waiting on some scheduling things (personal life) before booking tickets.	21:51
kmalloc	ayoung: ^ cc	21:51
lbragstad	sounds good - feel free to keep me posted	21:54
lbragstad	i wanted to start the user scope patches today, but waiting to rebase some stuff after https://review.openstack.org/#/c/597186/ merges =/	21:54
*** openstackgerrit has quit IRC		21:56
*** openstackgerrit has joined #openstack-keystone		21:56
kmalloc	lbragstad: fair enough	21:56
kmalloc	lbragstad: so lets see, i think i'm down to oslo.cache, doc cleanup (post flask), and ksm/authcontext cleanup	21:57
kmalloc	as big projects i personally am on the hook for in S1	21:57
kmalloc	i'm going to see if we can do OpenAPIDoc 3 easily	21:58
kmalloc	vs swagger (OAD 2)	21:58
lbragstad	cc dims ^	21:58
*** openstackgerrit has quit IRC		21:58
*** openstackgerrit has joined #openstack-keystone		21:59
kmalloc	for swagger we can use flask-restplus	21:59
kmalloc	dims, lbragstad: this might work for us https://github.com/rochacbruno/flasgger	22:00
lbragstad	sounds good - i can take a gander in a bit	22:02
kmalloc	lbragstad: it does run the APIDoc server on port 5000	22:03
kmalloc	sooooooooo	22:03
kmalloc	it would need to be configurable	22:03
kmalloc	(obv. not enabled in production) but for example server, it's a good thing to have	22:03
kmalloc	and I want to really emphasize keystone should absolutely be deployed on port 80/443 again	22:04
kmalloc	somewhere in our docs i want to strip out any references to port 5000 / 35357 etc	22:04
*** openstackgerrit has quit IRC		22:12
*** openstackgerrit has joined #openstack-keystone		22:13
ayoung	lbragstad, kmalloc there was a little bit of a scheduling duel to get everything in	22:18
* dims peeks		22:18
ayoung	101 was kicked down to a lightning talk. Ozz suggested the swap that with the OPA talk he was going to give	22:19
ayoung	and that kicked me off 101, as that is when pushing keystone over the edge was scheduled	22:19
ayoung	so...yeah, we are going to split the audience somewhat	22:19
kmalloc	dims: it looks like a flask-nice way that has OAD 3.0 (experimental) support.	22:21
dims	kmalloc : +1 if so :)	22:21
kmalloc	dims: not sure if there is something better, but that looks to be the general direction i'm trending towards provided the code / maintenance is there to add it as a dep	22:22
dims	kmalloc : +1	22:27
*** rcernin has joined #openstack-keystone		22:41
*** openstackgerrit has quit IRC		22:43
*** itlinux has quit IRC		22:54
*** dklyle has quit IRC		23:04
*** mchlumsky has quit IRC		23:10
*** dklyle has joined #openstack-keystone		23:30
*** gyee has quit IRC		23:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!