Friday, 2019-03-15

« Thursday, 2019-03-14 Index Saturday, 2019-03-16 »
*** markvoelker has joined #openstack-keystone00:34
*** markvoelker has quit IRC00:39
*** markvoelker has joined #openstack-keystone01:05
*** whoami-rajat has joined #openstack-keystone01:17
*** jamesmcarthur has joined #openstack-keystone01:28
*** markvoelker has quit IRC01:32
*** markvoelker has joined #openstack-keystone01:34
*** jamesmcarthur has quit IRC01:49
*** lbragstad has quit IRC02:09
adriantcmurphy, kmalloc: Would there be any major pushback if I (in the future once I'm actually done with MFA shit) write up a spec for user owned key/value metadata? Essentially, I, a user in Keystone, can set and edit my own metadata. I want this specifically for settings. Like "favourite projects" or "items_per_page" etc. Because there are a ton of us02:13
adriantability and UX things that need some user setting store that OpenStack doesn't have.02:13
adriantfavourite_projects (a comma separated id list), actually being a big usability that Horizon could have to tailor the project dropdown select in cases where a user has 30+ projects.02:14
adriantThe only sane place such a store could live is in keystone sadly, and it has to be an API the user themselves can edit.02:14
adriantThe current plan I have is to do a lot of this in cookies, but that's not really a good solution, and it's possible other services or tools could use this if it existed.02:16
adriantWe could potentially do this with user_options, but then we'd had to add to keystone each option that we'd want to use elsewhere, while a generic k/v store would be flexible to play with without needing to involve keystone code every time.02:18
adriantAnd we'd need to open user options to themselves in some fashion (so their token/horizon can set/edit them).02:19
adriantJust a thought from some UX related discussions I had today with colleagues, thought I'd pick your brains :)02:20
*** lbragstad has joined #openstack-keystone02:25
*** ChanServ sets mode: +o lbragstad02:25
kmallocadriant: random user supplied/no validation? or something like resource-options but allow users to set them?02:48
kmallocadriant: we have historically pushed back on keystone storing the user's options on the user object.02:49
kmallocadriant: and commented it should be something owned by horizon, but i get that isn't the architecture of openstack.02:49
adriantthere sadly isn't a better place to store them :(02:50
kmalloci am *very* against unbounded key-value-store02:50
adriantHorizon is by design ephemeral02:50
kmalloci would rather have an easy-to-approve set of options under user_options02:50
kmallocthat way it's not add because maybe we might use it in the future or something... so why not just add them02:50
adriantif the process for adding new 'user managed' user option is easy, documented etc, then I can live with that02:51
kmallocyou will need to add policy enhancements/workflows to allow for some options to be user-controlled vs admin controlled02:51
kmalloce.g. PCI-DSS "no password expiry" should not be user controlled02:51
kmalloci am not against this.02:51
adriantcan we make this something a little different like user-settings rather than options? so we can policy wise separate it?02:52
kmalloc*shrug* sure.02:52
kmallochowever...02:52
adriantthen anything that is a 'setting' is always user controlled02:52
kmalloci would recommend making it an option-by-option choice02:52
adriantor some shit02:52
kmallocand just use user-options02:52
adriantthat works02:52
kmallocno migrations needed, etc02:52
adriantI can work with that02:53
kmallocwe can add policy entry (default) per option and a default02:53
kmallocallow it to be overridden02:53
kmallocso you could allow a user to set MFA options for example02:53
adriantyep, that would be great02:53
kmalloc:)02:53
adriantbecause some clouds would just outright expose that, while others might eventually use Adjutant for safer workflows around that setup02:54
kmallocmaybe this was part of the original "future" design goals of the reasource options02:54
kmallocwe will need to communicate with a GET maybe what options a user is allowed to set in their current context.02:54
kmallocbut that should not be terrible02:55
