Monday, 2018-10-15

*** felipemonteiro has joined #openstack-keystone00:28
*** dave-mccowan has joined #openstack-keystone01:03
*** Dinesh_Bhor has joined #openstack-keystone01:21
*** aojea has joined #openstack-keystone01:32
*** aojea has quit IRC01:36
*** dave-mccowan has quit IRC01:53
openstackgerritayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI
openstackgerritayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI
*** d0ugal has quit IRC02:16
*** d0ugal has joined #openstack-keystone02:20
vishakhacmurphy, kmalloc : Updated patch according to your last comment. pl review.
*** gagehugo has quit IRC03:34
openstackgerritMerged openstack/keystone master: Use tempest-pg-full
*** gagehugo has joined #openstack-keystone03:36
*** felipemonteiro has quit IRC03:37
openstackgerritzhongshengping proposed openstack/oslo.policy master: Clean up .gitignore references to personal tools
openstackgerritzhongshengping proposed openstack/oslo.limit master: Clean up .gitignore references to personal tools
*** Dinesh_Bhor has quit IRC04:25
*** hemna has quit IRC04:49
*** hemna has joined #openstack-keystone04:52
*** Dinesh_Bhor has joined #openstack-keystone05:01
*** Dinesh_Bhor has quit IRC05:11
*** hoonetorg has quit IRC05:11
*** Dinesh_Bhor has joined #openstack-keystone05:16
*** hoonetorg has joined #openstack-keystone05:29
*** aojea has joined #openstack-keystone05:52
*** aojea has quit IRC06:12
*** aojea has joined #openstack-keystone06:13
*** pooja_jadhav has joined #openstack-keystone06:31
*** pcaruana has quit IRC06:37
openstackgerritJose Castro Leon proposed openstack/keystone master: Add caching on trust role validation to improve performance
*** pcaruana has joined #openstack-keystone07:02
*** josecastroleon has joined #openstack-keystone07:02
*** rcernin has quit IRC07:04
*** rcernin has joined #openstack-keystone07:07
*** josecastroleon has quit IRC07:10
*** xek has joined #openstack-keystone07:14
*** rcernin has quit IRC07:21
*** rdopiera has joined #openstack-keystone07:34
*** aojea has quit IRC07:36
*** xek has quit IRC08:05
*** xek has joined #openstack-keystone08:07
*** xek has quit IRC08:15
*** imacdonn has quit IRC09:54
*** imacdonn has joined #openstack-keystone09:54
*** charz has quit IRC10:15
openstackgerritVishakha Agarwal proposed openstack/keystone master: Default and resource limit should not be '-ve'
*** mvkr has quit IRC11:35
*** Dinesh_Bhor has quit IRC11:48
*** raildo has joined #openstack-keystone12:06
*** mvkr has joined #openstack-keystone12:09
*** jroll has quit IRC12:38
*** jroll has joined #openstack-keystone12:39
*** felipemonteiro has joined #openstack-keystone13:03
*** mvkr has quit IRC13:15
*** lbragstad has joined #openstack-keystone13:20
*** ChanServ sets mode: +o lbragstad13:20
cmurphykmalloc: want to register as a co-mentor with me
cmurphykmalloc: knikolla same question
cmurphylbragstad: fyi i'm at a customer site this week so won't be around much13:23
lbragstadthanks for the heads up cmurphy13:24
lbragstadcmurphy are you able to create official bug tags?13:25
cmurphylbragstad: what's an official bug tag?13:25
cmurphylbragstad: I can add arbitrary tags to a bug13:26
lbragstadofficial tags are the ones on the right, here:
lbragstadif you look at a bug that has both, one will be a darker shade of blue than an unofficial tag13:27
lbragstad(which is lighter blue)13:27
*** SteelyDan is now known as dansmith13:28
lbragstadi noticed last week that you put system-scope on a bunch of bugs, which i think is a good idea13:28
cmurphyit looks like it will let me edit official tags13:28
*** NikitaKonovalov has quit IRC13:28
cmurphylbragstad: i don't think i did that13:28
lbragstadok - perfect13:28
cmurphyi added the ldap or federation tag to a couple13:28
cmurphyoh looks like i did13:29
lbragstadi just wanted to double check to see if you had the ability to add official tags13:29
lbragstador i wonder if kmalloc did?13:30
cmurphythis is really strange13:30
openstackLaunchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,In progress] - Assigned to Lance Bragstad (lbragstad)13:30
cmurphyi am 99% sure i didn't change the status or add that tag13:30
lbragstaduno momento13:30
cmurphyoh i changed the status in april13:31
cmurphyi could very well have done that i guess13:31
*** NikitaKonovalov has joined #openstack-keystone13:31
lbragstadi wonder if kmalloc added it as an official tag on friday?13:33
cmurphydoesn't show up in
lbragstadweird. ok13:34
*** jrist has quit IRC13:34
lbragstadthe tags column on the right - here is sorted by frequency regardless of the tag being official then13:35
cmurphyyeah guess so13:35
lbragstadwell - long story short, if you wanted to make that an official tag that'd be good13:37
lbragstadi was just tagging everything as "policy", which is pretty broad13:37
*** jrist has joined #openstack-keystone13:38
cmurphyi must have wanted to call attention to the ones that required some consideration of what scope a thing should have and what the different actions should be depending on the scope13:38
cmurphyif it shows up on the list on the right i don't really care if it's official or not13:38
*** dave-mccowan has joined #openstack-keystone13:43
*** mvkr has joined #openstack-keystone13:48
*** jamielennox has quit IRC14:27
*** jamielennox has joined #openstack-keystone14:29
openstackgerritCorey Bryant proposed openstack/oslo.policy master: Change python3.5 job to python3.7 job on Stein+
knikollacmurphy: sure, signing up :)14:57
cmurphyyay \o/14:57
*** beekneemech is now known as bnemec15:01
knikollacan't believe my involvement with the team is > 2 years :/ time flies15:04
openstackgerritColleen Murphy proposed openstack/keystone master: Add 3.11 summary to api-ref
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks
*** jmlowe has quit IRC15:37
*** melwitt has joined #openstack-keystone15:45
lbragstadsweet - merged15:46
lbragstadi'm going to start working on fixing scope for ^ today then15:46
*** openstackgerrit has quit IRC15:47
*** openstackgerrit has joined #openstack-keystone15:47
kmalloclbragstad: i think anyone in drivers can add tags16:03
kmallocofficial tags are persistent even if no bugs have it16:03
kmallocthats really the big difference16:03
kmalloccmurphy: i am unsure i'll be able to dedicate 5hrs a week right now to outreachy16:09
kmalloccmurphy: however, i will happily be available to help16:09
kmalloccmurphy: just can't commit to the 5-hour bit at this time (going to be doing another round of doctor appointments soon)16:09
*** gyee has joined #openstack-keystone16:09
kmalloclbragstad: -> openstack.params was only consumable inside keystone16:14
kmalloclbragstad: you had to be below JSON Body middleware ot use it16:14
kmalloclbragstad: so only someone who had tacked code into keystone itself can consume it, it's not emitted on the wire in a meaningful way16:15
kmalloclbragstad: it was legacy stuff that stopped being used when we dropped paste16:15
*** jmlowe has joined #openstack-keystone16:17
lbragstadbut someone tacking on to keystone could consume the request?16:18
kmallocnot really in a meaningful way16:19
kmallocagain the only place you really see it is under our middleware16:20
kmallocand like i said nothing in all of openstack uses that except keystone16:20
kmallocit also is a mangled form of the data passed down the stack16:20
kmallocnot representative/useful from a WSGI standpoint16:20
lbragstadi know some people and internal teams do things with the APIs and drivers16:21
kmallocall of that data is more accurately represented in plain wsgi16:21
kmallocif you're down at the driver level, you also can't see it16:21
lbragstadright - i'm talking above that16:21
kmallocif someone is tacking in their own APIs now, they're in for a bad time16:22
kmallocbecause we dropped paste16:22
kmallocit was one of those lines we drew, no external APIs (out of tree), no configurable (disableable APIs, policy not counted), and no external/non-whitelisted middleware below the edge of the application16:23
lbragstadi'm not arguing the fact that we have a line to draw16:23
kmallocso this is someone adding code to keystone and consuming internal-black-box data16:23
lbragstador that we drew it16:23
kmallocso i'm arguing a release note for all of flask - sure. for this thing. nope16:23
kmallocopenstack.params is not consumable outside of keystone in rocky16:24
kmallocand if someone was consuming it before, as of rocky they don't have a good way to do so16:24
* kmalloc has to go for a bit.16:24
kmallocbut i wanted to comment.16:24
kmallocneed to take care of dogs16:24
kmallocbe back in a bit16:24
openstackgerritCorey Bryant proposed openstack/oslo.limit master: Change python3.5 job to python3.7 job on Stein+
*** ayoung has joined #openstack-keystone16:45
*** mvkr has quit IRC17:04
*** itlinux has joined #openstack-keystone17:12
lbragstad up to is ready for review17:17
*** Emine has joined #openstack-keystone17:19
*** rdopiera has quit IRC17:24
kmalloclbragstad: +2/+A up to