kmallocand this means we gate that options are actually used/justified not just "oh cause we can have any we want just add one for now maybe we'll use it in the future"02:55
kmallocit saves potential ick in the DB02:55
adriantWhat I can then one day do is implement the existing Horizon option in keystone (once the admin/user policy stuff exists), and horizon can even read the cookies and set the values from them automatically if the cookie existed.02:55
kmallocthats far beyond anything i'm getting involved with ;)02:56
kmallocbut sure.02:56
adriantso to a user the transition once keystone supports them is invisible02:56
adriantand means I can potentially implement some stuff like fav projects now, using cookies, and migrate to using keystone later maybe02:57
adrianthmmm02:57
*** markvoelker has quit IRC02:57
* adriant plots things02:57
adriantkmalloc: and nah, that's not your problem. I just would like some nice way to handle this stuff, and horizon can easily check: "if keystone version above X, do thing"02:59
adriantnot exactly micro versions, but Keystone's base API does return the version, and that's easy to check by03:00
*** vishakha has joined #openstack-keystone04:14
openstackgerritRabi Mishra proposed openstack/keystoneauth master: Set Content-Type header explictly for LegacyJsonAdapter  https://review.openstack.org/64350504:21
*** dave-mccowan has quit IRC04:30
*** lbragstad has quit IRC04:31
*** sapd1 has joined #openstack-keystone05:04
*** rcernin has quit IRC05:58
*** rcernin has joined #openstack-keystone06:13
*** pcaruana has joined #openstack-keystone07:36
*** rcernin has quit IRC07:59
*** xek has quit IRC08:13
*** xek has joined #openstack-keystone08:13
*** tkajinam has quit IRC08:18
*** pcaruana has quit IRC08:24
*** pcaruana|afk| has joined #openstack-keystone08:24
*** emine__ has joined #openstack-keystone08:26
*** markvoelker has joined #openstack-keystone08:27
*** awalende has joined #openstack-keystone08:33
*** shyamb has joined #openstack-keystone08:52
*** shyamb has quit IRC09:08
*** Dinesh_Bhor has joined #openstack-keystone09:30
*** Dinesh__Bhor has joined #openstack-keystone09:30
*** Dinesh__Bhor has quit IRC09:30
*** Dinesh_Bhor has quit IRC09:30
*** Dinesh_Bhor has joined #openstack-keystone09:31
*** vishakha has quit IRC09:40
*** shyamb has joined #openstack-keystone10:10
*** shyamb has quit IRC10:50
cmurphyadriant: user settable options makes sense to me for things like mfa but favorite_projects seems really horizon-specific to me10:50
*** shyamb has joined #openstack-keystone11:07
*** BlackDex has quit IRC11:28
*** BlackDex has joined #openstack-keystone11:57
*** FlorianFa has quit IRC12:14
*** jamesmcarthur has joined #openstack-keystone12:20
*** markvoelker has quit IRC12:25
*** pcaruana has joined #openstack-keystone12:26
*** pcaruana|afk| has quit IRC12:28
*** jamesmcarthur has quit IRC12:36
*** shyamb has quit IRC12:37
*** shyamb has joined #openstack-keystone12:39
*** shyamb has quit IRC12:39
*** shyamb has joined #openstack-keystone12:39
*** shyamb has quit IRC12:40
*** jamesmcarthur has joined #openstack-keystone12:48
*** raildo has joined #openstack-keystone13:01
*** dave-mccowan has joined #openstack-keystone13:02
*** imus has joined #openstack-keystone13:03
*** pcaruana has quit IRC13:36
*** TheJulia is now known as needssleep13:59
*** jamesmcarthur has quit IRC13:59
*** efried is now known as fried_rice14:00
*** awalende has quit IRC14:11
*** awalende has joined #openstack-keystone14:12
openstackgerritMerged openstack/keystone master: trivial: fix broken link in trust API reference  https://review.openstack.org/64314814:15
*** awalende_ has joined #openstack-keystone14:15
*** awalende has quit IRC14:16
*** awalende_ has quit IRC14:17
*** pcaruana has joined #openstack-keystone14:17
*** pcaruana|afk| has joined #openstack-keystone14:17
*** pcaruana|afk| has quit IRC14:17
*** jhesketh_ has quit IRC14:20
*** jamesmcarthur has joined #openstack-keystone14:31
gagehugoo/14:46
*** jhesketh_ has joined #openstack-keystone14:46
cmurphy\o14:47
*** jhesketh has quit IRC14:49
*** jhesketh has joined #openstack-keystone14:49
*** jhesketh_ has quit IRC14:51
*** raildo has quit IRC14:51
*** raildo has joined #openstack-keystone14:52
*** jhesketh has quit IRC14:54
*** jaosorior has quit IRC14:56
*** jhesketh has joined #openstack-keystone15:03
*** erus has joined #openstack-keystone15:35
eruso/15:35