lbragstadthanks - respinning the credentials patch17:39
kmalloc I'd like to hold that one until EC2 flask lands17:39
kmallocjust because i think i can rebase yours more easily (and i'd be happy to rebase it)17:40
kmallocEC2 flask was icky to chase all the bits.17:40
kmalloclbragstad: i'm spinning a release note for all of the flask stuff17:40
lbragstadsounds good17:40
kmallocwhich will cover openstack.params but just letting you know i disagree that openstack.params is usable17:40
kmallocor has been used since like essex17:41
kmalloclbragstad: i think we can get the rest of flask landed here soon and then be free and clear of old wsgi stuff17:43
kmallocand i do think i'll have by the end of stien a patch for KSM that makes it so we can drop webob from keystone17:43
lbragstadok - cool17:44
*** mvkr has joined #openstack-keystone17:47
*** felipemonteiro has quit IRC17:51
kmalloclbragstad: running releasenotes locally and will push up the change17:53
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code
kmalloc^ release note added to the final patch17:55
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code
kmallocthere we go17:56
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove paste-ini
cmurphykmalloc: as a co-mentor i think the time could be split17:59
kmalloccmurphy: ok i can totally sign up, just didn't want to agree if it was expected to be 5hrs a week fully my time18:00
kmalloccmurphy: if that makes sense :)18:00
*** coreycb has joined #openstack-keystone18:00
kmalloci would feel bad saying i would be available AND not being available18:00
* kmalloc has to go get food.18:00
kmalloci'll sign up once i'm back from that.18:00
kmalloccmurphy: THNX! :)18:01
coreycblbragstad: hi, i'm starting to propose keystone patches to enable py37 unit tests and disable py35 unit tests. just wanted to give you a heads up to ensure it's not a surprise.18:01
openstackgerritCorey Bryant proposed openstack/python-keystoneclient master: Change python3.5 job to python3.7 job on Stein+
lbragstadcoreycb i've been seeing those roll through, thanks for the help :)18:02
coreycblbragstad: great, thanks. hopefully there won't be too may issues.18:02
lbragstaddoes that relate to the python3 first goal?18:02
coreycblbragstad: it's not specifically part of that goal but i'd consider it closely related18:03
openstackgerritCorey Bryant proposed openstack/pycadf master: Change python3.5 job to python3.7 job on Stein+
openstackgerritCorey Bryant proposed openstack/ldappool master: Change python3.5 job to python3.7 job on Stein+
openstackgerritCorey Bryant proposed openstack/keystone-specs master: Change python3.5 job to python3.7 job on Stein+
openstackgerritCorey Bryant proposed openstack/keystonemiddleware master: Change python3.5 job to python3.7 job on Stein+
openstackgerritCorey Bryant proposed openstack/keystoneauth master: Change python3.5 job to python3.7 job on Stein+
*** dmellado has quit IRC18:05
*** dmellado has joined #openstack-keystone18:05
cmurphythank you kmalloc18:07
openstackgerritCorey Bryant proposed openstack/keystone master: Change python3.5 job to python3.7 job on Stein+
cmurphykmalloc: the main reason i asked is that since i submitted two projects they reached out and said in the event both of them are selected that would be 10hr/week commitment and they might have to deny the projects because of that18:11
lbragstadcoreycb are you available in tc?18:25
coreycblbragstad: let me join18:26
*** jmlowe has quit IRC18:44
ayounglbragstad,  IS jamies SPec.  Hence "Resurrect"18:45
lbragstadayoung is jamielennox's spec19:00
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies
ildikovlbragstad: knikolla: kmalloc: cmurphy: I finally moved over James's notes on Keystone federation for edge to a wiki here:
ildikovlbragstad: I couldn't get there to follow things in Keystone since the PTG, do you have anything related to this moving already?19:16
*** jmlowe has joined #openstack-keystone19:19
ildikovlbragstad: knikolla: kmalloc: cmurphy: if either of you is available tomorrow as 1400 UTC we could discuss it in bit more details and check on how doable it is and what's missing, etc on the Edge weekly call19:22
ildikovwould you be up for that?19:22
lbragstadI can add it to my calendar19:24
lbragstadi think that would be 9:00 AM my time19:24
ildikovlbragstad: are you in US Central?19:25
ildikovthen yes, it should be 9am19:25
*** sapd1_ has joined #openstack-keystone19:27
*** sapd1 has quit IRC19:31
knikollaI can't make it, have another meeting at that time.19:33
lbragstadildikov do you have a meeting link?19:33
lbragstadalso -i'm a bit rusty on that stuff since the PTG19:33
lbragstadi wasn't in the room when penick was going through all the stuff19:34
ildikovlbragstad: the best I have:
lbragstadperfect, that'll do19:35
ildikovlbragstad: I will try to ping him now to see if he can make that slot by any chance19:35
lbragstadi want to say he's west cost19:36
ildikovhmm, that certainly doesn't help :/19:41
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement
cmurphyildikov: i'm not available this week, sorry :(19:58
ildikovcmurphy: it's ok, we will need a few iterations on this I'm sure19:59
openstackgerritMerged openstack/keystone master: Move loadapp to a generic place
openstackgerritLance Bragstad proposed openstack/keystone master: Update version tests to pass with v3.11
openstackgerritMerged openstack/keystone master: Add test case for expanding implied roles in system tokens
openstackgerritMerged openstack/keystone master: Expand implied roles in system-scoped tokens
kmallocildikov: uhm.. let me see what the time conversion is to pacific20:43
kmallocbut i think it's way too early for me.20:43
ildikovtimezones are awful...20:43
kmallochm.. i might be able to but that time of the morning is hard20:43
ildikovI will not hold it against you if you cannot make it :)20:44
kmallocyeah, doggos, plus need to drop my brother off at the airport20:46
kmallocand my phone broke so no remote IRC meetings atm20:46
*** raildo has quit IRC20:52
openstackgerritayoung proposed openstack/keystone-specs master: Resurrect the unscoped token catalog specification
openstackgerritColleen Murphy proposed openstack/keystone master: Update API version to 3.11
*** Emine has quit IRC21:43
lbragstadhrybacki looks like your talk is schedule at the same time as the project update21:47
lbragstadcc ayoung ^21:48
kmallocFYI it is touch and go if i'll be in Berlin21:51
kmallocwaiting on some scheduling things (personal life) before booking tickets.21:51
kmallocayoung: ^ cc21:51
lbragstadsounds good - feel free to keep me posted21:54
lbragstadi wanted to start the user scope patches today, but waiting to rebase some stuff after merges =/21:54
*** openstackgerrit has quit IRC21:56
*** openstackgerrit has joined #openstack-keystone21:56
kmalloclbragstad: fair enough21:56
kmalloclbragstad: so lets see, i think i'm down to oslo.cache, doc cleanup (post flask), and ksm/authcontext cleanup21:57
kmallocas big projects i personally am on the hook for in S121:57
kmalloci'm going to see if we can do OpenAPIDoc 3 easily21:58
kmallocvs swagger (OAD 2)21:58
lbragstadcc dims ^21:58
*** openstackgerrit has quit IRC21:58
*** openstackgerrit has joined #openstack-keystone21:59
kmallocfor swagger we can use flask-restplus21:59
kmallocdims, lbragstad: this might work for us
lbragstadsounds good - i can take a gander in a bit22:02
kmalloclbragstad: it does run the APIDoc server on port 500022:03
kmallocit would need to be configurable22:03
kmalloc(obv. not enabled in production) but for example server, it's a good thing to have22:03
kmallocand I want to *really* emphasize keystone should absolutely be deployed on port 80/443 again22:04
kmallocsomewhere in our docs i want to strip out any references to port 5000 / 35357 etc22:04
*** openstackgerrit has quit IRC22:12
*** openstackgerrit has joined #openstack-keystone22:13
ayounglbragstad, kmalloc there was a little bit of a scheduling duel to get everything in22:18
* dims peeks22:18
ayoung101 was kicked down to a lightning talk.  Ozz suggested the swap that with the OPA talk he was going to give22:19
ayoungand that kicked me off 101, as that is when pushing keystone over the edge was scheduled22:19
ayoungso...yeah, we are going to split the audience somewhat22:19
kmallocdims: it looks like a flask-nice way that has OAD 3.0 (experimental) support.22:21
dimskmalloc : +1 if so :)22:21
kmallocdims: not sure if there is something better, but that looks to be the general direction i'm trending towards provided the code / maintenance is there to add it as a dep22:22
dimskmalloc : +122:27
*** rcernin has joined #openstack-keystone22:41
*** openstackgerrit has quit IRC22:43
*** itlinux has quit IRC22:54
*** dklyle has quit IRC23:04
*** mchlumsky has quit IRC23:10
*** dklyle has joined #openstack-keystone23:30
*** gyee has quit IRC23:55

Generated by 2.15.3 by Marius Gedminas - find it at!