*** gyee has joined #openstack-keystone16:23
*** erus has quit IRC16:23
*** erus has joined #openstack-keystone16:24
*** kmalloc is now known as needscoffee16:25
needscoffeecmurphy, gagehugo, gyee: This is fun https://code.activestate.com/recipes/474088-tail-call-optimization-decorator/ Not that we do a lot of recursive stuff in keystone, but hey, it's cool.16:26
gagehugointeresting16:27
needscoffeealternative approach https://chrispenner.ca/posts/python-tail-recursion16:27
erusneedscoffee :o16:48
*** raildo has quit IRC16:51
*** raildo has joined #openstack-keystone16:52
*** jamesmcarthur has quit IRC17:00
*** jamesmcarthur has joined #openstack-keystone17:01
*** itlinux has quit IRC17:18
gyeeneedscoffee, we have lots of decorators in keystone :-)17:47
gyeemade my head spin every time inspecting them tracebacks17:49
needscoffeegyee: we have a lot less now.17:50
gyeeoh good17:51
needscoffeegyee: losing the enforcement decorator was a good start.17:51
needscoffee:)17:51
*** jamesmcarthur has quit IRC18:20
*** dmellado has quit IRC19:17
*** dave-mccowan has quit IRC19:18
*** dave-mccowan has joined #openstack-keystone19:30
*** jamesmcarthur has joined #openstack-keystone19:31
*** mchlumsky_ has quit IRC19:34
*** openstack has joined #openstack-keystone19:41
*** ChanServ sets mode: +o openstack19:41
*** dave-mccowan has quit IRC19:43
*** pcaruana has quit IRC19:59
openstackgerritCorey Bryant proposed openstack/keystone master: PY3: Ensure LDAP searches use unicode attributes  https://review.openstack.org/64367020:00
coreycbif anyone has cycles to review this i'd appreciate it very much. we have a customer deployment tripping over it.20:02
*** jamesmcarthur has quit IRC20:09
*** emine__ has quit IRC20:14
*** erus has quit IRC20:14
*** erus has joined #openstack-keystone20:15
coreycbjdennis: maybe you can take a look at that ^ when you get a chance20:16
jdenniscoreycb: looking now ...20:20
*** jamesmcarthur has joined #openstack-keystone20:24
coreycbjdennis: thanks very much20:24
*** dmellado has joined #openstack-keystone20:29
*** whoami-rajat has quit IRC20:46
*** jamesmcarthur has quit IRC20:59
*** imus has quit IRC21:03
*** erus has quit IRC21:03
*** erus has joined #openstack-keystone21:03
*** lbragstad has joined #openstack-keystone21:08
*** ChanServ sets mode: +o lbragstad21:08
jdenniscoreycb: fix looks good but we need to figure out why the existing unit tests didn't catch such an obvious flaw, I -1 for now but will +1 once we figure out why the tests didn't catch this.21:09
openstackgerritLance Bragstad proposed openstack/keystone master: Implement domain reader functionality for projects  https://review.openstack.org/62421821:19
*** jamesmcarthur has joined #openstack-keystone21:22
*** erus has quit IRC21:24
*** erus has joined #openstack-keystone21:24
*** jamesmcarthur has quit IRC21:27
*** raildo has quit IRC21:34
coreycbjdennis: thanks. agreed on unit tests. i'll revisit those.21:39
lbragstaddoes anyone want to take another swing at https://review.openstack.org/#/c/638563/ ?21:42
*** awalende has joined #openstack-keystone22:13
*** erus has quit IRC22:13
*** erus has joined #openstack-keystone22:13
*** awalende has quit IRC22:17
*** markvoelker has joined #openstack-keystone22:20
*** jamesmcarthur has joined #openstack-keystone22:24
*** jamesmcarthur has quit IRC22:24
*** markvoelker has quit IRC22:24
*** markvoelker has joined #openstack-keystone22:51
*** erus has quit IRC22:57
*** erus has joined #openstack-keystone22:58
rm_workcmurphy / lbragstad why is https://review.openstack.org/#/c/643021/ back to 3.37.0?23:34
*** erus has quit IRC23:34
rm_workThat doesn't actually resolve the issue! And you've already workflowed it?23:34
*** erus has joined #openstack-keystone23:35
rm_worklbragstad: can you kill the workflow on that patch?23:35
rm_workerg maybe i can do it23:36
rm_workah ok nm, it's on top of another patch23:38
rm_workso it's not merging yet23:38
rm_workthat's good :D23:38
rm_worki'll fix it anyway23:39
rm_worki think maybe it accidentally got reverted to an old version when rebasing23:39
rm_workand that +A worried me a bit lol23:41
« Thursday, 2019-03-14 Index Saturday, 2019-03-16 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!